diff --git a/.rubocop.yml b/.rubocop.yml
index 83ed6c38678..562197300b4 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -276,7 +276,7 @@ Style/IdenticalConditionalBranches:
   Enabled: false
 
 # Checks the indentation of the first line of the right-hand-side of a
-# multi-line assignment. 
+# multi-line assignment.
 Style/IndentAssignment:
   Enabled: false
 
@@ -531,7 +531,7 @@ Style/SpaceAroundKeyword:
 
 # Use a single space around operators.
 Style/SpaceAroundOperators:
-  Enabled: false
+  Enabled: true
 
 # Checks that the left block brace has or doesn't have space before it.
 Style/SpaceBeforeBlockBraces:
@@ -770,7 +770,7 @@ Lint/DefEndAlignment:
 
 # Check for deprecated class method calls.
 Lint/DeprecatedClassMethods:
-  Enabled: false
+  Enabled: true
 
 # Check for duplicate method definitions.
 Lint/DuplicateMethods:
@@ -937,10 +937,9 @@ Lint/Void:
 
 ##################### Performance ############################
 
-# TODO: Enable Casecmp Cop.
 # Use `casecmp` rather than `downcase ==`.
 Performance/Casecmp:
-  Enabled: false
+  Enabled: true
 
 # TODO: Enable DoubleStartEndWith Cop.
 # Use `str.{start,end}_with?(x, ..., y, ...)` instead of
@@ -953,10 +952,9 @@ Performance/DoubleStartEndWith:
 Performance/EndWith:
   Enabled: false
 
-# TODO: Enable LstripRstrip Cop.
 # Use `strip` instead of `lstrip.rstrip`.
 Performance/LstripRstrip:
-  Enabled: false
+  Enabled: true
 
 # TODO: Enable RangeInclude Cop.
 # Use `Range#cover?` instead of `Range#include?`.
@@ -991,11 +989,12 @@ Performance/RedundantSortBy:
 # string.
 Performance/StartWith:
   Enabled: false
+
 # Use `tr` instead of `gsub` when you are replacing the same number of
 # characters. Use `delete` instead of `gsub` when you are deleting
 # characters.
 Performance/StringReplacement:
-  Enabled: false
+  Enabled: true
 
 # TODO: Enable TimesMap Cop.
 # Checks for `.times.map` calls.
diff --git a/.scss-lint.yml b/.scss-lint.yml
index 835a4a88c44..66f9975d4ce 100644
--- a/.scss-lint.yml
+++ b/.scss-lint.yml
@@ -65,7 +65,7 @@ linters:
   
   # Reports when you have an empty rule set.
   EmptyRule:
-    enabled: false
+    enabled: true
   
   # Reports when you have an @extend directive.
   ExtendDirective:
@@ -244,11 +244,11 @@ linters:
   
   # URLs should be valid and not contain protocols or domain names.
   UrlFormat:
-    enabled: false
+    enabled: true
 
   # URLs should always be enclosed within quotes.
   UrlQuotes:
-    enabled: false
+    enabled: true
 
   # Properties, like color and font, are easier to read and maintain
   # when defined using variables rather than literals.
diff --git a/CHANGELOG b/CHANGELOG
index b1df9145d93..b00cb9064a7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,107 @@ v 8.8.0 (unreleased)
   - Implement GFM references for milestones (Alejandro Rodríguez)
 
 v 8.7.1 (unreleased)
+  - Snippets tab under user profile. !4001 (Long Nguyen)
+  - Fix error when using link to uploads in global snippets
+  - Assign labels and milestone to target project when moving issue. !3934 (Long Nguyen)
+  - Use a case-insensitive comparison in sanitizing URI schemes
+  - Toggle sign-up confirmation emails in application settings
+  - Project#open_branches has been cleaned up and no longer loads entire records into memory.
+  - Escape HTML in commit titles in system note messages
+  - Improve multiple branch push performance by memoizing permission checking
+  - Log to application.log when an admin starts and stops impersonating a user
+  - Updated gitlab_git to 10.1.0
+  - GitAccess#protected_tag? no longer loads all tags just to check if a single one exists
+  - Reduce delay in destroying a project from 1-minute to immediately
+  - Make build status canceled if any of the jobs was canceled and none failed
+  - Upgrade Sidekiq to 4.1.2
+  - Added /health_check endpoint for checking service status
+  - Make 'upcoming' filter for milestones work better across projects
+  - Sanitize repo paths in new project error message
+  - Bump mail_room to 0.7.0 to fix stuck IDLE connections
+  - Remove future dates from contribution calendar graph.
+  - Support e-mail notifications for comments on project snippets
+  - Fix API leak of notes of unauthorized issues, snippets and merge requests
+  - Use ActionDispatch Remote IP for Akismet checking
+  - Fix error when visiting commit builds page before build was updated
+  - Add 'l' shortcut to open Label dropdown on issuables and 'i' to create new issue on a project
+  - Update SVG sanitizer to conform to SVG 1.1
+  - Speed up push emails with multiple recipients by only generating the email once
+  - Updated search UI
+  - Added authentication service for Container Registry
+  - Display informative message when new milestone is created
+  - Sanitize milestones and labels titles
+  - Support multi-line tag messages. !3833 (Calin Seciu)
+  - Force users to reset their password after an admin changes it
+  - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea)
+  - Added button to toggle whitespaces changes on diff view
+  - Backport GitHub Enterprise import support from EE
+  - Create tags using Rugged for performance reasons. !3745
+  - API: Expose Issue#user_notes_count. !3126 (Anton Popov)
+  - Don't show forks button when user can't view forks
+  - Fix atom feed links and rendering
+  - Files over 5MB can only be viewed in their raw form, files over 1MB without highlighting !3718
+  - Add support for supressing text diffs using .gitattributes on the default branch (Matt Oakes)
+  - Add eager load paths to help prevent dependency load issues in Sidekiq workers. !3724
+  - Added multiple colors for labels in dropdowns when dups happen.
+  - Always group commits by server timezone, not commit timestamp
+  - Improve description for the Two-factor Authentication sign-in screen. (Connor Shea)
+  - API support for the 'since' and 'until' operators on commit requests (Paco Guzman)
+  - Fix Gravatar hint in user profile when Gravatar is disabled. !3988 (Artem Sidorenko)
+  - Expire repository exists? and has_visible_content? caches after a push if necessary
+  - Fix unintentional filtering bug in Issue/MR sorted by milestone due (Takuya Noguchi)
+  - Fix adding a todo for private group members (Ahmad Sherif)
+  - Bump ace-rails-ap gem version from 2.0.1 to 4.0.2 which upgrades Ace Editor from 1.1.2 to 1.2.3
+  - Total method execution timings are no longer tracked
+  - Allow Admins to remove the Login with buttons for OAuth services and still be able to import !4034. (Andrei Gliga)
+  - Add API endpoints for un/subscribing from/to a label. !4051 (Ahmad Sherif)
+  - Hide left sidebar on phone screens to give more space for content
+  - Redesign navigation for profile and group pages
+  - Add counter metrics for rails cache
+  - Import pull requests from GitHub where the source or target branches were removed
+  - All Grape API helpers are now instrumented
+  - Improve Issue formatting for the Slack Service (Jeroen van Baarsen)
+
+v 8.7.6
+  - Fix links on wiki pages for relative url setups. !4131 (Artem Sidorenko)
+  - Fix import from GitLab.com to a private instance failure. !4181
+  - Fix external imports not finding the import data. !4106
+
+v 8.7.5
+  - Fix relative links in wiki pages. !4050
+  - Fix always showing build notification message when switching between merge requests !4086
+  - Fix an issue when filtering merge requests with more than one label. !3886
+  - Fix short note for the default scope on build page (Takuya Noguchi)
+
+v 8.7.4
+  - Links for Redmine issue references are generated correctly again !4048 (Benedikt Huss)
+  - Fix setting trusted proxies !3970
+  - Fix BitBucket importer bug when throwing exceptions !3941
+  - Use sign out path only if not empty !3989
+  - Running rake gitlab:db:drop_tables now drops tables with cascade !4020
+  - Running rake gitlab:db:drop_tables uses "IF EXISTS" as a precaution !4100
+  - Use a case-insensitive comparison in sanitizing URI schemes
+
+v 8.7.3
+  - Emails, Gitlab::Email::Message, Gitlab::Diff, and Premailer::Adapter::Nokogiri are now instrumented
+  - Merge request widget displays TeamCity build state and code coverage correctly again.
+  - Fix the line code when importing PR review comments from GitHub. !4010
+  - Wikis are now initialized on legacy projects when checking repositories
+
+v 8.7.2
+  - The "New Branch" button is now loaded asynchronously
+  - Fix error 500 when trying to create a wiki page
+  - Updated spacing between notification label and button
+  - Label titles in filters are now escaped properly
+
+v 8.7.1
+  - Throttle the update of `project.last_activity_at` to 1 minute. !3848
+  - Fix .gitlab-ci.yml parsing issue when hidde job is a template without script definition. !3849
+  - Fix license detection to detect all license files, not only known licenses. !3878
+  - Use the `can?` helper instead of `current_user.can?`. !3882
+  - Prevent users from deleting Webhooks via API they do not own
+  - Fix Error 500 due to stale cache when projects are renamed or transferred
+  - Update width of search box to fix Safari bug. !3900 (Jedidiah)
   - Use the `can?` helper instead of `current_user.can?`
 
 v 8.7.0
@@ -116,13 +217,25 @@ v 8.7.0
   - Import GitHub labels
   - Add option to filter by "Owned projects" on dashboard page
   - Import GitHub milestones
-  - Fix emoji catgories in the emoji picker
   - Execute system web hooks on push to the project
   - Allow enable/disable push events for system hooks
   - Fix GitHub project's link in the import page when provider has a custom URL
   - Add RAW build trace output and button on build page
   - Add incremental build trace update into CI API
 
+v 8.6.8
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
+  - Prevent XSS via Git branch and tag names
+  - Prevent XSS via custom issue tracker URL
+  - Prevent XSS via `window.opener`
+  - Prevent XSS via label drop-down
+  - Prevent information disclosure via milestone API
+  - Prevent information disclosure via snippet API
+  - Prevent information disclosure via project labels
+  - Prevent information disclosure via new merge request page
+
 v 8.6.7
   - Fix persistent XSS vulnerability in `commit_person_link` helper
   - Fix persistent XSS vulnerability in Label and Milestone dropdowns
@@ -264,6 +377,17 @@ v 8.6.0
   - Trigger a todo for mentions on commits page
   - Let project owners and admins soft delete issues and merge requests
 
+v 8.5.12
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
+  - Prevent XSS via Git branch and tag names
+  - Prevent XSS via custom issue tracker URL
+  - Prevent XSS via `window.opener`
+  - Prevent information disclosure via snippet API
+  - Prevent information disclosure via project labels
+  - Prevent information disclosure via new merge request page
+
 v 8.5.11
   - Fix persistent XSS vulnerability in `commit_person_link` helper
 
@@ -414,6 +538,17 @@ v 8.5.0
   - Show label row when filtering issues or merge requests by label (Nuttanart Pornprasitsakul)
   - Add Todos
 
+v 8.4.10
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
+  - Prevent XSS via Git branch and tag names
+  - Prevent XSS via custom issue tracker URL
+  - Prevent XSS via `window.opener`
+  - Prevent information disclosure via snippet API
+  - Prevent information disclosure via project labels
+  - Prevent information disclosure via new merge request page
+
 v 8.4.9
   - Fix persistent XSS vulnerability in `commit_person_link` helper
 
@@ -539,6 +674,15 @@ v 8.4.0
   - Add IP check against DNSBLs at account sign-up
   - Added cache:key to .gitlab-ci.yml allowing to fine tune the caching
 
+v 8.3.9
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
+  - Prevent XSS via custom issue tracker URL
+  - Prevent XSS via `window.opener`
+  - Prevent information disclosure via project labels
+  - Prevent information disclosure via new merge request page
+
 v 8.3.8
   - Fix persistent XSS vulnerability in `commit_person_link` helper
 
@@ -648,6 +792,17 @@ v 8.3.0
   - Expose Git's version in the admin area
   - Show "New Merge Request" buttons on canonical repos when you have a fork (Josh Frye)
 
+v 8.2.5
+  - Prevent privilege escalation via "impersonate" feature
+  - Prevent privilege escalation via notes API
+  - Prevent privilege escalation via project webhook API
+  - Prevent XSS via `window.opener`
+  - Prevent information disclosure via project labels
+  - Prevent information disclosure via new merge request page
+
+v 8.2.4
+  - Bump Git version requirement to 2.7.4
+
 v 8.2.3
   - Fix application settings cache not expiring after changes (Stan Hu)
   - Fix Error 500s when creating global milestones with Unicode characters (Stan Hu)
@@ -743,7 +898,7 @@ v 8.1.3
   - Use issue editor as cross reference comment author when issue is edited with a new mention
   - Add Facebook authentication
 
-v 8.1.2
+v 8.1.1
   - Fix cloning Wiki repositories via HTTP (Stan Hu)
   - Add migration to remove satellites directory
   - Fix specific runners visibility
@@ -1368,20 +1523,17 @@ v 7.10.0
   - Fix stuck Merge Request merging events from old installations (Ben Bodenmiller)
   - Fix merge request comments on files with multiple commits
   - Fix Resource Owner Password Authentication Flow
-
-v 7.9.4
-  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
-  - Fixed issue where only 25 commits would load in file listings
-  - Fix LDAP identities  after config update
-
-v 7.9.3
-  - Contains no changes
   - Add icons to Add dropdown items.
   - Allow admin to create public deploy keys that are accessible to any project.
   - Warn when gitlab-shell version doesn't match requirement.
   - Skip email confirmation when set by admin or via LDAP.
   - Only allow users to reference groups, projects, issues, MRs, commits they have access to.
 
+v 7.9.4
+  - Security: Fix project import URL regex to prevent arbitary local repos from being imported
+  - Fixed issue where only 25 commits would load in file listings
+  - Fix LDAP identities  after config update
+
 v 7.9.3
   - Contains no changes
 
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 24cd5864530..9fe4cf7b0f6 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -38,7 +38,7 @@ source edition, and GitLab Enterprise Edition (EE) which is our commercial
 edition. Throughout this guide you will see references to CE and EE for
 abbreviation.
 
-If you have read this guide and want to know how the GitLab [core team][core-team]
+If you have read this guide and want to know how the GitLab [core team]
 operates please see [the GitLab contributing process](PROCESS.md).
 
 ## Contributor license agreement
@@ -135,12 +135,23 @@ For feature proposals for EE, open an issue on the
 
 In order to help track the feature proposals, we have created a
 [`feature proposal`][fpl] label. For the time being, users that are not members
-of the project cannot add labels. You can instead ask one of the [core team][core-team]
-members to add the label `feature proposal` to the issue.
+of the project cannot add labels. You can instead ask one of the [core team]
+members to add the label `feature proposal` to the issue or add the following
+code snippet right after your description in a new line: `~"feature proposal"`.
 
 Please keep feature proposals as small and simple as possible, complex ones
 might be edited to make them small and simple.
 
+You are encouraged to use the template below for feature proposals.
+
+```
+## Description including problem, use cases, benefits, and/or goals
+
+## Proposal
+
+## Links / references
+```
+
 For changes in the interface, it can be helpful to create a mockup first.
 If you want to create something yourself, consider opening an issue first to
 discuss whether it is interesting to include this in GitLab.
@@ -344,12 +355,11 @@ is it will be merged (quickly). After that you can send more MRs to enhance it.
 For examples of feedback on merge requests please look at already
 [closed merge requests][closed-merge-requests]. If you would like quick feedback
 on your merge request feel free to mention one of the Merge Marshalls in the
-[core team][core-team] or one of the
-[Merge request coaches](https://about.gitlab.com/team/).
+[core team] or one of the [Merge request coaches](https://about.gitlab.com/team/).
 Please ensure that your merge request meets the contribution acceptance criteria.
 
 When having your code reviewed and when reviewing merge requests please take the
-[Thoughtbot code review guide] into account.
+[code review guidelines](doc/development/code_review.md) into account.
 
 ### Merge request description format
 
@@ -497,7 +507,7 @@ reported by emailing `contact@gitlab.com`.
 This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant], version 1.1.0,
 available at [http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/).
 
-[core-team]: https://about.gitlab.com/core-team/
+[core team]: https://about.gitlab.com/core-team/
 [getting-help]: https://about.gitlab.com/getting-help/
 [codetriage]: http://www.codetriage.com/gitlabhq/gitlabhq
 [up-for-grabs]: https://gitlab.com/gitlab-org/gitlab-ce/issues?label_name=up-for-grabs
@@ -523,4 +533,3 @@ available at [http://contributor-covenant.org/version/1/1/0/](http://contributor
 [gitlab-design]: https://gitlab.com/gitlab-org/gitlab-design
 [free Antetype viewer (Mac OSX only)]: https://itunes.apple.com/us/app/antetype-viewer/id824152298?mt=12
 [`gitlab1.atype` file]: https://gitlab.com/gitlab-org/gitlab-design/tree/master/gitlab1.atype/
-[Thoughtbot code review guide]: https://github.com/thoughtbot/guides/tree/master/code-review
diff --git a/Gemfile b/Gemfile
index 67cc3f34b8c..91ad1706a07 100644
--- a/Gemfile
+++ b/Gemfile
@@ -19,8 +19,8 @@ gem "pg", '~> 0.18.2', group: :postgres
 
 # Authentication libraries
 gem 'devise',                 '~> 3.5.4'
+gem 'doorkeeper',             '~> 3.1'
 gem 'devise-async',           '~> 0.9.0'
-gem 'doorkeeper',             '~> 2.2.0'
 gem 'omniauth',               '~> 1.3.1'
 gem 'omniauth-auth0',         '~> 1.4.1'
 gem 'omniauth-azure-oauth2',  '~> 0.0.6'
@@ -36,6 +36,7 @@ gem 'omniauth-shibboleth',    '~> 1.2.0'
 gem 'omniauth-twitter',       '~> 1.2.0'
 gem 'omniauth_crowd',         '~> 2.2.0'
 gem 'rack-oauth2',            '~> 1.2.1'
+gem 'jwt'
 
 # Spam and anti-bot protection
 gem 'recaptcha', require: 'recaptcha/rails'
@@ -178,7 +179,7 @@ gem 'ruby-fogbugz', '~> 0.2.1'
 gem 'd3_rails', '~> 3.5.0'
 
 #cal-heatmap
-gem 'cal-heatmap-rails', '~> 3.5.0'
+gem 'cal-heatmap-rails', '~> 3.6.0'
 
 # underscore-rails
 gem "underscore-rails", "~> 1.8.0"
@@ -197,7 +198,7 @@ gem 'licensee', '~> 8.0.0'
 gem "rack-attack", '~> 4.3.1'
 
 # Ace editor
-gem 'ace-rails-ap', '~> 2.0.1'
+gem 'ace-rails-ap', '~> 4.0.2'
 
 # Keyboard shortcuts
 gem 'mousetrap-rails', '~> 1.4.6'
@@ -217,14 +218,14 @@ gem 'font-awesome-rails', '~> 4.2'
 gem 'gitlab_emoji',       '~> 0.3.0'
 gem 'gon',                '~> 6.0.1'
 gem 'jquery-atwho-rails', '~> 1.3.2'
-gem 'jquery-rails',       '~> 4.0.0'
-gem 'jquery-scrollto-rails', '~> 1.4.3'
+gem 'jquery-rails',       '~> 4.1.0'
 gem 'jquery-ui-rails',    '~> 5.0.0'
 gem 'raphael-rails',      '~> 2.1.2'
 gem 'request_store',      '~> 1.3.0'
 gem 'select2-rails',      '~> 3.5.9'
 gem 'virtus',             '~> 1.0.1'
 gem 'net-ssh',            '~> 3.0.1'
+gem 'base32',             '~> 0.3.0'
 
 # Sentry integration
 gem 'sentry-raven', '~> 0.15'
@@ -242,8 +243,7 @@ group :development do
   gem "foreman"
   gem 'brakeman', '~> 3.2.0', require: false
 
-  gem "annotate", "~> 2.7.0"
-  gem "letter_opener", '~> 1.1.2'
+  gem 'letter_opener_web', '~> 1.3.0'
   gem 'quiet_assets', '~> 1.0.2'
   gem 'rerun', '~> 0.11.0'
   gem 'bullet', require: false
@@ -270,7 +270,7 @@ group :development, :test do
 
   gem 'database_cleaner',   '~> 1.4.0'
   gem 'factory_girl_rails', '~> 4.6.0'
-  gem 'rspec-rails',        '~> 3.3.0'
+  gem 'rspec-rails',        '~> 3.4.0'
   gem 'rspec-retry'
   gem 'spinach-rails',      '~> 0.2.1'
   gem 'spinach-rerun-reporter', '~> 0.0.2'
@@ -320,12 +320,11 @@ gem "newrelic_rpm", '~> 3.14'
 
 gem 'octokit', '~> 4.3.0'
 
-gem "mail_room", "~> 0.6.1"
+gem "mail_room", "~> 0.7"
 
 gem 'email_reply_parser', '~> 0.5.8'
 
 ## CI
-gem 'activerecord-deprecated_finders', '~> 1.0.3'
 gem 'activerecord-session_store', '~> 0.1.0'
 gem "nested_form", '~> 0.3.2'
 
@@ -334,3 +333,6 @@ gem 'oauth2', '~> 1.0.0'
 
 # Soft deletion
 gem "paranoia", "~> 2.0"
+
+# Health check
+gem 'health_check', '~> 1.5.1'
diff --git a/Gemfile.lock b/Gemfile.lock
index e1c07a9ccb0..b55764504c6 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -3,7 +3,7 @@ GEM
   specs:
     CFPropertyList (2.3.2)
     RedCloth (4.2.9)
-    ace-rails-ap (2.0.1)
+    ace-rails-ap (4.0.2)
     actionmailer (4.2.6)
       actionpack (= 4.2.6)
       actionview (= 4.2.6)
@@ -33,7 +33,6 @@ GEM
       activemodel (= 4.2.6)
       activesupport (= 4.2.6)
       arel (~> 6.0)
-    activerecord-deprecated_finders (1.0.4)
     activerecord-session_store (0.1.2)
       actionpack (>= 4.0.0, < 5)
       activerecord (>= 4.0.0, < 5)
@@ -51,9 +50,6 @@ GEM
       activerecord (>= 3.0)
     akismet (2.0.0)
     allocations (1.0.4)
-    annotate (2.7.0)
-      activerecord (>= 3.2, < 6.0)
-      rake (~> 10.4)
     arel (6.0.3)
     asana (0.4.0)
       faraday (~> 0.9)
@@ -74,6 +70,7 @@ GEM
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
     babosa (1.0.2)
+    base32 (0.3.2)
     bcrypt (3.1.10)
     benchmark-ips (2.3.0)
     better_errors (1.0.1)
@@ -103,7 +100,7 @@ GEM
       bundler (~> 1.2)
       thor (~> 0.18)
     byebug (8.2.1)
-    cal-heatmap-rails (3.5.1)
+    cal-heatmap-rails (3.6.0)
     capybara (2.6.2)
       addressable
       mime-types (>= 1.16)
@@ -134,7 +131,7 @@ GEM
       execjs
     coffee-script-source (1.10.0)
     colorize (0.7.7)
-    concurrent-ruby (1.0.1)
+    concurrent-ruby (1.0.2)
     connection_pool (2.2.0)
     coveralls (0.8.13)
       json (~> 1.8)
@@ -175,7 +172,7 @@ GEM
     diff-lcs (1.2.5)
     diffy (3.0.7)
     docile (1.1.5)
-    doorkeeper (2.2.2)
+    doorkeeper (3.1.0)
       railties (>= 3.2)
     dropzonejs-rails (0.7.2)
       rails (> 3.1)
@@ -186,7 +183,7 @@ GEM
     encryptor (1.3.0)
     equalizer (0.0.11)
     erubis (2.7.0)
-    escape_utils (1.1.0)
+    escape_utils (1.1.1)
     eventmachine (1.0.8)
     excon (0.45.4)
     execjs (2.6.0)
@@ -336,7 +333,7 @@ GEM
       json
     get_process_mem (0.2.0)
     gherkin-ruby (0.3.2)
-    github-linguist (4.7.5)
+    github-linguist (4.7.6)
       charlock_holmes (~> 0.7.3)
       escape_utils (~> 1.1.0)
       mime-types (>= 1.19)
@@ -346,14 +343,14 @@ GEM
       flowdock (~> 0.7)
       gitlab-grit (>= 2.4.1)
       multi_json
-    gitlab-grit (2.7.3)
+    gitlab-grit (2.8.1)
       charlock_holmes (~> 0.6)
       diff-lcs (~> 1.1)
-      mime-types (~> 1.15)
+      mime-types (>= 1.16, < 3)
       posix-spawn (~> 0.3)
     gitlab_emoji (0.3.1)
       gemojione (~> 2.2, >= 2.2.1)
-    gitlab_git (10.0.0)
+    gitlab_git (10.1.0)
       activesupport (~> 4.0)
       charlock_holmes (~> 0.7.3)
       github-linguist (~> 4.7.0)
@@ -405,6 +402,8 @@ GEM
       html2haml (>= 1.0.1)
       railties (>= 4.0.1)
     hashie (3.4.3)
+    health_check (1.5.1)
+      rails (>= 2.3.0)
     highline (1.7.8)
     hipchat (1.5.2)
       httparty
@@ -431,12 +430,10 @@ GEM
       json
     ipaddress (0.8.2)
     jquery-atwho-rails (1.3.2)
-    jquery-rails (4.0.5)
-      rails-dom-testing (~> 1.0)
+    jquery-rails (4.1.1)
+      rails-dom-testing (>= 1, < 3)
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
-    jquery-scrollto-rails (1.4.3)
-      railties (> 3.1, < 5.0)
     jquery-turbolinks (2.1.0)
       railties (>= 3.1.0)
       turbolinks
@@ -450,8 +447,12 @@ GEM
     kgio (2.10.0)
     launchy (2.4.3)
       addressable (~> 2.3)
-    letter_opener (1.1.2)
+    letter_opener (1.4.1)
       launchy (~> 2.2)
+    letter_opener_web (1.3.0)
+      actionmailer (>= 3.2)
+      letter_opener (~> 1.0)
+      railties (>= 3.2)
     licensee (8.0.0)
       rugged (>= 0.24b)
     listen (3.0.5)
@@ -463,9 +464,9 @@ GEM
       systemu (~> 2.6.2)
     mail (2.6.4)
       mime-types (>= 1.16, < 4)
-    mail_room (0.6.1)
+    mail_room (0.7.0)
     method_source (0.8.2)
-    mime-types (1.25.1)
+    mime-types (2.99.1)
     mimemagic (0.3.0)
     mini_portile2 (2.0.0)
     minitest (5.7.0)
@@ -660,29 +661,29 @@ GEM
       chunky_png
     rqrcode-rails3 (0.1.7)
       rqrcode (>= 0.4.2)
-    rspec (3.3.0)
-      rspec-core (~> 3.3.0)
-      rspec-expectations (~> 3.3.0)
-      rspec-mocks (~> 3.3.0)
-    rspec-core (3.3.2)
-      rspec-support (~> 3.3.0)
-    rspec-expectations (3.3.1)
+    rspec (3.4.0)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+    rspec-core (3.4.4)
+      rspec-support (~> 3.4.0)
+    rspec-expectations (3.4.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.3.0)
-    rspec-mocks (3.3.2)
+      rspec-support (~> 3.4.0)
+    rspec-mocks (3.4.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.3.0)
-    rspec-rails (3.3.3)
+      rspec-support (~> 3.4.0)
+    rspec-rails (3.4.2)
       actionpack (>= 3.0, < 4.3)
       activesupport (>= 3.0, < 4.3)
       railties (>= 3.0, < 4.3)
-      rspec-core (~> 3.3.0)
-      rspec-expectations (~> 3.3.0)
-      rspec-mocks (~> 3.3.0)
-      rspec-support (~> 3.3.0)
+      rspec-core (~> 3.4.0)
+      rspec-expectations (~> 3.4.0)
+      rspec-mocks (~> 3.4.0)
+      rspec-support (~> 3.4.0)
     rspec-retry (0.4.5)
       rspec-core
-    rspec-support (3.3.0)
+    rspec-support (3.4.1)
     rubocop (0.38.0)
       parser (>= 2.3.0.6, < 3.0)
       powerpack (~> 0.1)
@@ -736,7 +737,7 @@ GEM
       rack
     shoulda-matchers (2.8.0)
       activesupport (>= 3.0.0)
-    sidekiq (4.1.1)
+    sidekiq (4.1.2)
       concurrent-ruby (~> 1.0)
       connection_pool (~> 2.2, >= 2.2.0)
       redis (~> 3.2, >= 3.2.1)
@@ -881,20 +882,19 @@ PLATFORMS
 
 DEPENDENCIES
   RedCloth (~> 4.2.9)
-  ace-rails-ap (~> 2.0.1)
-  activerecord-deprecated_finders (~> 1.0.3)
+  ace-rails-ap (~> 4.0.2)
   activerecord-session_store (~> 0.1.0)
   acts-as-taggable-on (~> 3.4)
   addressable (~> 2.3.8)
   after_commit_queue
   akismet (~> 2.0)
   allocations (~> 1.0)
-  annotate (~> 2.7.0)
   asana (~> 0.4.0)
   asciidoctor (~> 1.5.2)
   attr_encrypted (~> 1.3.4)
   awesome_print (~> 1.2.0)
   babosa (~> 1.0.2)
+  base32 (~> 0.3.0)
   benchmark-ips
   better_errors (~> 1.0.1)
   binding_of_caller (~> 0.7.2)
@@ -904,7 +904,7 @@ DEPENDENCIES
   bullet
   bundler-audit
   byebug
-  cal-heatmap-rails (~> 3.5.0)
+  cal-heatmap-rails (~> 3.6.0)
   capybara (~> 2.6.2)
   capybara-screenshot (~> 1.0.0)
   carrierwave (~> 0.10.0)
@@ -921,7 +921,7 @@ DEPENDENCIES
   devise-async (~> 0.9.0)
   devise-two-factor (~> 2.0.0)
   diffy (~> 3.0.3)
-  doorkeeper (~> 2.2.0)
+  doorkeeper (~> 3.1)
   dropzonejs-rails (~> 0.7.1)
   email_reply_parser (~> 0.5.8)
   email_spec (~> 1.6.0)
@@ -947,20 +947,21 @@ DEPENDENCIES
   grape (~> 0.13.0)
   grape-entity (~> 0.4.2)
   haml-rails (~> 0.9.0)
+  health_check (~> 1.5.1)
   hipchat (~> 1.5.0)
   html-pipeline (~> 1.11.0)
   httparty (~> 0.13.3)
   influxdb (~> 0.2)
   jquery-atwho-rails (~> 1.3.2)
-  jquery-rails (~> 4.0.0)
-  jquery-scrollto-rails (~> 1.4.3)
+  jquery-rails (~> 4.1.0)
   jquery-turbolinks (~> 2.1.0)
   jquery-ui-rails (~> 5.0.0)
+  jwt
   kaminari (~> 0.16.3)
-  letter_opener (~> 1.1.2)
+  letter_opener_web (~> 1.3.0)
   licensee (~> 8.0.0)
   loofah (~> 2.0.3)
-  mail_room (~> 0.6.1)
+  mail_room (~> 0.7)
   method_source (~> 0.8)
   minitest (~> 5.7.0)
   mousetrap-rails (~> 1.4.6)
@@ -1010,7 +1011,7 @@ DEPENDENCIES
   responders (~> 2.0)
   rouge (~> 1.10.1)
   rqrcode-rails3 (~> 0.1.7)
-  rspec-rails (~> 3.3.0)
+  rspec-rails (~> 3.4.0)
   rspec-retry
   rubocop (~> 0.38.0)
   ruby-fogbugz (~> 0.2.1)
@@ -1057,4 +1058,4 @@ DEPENDENCIES
   wikicloth (= 0.8.1)
 
 BUNDLED WITH
-   1.11.2
+   1.12.3
diff --git a/PROCESS.md b/PROCESS.md
index e34f59c6bce..fe3a963110d 100644
--- a/PROCESS.md
+++ b/PROCESS.md
@@ -59,7 +59,7 @@ core team members will mention this person.
 
 Workflow labels are purposely not very detailed since that would be hard to keep
 updated as you would need to re-evaluate them after every comment. We optionally
-use functional labels on demand when want to group related issues to get an
+use functional labels on demand when we want to group related issues to get an
 overview (for example all issues related to RVM, to tackle them in one go) and
 to add details to the issue.
 
@@ -73,6 +73,7 @@ in support or comment for further detail. Do not use `feature request`.
 - ~bug is an issue reporting undesirable or incorrect behavior.
 - ~customer is an issue reported by enterprise subscribers. This label should
 be accompanied by *bug* or *feature proposal* labels.
+
 Example workflow: when a UX designer provided a design but it needs frontend work they remove the UX label and add the frontend label.
 
 ## Functional labels
diff --git a/README.md b/README.md
index afa60116ebb..418d06a45a5 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # GitLab
 
-[![build status](https://ci.gitlab.com/projects/1/status.svg?ref=master)](https://ci.gitlab.com/projects/1?ref=master)
+[![build status](https://gitlab.com/gitlab-org/gitlab-ce/badges/master/build.svg)](https://gitlab.com/gitlab-org/gitlab-ce/commits/master)
 [![Build Status](https://semaphoreci.com/api/v1/projects/2f1a5809-418b-4cc2-a1f4-819607579fe7/400484/shields_badge.svg)](https://semaphoreci.com/gitlabhq/gitlabhq)
 [![Code Climate](https://codeclimate.com/github/gitlabhq/gitlabhq.svg)](https://codeclimate.com/github/gitlabhq/gitlabhq)
 [![Coverage Status](https://coveralls.io/repos/gitlabhq/gitlabhq/badge.svg?branch=master)](https://coveralls.io/r/gitlabhq/gitlabhq?branch=master)
@@ -20,6 +20,10 @@ To see how GitLab looks please see the [features page on our website](https://ab
 - Completely free and open source (MIT Expat license)
 - Powered by [Ruby on Rails](https://github.com/rails/rails)
 
+## Hiring
+
+We're hiring developers, support people, and production engineers all the time, please see our [jobs page](https://about.gitlab.com/jobs/).
+
 ## Editions
 
 There are two editions of GitLab:
@@ -31,11 +35,11 @@ There are two editions of GitLab:
 
 On [about.gitlab.com](https://about.gitlab.com/) you can find more information about:
 
-- [Subscriptions](https://about.gitlab.com/subscription/)
+- [Subscriptions](https://about.gitlab.com/pricing/)
 - [Consultancy](https://about.gitlab.com/consultancy/)
 - [Community](https://about.gitlab.com/community/)
 - [Hosted GitLab.com](https://about.gitlab.com/gitlab-com/) use GitLab as a free service
-- [GitLab Enterprise Edition](https://about.gitlab.com/gitlab-ee/) with additional features aimed at larger organizations.
+- [GitLab Enterprise Edition](https://about.gitlab.com/features/#enterprise) with additional features aimed at larger organizations.
 - [GitLab CI](https://about.gitlab.com/gitlab-ci/) a continuous integration (CI) server that is easy to integrate with GitLab.
 
 ## Requirements
@@ -80,7 +84,7 @@ There are a lot of [third-party applications integrating with GitLab](https://ab
 
 ## GitLab release cycle
 
-For more information about the release process see the [release documentation](http://doc.gitlab.com/ce/release/).
+For more information about the release process see the [release documentation](https://gitlab.com/gitlab-org/release-tools/blob/master/README.md).
 
 ## Upgrading
 
diff --git a/app/assets/images/ci/arch.jpg b/app/assets/images/ci/arch.jpg
deleted file mode 100644
index 0e05674e840..00000000000
Binary files a/app/assets/images/ci/arch.jpg and /dev/null differ
diff --git a/app/assets/images/ci/favicon.ico b/app/assets/images/ci/favicon.ico
deleted file mode 100644
index 9663d4d00b9..00000000000
Binary files a/app/assets/images/ci/favicon.ico and /dev/null differ
diff --git a/app/assets/images/ci/loader.gif b/app/assets/images/ci/loader.gif
deleted file mode 100644
index 2fcb8f2da0d..00000000000
Binary files a/app/assets/images/ci/loader.gif and /dev/null differ
diff --git a/app/assets/images/ci/no_avatar.png b/app/assets/images/ci/no_avatar.png
deleted file mode 100644
index 752d26adba7..00000000000
Binary files a/app/assets/images/ci/no_avatar.png and /dev/null differ
diff --git a/app/assets/images/ci/rails.png b/app/assets/images/ci/rails.png
deleted file mode 100644
index d5edc04e65f..00000000000
Binary files a/app/assets/images/ci/rails.png and /dev/null differ
diff --git a/app/assets/images/ci/service_sample.png b/app/assets/images/ci/service_sample.png
deleted file mode 100644
index 65d29e3fd89..00000000000
Binary files a/app/assets/images/ci/service_sample.png and /dev/null differ
diff --git a/app/assets/javascripts/application.js.coffee b/app/assets/javascripts/application.js.coffee
index 5bac8eef1cb..bffce5a0c0f 100644
--- a/app/assets/javascripts/application.js.coffee
+++ b/app/assets/javascripts/application.js.coffee
@@ -204,6 +204,7 @@ $ ->
     $('.header-content .title').toggle()
     $('.header-content .navbar-collapse').toggle()
     $('.navbar-toggle').toggleClass('active')
+    $('.navbar-toggle i').toggleClass("fa-angle-right fa-angle-left")
 
   # Show/hide comments on diff
   $("body").on "click", ".js-toggle-diff-comments", (e) ->
diff --git a/app/assets/javascripts/awards_handler.coffee b/app/assets/javascripts/awards_handler.coffee
index af4462ece38..bf95e06b4e5 100644
--- a/app/assets/javascripts/awards_handler.coffee
+++ b/app/assets/javascripts/awards_handler.coffee
@@ -1,77 +1,77 @@
 class @AwardsHandler
-  constructor: (@get_emojis_url, @post_emoji_url, @noteable_type, @noteable_id, @aliases) ->
-    $(".js-add-award").on "click", (event) =>
+  constructor: (@getEmojisUrl, @postEmojiUrl, @noteableType, @noteableId, @unicodes) ->
+    $('.js-add-award').on 'click', (event) =>
       event.stopPropagation()
       event.preventDefault()
 
       @showEmojiMenu()
 
-    $("html").on 'click', (event) ->
-      if !$(event.target).closest(".emoji-menu").length
-        if $(".emoji-menu").is(":visible")
-          $(".emoji-menu").removeClass "is-visible"
+    $('html').on 'click', (event) ->
+      if !$(event.target).closest('.emoji-menu').length
+        if $('.emoji-menu').is(':visible')
+          $('.emoji-menu').removeClass 'is-visible'
 
-    $(".awards")
-      .off "click"
-      .on "click", ".js-emoji-btn", @handleClick
+    $('.awards')
+      .off 'click'
+      .on 'click', '.js-emoji-btn', @handleClick
 
     @renderFrequentlyUsedBlock()
 
   handleClick: (e) ->
     e.preventDefault()
     emoji = $(this)
-      .find(".icon")
-      .data "emoji"
+      .find('.icon')
+      .data 'emoji'
 
-    if emoji is "thumbsup" and awards_handler.didUserClickEmoji $(this), "thumbsdown"
-      awards_handler.addAward "thumbsdown"
+    if emoji is 'thumbsup' and awardsHandler.didUserClickEmoji $(this), 'thumbsdown'
+      awardsHandler.addAward 'thumbsdown'
 
-    else if emoji is "thumbsdown" and awards_handler.didUserClickEmoji $(this), "thumbsup"
-      awards_handler.addAward "thumbsup"
+    else if emoji is 'thumbsdown' and awardsHandler.didUserClickEmoji $(this), 'thumbsup'
+      awardsHandler.addAward 'thumbsup'
 
-    awards_handler.addAward emoji
+    awardsHandler.addAward emoji
+
+    $(this).trigger 'blur'
 
   didUserClickEmoji: (that, emoji) ->
-    if $(that).siblings("button:has([data-emoji=#{emoji}])").attr("data-original-title")
-      $(that).siblings("button:has([data-emoji=#{emoji}])").attr("data-original-title").indexOf('me') > -1
+    if $(that).siblings("button:has([data-emoji=#{emoji}])").attr('data-original-title')
+      $(that).siblings("button:has([data-emoji=#{emoji}])").attr('data-original-title').indexOf('me') > -1
 
   showEmojiMenu: ->
-    if $(".emoji-menu").length
-      if $(".emoji-menu").is ".is-visible"
-        $(".emoji-menu").removeClass "is-visible"
-        $("#emoji_search").blur()
+    if $('.emoji-menu').length
+      if $('.emoji-menu').is '.is-visible'
+        $('.emoji-menu').removeClass 'is-visible'
+        $('#emoji_search').blur()
       else
-        $(".emoji-menu").addClass "is-visible"
-        $("#emoji_search").focus()
+        $('.emoji-menu').addClass 'is-visible'
+        $('#emoji_search').focus()
     else
-      $('.js-add-award').addClass "is-loading"
-      $.get @get_emojis_url, (response) =>
-        $('.js-add-award').removeClass "is-loading"
-        $(".js-award-holder").append response
+      $('.js-add-award').addClass 'is-loading'
+      $.get @getEmojisUrl, (response) =>
+        $('.js-add-award').removeClass 'is-loading'
+        $('.js-award-holder').append response
         setTimeout =>
-          $(".emoji-menu").addClass "is-visible"
-          $("#emoji_search").focus()
+          $('.emoji-menu').addClass 'is-visible'
+          $('#emoji_search').focus()
           @setupSearch()
         , 200
 
   addAward: (emoji) ->
-    emoji = @normilizeEmojiName(emoji)
     @postEmoji emoji, =>
       @addAwardToEmojiBar(emoji)
 
-    $(".emoji-menu").removeClass "is-visible"
+    $('.emoji-menu').removeClass 'is-visible'
 
   addAwardToEmojiBar: (emoji) ->
     @addEmojiToFrequentlyUsedList(emoji)
 
-    emoji = @normilizeEmojiName(emoji)
     if @exist(emoji)
       if @isActive(emoji)
         @decrementCounter(emoji)
       else
-        counter = @findEmojiIcon(emoji).siblings(".js-counter")
+        counter = @findEmojiIcon(emoji).siblings('.js-counter')
         counter.text(parseInt(counter.text()) + 1)
-        counter.parent().addClass("active")
+        counter.parent().addClass('active')
         @addMeToAuthorList(emoji)
     else
       @createEmoji(emoji)
@@ -80,47 +80,47 @@ class @AwardsHandler
     @findEmojiIcon(emoji).length > 0
 
   isActive: (emoji) ->
-    @findEmojiIcon(emoji).parent().hasClass("active")
+    @findEmojiIcon(emoji).parent().hasClass('active')
 
   decrementCounter: (emoji) ->
-    counter = @findEmojiIcon(emoji).siblings(".js-counter")
+    counter = @findEmojiIcon(emoji).siblings('.js-counter')
     emojiIcon = counter.parent()
     if parseInt(counter.text()) > 1
       counter.text(parseInt(counter.text()) - 1)
-      emojiIcon.removeClass("active")
+      emojiIcon.removeClass('active')
       @removeMeFromAuthorList(emoji)
-    else if emoji == "thumbsup" || emoji == "thumbsdown"
-      emojiIcon.tooltip("destroy")
+    else if emoji == 'thumbsup' || emoji == 'thumbsdown'
+      emojiIcon.tooltip('destroy')
       counter.text(0)
-      emojiIcon.removeClass("active")
+      emojiIcon.removeClass('active')
       @removeMeFromAuthorList(emoji)
     else
-      emojiIcon.tooltip("destroy")
+      emojiIcon.tooltip('destroy')
       emojiIcon.remove()
 
   removeMeFromAuthorList: (emoji) ->
-    award_block = @findEmojiIcon(emoji).parent()
-    authors = award_block
-      .attr("data-original-title")
-      .split(", ")
-    authors.splice(authors.indexOf("me"),1)
-    award_block
-      .closest(".js-emoji-btn")
-      .attr("data-original-title", authors.join(", "))
-    @resetTooltip(award_block)
+    awardBlock = @findEmojiIcon(emoji).parent()
+    authors = awardBlock
+      .attr('data-original-title')
+      .split(', ')
+    authors.splice(authors.indexOf('me'),1)
+    awardBlock
+      .closest('.js-emoji-btn')
+      .attr('data-original-title', authors.join(', '))
+    @resetTooltip(awardBlock)
 
   addMeToAuthorList: (emoji) ->
-    award_block = @findEmojiIcon(emoji).parent()
-    origTitle = award_block.attr("data-original-title").trim()
+    awardBlock = @findEmojiIcon(emoji).parent()
+    origTitle = awardBlock.attr('data-original-title').trim()
     authors = []
     if origTitle
       authors = origTitle.split(', ')
-    authors.push("me")
-    award_block.attr("data-original-title", authors.join(", "))
-    @resetTooltip(award_block)
+    authors.push('me')
+    awardBlock.attr('data-original-title', authors.join(', '))
+    @resetTooltip(awardBlock)
 
   resetTooltip: (award) ->
-    award.tooltip("destroy")
+    award.tooltip('destroy')
 
     # "destroy" call is asynchronous and there is no appropriate callback on it, this is why we need to set timeout.
     setTimeout (->
@@ -139,28 +139,28 @@ class @AwardsHandler
       "</button>"
     )
 
-    emoji_node = $(nodes.join("\n"))
-      .insertBefore(".js-award-holder")
-      .find(".emoji-icon")
-      .data("emoji", emoji)
+    $(nodes.join("\n"))
+      .insertBefore('.js-award-holder')
+      .find('.emoji-icon')
+      .data('emoji', emoji)
     $('.award-control').tooltip()
 
   resolveNameToCssClass: (emoji) ->
-    emoji_icon = $(".emoji-menu-content [data-emoji='#{emoji}']")
+    emojiIcon = $(".emoji-menu-content [data-emoji='#{emoji}']")
 
-    if emoji_icon.length > 0
-      unicodeName = emoji_icon.data("unicode-name")
+    if emojiIcon.length > 0
+      unicodeName = emojiIcon.data('unicode-name')
     else
       # Find by alias
-      unicodeName = $(".emoji-menu-content [data-aliases*=':#{emoji}:']").data("unicode-name")
+      unicodeName = $(".emoji-menu-content [data-aliases*=':#{emoji}:']").data('unicode-name')
 
     "emoji-#{unicodeName}"
 
   postEmoji: (emoji, callback) ->
-    $.post @post_emoji_url, { note: {
+    $.post @postEmojiUrl, { note: {
       note: ":#{emoji}:"
-      noteable_type: @noteable_type
-      noteable_id: @noteable_id
+      noteable_type: @noteableType
+      noteable_id: @noteableId
     }},(data) ->
       if data.ok
         callback.call()
@@ -173,46 +173,43 @@ class @AwardsHandler
       scrollTop: $('.awards').offset().top - 80
     }, 200)
 
-  normilizeEmojiName: (emoji) ->
-    @aliases[emoji] || emoji
-
   addEmojiToFrequentlyUsedList: (emoji) ->
-    frequently_used_emojis = @getFrequentlyUsedEmojis()
-    frequently_used_emojis.push(emoji)
-    $.cookie('frequently_used_emojis', frequently_used_emojis.join(","), { expires: 365 })
+    frequentlyUsedEmojis = @getFrequentlyUsedEmojis()
+    frequentlyUsedEmojis.push(emoji)
+    $.cookie('frequently_used_emojis', frequentlyUsedEmojis.join(','), { expires: 365 })
 
   getFrequentlyUsedEmojis: ->
-    frequently_used_emojis = ($.cookie('frequently_used_emojis') || "").split(",")
-    _.compact(_.uniq(frequently_used_emojis))
+    frequentlyUsedEmojis = ($.cookie('frequently_used_emojis') || '').split(',')
+    _.compact(_.uniq(frequentlyUsedEmojis))
 
   renderFrequentlyUsedBlock: ->
     if $.cookie('frequently_used_emojis')
-      frequently_used_emojis = @getFrequentlyUsedEmojis()
+      frequentlyUsedEmojis = @getFrequentlyUsedEmojis()
 
-      ul = $("<ul>")
+      ul = $('<ul>')
 
-      for emoji in frequently_used_emojis
+      for emoji in frequentlyUsedEmojis
         do (emoji) ->
-          $(".emoji-menu-content [data-emoji='#{emoji}']").closest("li").clone().appendTo(ul)
+          $(".emoji-menu-content [data-emoji='#{emoji}']").closest('li').clone().appendTo(ul)
 
-      $("input.emoji-search").after(ul).after($("<h5>").text("Frequently used"))
+      $('input.emoji-search').after(ul).after($('<h5>').text('Frequently used'))
 
   setupSearch: ->
-    $("input.emoji-search").keyup (ev) =>
+    $('input.emoji-search').keyup (ev) =>
       term = $(ev.target).val()
 
       # Clean previous search results
-      $("ul.emoji-menu-search, h5.emoji-search").remove()
+      $('ul.emoji-menu-search, h5.emoji-search').remove()
 
       if term
         # Generate a search result block
-        h5 = $("<h5>").text("Search results").addClass("emoji-search")
-        found_emojis = @searchEmojis(term).show()
-        ul = $("<ul>").addClass("emoji-menu-list emoji-menu-search").append(found_emojis)
-        $(".emoji-menu-content ul, .emoji-menu-content h5").hide()
-        $(".emoji-menu-content").append(h5).append(ul)
+        h5 = $('<h5>').text('Search results').addClass('emoji-search')
+        foundEmojis = @searchEmojis(term).show()
+        ul = $('<ul>').addClass('emoji-menu-list emoji-menu-search').append(foundEmojis)
+        $('.emoji-menu-content ul, .emoji-menu-content h5').hide()
+        $('.emoji-menu-content').append(h5).append(ul)
       else
-        $(".emoji-menu-content").children().show()
+        $('.emoji-menu-content').children().show()
 
   searchEmojis: (term)->
     $(".emoji-menu-content [data-emoji*='#{term}']").closest("li").clone()
diff --git a/app/assets/javascripts/ci/application.js.coffee b/app/assets/javascripts/ci/application.js.coffee
index 05aa0f366bb..ca24c1d759f 100644
--- a/app/assets/javascripts/ci/application.js.coffee
+++ b/app/assets/javascripts/ci/application.js.coffee
@@ -1,34 +1,6 @@
-# This is a manifest file that'll be compiled into application.js, which will include all the files
-# listed below.
-#
-# Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-# or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
-#
-# It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-# the compiled file.
-#
-# WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
-# GO AFTER THE REQUIRES BELOW.
-#
 #= require pager
 #= require jquery_nested_form
 #= require_tree .
-#
-$(document).on 'click', '.edit-runner-link', (event) ->
-  event.preventDefault()
-
-  descr = $(this).closest('.runner-description').first()
-  descr.addClass('hide')
-  form = descr.next('.runner-description-form')
-  descrInput = form.find('input.description')
-  originalValue = descrInput.val()
-  form.removeClass('hide')
-  form.find('.cancel').on 'click', (event) ->
-    event.preventDefault()
-
-    form.addClass('hide')
-    descrInput.val(originalValue)
-    descr.removeClass('hide')
 
 $(document).on 'click', '.assign-all-runner', ->
   $(this).replaceWith('<i class="fa fa-refresh fa-spin"></i> Assign in progress..')
diff --git a/app/assets/javascripts/ci/build.coffee b/app/assets/javascripts/ci/build.coffee
index 7afe8bf79e2..fca0c3bae5c 100644
--- a/app/assets/javascripts/ci/build.coffee
+++ b/app/assets/javascripts/ci/build.coffee
@@ -1,9 +1,12 @@
 class CiBuild
   @interval: null
+  @state: null
 
-  constructor: (build_url, build_status) ->
+  constructor: (build_url, build_status, build_state) ->
     clearInterval(CiBuild.interval)
 
+    @state = build_state
+
     @initScrollButtonAffix()
 
     if build_status == "running" || build_status == "pending"
@@ -26,14 +29,18 @@ class CiBuild
       CiBuild.interval = setInterval =>
         if window.location.href.split("#").first() is build_url
           $.ajax
-            url: build_url
+            url: build_url + "/trace.json?state=" + encodeURIComponent(@state)
             dataType: "json"
-            success: (build) =>
-              if build.status == "running"
-                $('#build-trace code').html build.trace_html
-                $('#build-trace code').append '<i class="fa fa-refresh fa-spin"/>'
+            success: (log) =>
+              @state = log.state
+              if log.status is "running"
+                if log.append
+                  $('.fa-refresh').before log.html
+                else
+                  $('#build-trace code').html log.html
+                  $('#build-trace code').append '<i class="fa fa-refresh fa-spin"/>'
                 @checkAutoscroll()
-              else if build.status != build_status
+              else if log.status isnt build_status
                 Turbolinks.visit build_url
       , 4000
 
diff --git a/app/assets/javascripts/dispatcher.js.coffee b/app/assets/javascripts/dispatcher.js.coffee
index 2fdb7562515..f91aa3c5ad7 100644
--- a/app/assets/javascripts/dispatcher.js.coffee
+++ b/app/assets/javascripts/dispatcher.js.coffee
@@ -108,6 +108,8 @@ class Dispatcher
         new BuildArtifacts()
       when 'projects:group_links:index'
         new GroupsSelect()
+      when 'search:show'
+        new Search()
 
     switch path.first()
       when 'admin'
diff --git a/app/assets/javascripts/gl_dropdown.js.coffee b/app/assets/javascripts/gl_dropdown.js.coffee
index 29466e9f2ed..1d1bfeb2e77 100644
--- a/app/assets/javascripts/gl_dropdown.js.coffee
+++ b/app/assets/javascripts/gl_dropdown.js.coffee
@@ -184,6 +184,9 @@ class GitLabDropdown
     @dropdown.on "shown.bs.dropdown", @opened
     @dropdown.on "hidden.bs.dropdown", @hidden
     @dropdown.on "click", ".dropdown-menu, .dropdown-menu-close", @shouldPropagate
+    @dropdown.on 'keyup', (e) =>
+      if e.which is 27 # Escape key
+        $('.dropdown-menu-close', @dropdown).trigger 'click'
 
     if @dropdown.find(".dropdown-toggle-page").length
       @dropdown.find(".dropdown-toggle-page, .dropdown-menu-back").on "click", (e) =>
diff --git a/app/assets/javascripts/issuable_context.js.coffee b/app/assets/javascripts/issuable_context.js.coffee
index 3a439b94c59..3c491ebfc4c 100644
--- a/app/assets/javascripts/issuable_context.js.coffee
+++ b/app/assets/javascripts/issuable_context.js.coffee
@@ -10,8 +10,8 @@ class @IssuableContext
       $(this).submit()
 
     $(document)
-      .off 'click', '.dropdown-content a'
-      .on 'click', '.dropdown-content a', (e) ->
+      .off 'click', '.issuable-sidebar .dropdown-content a'
+      .on 'click', '.issuable-sidebar .dropdown-content a', (e) ->
         e.preventDefault()
 
     $(document)
diff --git a/app/assets/javascripts/issue.js.coffee b/app/assets/javascripts/issue.js.coffee
index c7d74a12f99..157361404e0 100644
--- a/app/assets/javascripts/issue.js.coffee
+++ b/app/assets/javascripts/issue.js.coffee
@@ -12,6 +12,7 @@ class @Issue
 
     @initMergeRequests()
     @initRelatedBranches()
+    @initCanCreateBranch()
 
   initTaskList: ->
     $('.detail-page-description .js-task-list-container').taskList('enable')
@@ -92,3 +93,25 @@ class @Issue
       .success (data) ->
         if 'html' of data
           $container.html(data.html)
+
+  initCanCreateBranch: ->
+    $container = $('div#new-branch')
+
+    # If the user doesn't have the required permissions the container isn't
+    # rendered at all.
+    return unless $container
+
+    $.getJSON($container.data('path'))
+      .error ->
+        $container.find('.checking').hide()
+        $container.find('.unavailable').show()
+
+        new Flash('Failed to check if a new branch can be created.', 'alert')
+      .success (data) ->
+        if data.can_create_branch
+          $container.find('.checking').hide()
+          $container.find('.available').show()
+          $container.find('a').attr('disabled', false)
+        else
+          $container.find('.checking').hide()
+          $container.find('.unavailable').show()
diff --git a/app/assets/javascripts/labels_select.js.coffee b/app/assets/javascripts/labels_select.js.coffee
index 85517b18c5a..995fd768603 100644
--- a/app/assets/javascripts/labels_select.js.coffee
+++ b/app/assets/javascripts/labels_select.js.coffee
@@ -30,7 +30,7 @@ class @LabelsSelect
       if issueUpdateURL
         labelHTMLTemplate = _.template(
             '<% _.each(labels, function(label){ %>
-            <a href="<%= ["",issueURLSplit[1], issueURLSplit[2],""].join("/") %>issues?label_name=<%= _.escape(label.title) %>">
+            <a href="<%= ["",issueURLSplit[1], issueURLSplit[2],""].join("/") %>issues?label_name[]=<%= _.escape(label.title) %>">
             <span class="label has-tooltip color-label" title="<%= _.escape(label.description) %>" style="background-color: <%= label.color %>; color: <%= label.text_color %>;">
             <%= _.escape(label.title) %>
             </span>
@@ -163,6 +163,21 @@ class @LabelsSelect
           $.ajax(
             url: labelUrl
           ).done (data) ->
+            data = _.chain data
+              .groupBy (label) ->
+                label.title
+              .map (label) ->
+                color = _.map label, (dup) ->
+                  dup.color
+
+                return {
+                  id: label[0].id
+                  title: label[0].title
+                  color: color
+                  duplicate: color.length > 1
+                }
+              .value()
+
             if $dropdown.hasClass 'js-extra-options'
               if showNo
                 data.unshift(
@@ -178,6 +193,7 @@ class @LabelsSelect
 
               if data.length > 2
                 data.splice 2, 0, 'divider'
+
             callback data
 
         renderRow: (label) ->
@@ -192,11 +208,31 @@ class @LabelsSelect
           if $dropdown.hasClass('js-multiselect') and removesAll
             selectedClass.push 'dropdown-clear-active'
 
-          color = if label.color? then "<span class='dropdown-label-box' style='background-color: #{label.color}'></span>" else ""
+          if label.duplicate
+            spacing = 100 / label.color.length
+
+            # Reduce the colors to 4
+            label.color = label.color.filter (color, i) ->
+              i < 4
+
+            color = _.map(label.color, (color, i) ->
+              percentFirst = Math.floor(spacing * i)
+              percentSecond = Math.floor(spacing * (i + 1))
+              "#{color} #{percentFirst}%,#{color} #{percentSecond}% "
+            ).join(',')
+            color = "linear-gradient(#{color})"
+          else
+            if label.color?
+              color = label.color[0]
+
+          if color
+            colorEl = "<span class='dropdown-label-box' style='background: #{color}'></span>"
+          else
+            colorEl = ''
 
           "<li>
             <a href='#' class='#{selectedClass.join(' ')}'>
-              #{color}
+              #{colorEl}
               #{_.escape(label.title)}
             </a>
           </li>"
diff --git a/app/assets/javascripts/merge_request_widget.js.coffee b/app/assets/javascripts/merge_request_widget.js.coffee
index 065626beeb8..f58647988a2 100644
--- a/app/assets/javascripts/merge_request_widget.js.coffee
+++ b/app/assets/javascripts/merge_request_widget.js.coffee
@@ -9,11 +9,12 @@ class @MergeRequestWidget
   constructor: (@opts) ->
     $('#modal_merge_info').modal(show: false)
     @firstCICheck = true
-    @readyForCICheck = true
+    @readyForCICheck = false
     clearInterval @fetchBuildStatusInterval
 
     @clearEventListeners()
     @addEventListeners()
+    @getCIStatus(false)
     @pollCIStatus()
     notifyPermissions()
 
@@ -68,20 +69,18 @@ class @MergeRequestWidget
     $.getJSON @opts.ci_status_url, (data) =>
       @readyForCICheck = true
 
-      if @firstCICheck
-        @firstCICheck = false
-        @opts.ci_status = data.status
-
-      if @opts.ci_status is ''
-        @opts.ci_status = data.status
+      if data.status is ''
         return
 
-      if data.status isnt @opts.ci_status and data.status?
+      if @firstCICheck || data.status isnt @opts.ci_status and data.status?
+        @opts.ci_status = data.status
         @showCIStatus data.status
         if data.coverage
           @showCICoverage data.coverage
 
-        if showNotification
+        # The first check should only update the UI, a notification
+        # should only be displayed on status changes
+        if showNotification and not @firstCICheck
           status = @ciLabelForStatus(data.status)
 
           if status is "preparing"
@@ -104,8 +103,7 @@ class @MergeRequestWidget
               @close()
               Turbolinks.visit _this.opts.builds_path
           )
-
-        @opts.ci_status = data.status
+        @firstCICheck = false
 
   showCIStatus: (state) ->
     $('.ci_widget').hide()
diff --git a/app/assets/javascripts/notes.js.coffee b/app/assets/javascripts/notes.js.coffee
index 82e210fed7d..6d9d6528f45 100644
--- a/app/assets/javascripts/notes.js.coffee
+++ b/app/assets/javascripts/notes.js.coffee
@@ -167,8 +167,8 @@ class @Notes
       return
 
     if note.award
-      awards_handler.addAwardToEmojiBar(note.note)
-      awards_handler.scrollToAwards()
+      awardsHandler.addAwardToEmojiBar(note.note)
+      awardsHandler.scrollToAwards()
 
     # render note if it not present in loaded list
     # or skip if rendered
@@ -285,6 +285,7 @@ class @Notes
     form.addClass "js-main-target-form"
 
     form.find("#note_line_code").remove()
+    form.find("#note_type").remove()
 
   ###
   General note form setup.
@@ -373,11 +374,11 @@ class @Notes
 
     new GLForm form
     if scrollTo? and myLastNote?
-      # scroll to the bottom 
+      # scroll to the bottom
       # so the open of the last element doesn't make a jump
       $('html, body').scrollTop($(document).height());
       $('html, body').animate({
-        scrollTop: myLastNote.offset().top - 150  
+        scrollTop: myLastNote.offset().top - 150
       }, 500, ->
         $noteText = form.find(".js-note-text")
         $noteText.focus()
@@ -472,6 +473,7 @@ class @Notes
   setupDiscussionNoteForm: (dataHolder, form) =>
     # setup note target
     form.attr 'id', "new-discussion-note-form-#{dataHolder.data("discussionId")}"
+    form.find("#note_type").val dataHolder.data("noteType")
     form.find("#line_type").val dataHolder.data("lineType")
     form.find("#note_commit_id").val dataHolder.data("commitId")
     form.find("#note_line_code").val dataHolder.data("lineCode")
diff --git a/app/assets/javascripts/right_sidebar.js.coffee b/app/assets/javascripts/right_sidebar.js.coffee
index 67403554340..2d084b76cfe 100644
--- a/app/assets/javascripts/right_sidebar.js.coffee
+++ b/app/assets/javascripts/right_sidebar.js.coffee
@@ -1,10 +1,12 @@
 class @Sidebar
   constructor: (currentUser) ->
+    @sidebar = $('aside')
+
     @addEventListeners()
 
   addEventListeners: ->
-    $('aside').on('click', '.sidebar-collapsed-icon', @sidebarCollapseClicked)
-    $('.dropdown').on('hidden.gl.dropdown', @sidebarDropdownHidden)
+    @sidebar.on('click', '.sidebar-collapsed-icon', @, @sidebarCollapseClicked)
+    $('.dropdown').on('hidden.gl.dropdown', @, @onSidebarDropdownHidden)
     $('.dropdown').on('loading.gl.dropdown', @sidebarDropdownLoading)
     $('.dropdown').on('loaded.gl.dropdown', @sidebarDropdownLoaded)
 
@@ -30,26 +32,56 @@ class @Sidebar
     else
       i.show()
 
-
   sidebarCollapseClicked: (e) ->
+    sidebar = e.data
     e.preventDefault()
     $block = $(@).closest('.block')
+    sidebar.openDropdown($block);
 
-    $('aside')
-      .find('.gutter-toggle')
-      .trigger('click')
-    $editLink = $block.find('.edit-link')
+  openDropdown: (blockOrName) ->
+    $block = if _.isString(blockOrName) then @getBlock(blockOrName) else blockOrName
 
-    if $editLink.length
-      $editLink.trigger('click')
-      $block.addClass('collapse-after-update')
-      $('.page-with-sidebar').addClass('with-overlay')
+    $block.find('.edit-link').trigger('click')
 
-  sidebarDropdownHidden: (e) ->
+    if not @isOpen()
+      @setCollapseAfterUpdate($block)
+      @toggleSidebar('open')
+
+  setCollapseAfterUpdate: ($block) ->
+    $block.addClass('collapse-after-update')
+    $('.page-with-sidebar').addClass('with-overlay')
+
+  onSidebarDropdownHidden: (e) ->
+    sidebar = e.data
+    e.preventDefault()
     $block = $(@).closest('.block')
+    sidebar.sidebarDropdownHidden($block)
+
+  sidebarDropdownHidden: ($block) ->
     if $block.hasClass('collapse-after-update')
       $block.removeClass('collapse-after-update')
       $('.page-with-sidebar').removeClass('with-overlay')
-      $('aside')
-        .find('.gutter-toggle')
-        .trigger('click')
\ No newline at end of file
+      @toggleSidebar('hide')
+
+  triggerOpenSidebar: ->
+    @sidebar
+      .find('.js-sidebar-toggle')
+      .trigger('click')
+
+  toggleSidebar: (action = 'toggle') ->
+    if action is 'toggle'
+      @triggerOpenSidebar()
+
+    if action is 'open'
+      @triggerOpenSidebar() if not @isOpen()
+
+    if action is 'hide'
+      @triggerOpenSidebar() is @isOpen()
+
+  isOpen: ->
+    @sidebar.is('.right-sidebar-expanded')
+
+  getBlock: (name) ->
+    @sidebar.find(".block.#{name}")
+
+
diff --git a/app/assets/javascripts/search.js.coffee b/app/assets/javascripts/search.js.coffee
new file mode 100644
index 00000000000..661e1195f60
--- /dev/null
+++ b/app/assets/javascripts/search.js.coffee
@@ -0,0 +1,75 @@
+class @Search
+  constructor: ->
+    $groupDropdown = $('.js-search-group-dropdown')
+    $projectDropdown = $('.js-search-project-dropdown')
+    @eventListeners()
+
+    $groupDropdown.glDropdown(
+      selectable: true
+      filterable: true
+      fieldName: 'group_id'
+      data: (term, callback) ->
+        Api.groups term, null, (data) ->
+          data.unshift(
+            name: 'Any'
+          )
+          data.splice 1, 0, 'divider'
+
+          callback(data)
+      id: (obj) ->
+        obj.id
+      text: (obj) ->
+        obj.name
+      toggleLabel: (obj) ->
+        "#{$groupDropdown.data('default-label')} #{obj.name}"
+      clicked: =>
+        @submitSearch()
+    )
+
+    $projectDropdown.glDropdown(
+      selectable: true
+      filterable: true
+      fieldName: 'project_id'
+      data: (term, callback) ->
+        Api.projects term, 'id', (data) ->
+          data.unshift(
+            name_with_namespace: 'Any'
+          )
+          data.splice 1, 0, 'divider'
+
+          callback(data)
+      id: (obj) ->
+        obj.id
+      text: (obj) ->
+        obj.name_with_namespace
+      toggleLabel: (obj) ->
+        "#{$projectDropdown.data('default-label')} #{obj.name_with_namespace}"
+      clicked: =>
+        @submitSearch()
+    )
+
+  eventListeners: ->
+    $(document)
+      .off 'keyup', '.js-search-input'
+      .on 'keyup', '.js-search-input', @searchKeyUp
+
+    $(document)
+      .off 'click', '.js-search-clear'
+      .on 'click', '.js-search-clear', @clearSearchField
+
+  submitSearch: ->
+    $('.js-search-form').submit()
+
+  searchKeyUp: ->
+    $input = $(@)
+
+    if $input.val() is ''
+      $('.js-search-clear').addClass 'hidden'
+    else
+      $('.js-search-clear').removeClass 'hidden'
+
+  clearSearchField: ->
+    $('.js-search-input')
+      .val ''
+      .trigger 'keyup'
+      .focus()
diff --git a/app/assets/javascripts/shortcuts.js.coffee b/app/assets/javascripts/shortcuts.js.coffee
index 100e3aac535..f3d66004138 100644
--- a/app/assets/javascripts/shortcuts.js.coffee
+++ b/app/assets/javascripts/shortcuts.js.coffee
@@ -2,34 +2,35 @@ class @Shortcuts
   constructor: ->
     @enabledHelp = []
     Mousetrap.reset()
-    Mousetrap.bind('?', @selectiveHelp)
+    Mousetrap.bind('?', @onToggleHelp)
     Mousetrap.bind('s', Shortcuts.focusSearch)
     Mousetrap.bind(['ctrl+shift+p', 'command+shift+p'], @toggleMarkdownPreview)
     Mousetrap.bind('t', -> Turbolinks.visit(findFileURL)) if findFileURL?
 
-  selectiveHelp: (e) =>
-    Shortcuts.showHelp(e, @enabledHelp)
+  onToggleHelp: (e) =>
+    e.preventDefault()
+    @toggleHelp(@enabledHelp)
 
   toggleMarkdownPreview: (e) =>
     $(document).triggerHandler('markdown-preview:toggle', [e])
 
-  @showHelp: (e, location) ->
-    if $('#modal-shortcuts').length > 0
-      $('#modal-shortcuts').modal('show')
-    else
-      url = '/help/shortcuts'
-      url = gon.relative_url_root + url if gon.relative_url_root?
-      $.ajax(
-        url: url,
-        dataType: 'script',
-        success: (e) ->
-          if location and location.length > 0
-            $(l).show() for l in location
-          else
-            $('.hidden-shortcut').show()
-            $('.js-more-help-button').remove()
-      )
-      e.preventDefault()
+  toggleHelp: (location) ->
+    $modal = $('#modal-shortcuts')
+
+    if $modal.length
+      $modal.modal('toggle')
+      return
+
+    $.ajax(
+      url: gon.shortcuts_path,
+      dataType: 'script',
+      success: (e) ->
+        if location and location.length > 0
+          $(l).show() for l in location
+        else
+          $('.hidden-shortcut').show()
+          $('.js-more-help-button').remove()
+    )
 
   @focusSearch: (e) ->
     $('#search').focus()
diff --git a/app/assets/javascripts/shortcuts_issuable.coffee b/app/assets/javascripts/shortcuts_issuable.coffee
index bbf02f1db24..ccb42ab2168 100644
--- a/app/assets/javascripts/shortcuts_issuable.coffee
+++ b/app/assets/javascripts/shortcuts_issuable.coffee
@@ -4,14 +4,8 @@
 class @ShortcutsIssuable extends ShortcutsNavigation
   constructor: (isMergeRequest) ->
     super()
-    Mousetrap.bind('a', ->
-      $('.block.assignee .edit-link').trigger('click')
-      return false
-    )
-    Mousetrap.bind('m', ->
-      $('.block.milestone .edit-link').trigger('click')
-      return false
-    )
+    Mousetrap.bind('a', @openSidebarDropdown.bind(@, 'assignee'))
+    Mousetrap.bind('m', @openSidebarDropdown.bind(@, 'milestone'))
     Mousetrap.bind('r', =>
       @replyWithSelectedText()
       return false
@@ -28,7 +22,7 @@ class @ShortcutsIssuable extends ShortcutsNavigation
       @editIssue()
       return false
     )
-
+    Mousetrap.bind('l', @openSidebarDropdown.bind(@, 'labels'))
 
     if isMergeRequest
       @enabledHelp.push('.hidden-shortcut.merge_requests')
@@ -71,3 +65,7 @@ class @ShortcutsIssuable extends ShortcutsNavigation
   editIssue: ->
     $editBtn = $('.issuable-edit')
     Turbolinks.visit($editBtn.attr('href'))
+
+  openSidebarDropdown: (name) ->
+    sidebar.openDropdown(name)
+    return false
diff --git a/app/assets/javascripts/shortcuts_navigation.coffee b/app/assets/javascripts/shortcuts_navigation.coffee
index 8decaedd87b..f39504e0645 100644
--- a/app/assets/javascripts/shortcuts_navigation.coffee
+++ b/app/assets/javascripts/shortcuts_navigation.coffee
@@ -14,6 +14,7 @@ class @ShortcutsNavigation extends Shortcuts
     Mousetrap.bind('g m', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-merge_requests'))
     Mousetrap.bind('g w', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-wiki'))
     Mousetrap.bind('g s', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-snippets'))
+    Mousetrap.bind('i', -> ShortcutsNavigation.findAndFollowLink('.shortcuts-new-issue'))
     @enabledHelp.push('.hidden-shortcut.project')
 
   @findAndFollowLink: (selector) ->
diff --git a/app/assets/javascripts/sidebar.js.coffee b/app/assets/javascripts/sidebar.js.coffee
index 860d4f438d0..ea4ac52da31 100644
--- a/app/assets/javascripts/sidebar.js.coffee
+++ b/app/assets/javascripts/sidebar.js.coffee
@@ -12,7 +12,7 @@ toggleSidebar = ->
     niceScrollBars.updateScrollBar();
   ), 300
 
-$(document).on("click", '.toggle-nav-collapse', (e) ->
+$(document).on("click", '.toggle-nav-collapse, .side-nav-toggle', (e) ->
   e.preventDefault()
 
   toggleSidebar()
diff --git a/app/assets/javascripts/todos.js.coffee b/app/assets/javascripts/todos.js.coffee
index 10e698d6a54..10bef96f43d 100644
--- a/app/assets/javascripts/todos.js.coffee
+++ b/app/assets/javascripts/todos.js.coffee
@@ -102,7 +102,8 @@ class @Todos
     todoLink = $(this).data('url')
     return unless todoLink
 
-    if e.metaKey
+    # Allow Meta-Click or Mouse3-click to open in a new tab
+    if e.metaKey or e.which is 2
       e.preventDefault()
       window.open(todoLink,'_blank')
     else
diff --git a/app/assets/javascripts/user_tabs.js.coffee b/app/assets/javascripts/user_tabs.js.coffee
index 09b7eec9104..70614396a4e 100644
--- a/app/assets/javascripts/user_tabs.js.coffee
+++ b/app/assets/javascripts/user_tabs.js.coffee
@@ -26,6 +26,10 @@
 #         Personal projects
 #       </a>
 #     </li>
+#    <li class="snippets-tab">
+#       <a data-action="snippets" data-target="#snippets" data-toggle="tab" href="/u/username/snippets">
+#       </a>
+#     </li>
 #   </ul>
 #
 #   <div class="tab-content">
@@ -41,6 +45,9 @@
 #     <div class="tab-pane" id="projects">
 #       Projects content
 #     </div>
+#     <div class="tab-pane" id="snippets">
+#       Snippets content
+#     </div>
 #   </div>
 #
 #   <div class="loading-status">
@@ -92,7 +99,7 @@ class @UserTabs
     @setCurrentAction(action)
 
   activateTab: (action) ->
-    @parentEl.find(".nav-links .#{action}-tab a").tab('show')
+    @parentEl.find(".nav-links .js-#{action}-tab a").tab('show')
 
   setTab: (source, action) ->
     return if @loaded[action] is true
@@ -100,7 +107,7 @@ class @UserTabs
     if action is 'activity'
       @loadActivities(source)
 
-    if action in ['groups', 'contributed', 'projects']
+    if action in ['groups', 'contributed', 'projects', 'snippets']
       @loadTab(source, action)
 
   loadTab: (source, action) ->
diff --git a/app/assets/stylesheets/framework.scss b/app/assets/stylesheets/framework.scss
index c85ab9148d0..560de9fc0bd 100644
--- a/app/assets/stylesheets/framework.scss
+++ b/app/assets/stylesheets/framework.scss
@@ -25,6 +25,7 @@
 @import "framework/lists.scss";
 @import "framework/markdown_area.scss";
 @import "framework/mobile.scss";
+@import "framework/modal.scss";
 @import "framework/nav.scss";
 @import "framework/pagination.scss";
 @import "framework/progress.scss";
diff --git a/app/assets/stylesheets/framework/avatar.scss b/app/assets/stylesheets/framework/avatar.scss
index 5aa425dab6c..f5ce70b606b 100644
--- a/app/assets/stylesheets/framework/avatar.scss
+++ b/app/assets/stylesheets/framework/avatar.scss
@@ -28,6 +28,7 @@
   &.s46 { width: 46px; height: 46px; margin-right: 15px; }
   &.s48 { width: 48px; height: 48px; margin-right: 10px; }
   &.s60 { width: 60px; height: 60px; margin-right: 12px; }
+  &.s70 { width: 70px; height: 70px; margin-right: 14px; }
   &.s90 { width: 90px; height: 90px; margin-right: 15px; }
   &.s110 { width: 110px; height: 110px; margin-right: 15px; }
   &.s140 { width: 140px; height: 140px; margin-right: 20px; }
diff --git a/app/assets/stylesheets/framework/blocks.scss b/app/assets/stylesheets/framework/blocks.scss
index 62b2af0dbf7..434a26d57c6 100644
--- a/app/assets/stylesheets/framework/blocks.scss
+++ b/app/assets/stylesheets/framework/blocks.scss
@@ -1,5 +1,5 @@
 .light-well {
-  background-color: #f8fafc;
+  background-color: $background-color;
   padding: 15px;
 }
 
@@ -18,7 +18,7 @@
   line-height: 36px;
 }
 
-.gray-content-block {
+.row-content-block {
   margin-top: 0;
   margin-bottom: -$gl-padding;
   background-color: $background-color;
@@ -81,6 +81,11 @@
       margin-left: 10px;
     }
   }
+
+  &.build-content {
+    background-color: $white-light;
+    border-top: none;
+  }
 }
 
 .cover-block {
@@ -113,7 +118,7 @@
     line-height: 1.1;
 
     h1 {
-      color: #313236;
+      color: $gl-gray-dark;
       margin-bottom: 6px;
       font-size: 23px;
     }
@@ -150,6 +155,41 @@
       right: auto;
     }
   }
+
+  &.groups-cover-block {
+    background: $white-light;
+    border-bottom: 1px solid $border-color;
+    text-align: left;
+    padding: 24px 0;
+
+    .group-info {
+      .cover-title {
+        margin-top: 9px;
+      }
+
+      p {
+        margin-bottom: 0;
+      }
+    }
+
+    @media (max-width: $screen-xs-max) {
+      text-align: center;
+
+      .avatar {
+        float: none;
+      }
+    }
+  }
+
+  .group-info {
+
+    h1 {
+      display: inline;
+      font-weight: normal;
+      font-size: 24px;
+      color: $gl-title-color;
+    }
+  }
 }
 
 .block-connector {
diff --git a/app/assets/stylesheets/framework/buttons.scss b/app/assets/stylesheets/framework/buttons.scss
index 18a74fe21a0..eaf85bb17ca 100644
--- a/app/assets/stylesheets/framework/buttons.scss
+++ b/app/assets/stylesheets/framework/buttons.scss
@@ -59,7 +59,7 @@
 }
 
 @mixin btn-gray {
-  @include btn-color($gray-light, $border-gray-light, $gray-normal, $border-gray-light, $gray-dark, $border-gray-dark, #313236);
+  @include btn-color($gray-light, $border-gray-light, $gray-normal, $border-gray-light, $gray-dark, $border-gray-dark, $gl-gray-dark);
 }
 
 @mixin btn-white {
@@ -139,6 +139,10 @@
     pointer-events: auto !important;
   }
 
+  &[disabled] {
+    pointer-events: none !important;
+  }
+
   .caret {
     margin-left: 5px;
   }
@@ -247,3 +251,10 @@
 .btn-file-option {
   background: linear-gradient(180deg, $white-light 25%, $gray-light 100%);
 }
+
+.btn-build {
+  margin-left: 10px;
+  i {
+    color: $gl-icon-color;
+  }
+}
diff --git a/app/assets/stylesheets/framework/calendar.scss b/app/assets/stylesheets/framework/calendar.scss
index 0b3af592d4a..11f39d583bd 100644
--- a/app/assets/stylesheets/framework/calendar.scss
+++ b/app/assets/stylesheets/framework/calendar.scss
@@ -54,6 +54,10 @@
     fill: #254e77 !important;
   }
 
+  .future {
+    visibility: hidden;
+  }
+
   .domain-background {
     fill: none;
     shape-rendering: crispedges;
diff --git a/app/assets/stylesheets/framework/common.scss b/app/assets/stylesheets/framework/common.scss
index 2ade341c9dd..f8aecd0558d 100644
--- a/app/assets/stylesheets/framework/common.scss
+++ b/app/assets/stylesheets/framework/common.scss
@@ -11,6 +11,7 @@
 .prepend-top-10 { margin-top: 10px }
 .prepend-top-default { margin-top: $gl-padding !important; }
 .prepend-top-20 { margin-top: 20px }
+.prepend-left-5 { margin-left: 5px }
 .prepend-left-10 { margin-left: 10px }
 .prepend-left-default { margin-left: $gl-padding; }
 .prepend-left-20 { margin-left: 20px }
@@ -288,7 +289,7 @@ table {
   text-shadow: none;
 
   @media (min-width: $screen-sm-min) {
-    margin-top: 11px;
+    margin-top: 8px;
   }
 }
 
diff --git a/app/assets/stylesheets/framework/dropdowns.scss b/app/assets/stylesheets/framework/dropdowns.scss
index 239eaf15cc1..4bf3a050403 100644
--- a/app/assets/stylesheets/framework/dropdowns.scss
+++ b/app/assets/stylesheets/framework/dropdowns.scss
@@ -42,7 +42,7 @@
   font-size: 15px;
   text-align: left;
   border: 1px solid $dropdown-toggle-border-color;
-  border-radius: $dropdown-border-radius;
+  border-radius: $border-radius-base;
   outline: 0;
   text-overflow: ellipsis;
   white-space: nowrap;
@@ -80,7 +80,7 @@
   padding: 10px 0;
   background-color: $dropdown-bg;
   border: 1px solid $dropdown-border-color;
-  border-radius: $dropdown-border-radius;
+  border-radius: $border-radius-base;
   box-shadow: 0 2px 4px $dropdown-shadow-color;
 
   &.is-loading {
diff --git a/app/assets/stylesheets/framework/files.scss b/app/assets/stylesheets/framework/files.scss
index 32cc15113f2..61d9954c6c8 100644
--- a/app/assets/stylesheets/framework/files.scss
+++ b/app/assets/stylesheets/framework/files.scss
@@ -84,10 +84,6 @@
       }
     }
 
-    &.blob_file {
-
-    }
-
     &.blob-no-preview {
       background: #eee;
       text-shadow: 0 1px 2px #fff;
diff --git a/app/assets/stylesheets/framework/forms.scss b/app/assets/stylesheets/framework/forms.scss
index 54cb5461113..558b133f593 100644
--- a/app/assets/stylesheets/framework/forms.scss
+++ b/app/assets/stylesheets/framework/forms.scss
@@ -78,6 +78,24 @@ label {
   border-radius: 3px;
 }
 
+.select-wrapper {
+  position: relative;
+
+  .caret {
+    position: absolute;
+    right: 10px;
+    top: $gl-padding;
+    color: $gray-darkest;
+    pointer-events: none;
+  }
+}
+
+.select-control {
+  padding-left: 10px;
+  padding-right: 10px;
+  -webkit-appearance: none;
+}
+
 .form-control-inline {
   display: inline;
 }
diff --git a/app/assets/stylesheets/framework/gitlab-theme.scss b/app/assets/stylesheets/framework/gitlab-theme.scss
index c83cf881596..16cf394c426 100644
--- a/app/assets/stylesheets/framework/gitlab-theme.scss
+++ b/app/assets/stylesheets/framework/gitlab-theme.scss
@@ -9,8 +9,7 @@
 @mixin gitlab-theme($color-light, $color, $color-darker, $color-dark) {
   .page-with-sidebar {
     .header-logo {
-      background-color: $color;
-      border-color: $color;
+      background: $color-darker;
 
       a {
         color: $color-light;
@@ -21,9 +20,13 @@
       }
 
       &:hover {
-        background-color: $color-darker;
+        background-color: $color-dark;
         a {
           color: #fff;
+
+          h3 {
+            color: #fff;
+          }
         }
       }
     }
@@ -87,8 +90,8 @@
 }
 
 $theme-blue: #2980b9;
-$theme-charcoal: #333c47;
-$theme-graphite: #888;
+$theme-charcoal: #3d454d;
+$theme-graphite: #666;
 $theme-gray: #373737;
 $theme-green: #019875;
 $theme-violet: #548;
@@ -99,11 +102,11 @@ body {
   }
 
   &.ui_charcoal {
-    @include gitlab-theme(#c5d0de, $theme-charcoal, #2b333d, #24272d);
+    @include gitlab-theme(#d6d7d9, #485157, $theme-charcoal, #353b41);
   }
 
   &.ui_graphite {
-    @include gitlab-theme(#ccc, $theme-graphite, #777, #666);
+    @include gitlab-theme(#ccc, #777, $theme-graphite, #555);
   }
 
   &.ui_gray {
diff --git a/app/assets/stylesheets/framework/header.scss b/app/assets/stylesheets/framework/header.scss
index c303380764b..0da96c4017d 100644
--- a/app/assets/stylesheets/framework/header.scss
+++ b/app/assets/stylesheets/framework/header.scss
@@ -6,12 +6,12 @@ header {
   transition-duration: .3s;
 
   &.navbar-empty {
-    height: 58px;
+    height: $header-height;
     background: #fff;
-    border-bottom: 1px solid #eee;
+    border-bottom: 1px solid $btn-gray-hover;
 
     .center-logo {
-      margin: 11px 0;
+      margin: 8px 0;
       text-align: center;
 
       #tanuki-logo, img {
@@ -22,13 +22,21 @@ header {
   }
 
   &.navbar-gitlab {
-    padding: 0 20px;
+    padding: 0 16px;
     z-index: 100;
     margin-bottom: 0;
-    min-height: $header-height;
-    background-color: #fff;
+    height: $header-height;
+    background-color: $background-color;
     border: none;
-    border-bottom: 1px solid #eee;
+    border-bottom: 1px solid $border-color;
+
+    @media (max-width: $screen-xs-min) {
+      padding: 0 16px;
+    }
+
+    &.with-horizontal-nav {
+      border-bottom: none;
+    }
 
     .container-fluid {
       width: 100% !important;
@@ -47,7 +55,7 @@ header {
         text-align: center;
 
         &:hover, &:focus, &:active {
-          background-color: #fff;
+          background-color: $background-color;
         }
       }
 
@@ -56,16 +64,44 @@ header {
         margin: 6px 0;
         border-radius: 0;
         position: absolute;
-        right: 2px;
+        right: -10px;
+        padding: 6px 10px;
 
         &:hover {
-          background-color: #eee;
+          background-color: $btn-gray-hover;
         }
+
         &.active {
           color: $gl-icon-color;
         }
       }
     }
+
+    &.header-collapsed {
+      padding: 0 16px;
+    }
+
+    .side-nav-toggle {
+      display: none;
+      position: absolute;
+      left: -10px;
+      margin: 6px 0;
+      padding: 6px 10px;
+      border: none;
+      background-color: $background-color;
+
+      &:hover {
+        background-color: $btn-gray-hover;
+      }
+
+      &:focus {
+        outline: none;
+      }
+
+      @media (max-width: $screen-xs-min) {
+        display: block;
+      }
+    }
   }
 
   .header-content {
@@ -73,6 +109,10 @@ header {
     height: $header-height;
     padding-right: 40px;
 
+    @media (max-width: $screen-xs-min) {
+      padding-left: 40px;
+    }
+
     @media (min-width: $screen-sm-min) {
       padding-right: 0;
     }
@@ -141,6 +181,10 @@ header {
   @media (min-width: $screen-md-min) {
     @include collapsed-header;
   }
+
+  @media (max-width: $screen-xs-min) {
+    margin-left: 0;
+  }
 }
 
 .header-expanded {
@@ -149,6 +193,10 @@ header {
   @media (min-width: $screen-md-min) {
     margin-left: $sidebar_width;
   }
+
+  @media (max-width: $screen-xs-min) {
+    margin-left: 0;
+  }
 }
 
 @media (max-width: $screen-xs-max) {
diff --git a/app/assets/stylesheets/framework/markdown_area.scss b/app/assets/stylesheets/framework/markdown_area.scss
index 704fa1ff800..fd885b38680 100644
--- a/app/assets/stylesheets/framework/markdown_area.scss
+++ b/app/assets/stylesheets/framework/markdown_area.scss
@@ -95,7 +95,7 @@
   &.md-preview-holder {
     code {
       white-space: pre-wrap;
-      word-break: break-all;
+      word-break: keep-all;
     }
   }
 }
diff --git a/app/assets/stylesheets/framework/mobile.scss b/app/assets/stylesheets/framework/mobile.scss
index 7eb451c124e..33cbee85987 100644
--- a/app/assets/stylesheets/framework/mobile.scss
+++ b/app/assets/stylesheets/framework/mobile.scss
@@ -30,7 +30,7 @@
   }
 
   .rss-btn {
-    display: none !important;
+    display: none;
   }
 
   .project-home-links {
diff --git a/app/assets/stylesheets/framework/modal.scss b/app/assets/stylesheets/framework/modal.scss
new file mode 100644
index 00000000000..26ad2870aa0
--- /dev/null
+++ b/app/assets/stylesheets/framework/modal.scss
@@ -0,0 +1,22 @@
+.modal-body {
+  position: relative;
+  overflow-y: auto;
+  padding: 15px;
+
+  .form-actions {
+    margin: -$gl-padding+1;
+    margin-top: 15px;
+  }
+
+  .text-danger {
+    font-weight: bold;
+  }
+}
+
+body.modal-open {
+  overflow: hidden;
+}
+
+.modal .modal-dialog {
+  width: 860px;
+}
diff --git a/app/assets/stylesheets/framework/nav.scss b/app/assets/stylesheets/framework/nav.scss
index 192d53b048a..a81fcb1c6b3 100644
--- a/app/assets/stylesheets/framework/nav.scss
+++ b/app/assets/stylesheets/framework/nav.scss
@@ -26,8 +26,8 @@
     }
 
     &.active a {
-      color: #000;
-      border-bottom: 2px solid #4688f1;
+      border-bottom: 2px solid $link-underline-blue;
+      color: $black;
     }
 
     .badge {
@@ -140,6 +140,12 @@
       }
     }
 
+    .project-filter-form {
+      input {
+        background-color: $background-color;
+      }
+    }
+
     @media (max-width: $screen-xs-max) {
       padding-bottom: 0;
 
@@ -185,3 +191,92 @@
     }
   }
 }
+
+.layout-nav {
+  position: fixed;
+  top: $header-height;
+  width: 100%;
+  z-index: 1;
+  background: $background-color;
+  border-bottom: 1px solid $border-color;
+  transition-duration: .3s;
+
+  .container-fluid {
+    position: relative;
+  }
+
+  .controls {
+    float: right;
+    padding: 7px 0 0;
+
+    @media (max-width: $screen-xs-min) {
+      float: none;
+      padding: 0 9px;
+
+      .dropdown-new {
+        width: 100%;
+      }
+    }
+
+    i {
+      color: $layout-link-gray;
+    }
+
+    .fa-rss,
+    .fa-cog {
+      font-size: 16px;
+    }
+
+    .fa-caret-down {
+      margin-left: 5px;
+      color: $gl-icon-color;
+    }
+
+    .dropdown {
+      margin-left: 7px;
+
+      @media (max-width: $screen-xs-min) {
+        margin-left: 0;
+      }
+    }
+  }
+
+  .nav-links {
+    border-bottom: none;
+    height: 51px;
+    white-space: nowrap;
+    overflow-x: auto;
+
+    li {
+
+      a {
+        padding-top: 10px;
+      }
+
+      a, i {
+        color: $layout-link-gray;
+      }
+
+      &.active {
+        a, i {
+          color: $black;
+        }
+      }
+
+      .badge {
+        color: $gl-icon-color;
+      }
+    }
+  }
+
+}
+
+.page-with-layout-nav {
+  margin-top: 50px;
+
+  &.controls-dropdown-visible {
+    @media (max-width: $screen-xs-min) {
+      margin-top: 96px;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/framework/selects.scss b/app/assets/stylesheets/framework/selects.scss
index b2fab387e17..6efc6ec1e4b 100644
--- a/app/assets/stylesheets/framework/selects.scss
+++ b/app/assets/stylesheets/framework/selects.scss
@@ -7,13 +7,11 @@
   .select2-choice {
     background: #fff;
     border-color: $input-border;
-    border-color: $border-white-light;
     height: 35px;
     padding: $gl-vert-padding $gl-btn-padding;
     font-size: $gl-font-size;
     line-height: 1.42857143;
-
-    @include border-radius($border-radius-default);
+    border-radius: $border-radius-base;
 
     .select2-arrow {
       background-image: none;
@@ -121,9 +119,6 @@
   }
 }
 
-.select2-container-multi .select2-choices .select2-search-choice {
-}
-
 .select2-drop-active {
   margin-top: 6px;
   font-size: 14px;
@@ -202,6 +197,14 @@
   }
 }
 
+.select2-highlighted {
+  .group-result {
+    .group-path {
+      color: #fff;
+    }
+  }
+}
+
 .group-result {
   .group-image {
     float: left;
diff --git a/app/assets/stylesheets/framework/sidebar.scss b/app/assets/stylesheets/framework/sidebar.scss
index 18189e985c4..f90d7a806d3 100644
--- a/app/assets/stylesheets/framework/sidebar.scss
+++ b/app/assets/stylesheets/framework/sidebar.scss
@@ -3,6 +3,7 @@
   position: absolute;
   width: 58px;
   cursor: pointer;
+  margin-top: 8px;
 }
 
 .page-with-sidebar {
@@ -62,7 +63,7 @@
       float: left;
       height: $header-height;
       width: 100%;
-      padding: 11px 0 11px 22px;
+      padding-left: 22px;
       overflow: hidden;
       outline: none;
       transition-duration: .3s;
@@ -85,7 +86,7 @@
           margin: 0;
           margin-left: 50px;
           font-size: 19px;
-          line-height: 41px;
+          line-height: 50px;
           font-weight: normal;
         }
       }
@@ -97,7 +98,7 @@
   }
 
   .sidebar-user {
-    padding: 9px 22px;
+    padding: 7px 22px;
     position: fixed;
     bottom: 40px;
     width: $sidebar_width;
@@ -209,15 +210,33 @@
   }
 }
 
+.sidebar-wrapper {
+  &.hidden-nav {
+    width: 0;
+  }
+}
+
 .page-sidebar-collapsed {
   padding-left: $sidebar_collapsed_width;
 
+  @media (max-width: $screen-xs-min) {
+    padding-left: 0;
+  }
+
   .sidebar-wrapper {
     width: $sidebar_collapsed_width;
 
+    @media (max-width: $screen-xs-min) {
+      width: 0;
+    }
+
     .header-logo {
       width: $sidebar_collapsed_width;
 
+      @media (max-width: $screen-xs-min) {
+        width: 0;
+      }
+
       a {
         padding-left: ($sidebar_collapsed_width - 36) / 2;
 
@@ -243,17 +262,35 @@
 
     .collapse-nav a {
       width: $sidebar_collapsed_width;
+
+      @media (max-width: $screen-xs-min) {
+        width: 0;
+      }
     }
 
     .sidebar-user {
       padding-left: ($sidebar_collapsed_width - 36) / 2;
       width: $sidebar_collapsed_width;
 
+      @media (max-width: $screen-xs-min) {
+        width: 0;
+        padding-left: 0;
+        padding-right: 0;
+      }
+
       .username {
         display: none;
       }
     }
   }
+
+  .layout-nav {
+    padding-right: $sidebar_collapsed_width;
+
+    @media (max-width: $screen-xs-min) {
+      padding-right: 0;;
+    }
+  }
 }
 
 .page-sidebar-expanded {
@@ -263,6 +300,10 @@
     padding-left: $sidebar_width;
   }
 
+  @media (max-width: $screen-xs-min) {
+    padding-left: 0;
+  }
+
   .sidebar-wrapper {
     width: $sidebar_width;
 
@@ -271,7 +312,7 @@
     }
 
     .nav-sidebar li a {
-      width: 230px;
+      width: $sidebar_width;
 
       &.back-link {
         i {
@@ -280,6 +321,20 @@
       }
     }
   }
+
+  .layout-nav {
+    @media (max-width: $screen-xs-min) {
+      padding-right: 0;;
+    }
+
+    @media (min-width: $screen-xs-min) and (max-width: $screen-md-min) {
+      padding-right: 62px;
+    }
+
+    @media (min-width: $screen-md-min) {
+      padding-right: $sidebar_width;
+    }
+  }
 }
 
 .right-sidebar-collapsed {
diff --git a/app/assets/stylesheets/framework/tables.scss b/app/assets/stylesheets/framework/tables.scss
index 75b770ae5a2..b42075c98d0 100644
--- a/app/assets/stylesheets/framework/tables.scss
+++ b/app/assets/stylesheets/framework/tables.scss
@@ -32,13 +32,11 @@ table {
       th {
         background-color: $background-color;
         font-weight: normal;
-        font-size: 15px;
-        border-bottom: 1px solid $border-color;
+        border-bottom: none;
       }
 
       td {
         border-color: $table-border-color;
-        border-bottom: 1px solid $border-color;
       }
     }
   }
diff --git a/app/assets/stylesheets/framework/timeline.scss b/app/assets/stylesheets/framework/timeline.scss
index f0ec250de2b..29501069d27 100644
--- a/app/assets/stylesheets/framework/timeline.scss
+++ b/app/assets/stylesheets/framework/timeline.scss
@@ -11,7 +11,7 @@
     border-bottom: 1px solid $border-white-light;
 
     &:target {
-      background: $row-hover;
+      background: $line-target-blue;
     }
 
     .avatar {
diff --git a/app/assets/stylesheets/framework/tw_bootstrap.scss b/app/assets/stylesheets/framework/tw_bootstrap.scss
index 96bab7880c2..6a45c34ccbb 100644
--- a/app/assets/stylesheets/framework/tw_bootstrap.scss
+++ b/app/assets/stylesheets/framework/tw_bootstrap.scss
@@ -81,7 +81,7 @@
 
 // Labels
 .label {
-  padding: 2px 4px;
+  padding: 4px 5px;
   font-size: 13px;
   font-style: normal;
   font-weight: normal;
diff --git a/app/assets/stylesheets/framework/tw_bootstrap_variables.scss b/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
index c72af5dad0a..371c1bf17e1 100644
--- a/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
+++ b/app/assets/stylesheets/framework/tw_bootstrap_variables.scss
@@ -153,8 +153,8 @@ $nav-link-padding: 13px $gl-padding;
 //== Code
 //
 //##
-$pre-bg:           #f8fafc !default;
+$pre-bg:           $background-color !default;
 $pre-color:        $gl-gray !default;
-$pre-border-color: #e7e9ed;
+$pre-border-color: $border-color;
 
 $table-bg-accent: $background-color;
diff --git a/app/assets/stylesheets/framework/typography.scss b/app/assets/stylesheets/framework/typography.scss
index 0a5b4b8834c..2779cd56788 100644
--- a/app/assets/stylesheets/framework/typography.scss
+++ b/app/assets/stylesheets/framework/typography.scss
@@ -42,14 +42,14 @@
     margin: 24px 0 12px;
     padding: 0 0 10px;
     border-bottom: 1px solid #e7e9ed;
-    color: #313236;
+    color: $gl-gray-dark;
   }
 
   h2 {
     font-size: 1.2em;
     font-weight: 600;
     margin: 24px 0 12px;
-    color: #313236;
+    color: $gl-gray-dark;
   }
 
   h3 {
@@ -205,6 +205,10 @@ h1, h2, h3, h4, h5, h6 {
   font-weight: 600;
 }
 
+.light-header {
+  font-weight: 600;
+}
+
 /** CODE **/
 pre {
   font-family: $monospace_font;
@@ -259,3 +263,9 @@ h1, h2, h3, h4 {
     color: $gl-gray;
   }
 }
+
+.text-right-lg {
+  @media (min-width: $screen-lg-min) {
+    text-align: right;
+  }
+}
diff --git a/app/assets/stylesheets/framework/variables.scss b/app/assets/stylesheets/framework/variables.scss
index 30ca27ab104..5fa4c266607 100644
--- a/app/assets/stylesheets/framework/variables.scss
+++ b/app/assets/stylesheets/framework/variables.scss
@@ -2,7 +2,7 @@
  * Layout
  */
 $sidebar_collapsed_width: 62px;
-$sidebar_width: 230px;
+$sidebar_width: 220px;
 $gutter_collapsed_width: 62px;
 $gutter_width: 290px;
 $gutter_inner_width: 258px;
@@ -12,7 +12,7 @@ $gutter_inner_width: 258px;
  */
 $border-color:       #e5e5e5;
 $focus-border-color: #3aabf0;
-$table-border-color: #eef0f2;
+$table-border-color: #ececec;
 $background-color:   #fafafa;
 
 /*
@@ -20,7 +20,7 @@ $background-color:   #fafafa;
  */
 $gl-font-size:         15px;
 $gl-title-color:       #333;
-$gl-text-color:        #555;
+$gl-text-color:        #5c5c5c;
 $gl-text-green:        #4a2;
 $gl-text-red:          #d12f19;
 $gl-text-orange:       #d90;
@@ -30,6 +30,7 @@ $gl-placeholder-color: #8f8f8f;
 $gl-icon-color:        $gl-placeholder-color;
 $gl-grayish-blue:      #7f8fa4;
 $gl-gray:              $gl-text-color;
+$gl-gray-dark:         #313236;
 $gl-header-color:      $gl-title-color;
 
 /*
@@ -65,16 +66,18 @@ $gl-padding-top: 10px;
 $row-hover: #f4f8fe;
 $progress-color: #c0392b;
 $avatar_radius: 50%;
-$header-height: 58px;
+$header-height: 50px;
 $fixed-layout-width: 1280px;
 $gl-avatar-size: 40px;
 $error-exclamation-point: #e62958;
 $border-radius-default: 2px;
 $btn-transparent-color: #8f8f8f;
-$ssh-key-icon-color: #8f8f8f;
-$ssh-key-icon-size: 18px;
+$settings-icon-size: 18px;
 $provider-btn-group-border: #e5e5e5;
 $provider-btn-not-active-color: #4688f1;
+$link-underline-blue: #4a8bee;
+$layout-link-gray: #7e7c7c;
+$todo-alert-blue: #428bca;
 
 /*
  * Color schema
@@ -109,6 +112,7 @@ $red-light: #e52c5a;
 $red-normal: #d22852;
 $red-dark: darken($red-normal, 5%);
 
+$black: #000;
 $black-transparent: rgba(0, 0, 0, 0.3);
 
 $border-white-light: #f1f2f4;
@@ -168,8 +172,12 @@ $line-removed: #fbe9eb;
 $line-removed-dark: #fac5cd;
 $line-number-old: #f9d7dc;
 $line-number-new: #ddfbe6;
+$line-number-select: #fbf2da;
 $match-line: #fafafa;
 $table-border-gray: #f0f0f0;
+$line-target-blue: #eaf3fc;
+$line-select-yellow: #fcf8e7;
+$line-select-yellow-dark: #f0e2bd;
 /*
  * Fonts
  */
@@ -179,7 +187,6 @@ $regular_font: 'Source Sans Pro', "Helvetica Neue", Helvetica, Arial, sans-serif
 /*
 * Dropdowns
 */
-$dropdown-border-radius: 2px;
 $dropdown-width: 300px;
 $dropdown-bg: #fff;
 $dropdown-link-color: #555;
@@ -208,6 +215,7 @@ $dropdown-toggle-hover-icon-color: $dropdown-toggle-hover-border-color;
 $btn-active-gray: #ececec;
 $btn-placeholder-gray: #c7c7c7;
 $btn-white-active: #848484;
+$btn-gray-hover: #eee;
 
 /*
  *  Award emoji
diff --git a/app/assets/stylesheets/framework/zen.scss b/app/assets/stylesheets/framework/zen.scss
index f870ea0d87f..ff02ebdd34c 100644
--- a/app/assets/stylesheets/framework/zen.scss
+++ b/app/assets/stylesheets/framework/zen.scss
@@ -32,7 +32,7 @@
   }
 }
 
-.zen-cotrol {
+.zen-control {
   padding: 0;
   color: #555;
   background: none;
diff --git a/app/assets/stylesheets/highlight/monokai.scss b/app/assets/stylesheets/highlight/monokai.scss
index 28253d4ccb4..80a509a7c1a 100644
--- a/app/assets/stylesheets/highlight/monokai.scss
+++ b/app/assets/stylesheets/highlight/monokai.scss
@@ -111,8 +111,6 @@
   .vg { color: #f8f8f2 } /* Name.Variable.Global */
   .vi { color: #f8f8f2 } /* Name.Variable.Instance */
   .il { color: #ae81ff } /* Literal.Number.Integer.Long */
-
-  .gh { } /* Generic Heading & Diff Header */
   .gu { color: #75715e; } /* Generic.Subheading & Diff Unified/Comment? */
   .gd { color: #f92672; } /* Generic.Deleted & Diff Deleted */
   .gi { color: #a6e22e; } /* Generic.Inserted & Diff Inserted */
diff --git a/app/assets/stylesheets/highlight/white.scss b/app/assets/stylesheets/highlight/white.scss
index 1ff6ad75e07..31a4e3deaac 100644
--- a/app/assets/stylesheets/highlight/white.scss
+++ b/app/assets/stylesheets/highlight/white.scss
@@ -21,11 +21,6 @@
 
   // Diff line
   .line_holder {
-    td.diff-line-num.hll:not(.empty-cell),
-    td.line_content.hll:not(.empty-cell) {
-      background-color: #f8eec7;
-      border-color: darken(#f8eec7, 15%);
-    }
 
     .diff-line-num {
       &.old {
@@ -37,11 +32,16 @@
         background-color: $line-number-new;
         border-color: $line-added-dark;
       }
+
+      &.hll:not(.empty-cell) {
+        background-color: $line-number-select;
+        border-color: $line-select-yellow-dark;
+      }
     }
 
     .line_content {
       &.old {
-        background: $line-removed;
+        background-color: $line-removed;
 
         span.idiff {
           background-color: $line-removed-dark;
@@ -58,7 +58,11 @@
 
       &.match {
         color: $black-transparent;
-        background: $match-line;
+        background-color: $match-line;
+      }
+
+      &.hll:not(.empty-cell) {
+        background-color: $line-select-yellow;
       }
     }
   }
diff --git a/app/assets/stylesheets/pages/builds.scss b/app/assets/stylesheets/pages/builds.scss
index 201f3e5ca46..aa41565f812 100644
--- a/app/assets/stylesheets/pages/builds.scss
+++ b/app/assets/stylesheets/pages/builds.scss
@@ -83,3 +83,12 @@
     }
   }
 }
+
+table.builds {
+
+  .build-link {
+    a {
+      color: $gl-dark-link-color;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/pages/commit.scss b/app/assets/stylesheets/pages/commit.scss
index 358d2f4ab9d..c2cd227571f 100644
--- a/app/assets/stylesheets/pages/commit.scss
+++ b/app/assets/stylesheets/pages/commit.scss
@@ -31,9 +31,23 @@
   }
   .commit-committer-link,
   .commit-author-link {
-    color: #444;
+    color: $gl-gray;
     font-weight: bold;
   }
+
+  .time_ago {
+    margin-left: 8px;
+  }
+
+  .fa-clipboard {
+    color: $dropdown-title-btn-color;
+  }
+
+  .commit-info {
+    &.branches {
+      margin-left: 8px;
+    }
+  }
 }
 
 .commit-box {
@@ -42,7 +56,7 @@
   .commit-title {
     margin: 0;
     font-size: 23px;
-    color: #313236;
+    color: $gl-gray-dark;
   }
 
   .commit-description {
@@ -83,6 +97,14 @@
   }
 }
 
+.commit-action-buttons {
+  i {
+    color: $gl-icon-color;
+    font-size: 13px;
+    margin-right: 3px;
+  }
+}
+
 /*
  * Commit message textarea for web editor and
  * custom merge request message
diff --git a/app/assets/stylesheets/pages/detail_page.scss b/app/assets/stylesheets/pages/detail_page.scss
index 751a5ab4d92..5e61e61d85c 100644
--- a/app/assets/stylesheets/pages/detail_page.scss
+++ b/app/assets/stylesheets/pages/detail_page.scss
@@ -22,7 +22,7 @@
   .title {
     margin: 0;
     font-size: 23px;
-    color: #313236;
+    color: $gl-gray-dark;
   }
 
   .description {
@@ -40,6 +40,7 @@
   .wiki {
     code {
       white-space: pre-wrap;
+      word-break: keep-all;
     }
   }
 }
diff --git a/app/assets/stylesheets/pages/diff.scss b/app/assets/stylesheets/pages/diff.scss
index e7c8198ba45..1a7d5f9666e 100644
--- a/app/assets/stylesheets/pages/diff.scss
+++ b/app/assets/stylesheets/pages/diff.scss
@@ -98,7 +98,11 @@
       }
 
       td.line_content.parallel {
-        width: 50%;
+        width: 46%;
+      }
+
+      .add-diff-note {
+        margin-left: -65px;
       }
     }
 
@@ -127,8 +131,13 @@
       margin: 0;
       padding: 0 0.5em;
       border: none;
+
       &.parallel {
         display: table-cell;
+
+        span {
+          word-break: break-all;
+        }
       }
     }
 
diff --git a/app/assets/stylesheets/pages/graph.scss b/app/assets/stylesheets/pages/graph.scss
index 4e5c4ed84b6..f7f9a9bb770 100644
--- a/app/assets/stylesheets/pages/graph.scss
+++ b/app/assets/stylesheets/pages/graph.scss
@@ -18,9 +18,6 @@
 }
 
 .graphs {
-  .graph-author-commits-count {
-  }
-
   .graph-author-email {
     float: right;
     color: #777;
diff --git a/app/assets/stylesheets/pages/help.scss b/app/assets/stylesheets/pages/help.scss
index ee95bdf488e..4a95b7b852e 100644
--- a/app/assets/stylesheets/pages/help.scss
+++ b/app/assets/stylesheets/pages/help.scss
@@ -55,25 +55,6 @@
   }
 }
 
-.modal-body {
-  position: relative;
-  overflow-y: auto;
-  padding: 15px;
-
-  .form-actions {
-    margin: -$gl-padding+1;
-    margin-top: 15px;
-  }
-}
-
-body.modal-open {
-  overflow: hidden;
-}
-
-.modal .modal-dialog {
-  width: 860px;
-}
-
 .documentation {
   padding: 7px;
 }
diff --git a/app/assets/stylesheets/pages/issuable.scss b/app/assets/stylesheets/pages/issuable.scss
index 1cf3023ecc9..d06086a581b 100644
--- a/app/assets/stylesheets/pages/issuable.scss
+++ b/app/assets/stylesheets/pages/issuable.scss
@@ -125,7 +125,7 @@
 
 .right-sidebar {
   position: fixed;
-  top: 58px;
+  top: $header-height;
   bottom: 0;
   right: 0;
   z-index: 10;
diff --git a/app/assets/stylesheets/pages/merge_requests.scss b/app/assets/stylesheets/pages/merge_requests.scss
index 4ef548ffbe7..c4005ba1e69 100644
--- a/app/assets/stylesheets/pages/merge_requests.scss
+++ b/app/assets/stylesheets/pages/merge_requests.scss
@@ -104,7 +104,7 @@
       font-weight: 600;
       font-size: 17px;
       margin: 5px 0;
-      color: #313236;
+      color: $gl-gray-dark;
     }
 
     p:last-child {
@@ -136,7 +136,7 @@
 }
 
 .label-branch {
-  color: #313236;
+  color: $gl-gray-dark;
   font-family: $monospace_font;
   font-weight: bold;
   overflow: hidden;
@@ -272,3 +272,19 @@
   display: inline-block;
   width: 250px;
 }
+
+.table-holder {
+  .builds {
+
+    th {
+      background-color: $white-light;
+      color: $gl-placeholder-color;
+    }
+
+    th,
+    td {
+      padding: 16px;
+    }
+  }
+}
+
diff --git a/app/assets/stylesheets/pages/milestone.scss b/app/assets/stylesheets/pages/milestone.scss
index d0e72a4422c..b94f524b513 100644
--- a/app/assets/stylesheets/pages/milestone.scss
+++ b/app/assets/stylesheets/pages/milestone.scss
@@ -28,7 +28,7 @@ li.milestone {
 
     // Issue title
     span a {
-      color: rgba(0,0,0,0.64);
+      color: $gl-text-color;
     }
   }
 }
@@ -51,7 +51,7 @@ li.milestone {
     margin-top: 7px;
 
     .issuable-number {
-      color: rgba(0,0,0,0.44);
+      color: $gl-placeholder-color;
       margin-right: 5px;
     }
     .avatar {
diff --git a/app/assets/stylesheets/pages/notes.scss b/app/assets/stylesheets/pages/notes.scss
index d54abe9bc02..a3e1ac13a43 100644
--- a/app/assets/stylesheets/pages/notes.scss
+++ b/app/assets/stylesheets/pages/notes.scss
@@ -109,10 +109,10 @@ ul.notes {
           border-color: darken(#f5f5f5, 8%);
           margin: 10px 0;
         }
-      }
 
-      a {
-        word-break: break-all;
+        code {
+          word-break: keep-all;
+        }
       }
     }
 
@@ -168,6 +168,11 @@ ul.notes {
       .notes {
         background-color: $white-light;
       }
+
+      a code {
+        top: 0;
+        margin-right: 0;
+      }
     }
   }
 }
@@ -211,7 +216,7 @@ ul.notes {
 }
 
 .discussion-actions {
-  @media (max-width: $screen-sm-max) {
+  @media (max-width: $screen-md-max) {
     float: none;
     margin-left: 0;
 
@@ -221,8 +226,7 @@ ul.notes {
   }
 }
 
-.note-action-button,
-.discussion-action-button {
+.note-action-button {
   display: inline-block;
   margin-left: 10px;
   line-height: 24px;
diff --git a/app/assets/stylesheets/pages/profile.scss b/app/assets/stylesheets/pages/profile.scss
index a9656e5cae7..843379a3f54 100644
--- a/app/assets/stylesheets/pages/profile.scss
+++ b/app/assets/stylesheets/pages/profile.scss
@@ -18,7 +18,8 @@
 }
 
 .account-btn-link,
-.profile-settings-sidebar a {
+.profile-settings-sidebar a,
+.settings-sidebar a {
   color: $md-link-color;
 }
 
@@ -123,12 +124,6 @@
   }
 }
 
-.key-icon {
-  color: $ssh-key-icon-color;
-  font-size: $ssh-key-icon-size;
-  line-height: 42px;
-}
-
 .key-created-at {
   line-height: 42px;
 }
@@ -180,14 +175,6 @@
   }
 }
 
-.profile-settings-message {
-  line-height: 32px;
-  color: $warning-message-color;
-  background-color: $warning-message-bg;
-  border: 1px solid $warning-message-border;
-  border-radius: $border-radius-base;
-}
-
 .oauth-applications {
   form {
     display: inline-block;
@@ -218,3 +205,21 @@
     text-align: center;
   }
 }
+
+.user-profile {
+  @media (max-width: $screen-xs-max) {
+    .cover-block {
+      padding-top: 20px;
+    }
+
+    .cover-controls {
+      position: static;
+      margin-bottom: 20px;
+
+      .btn {
+        display: inline-block;
+        width: 46%;
+      }
+    }
+  }
+}
diff --git a/app/assets/stylesheets/pages/projects.scss b/app/assets/stylesheets/pages/projects.scss
index fcca9d4faf5..a3690e40e28 100644
--- a/app/assets/stylesheets/pages/projects.scss
+++ b/app/assets/stylesheets/pages/projects.scss
@@ -7,7 +7,7 @@
 }
 .no-ssh-key-message, .project-limit-message {
   background-color: #f28d35;
-  margin-bottom: 16px;
+  margin-bottom: 0;
 }
 .new_project,
 .edit_project {
@@ -178,7 +178,7 @@
     .option-title {
       font-weight: normal;
       display: inline-block;
-      color: #313236;
+      color: $gl-gray-dark;
     }
 
     .option-descr {
@@ -202,8 +202,31 @@
   min-width: 200px;
 }
 
-.deploy-project-label {
-  margin: 1px;
+.deploy-key-content {
+  @media (min-width: $screen-sm-min) {
+    float: left;
+
+    &:last-child {
+      float: right;
+    }
+  }
+}
+
+.deploy-key-projects {
+  @media (min-width: $screen-sm-min) {
+    line-height: 42px;
+  }
+}
+
+a.deploy-project-label {
+  padding: 5px;
+  margin-right: 5px;
+  color: $gl-gray;
+  background-color: $row-hover;
+
+  &:hover {
+    color: $gl-link-color;
+  }
 }
 
 .vs-public {
@@ -256,12 +279,6 @@
   }
 }
 
-table.table.protected-branches-list tr.no-border {
-  th, td {
-    border: 0;
-  }
-}
-
 .project-import .btn {
   float: left;
   margin-right: 10px;
@@ -474,3 +491,14 @@ pre.light-well {
     color: #fff;
   }
 }
+
+.protected-branches-list {
+  a {
+    color: $gl-gray;
+    font-weight: 600;
+
+    &:hover {
+      color: $gl-link-color;
+    }
+  }
+}
diff --git a/app/assets/stylesheets/pages/search.scss b/app/assets/stylesheets/pages/search.scss
index f0f3744c6fa..2bff70c8c64 100644
--- a/app/assets/stylesheets/pages/search.scss
+++ b/app/assets/stylesheets/pages/search.scss
@@ -10,17 +10,6 @@
   }
 }
 
-.search-holder {
-  max-width: 600px;
-  margin: 0 auto;
-  margin-bottom: 20px;
-
-  input {
-    border-color: #bbb;
-    font-weight: bold;
-  }
-}
-
 .search {
   margin-right: 10px;
   margin-left: 10px;
@@ -159,7 +148,85 @@
 
   &.has-location-badge {
     .search-input-wrap {
-      width: 78%;
+      width: 68%;
     }
   }
 }
+
+.search-holder {
+  @media (min-width: $screen-sm-min) {
+    display: -webkit-flex;
+    display: -ms-flexbox;
+    display: flex;
+  }
+
+  .search-field-holder {
+    -webkit-flex: 1 0 auto;
+    -ms-flex: 1 0 auto;
+    flex: 1 0 auto;
+    position: relative;
+    margin-right: 0;
+
+    @media (min-width: $screen-sm-min) {
+      margin-right: 5px;
+    }
+  }
+
+  .search-icon {
+    position: absolute;
+    left: 10px;
+    top: 10px;
+    color: $gray-darkest;
+    pointer-events: none;
+  }
+
+  .search-text-input {
+    padding-left: $gl-padding + 15px;
+    padding-right: $gl-padding + 15px;
+  }
+
+  .btn-search {
+    width: 100%;
+    margin-top: 5px;
+
+    @media (min-width: $screen-sm-min) {
+      width: auto;
+      margin-top: 0;
+      margin-left: 5px;
+    }
+  }
+
+  .dropdown {
+    @media (min-width: $screen-sm-min) {
+      margin-left: 5px;
+      margin-right: 5px;
+    }
+  }
+
+  .dropdown-menu-toggle {
+    width: 100%;
+    margin-top: 5px;
+
+    @media (min-width: $screen-sm-min) {
+      width: 160px;
+      margin-top: 0;
+    }
+  }
+}
+
+.search-clear {
+  position: absolute;
+  right: 10px;
+  top: 10px;
+  padding: 0;
+  color: $gray-darkest;
+  line-height: 0;
+  background: none;
+  border: 0;
+
+  &:hover,
+  &:focus {
+    color: $gl-link-color;
+    outline: none;
+  }
+}
diff --git a/app/assets/stylesheets/pages/settings.scss b/app/assets/stylesheets/pages/settings.scss
new file mode 100644
index 00000000000..3fb70085713
--- /dev/null
+++ b/app/assets/stylesheets/pages/settings.scss
@@ -0,0 +1,14 @@
+.settings-list-icon {
+  color: $gl-placeholder-color;
+  font-size: $settings-icon-size;
+  line-height: 42px;
+}
+
+.settings-message {
+  padding: 5px;
+  line-height: 1.3;
+  color: $warning-message-color;
+  background-color: $warning-message-bg;
+  border: 1px solid $warning-message-border;
+  border-radius: $border-radius-base;
+}
diff --git a/app/assets/stylesheets/pages/status.scss b/app/assets/stylesheets/pages/status.scss
index dbb6daf0d70..2370d35924e 100644
--- a/app/assets/stylesheets/pages/status.scss
+++ b/app/assets/stylesheets/pages/status.scss
@@ -1,7 +1,7 @@
 .container-fluid {
   .ci-status {
     padding: 2px 7px;
-    margin-right: 5px;
+    margin-right: 10px;
     border: 1px solid #eee;
     white-space: nowrap;
     @include border-radius(4px);
diff --git a/app/assets/stylesheets/pages/todos.scss b/app/assets/stylesheets/pages/todos.scss
index 75f78569e3c..e51c3491dae 100644
--- a/app/assets/stylesheets/pages/todos.scss
+++ b/app/assets/stylesheets/pages/todos.scss
@@ -6,9 +6,16 @@
 .navbar-nav {
   li {
     .badge.todos-pending-count {
-      background-color: $gl-icon-color;
       margin-top: -5px;
       font-weight: normal;
+      background: $todo-alert-blue;
+      margin-left: -17px;
+      font-size: 11px;
+      color: white;
+      padding: 3px;
+      padding-top: 1px;
+      padding-bottom: 1px;
+      border-radius: 3px;
     }
   }
 }
diff --git a/app/assets/stylesheets/pages/tree.scss b/app/assets/stylesheets/pages/tree.scss
index 25b5e95583e..a84fc2e0318 100644
--- a/app/assets/stylesheets/pages/tree.scss
+++ b/app/assets/stylesheets/pages/tree.scss
@@ -16,7 +16,7 @@
 
     tr {
       > td, > th {
-        line-height: 26px;
+        line-height: 23px;
       }
 
       &:hover {
diff --git a/app/controllers/admin/abuse_reports_controller.rb b/app/controllers/admin/abuse_reports_controller.rb
index e9b0972bdd8..5055c318a5f 100644
--- a/app/controllers/admin/abuse_reports_controller.rb
+++ b/app/controllers/admin/abuse_reports_controller.rb
@@ -9,6 +9,6 @@ class Admin::AbuseReportsController < Admin::ApplicationController
     abuse_report.remove_user(deleted_by: current_user) if params[:remove_user]
     abuse_report.destroy
 
-    render nothing: true
+    head :ok
   end
 end
diff --git a/app/controllers/admin/application_controller.rb b/app/controllers/admin/application_controller.rb
index 9083bfb41cf..cf795d977ce 100644
--- a/app/controllers/admin/application_controller.rb
+++ b/app/controllers/admin/application_controller.rb
@@ -6,12 +6,6 @@ class Admin::ApplicationController < ApplicationController
   layout 'admin'
 
   def authenticate_admin!
-    return render_404 unless current_user.is_admin?
-  end
-
-  def authorize_impersonator!
-    if session[:impersonator_id]
-      User.find_by!(username: session[:impersonator_id]).admin?
-    end
+    render_404 unless current_user.is_admin?
   end
 end
diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb
index ec22548ddeb..ff7a5cad2fb 100644
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -19,6 +19,12 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
     redirect_to admin_runners_path
   end
 
+  def reset_health_check_token
+    @application_setting.reset_health_check_access_token!
+    flash[:notice] = 'New health check access token has been generated!'
+    redirect_to :back
+  end
+
   def clear_repository_check_states
     RepositoryCheck::ClearWorker.perform_async
 
@@ -53,6 +59,12 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       end
     end
 
+    enabled_oauth_sign_in_sources = params[:application_setting].delete(:enabled_oauth_sign_in_sources)
+
+    params[:application_setting][:disabled_oauth_sign_in_sources] =
+      AuthHelper.button_based_providers.map(&:to_s) -
+      Array(enabled_oauth_sign_in_sources)
+
     params.require(:application_setting).permit(
       :default_projects_limit,
       :default_branch_protection,
@@ -94,8 +106,10 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
       :email_author_in_body,
       :repository_checks_enabled,
       :metrics_packet_size,
+      :send_user_confirmation_email,
       restricted_visibility_levels: [],
-      import_sources: []
+      import_sources: [],
+      disabled_oauth_sign_in_sources: []
     )
   end
 end
diff --git a/app/controllers/admin/broadcast_messages_controller.rb b/app/controllers/admin/broadcast_messages_controller.rb
index fc342924987..82055006ac0 100644
--- a/app/controllers/admin/broadcast_messages_controller.rb
+++ b/app/controllers/admin/broadcast_messages_controller.rb
@@ -32,7 +32,7 @@ class Admin::BroadcastMessagesController < Admin::ApplicationController
 
     respond_to do |format|
       format.html { redirect_back_or_default(default: { action: 'index' }) }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/admin/health_check_controller.rb b/app/controllers/admin/health_check_controller.rb
new file mode 100644
index 00000000000..241c7be0ea1
--- /dev/null
+++ b/app/controllers/admin/health_check_controller.rb
@@ -0,0 +1,5 @@
+class Admin::HealthCheckController < Admin::ApplicationController
+  def show
+    @errors = HealthCheck::Utils.process_checks('standard')
+  end
+end
diff --git a/app/controllers/admin/hooks_controller.rb b/app/controllers/admin/hooks_controller.rb
index 93c4894ea0f..4e85b6b4cf2 100644
--- a/app/controllers/admin/hooks_controller.rb
+++ b/app/controllers/admin/hooks_controller.rb
@@ -39,6 +39,12 @@ class Admin::HooksController < Admin::ApplicationController
   end
 
   def hook_params
-    params.require(:hook).permit(:url, :enable_ssl_verification, :push_events, :tag_push_events)
+    params.require(:hook).permit(
+      :enable_ssl_verification,
+      :push_events,
+      :tag_push_events,
+      :token,
+      :url
+    )
   end
 end
diff --git a/app/controllers/admin/impersonation_controller.rb b/app/controllers/admin/impersonation_controller.rb
deleted file mode 100644
index bf98af78615..00000000000
--- a/app/controllers/admin/impersonation_controller.rb
+++ /dev/null
@@ -1,38 +0,0 @@
-class Admin::ImpersonationController < Admin::ApplicationController
-  skip_before_action :authenticate_admin!, only: :destroy
-
-  before_action :user
-  before_action :authorize_impersonator!
-
-  def create
-    if @user.blocked?
-      flash[:alert] = "You cannot impersonate a blocked user"
-
-      redirect_to admin_user_path(@user)
-    else
-      session[:impersonator_id] = current_user.username
-      session[:impersonator_return_to] = admin_user_path(@user)
-
-      warden.set_user(user, scope: 'user')
-
-      flash[:alert] = "You are impersonating #{user.username}."
-
-      redirect_to root_path
-    end
-  end
-
-  def destroy
-    redirect = session[:impersonator_return_to]
-
-    warden.set_user(user, scope: 'user')
-
-    session[:impersonator_return_to] = nil
-    session[:impersonator_id] = nil
-
-    redirect_to redirect || root_path
-  end
-
-  def user
-    @user ||= User.find_by!(username: params[:id] || session[:impersonator_id])
-  end
-end
diff --git a/app/controllers/admin/impersonations_controller.rb b/app/controllers/admin/impersonations_controller.rb
new file mode 100644
index 00000000000..8be35f00a77
--- /dev/null
+++ b/app/controllers/admin/impersonations_controller.rb
@@ -0,0 +1,26 @@
+class Admin::ImpersonationsController < Admin::ApplicationController
+  skip_before_action :authenticate_admin!
+  before_action :authenticate_impersonator!
+
+  def destroy
+    original_user = current_user
+
+    warden.set_user(impersonator, scope: :user)
+
+    Gitlab::AppLogger.info("User #{original_user.username} has stopped impersonating #{impersonator.username}")
+
+    session[:impersonator_id] = nil
+
+    redirect_to admin_user_path(original_user)
+  end
+
+  private
+
+  def impersonator
+    @impersonator ||= User.find(session[:impersonator_id]) if session[:impersonator_id]
+  end
+
+  def authenticate_impersonator!
+    render_404 unless impersonator && impersonator.is_admin? && !impersonator.blocked?
+  end
+end
diff --git a/app/controllers/admin/keys_controller.rb b/app/controllers/admin/keys_controller.rb
index cb33fdd9763..054bb52b696 100644
--- a/app/controllers/admin/keys_controller.rb
+++ b/app/controllers/admin/keys_controller.rb
@@ -6,7 +6,7 @@ class Admin::KeysController < Admin::ApplicationController
 
     respond_to do |format|
       format.html
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/admin/runners_controller.rb b/app/controllers/admin/runners_controller.rb
index a701d49b844..8b8a7320072 100644
--- a/app/controllers/admin/runners_controller.rb
+++ b/app/controllers/admin/runners_controller.rb
@@ -58,6 +58,6 @@ class Admin::RunnersController < Admin::ApplicationController
   end
 
   def runner_params
-    params.require(:runner).permit(:token, :description, :tag_list, :active)
+    params.require(:runner).permit(Ci::Runner::FORM_EDITABLE)
   end
 end
diff --git a/app/controllers/admin/spam_logs_controller.rb b/app/controllers/admin/spam_logs_controller.rb
index 377e9741e5f..3a2f0185315 100644
--- a/app/controllers/admin/spam_logs_controller.rb
+++ b/app/controllers/admin/spam_logs_controller.rb
@@ -11,7 +11,7 @@ class Admin::SpamLogsController < Admin::ApplicationController
       redirect_to admin_spam_logs_path, notice: "User #{spam_log.user.username} was successfully removed."
     else
       spam_log.destroy
-      render nothing: true
+      head :ok
     end
   end
 end
diff --git a/app/controllers/admin/users_controller.rb b/app/controllers/admin/users_controller.rb
index 9abf08d0e19..f35f4a8c811 100644
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@@ -31,6 +31,24 @@ class Admin::UsersController < Admin::ApplicationController
     user
   end
 
+  def impersonate
+    if user.blocked?
+      flash[:alert] = "You cannot impersonate a blocked user"
+
+      redirect_to admin_user_path(user)
+    else
+      session[:impersonator_id] = current_user.id
+
+      warden.set_user(user, scope: :user)
+
+      Gitlab::AppLogger.info("User #{current_user.username} has started impersonating #{user.username}")
+
+      flash[:alert] = "You are now impersonating #{user.username}"
+
+      redirect_to root_path
+    end
+  end
+
   def block
     if user.block
       redirect_back_or_admin_user(notice: "Successfully blocked")
@@ -101,6 +119,7 @@ class Admin::UsersController < Admin::ApplicationController
       user_params_with_pass.merge!(
         password: params[:user][:password],
         password_confirmation: params[:user][:password_confirmation],
+        password_expires_at: Time.now
       )
     end
 
@@ -135,7 +154,7 @@ class Admin::UsersController < Admin::ApplicationController
 
     respond_to do |format|
       format.html { redirect_back_or_admin_user(notice: "Successfully removed email.") }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1c53b0b21a3..1429ee40bb7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -117,7 +117,7 @@ class ApplicationController < ActionController::Base
   end
 
   def after_sign_out_path_for(resource)
-    current_application_settings.after_sign_out_path || new_user_session_path
+    current_application_settings.after_sign_out_path.presence || new_user_session_path
   end
 
   def abilities
@@ -176,7 +176,7 @@ class ApplicationController < ActionController::Base
   end
 
   def check_password_expiration
-    if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now  && !current_user.ldap_user?
+    if current_user && current_user.password_expires_at && current_user.password_expires_at < Time.now && !current_user.ldap_user?
       redirect_to new_profile_password_path and return
     end
   end
diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb
index 787416c17ab..dacb5679dd3 100644
--- a/app/controllers/concerns/creates_commit.rb
+++ b/app/controllers/concerns/creates_commit.rb
@@ -122,7 +122,7 @@ module CreatesCommit
       # Merge request from fork to this project
       @mr_source_project = @tree_edit_project
       @mr_target_project = @project
-      @mr_target_branch  ||= @ref
+      @mr_target_branch ||= @ref
     end
   end
 end
diff --git a/app/controllers/concerns/toggle_subscription_action.rb b/app/controllers/concerns/toggle_subscription_action.rb
index 8a43c0b93c4..9e3b9be2ff4 100644
--- a/app/controllers/concerns/toggle_subscription_action.rb
+++ b/app/controllers/concerns/toggle_subscription_action.rb
@@ -6,7 +6,7 @@ module ToggleSubscriptionAction
 
     subscribable_resource.toggle_subscription(current_user)
 
-    render nothing: true
+    head :ok
   end
 
   private
diff --git a/app/controllers/dashboard/labels_controller.rb b/app/controllers/dashboard/labels_controller.rb
index 23a4ef21ea2..2a88350a4ca 100644
--- a/app/controllers/dashboard/labels_controller.rb
+++ b/app/controllers/dashboard/labels_controller.rb
@@ -1,6 +1,6 @@
 class Dashboard::LabelsController < Dashboard::ApplicationController
   def index
-    labels = Label.where(project_id: projects).select(:title, :color).uniq(:title)
+    labels = Label.where(project_id: projects).select(:id, :title, :color).uniq(:title)
 
     respond_to do |format|
       format.json { render json: labels }
diff --git a/app/controllers/dashboard/projects_controller.rb b/app/controllers/dashboard/projects_controller.rb
index 71acc244a91..c08eb811532 100644
--- a/app/controllers/dashboard/projects_controller.rb
+++ b/app/controllers/dashboard/projects_controller.rb
@@ -28,7 +28,7 @@ class Dashboard::ProjectsController < Dashboard::ApplicationController
   end
 
   def starred
-    @projects = current_user.starred_projects.sorted_by_activity
+    @projects = current_user.viewable_starred_projects.sorted_by_activity
     @projects = filter_projects(@projects)
     @projects = @projects.includes(:namespace, :forked_from_project, :tags)
     @projects = @projects.sort(@sort = params[:sort])
diff --git a/app/controllers/dashboard/todos_controller.rb b/app/controllers/dashboard/todos_controller.rb
index 5abf97342c3..f9a1929c117 100644
--- a/app/controllers/dashboard/todos_controller.rb
+++ b/app/controllers/dashboard/todos_controller.rb
@@ -12,7 +12,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to dashboard_todos_path, notice: todo_notice }
-      format.js { render nothing: true }
+      format.js { head :ok }
       format.json do
         render json: { count: @todos.size, done_count: current_user.todos.done.count }
       end
@@ -24,7 +24,7 @@ class Dashboard::TodosController < Dashboard::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to dashboard_todos_path, notice: 'All todos were marked as done.' }
-      format.js { render nothing: true }
+      format.js { head :ok }
       format.json do
         find_todos
         render json: { count: @todos.size, done_count: current_user.todos.done.count }
diff --git a/app/controllers/dashboard_controller.rb b/app/controllers/dashboard_controller.rb
index 1dce4a21729..4dda4e51f6a 100644
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@@ -25,7 +25,7 @@ class DashboardController < Dashboard::ApplicationController
   def load_events
     projects =
       if params[:filter] == "starred"
-        current_user.starred_projects
+        current_user.viewable_starred_projects
       else
         current_user.authorized_projects
       end
diff --git a/app/controllers/groups/group_members_controller.rb b/app/controllers/groups/group_members_controller.rb
index d5ef33888c6..48dbf656e84 100644
--- a/app/controllers/groups/group_members_controller.rb
+++ b/app/controllers/groups/group_members_controller.rb
@@ -40,7 +40,7 @@ class Groups::GroupMembersController < Groups::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to group_group_members_path(@group), notice: 'User was successfully removed from group.' }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb
new file mode 100644
index 00000000000..037da7d2bce
--- /dev/null
+++ b/app/controllers/health_check_controller.rb
@@ -0,0 +1,22 @@
+class HealthCheckController < HealthCheck::HealthCheckController
+  before_action :validate_health_check_access!
+
+  private
+
+  def validate_health_check_access!
+    render_404 unless token_valid?
+  end
+
+  def token_valid?
+    token = params[:token].presence || request.headers['TOKEN']
+    token.present? &&
+      ActiveSupport::SecurityUtils.variable_size_secure_compare(
+        token,
+        current_application_settings.health_check_access_token
+      )
+  end
+
+  def render_404
+    render file: Rails.root.join('public', '404'), layout: false, status: '404'
+  end
+end
diff --git a/app/controllers/jwt_controller.rb b/app/controllers/jwt_controller.rb
new file mode 100644
index 00000000000..f5aa5397ff1
--- /dev/null
+++ b/app/controllers/jwt_controller.rb
@@ -0,0 +1,87 @@
+class JwtController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_before_action :verify_authenticity_token
+  before_action :authenticate_project_or_user
+
+  SERVICES = {
+    Auth::ContainerRegistryAuthenticationService::AUDIENCE => Auth::ContainerRegistryAuthenticationService,
+  }
+
+  def auth
+    service = SERVICES[params[:service]]
+    return head :not_found unless service
+
+    result = service.new(@project, @user, auth_params).execute
+
+    render json: result, status: result[:http_status]
+  end
+
+  private
+
+  def authenticate_project_or_user
+    authenticate_with_http_basic do |login, password|
+      # if it's possible we first try to authenticate project with login and password
+      @project = authenticate_project(login, password)
+      return if @project
+
+      @user = authenticate_user(login, password)
+      return if @user
+
+      render_403
+    end
+  end
+
+  def auth_params
+    params.permit(:service, :scope, :offline_token, :account, :client_id)
+  end
+
+  def authenticate_project(login, password)
+    if login == 'gitlab_ci_token'
+      Project.find_by(builds_enabled: true, runners_token: password)
+    end
+  end
+
+  def authenticate_user(login, password)
+    # TODO: this is a copy and paste from grack_auth,
+    # it should be refactored in the future
+
+    user = Gitlab::Auth.new.find(login, password)
+
+    # If the user authenticated successfully, we reset the auth failure count
+    # from Rack::Attack for that IP. A client may attempt to authenticate
+    # with a username and blank password first, and only after it receives
+    # a 401 error does it present a password. Resetting the count prevents
+    # false positives from occurring.
+    #
+    # Otherwise, we let Rack::Attack know there was a failed authentication
+    # attempt from this IP. This information is stored in the Rails cache
+    # (Redis) and will be used by the Rack::Attack middleware to decide
+    # whether to block requests from this IP.
+    config = Gitlab.config.rack_attack.git_basic_auth
+
+    if config.enabled
+      if user
+        # A successful login will reset the auth failure count from this IP
+        Rack::Attack::Allow2Ban.reset(request.ip, config)
+      else
+        banned = Rack::Attack::Allow2Ban.filter(request.ip, config) do
+          # Unless the IP is whitelisted, return true so that Allow2Ban
+          # increments the counter (stored in Rails.cache) for the IP
+          if config.ip_whitelist.include?(request.ip)
+            false
+          else
+            true
+          end
+        end
+
+        if banned
+          Rails.logger.info "IP #{request.ip} failed to login " \
+              "as #{login} but has been temporarily banned from Git auth"
+          return
+        end
+      end
+    end
+
+    user
+  end
+end
diff --git a/app/controllers/profiles/emails_controller.rb b/app/controllers/profiles/emails_controller.rb
index 0ede9b8e21b..1c24c4db993 100644
--- a/app/controllers/profiles/emails_controller.rb
+++ b/app/controllers/profiles/emails_controller.rb
@@ -24,7 +24,7 @@ class Profiles::EmailsController < Profiles::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to profile_emails_url }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/profiles/keys_controller.rb b/app/controllers/profiles/keys_controller.rb
index a12549d6bcb..830e0b9591b 100644
--- a/app/controllers/profiles/keys_controller.rb
+++ b/app/controllers/profiles/keys_controller.rb
@@ -32,7 +32,7 @@ class Profiles::KeysController < Profiles::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to profile_keys_url }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/projects/builds_controller.rb b/app/controllers/projects/builds_controller.rb
index b8b9e78427d..bb1f6c5e980 100644
--- a/app/controllers/projects/builds_controller.rb
+++ b/app/controllers/projects/builds_controller.rb
@@ -38,6 +38,14 @@ class Projects::BuildsController < Projects::ApplicationController
     end
   end
 
+  def trace
+    respond_to do |format|
+      format.json do
+        render json: @build.trace_with_state(params[:state]).merge!(id: @build.id, status: @build.status)
+      end
+    end
+  end
+
   def retry
     unless @build.retryable?
       return render_404
diff --git a/app/controllers/projects/commit_controller.rb b/app/controllers/projects/commit_controller.rb
index a202cb38692..10b5932affa 100644
--- a/app/controllers/projects/commit_controller.rb
+++ b/app/controllers/projects/commit_controller.rb
@@ -17,12 +17,12 @@ class Projects::CommitController < Projects::ApplicationController
   def show
     apply_diff_view_cookie!
 
-    @line_notes = commit.notes.inline
+    @grouped_diff_notes = commit.notes.grouped_diff_notes
+
     @note = @project.build_commit_note(commit)
-    @notes = commit.notes.not_inline.fresh
+    @notes = commit.notes.non_diff_notes.fresh
     @noteable = @commit
-    @comments_allowed = @reply_allowed = true
-    @comments_target  = {
+    @comments_target = {
       noteable_type: 'Commit',
       commit_id: @commit.id
     }
@@ -67,10 +67,10 @@ class Projects::CommitController < Projects::ApplicationController
     create_commit(Commits::RevertService, success_notice: "The #{@commit.change_type_title} has been successfully reverted.",
                                           success_path: successful_change_path, failure_path: failed_change_path)
   end
-  
+
   def cherry_pick
     assign_change_commit_vars(@commit.cherry_pick_branch_name)
-    
+
     return render_404 if @target_branch.blank?
 
     create_commit(Commits::CherryPickService, success_notice: "The #{@commit.change_type_title} has been successfully cherry-picked.",
diff --git a/app/controllers/projects/commits_controller.rb b/app/controllers/projects/commits_controller.rb
index 1420b96840c..a52c614b259 100644
--- a/app/controllers/projects/commits_controller.rb
+++ b/app/controllers/projects/commits_controller.rb
@@ -15,7 +15,7 @@ class Projects::CommitsController < Projects::ApplicationController
       if search.present?
         @repository.find_commits_by_message(search, @ref, @path, @limit, @offset).compact
       else
-        @repository.commits(@ref, @path, @limit, @offset)
+        @repository.commits(@ref, path: @path, limit: @limit, offset: @offset)
       end
 
     @note_counts = project.notes.where(commit_id: @commits.map(&:id)).
diff --git a/app/controllers/projects/compare_controller.rb b/app/controllers/projects/compare_controller.rb
index 671d5c23024..af0b69a2442 100644
--- a/app/controllers/projects/compare_controller.rb
+++ b/app/controllers/projects/compare_controller.rb
@@ -22,7 +22,8 @@ class Projects::CompareController < Projects::ApplicationController
       @base_commit = @project.merge_base_commit(@base_ref, @head_ref)
       @diffs = compare.diffs(diff_options)
       @diff_refs = [@base_commit, @commit]
-      @line_notes = []
+      @diff_notes_disabled = true
+      @grouped_diff_notes = {}
     end
   end
 
diff --git a/app/controllers/projects/container_registry_controller.rb b/app/controllers/projects/container_registry_controller.rb
new file mode 100644
index 00000000000..d1f46497207
--- /dev/null
+++ b/app/controllers/projects/container_registry_controller.rb
@@ -0,0 +1,34 @@
+class Projects::ContainerRegistryController < Projects::ApplicationController
+  before_action :verify_registry_enabled
+  before_action :authorize_read_container_image!
+  before_action :authorize_update_container_image!, only: [:destroy]
+  layout 'project'
+
+  def index
+    @tags = container_registry_repository.tags
+  end
+
+  def destroy
+    url = namespace_project_container_registry_index_path(project.namespace, project)
+
+    if tag.delete
+      redirect_to url
+    else
+      redirect_to url, alert: 'Failed to remove tag'
+    end
+  end
+
+  private
+
+  def verify_registry_enabled
+    render_404 unless Gitlab.config.registry.enabled
+  end
+
+  def container_registry_repository
+    @container_registry_repository ||= project.container_registry_repository
+  end
+
+  def tag
+    @tag ||= container_registry_repository.tag(params[:id])
+  end
+end
diff --git a/app/controllers/projects/deploy_keys_controller.rb b/app/controllers/projects/deploy_keys_controller.rb
index 7d09288bc80..83d5ced9be8 100644
--- a/app/controllers/projects/deploy_keys_controller.rb
+++ b/app/controllers/projects/deploy_keys_controller.rb
@@ -7,31 +7,24 @@ class Projects::DeployKeysController < Projects::ApplicationController
   layout "project_settings"
 
   def index
-    @enabled_keys = @project.deploy_keys
-
-    @available_keys         = accessible_keys - @enabled_keys
-    @available_project_keys = current_user.project_deploy_keys - @enabled_keys
-    @available_public_keys  = DeployKey.are_public - @enabled_keys
-
-    # Public keys that are already used by another accessible project are already
-    # in @available_project_keys.
-    @available_public_keys -= @available_project_keys
+    @key = DeployKey.new
+    set_index_vars
   end
 
   def new
-    @key = @project.deploy_keys.new
-
-    respond_with(@key)
+    redirect_to namespace_project_deploy_keys_path(@project.namespace,
+                                                   @project)
   end
 
   def create
     @key = DeployKey.new(deploy_key_params)
+    set_index_vars
 
     if @key.valid? && @project.deploy_keys << @key
       redirect_to namespace_project_deploy_keys_path(@project.namespace,
                                                      @project)
     else
-      render "new"
+      render "index"
     end
   end
 
@@ -51,6 +44,18 @@ class Projects::DeployKeysController < Projects::ApplicationController
 
   protected
 
+  def set_index_vars
+    @enabled_keys ||= @project.deploy_keys
+
+    @available_keys         ||= accessible_keys - @enabled_keys
+    @available_project_keys ||= current_user.project_deploy_keys - @enabled_keys
+    @available_public_keys  ||= DeployKey.are_public - @enabled_keys
+
+    # Public keys that are already used by another accessible project are already
+    # in @available_project_keys.
+    @available_public_keys -= @available_project_keys
+  end
+
   def accessible_keys
     @accessible_keys ||= current_user.accessible_deploy_keys
   end
diff --git a/app/controllers/projects/graphs_controller.rb b/app/controllers/projects/graphs_controller.rb
index d13ea9f34b6..092ef32e6e3 100644
--- a/app/controllers/projects/graphs_controller.rb
+++ b/app/controllers/projects/graphs_controller.rb
@@ -17,7 +17,7 @@ class Projects::GraphsController < Projects::ApplicationController
   end
 
   def commits
-    @commits = @project.repository.commits(@ref, nil, 2000, 0, true)
+    @commits = @project.repository.commits(@ref, limit: 2000, skip_merges: true)
     @commits_graph = Gitlab::Graphs::Commits.new(@commits)
     @commits_per_week_days = @commits_graph.commits_per_week_days
     @commits_per_time = @commits_graph.commits_per_time
@@ -55,7 +55,7 @@ class Projects::GraphsController < Projects::ApplicationController
   private
 
   def fetch_graph
-    @commits = @project.repository.commits(@ref, nil, 6000, 0, true)
+    @commits = @project.repository.commits(@ref, limit: 6000, skip_merges: true)
     @log = []
 
     @commits.each do |commit|
diff --git a/app/controllers/projects/hooks_controller.rb b/app/controllers/projects/hooks_controller.rb
index 5fd4f855dec..47524b1cf0b 100644
--- a/app/controllers/projects/hooks_controller.rb
+++ b/app/controllers/projects/hooks_controller.rb
@@ -27,8 +27,10 @@ class Projects::HooksController < Projects::ApplicationController
     if !@project.empty_repo?
       status, message = TestHookService.new.execute(hook, current_user)
 
-      if status
-        flash[:notice] = 'Hook successfully executed.'
+      if status && status >= 200 && status < 400
+        flash[:notice] = "Hook executed successfully: HTTP #{status}"
+      elsif status
+        flash[:alert] = "Hook executed successfully but returned HTTP #{status} #{message}"
       else
         flash[:alert] = "Hook execution failed: #{message}"
       end
@@ -52,8 +54,16 @@ class Projects::HooksController < Projects::ApplicationController
   end
 
   def hook_params
-    params.require(:hook).permit(:url, :push_events, :issues_events,
-      :merge_requests_events, :tag_push_events, :note_events,
-      :build_events, :enable_ssl_verification)
+    params.require(:hook).permit(
+      :build_events,
+      :enable_ssl_verification,
+      :issues_events,
+      :merge_requests_events,
+      :note_events,
+      :push_events,
+      :tag_push_events,
+      :token,
+      :url
+    )
   end
 end
diff --git a/app/controllers/projects/imports_controller.rb b/app/controllers/projects/imports_controller.rb
index 7756f0f0ed3..a1b84afcd91 100644
--- a/app/controllers/projects/imports_controller.rb
+++ b/app/controllers/projects/imports_controller.rb
@@ -20,6 +20,7 @@ class Projects::ImportsController < Projects::ApplicationController
         @project.import_retry
       else
         @project.import_start
+        @project.add_import_job
       end
     end
 
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 7d4fc361ce2..016f5dd0005 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -3,8 +3,8 @@ class Projects::IssuesController < Projects::ApplicationController
   include IssuableActions
 
   before_action :module_enabled
-  before_action :issue,
-    only: [:edit, :update, :show, :referenced_merge_requests, :related_branches]
+  before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests,
+                               :related_branches, :can_create_branch]
 
   # Allow read any issue
   before_action :authorize_read_issue!, only: [:show]
@@ -96,6 +96,8 @@ class Projects::IssuesController < Projects::ApplicationController
 
     if params[:move_to_project_id].to_i > 0
       new_project = Project.find(params[:move_to_project_id])
+      return render_404 unless issue.can_move?(current_user, new_project)
+
       move_service = Issues::MoveService.new(project, current_user)
       @issue = move_service.execute(@issue, new_project)
     end
@@ -139,6 +141,18 @@ class Projects::IssuesController < Projects::ApplicationController
     end
   end
 
+  def can_create_branch
+    can_create = current_user &&
+      can?(current_user, :push_code, @project) &&
+      @issue.can_be_worked_on?(current_user)
+
+    respond_to do |format|
+      format.json do
+        render json: { can_create_branch: can_create }
+      end
+    end
+  end
+
   def bulk_update
     result = Issues::BulkUpdateService.new(project, current_user, bulk_update_params).execute
     redirect_back_or_default(default: { action: 'index' }, options: { notice: "#{result[:count]} issues updated" })
diff --git a/app/controllers/projects/merge_requests_controller.rb b/app/controllers/projects/merge_requests_controller.rb
index 9c147b3689e..c5757a24624 100644
--- a/app/controllers/projects/merge_requests_controller.rb
+++ b/app/controllers/projects/merge_requests_controller.rb
@@ -73,12 +73,12 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     # but we need it for the "View file @ ..." link by deleted files
     @base_commit ||= @merge_request.first_commit.parent || @merge_request.first_commit
 
-    @comments_allowed = @reply_allowed = true
     @comments_target = {
       noteable_type: 'MergeRequest',
       noteable_id: @merge_request.id
     }
-    @line_notes = @merge_request.notes.where("line_code is not null")
+
+    @grouped_diff_notes = @merge_request.notes.grouped_diff_notes
 
     respond_to do |format|
       format.html
@@ -117,6 +117,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     @commit = @merge_request.last_commit
     @base_commit = @merge_request.diff_base_commit
     @diffs = @merge_request.compare.diffs(diff_options) if @merge_request.compare
+    @diff_notes_disabled = true
 
     @ci_commit = @merge_request.ci_commit
     @statuses = @ci_commit.statuses if @ci_commit
@@ -300,7 +301,7 @@ class Projects::MergeRequestsController < Projects::ApplicationController
     # Build a note object for comment form
     @note = @project.notes.new(noteable: @merge_request)
     @notes = @merge_request.mr_and_commit_notes.nonawards.inc_author.fresh
-    @discussions = Note.discussions_from_notes(@notes)
+    @discussions = @notes.discussions
     @noteable = @merge_request
 
     # Get commits from repository
diff --git a/app/controllers/projects/milestones_controller.rb b/app/controllers/projects/milestones_controller.rb
index f7b6d137bde..da2892bfb3f 100644
--- a/app/controllers/projects/milestones_controller.rb
+++ b/app/controllers/projects/milestones_controller.rb
@@ -75,7 +75,7 @@ class Projects::MilestonesController < Projects::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to namespace_project_milestones_path }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/projects/notes_controller.rb b/app/controllers/projects/notes_controller.rb
index 707a0d0e5c6..40b24d550e0 100644
--- a/app/controllers/projects/notes_controller.rb
+++ b/app/controllers/projects/notes_controller.rb
@@ -43,7 +43,7 @@ class Projects::NotesController < Projects::ApplicationController
     end
 
     respond_to do |format|
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -52,7 +52,7 @@ class Projects::NotesController < Projects::ApplicationController
     note.update_attribute(:attachment, nil)
 
     respond_to do |format|
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -96,7 +96,7 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def note_to_discussion_html(note)
-    return unless note.for_diff_line?
+    return unless note.diff_note?
 
     if params[:view] == 'parallel'
       template = "projects/notes/_diff_notes_with_reply_parallel"
@@ -120,7 +120,7 @@ class Projects::NotesController < Projects::ApplicationController
   end
 
   def note_to_discussion_with_diff_html(note)
-    return unless note.for_diff_line?
+    return unless note.diff_note?
 
     render_to_string(
       "projects/notes/_discussion",
@@ -158,7 +158,7 @@ class Projects::NotesController < Projects::ApplicationController
   def note_params
     params.require(:note).permit(
       :note, :noteable, :noteable_id, :noteable_type, :project_id,
-      :attachment, :line_code, :commit_id
+      :attachment, :line_code, :commit_id, :type
     )
   end
 
diff --git a/app/controllers/projects/project_members_controller.rb b/app/controllers/projects/project_members_controller.rb
index 33b2625c0ac..cdea5f0b776 100644
--- a/app/controllers/projects/project_members_controller.rb
+++ b/app/controllers/projects/project_members_controller.rb
@@ -55,7 +55,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
       format.html do
         redirect_to namespace_project_project_members_path(@project.namespace, @project)
       end
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
@@ -81,7 +81,7 @@ class Projects::ProjectMembersController < Projects::ApplicationController
 
       respond_to do |format|
         format.html { redirect_to dashboard_projects_path, notice: "You left the project." }
-        format.js { render nothing: true }
+        format.js { head :ok }
       end
     else
       if current_user == @project.owner
diff --git a/app/controllers/projects/protected_branches_controller.rb b/app/controllers/projects/protected_branches_controller.rb
index e49259c34b6..efa7bf14d0f 100644
--- a/app/controllers/projects/protected_branches_controller.rb
+++ b/app/controllers/projects/protected_branches_controller.rb
@@ -39,7 +39,7 @@ class Projects::ProtectedBranchesController < Projects::ApplicationController
 
     respond_to do |format|
       format.html { redirect_to namespace_project_protected_branches_path }
-      format.js { render nothing: true }
+      format.js { head :ok }
     end
   end
 
diff --git a/app/controllers/projects/runners_controller.rb b/app/controllers/projects/runners_controller.rb
index 0dd2d6a99be..3a9d67aff64 100644
--- a/app/controllers/projects/runners_controller.rb
+++ b/app/controllers/projects/runners_controller.rb
@@ -64,6 +64,6 @@ class Projects::RunnersController < Projects::ApplicationController
   end
 
   def runner_params
-    params.require(:runner).permit(:description, :tag_list, :active)
+    params.require(:runner).permit(Ci::Runner::FORM_EDITABLE)
   end
 end
diff --git a/app/controllers/projects/wikis_controller.rb b/app/controllers/projects/wikis_controller.rb
index c02bc28acef..0d6c32fabd2 100644
--- a/app/controllers/projects/wikis_controller.rb
+++ b/app/controllers/projects/wikis_controller.rb
@@ -40,10 +40,10 @@ class Projects::WikisController < Projects::ApplicationController
   end
 
   def update
-    @page = @project_wiki.find_page(params[:id])
-
     return render('empty') unless can?(current_user, :create_wiki, @project)
 
+    @page = @project_wiki.find_page(params[:id])
+
     if @page = WikiPages::UpdateService.new(@project, current_user, wiki_params).execute(@page)
       redirect_to(
         namespace_project_wiki_path(@project.namespace, @project, @page),
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 8662de712a1..6660d99ab09 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -236,7 +236,8 @@ class ProjectsController < Projects::ApplicationController
   def project_params
     params.require(:project).permit(
       :name, :path, :description, :issues_tracker, :tag_list, :runners_token,
-      :issues_enabled, :merge_requests_enabled, :snippets_enabled, :issues_tracker_id, :default_branch,
+      :issues_enabled, :merge_requests_enabled, :snippets_enabled, :container_registry_enabled,
+      :issues_tracker_id, :default_branch,
       :wiki_enabled, :visibility_level, :import_url, :last_activity_at, :namespace_id, :avatar,
       :builds_enabled, :build_allow_git_fetch, :build_timeout_in_minutes, :build_coverage_regex,
       :public_builds,
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 059b88e2253..26eb15f49e4 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -8,6 +8,13 @@ class RegistrationsController < Devise::RegistrationsController
 
   def create
     if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
+      # To avoid duplicate form fields on the login page, the registration form
+      # names fields using `new_user`, but Devise still wants the params in
+      # `user`.
+      if params["new_#{resource_name}"].present? && params[resource_name].blank?
+        params[resource_name] = params.delete(:"new_#{resource_name}")
+      end
+
       super
     else
       flash[:alert] = "There was an error with the reCAPTCHA code below. Please re-enter the code."
@@ -30,8 +37,8 @@ class RegistrationsController < Devise::RegistrationsController
     super
   end
 
-  def after_sign_up_path_for(_resource)
-    users_almost_there_path
+  def after_sign_up_path_for(user)
+    user.confirmed_at.present? ? dashboard_projects_path : users_almost_there_path
   end
 
   def after_inactive_sign_up_path_for(_resource)
diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb
index e42d2d73947..69c92d2bed2 100644
--- a/app/controllers/search_controller.rb
+++ b/app/controllers/search_controller.rb
@@ -8,8 +8,6 @@ class SearchController < ApplicationController
   def show
     return if params[:search].nil? || params[:search].blank?
 
-    @search_term = params[:search]
-
     if params[:project_id].present?
       @project = Project.find_by(id: params[:project_id])
       @project = nil unless can?(current_user, :download_code, @project)
@@ -20,6 +18,8 @@ class SearchController < ApplicationController
       @group = nil unless can?(current_user, :read_group, @group)
     end
 
+    @search_term = params[:search]
+
     @scope = params[:scope]
     @show_snippets = params[:snippets].eql? 'true'
 
@@ -44,7 +44,7 @@ class SearchController < ApplicationController
         Search::GlobalService.new(current_user, params).execute
       end
 
-    @objects = @search_results.objects(@scope, params[:page])
+    @search_objects = @search_results.objects(@scope, params[:page])
   end
 
   def autocomplete
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 2daceed039b..2a17c1f34db 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -10,7 +10,7 @@ class SnippetsController < ApplicationController
   # Allow destroy snippet
   before_action :authorize_admin_snippet!, only: [:destroy]
 
-  skip_before_action :authenticate_user!, only: [:index, :user_index, :show, :raw]
+  skip_before_action :authenticate_user!, only: [:index, :show, :raw]
 
   layout 'snippets'
   respond_to :html
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2ae180c8a12..799421c185b 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -58,6 +58,19 @@ class UsersController < ApplicationController
     end
   end
 
+  def snippets
+    load_snippets
+
+    respond_to do |format|
+      format.html { render 'show' }
+      format.json do
+        render json: {
+          html: view_to_html_string("snippets/_snippets", collection: @snippets)
+        }
+      end
+    end
+  end
+
   def calendar
     calendar = contributions_calendar
     @timestamps = calendar.timestamps
@@ -116,6 +129,15 @@ class UsersController < ApplicationController
     @groups = JoinedGroupsFinder.new(user).execute(current_user)
   end
 
+  def load_snippets
+    @snippets = SnippetsFinder.new.execute(
+      current_user,
+      filter: :by_user,
+      user: user,
+      scope: params[:scope]
+    ).page(params[:page])
+  end
+
   def projects_for_current_user
     ProjectsFinder.new.execute(current_user)
   end
diff --git a/app/finders/issuable_finder.rb b/app/finders/issuable_finder.rb
index f00f3f709e9..5849e00662b 100644
--- a/app/finders/issuable_finder.rb
+++ b/app/finders/issuable_finder.rb
@@ -252,8 +252,8 @@ class IssuableFinder
       if filter_by_no_milestone?
         items = items.where(milestone_id: [-1, nil])
       elsif filter_by_upcoming_milestone?
-        upcoming = Milestone.where(project_id: projects).upcoming
-        items = items.joins(:milestone).where(milestones: { title: upcoming.try(:title) })
+        upcoming_ids = Milestone.upcoming_ids_by_projects(projects)
+        items = items.joins(:milestone).where(milestone_id: upcoming_ids)
       else
         items = items.joins(:milestone).where(milestones: { title: params[:milestone_title] })
 
diff --git a/app/finders/notes_finder.rb b/app/finders/notes_finder.rb
index fa4c635f55c..c41be333537 100644
--- a/app/finders/notes_finder.rb
+++ b/app/finders/notes_finder.rb
@@ -10,7 +10,7 @@ class NotesFinder
     notes =
       case target_type
       when "commit"
-        project.notes.for_commit_id(target_id).not_inline
+        project.notes.for_commit_id(target_id).non_diff_notes
       when "issue"
         project.issues.find(target_id).notes.nonawards.inc_author
       when "merge_request"
diff --git a/app/finders/snippets_finder.rb b/app/finders/snippets_finder.rb
index a41172816b8..01cbf91c658 100644
--- a/app/finders/snippets_finder.rb
+++ b/app/finders/snippets_finder.rb
@@ -51,7 +51,7 @@ class SnippetsFinder
     snippets = project.snippets.fresh
 
     if current_user
-      if project.team.member?(current_user.id)
+      if project.team.member?(current_user.id) || current_user.admin?
         snippets
       else
         snippets.public_and_internal
diff --git a/app/helpers/application_settings_helper.rb b/app/helpers/application_settings_helper.rb
index 914b0ef6042..03080d25931 100644
--- a/app/helpers/application_settings_helper.rb
+++ b/app/helpers/application_settings_helper.rb
@@ -60,4 +60,18 @@ module ApplicationSettingsHelper
       end
     end
   end
+
+  def oauth_providers_checkboxes
+    button_based_providers.map do |source|
+      disabled = current_application_settings.disabled_oauth_sign_in_sources.include?(source.to_s)
+      css_class = 'btn'
+      css_class << ' active' unless disabled
+      checkbox_name = 'application_setting[enabled_oauth_sign_in_sources][]'
+
+      label_tag(checkbox_name, class: css_class) do
+        check_box_tag(checkbox_name, source, !disabled,
+                      autocomplete: 'off') + Gitlab::OAuth::Provider.label_for(source)
+      end
+    end
+  end
 end
diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb
index b4f80fd9b3e..b05fa0a14d6 100644
--- a/app/helpers/auth_helper.rb
+++ b/app/helpers/auth_helper.rb
@@ -38,6 +38,16 @@ module AuthHelper
     auth_providers.reject { |provider| form_based_provider?(provider) }
   end
 
+  def enabled_button_based_providers
+    disabled_providers = current_application_settings.disabled_oauth_sign_in_sources || []
+
+    button_based_providers.map(&:to_s) - disabled_providers
+  end
+
+  def button_based_providers_enabled?
+    enabled_button_based_providers.any?
+  end
+
   def provider_image_tag(provider, size = 64)
     label = label_for_provider(provider)
 
diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb
index a4d7c425d0f..93241b3afb7 100644
--- a/app/helpers/blob_helper.rb
+++ b/app/helpers/blob_helper.rb
@@ -3,8 +3,8 @@ module BlobHelper
     Gitlab::Highlight.new(blob_name, blob_content, nowrap: nowrap)
   end
 
-  def highlight(blob_name, blob_content, nowrap: false)
-    Gitlab::Highlight.highlight(blob_name, blob_content, nowrap: nowrap)
+  def highlight(blob_name, blob_content, nowrap: false, plain: false)
+    Gitlab::Highlight.highlight(blob_name, blob_content, nowrap: nowrap, plain: plain)
   end
 
   def no_highlight_files
@@ -131,7 +131,7 @@ module BlobHelper
   # elements and attributes. Note that this whitelist is by no means complete
   # and may omit some elements.
   def sanitize_svg(blob)
-    blob.data = Loofah.scrub_fragment(blob.data, :strip).to_xml
+    blob.data = Gitlab::Sanitizers::SVG.clean(blob.data)
     blob
   end
 
diff --git a/app/helpers/ci_badge_helper.rb b/app/helpers/ci_badge_helper.rb
deleted file mode 100644
index 27386133e36..00000000000
--- a/app/helpers/ci_badge_helper.rb
+++ /dev/null
@@ -1,13 +0,0 @@
-module CiBadgeHelper
-  def markdown_badge_code(project, ref)
-    url = status_ci_project_url(project, ref: ref, format: 'png')
-    link = namespace_project_commits_path(project.namespace, project, ref)
-    "[![build status](#{url})](#{link})"
-  end
-
-  def html_badge_code(project, ref)
-    url = status_ci_project_url(project, ref: ref, format: 'png')
-    link = namespace_project_commits_path(project.namespace, project, ref)
-    "<a href='#{link}'><img src='#{url}' /></a>"
-  end
-end
diff --git a/app/helpers/diff_helper.rb b/app/helpers/diff_helper.rb
index 97466d532f4..5f311f3780a 100644
--- a/app/helpers/diff_helper.rb
+++ b/app/helpers/diff_helper.rb
@@ -23,7 +23,7 @@ module DiffHelper
   end
 
   def diff_options
-    options = { ignore_whitespace_change: params[:w] == '1' }
+    options = { ignore_whitespace_change: hide_whitespace? }
     if diff_hard_limit_enabled?
       options.merge!(Commit.max_diff_options)
     end
@@ -55,22 +55,18 @@ module DiffHelper
     end
   end
 
-  def line_comments
-    @line_comments ||= @line_notes.select(&:active?).sort_by(&:created_at).group_by(&:line_code)
-  end
+  def organize_comments(left, right)
+    notes_left = notes_right = nil
 
-  def organize_comments(type_left, type_right, line_code_left, line_code_right)
-    comments_left = comments_right = nil
-
-    unless type_left.nil? && type_right == 'new'
-      comments_left = line_comments[line_code_left]
+    unless left[:type].nil? && right[:type] == 'new'
+      notes_left = @grouped_diff_notes[left[:line_code]]
     end
 
-    unless type_left.nil? && type_right.nil?
-      comments_right = line_comments[line_code_right]
+    unless left[:type].nil? && right[:type].nil?
+      notes_right = @grouped_diff_notes[right[:line_code]]
     end
 
-    [comments_left, comments_right]
+    [notes_left, notes_right]
   end
 
   def inline_diff_btn
@@ -96,8 +92,8 @@ module DiffHelper
     ].join(' ').html_safe
   end
 
-  def commit_for_diff(diff)
-    if diff.deleted_file
+  def commit_for_diff(diff_file)
+    if diff_file.deleted_file
       @base_commit || @commit.parent || @commit
     else
       @commit
@@ -128,4 +124,31 @@ module DiffHelper
       title
     end
   end
+
+  def commit_diff_whitespace_link(project, commit, options)
+    url = namespace_project_commit_path(project.namespace, project, commit.id, params_with_whitespace)
+    toggle_whitespace_link(url, options)
+  end
+
+  def diff_merge_request_whitespace_link(project, merge_request, options)
+    url = diffs_namespace_project_merge_request_path(project.namespace, project, merge_request, params_with_whitespace)
+    toggle_whitespace_link(url, options)
+  end
+
+  private
+
+  def hide_whitespace?
+    params[:w] == '1'
+  end
+
+  def params_with_whitespace
+    hide_whitespace? ? request.query_parameters.except(:w) : request.query_parameters.merge(w: 1)
+  end
+
+  def toggle_whitespace_link(url, options)
+    options[:class] ||= ''
+    options[:class] << ' btn btn-default'
+
+    link_to "#{hide_whitespace? ? 'Show' : 'Hide'} whitespace changes", url, class: options[:class]
+  end
 end
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb
index 592bad8ba24..e1489381706 100644
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -3,7 +3,7 @@ module EventsHelper
     author = event.author
 
     if author
-      link_to author.name, user_path(author.username), title: h(author.name)
+      link_to author.name, user_path(author.username), title: author.name
     else
       event.author_name
     end
@@ -39,15 +39,6 @@ module EventsHelper
     end
   end
 
-  def icon_for_event
-    {
-      EventFilter.push     => 'upload',
-      EventFilter.merged   => 'check-square-o',
-      EventFilter.comments => 'comments',
-      EventFilter.team     => 'user',
-    }
-  end
-
   def event_preposition(event)
     if event.push? || event.commented? || event.target
       "at"
@@ -66,11 +57,7 @@ module EventsHelper
       words << event.ref_name
       words << "at"
     elsif event.commented?
-      if event.note_commit?
-        words << event.note_short_commit_id
-      else
-        words << "##{truncate event.note_target_iid}"
-      end
+      words << event.note_target_reference
       words << "at"
     elsif event.milestone?
       words << "##{event.target_iid}" if event.target_iid
@@ -93,21 +80,12 @@ module EventsHelper
     elsif event.merge_request?
       namespace_project_merge_request_url(event.project.namespace,
                                           event.project, event.merge_request)
-    elsif event.note? && event.note_commit?
+    elsif event.note? && event.commit_note?
       namespace_project_commit_url(event.project.namespace, event.project,
                                    event.note_target)
     elsif event.note?
       if event.note_target
-        if event.note_commit?
-          namespace_project_commit_path(event.project.namespace, event.project,
-                                        event.note_commit_id,
-                                        anchor: dom_id(event.target))
-        elsif event.note_project_snippet?
-          namespace_project_snippet_path(event.project.namespace,
-                                         event.project, event.note_target)
-        else
-          event_note_target_path(event)
-        end
+        event_note_target_path(event)
       end
     elsif event.push?
       push_event_feed_url(event)
@@ -143,42 +121,30 @@ module EventsHelper
   end
 
   def event_note_target_path(event)
-    if event.note? && event.note_commit?
-      namespace_project_commit_path(event.project.namespace, event.project,
-                                    event.note_target)
+    if event.note? && event.commit_note?
+      namespace_project_commit_path(event.project.namespace,
+                                    event.project,
+                                    event.note_target,
+                                    anchor: dom_id(event.target))
+    elsif event.project_snippet_note?
+      namespace_project_snippet_path(event.project.namespace,
+                                     event.project,
+                                     event.note_target,
+                                     anchor: dom_id(event.target))
     else
       polymorphic_path([event.project.namespace.becomes(Namespace),
                         event.project, event.note_target],
-                       anchor: dom_id(event.target))
+                        anchor: dom_id(event.target))
     end
   end
 
   def event_note_title_html(event)
     if event.note_target
-      if event.note_commit?
-        link_to(
-          namespace_project_commit_path(event.project.namespace, event.project,
-                                        event.note_commit_id,
-                                        anchor: dom_id(event.target), title: h(event.target_title)),
-          class: "commit_short_id"
-        ) do
-          "#{event.note_target_type} #{event.note_short_commit_id}"
-        end
-      elsif event.note_project_snippet?
-        link_to(namespace_project_snippet_path(event.project.namespace,
-                                               event.project,
-                                               event.note_target), title: h(event.project.name)) do
-          "#{event.note_target_type} #{truncate event.note_target.to_reference}"
-        end
-      else
-        link_to event_note_target_path(event) do
-          "#{event.note_target_type} #{truncate event.note_target.to_reference}"
-        end
+      link_to(event_note_target_path(event), title: event.target_title, class: 'has-tooltip') do
+        "#{event.note_target_type} #{event.note_target_reference}"
       end
     else
-      content_tag :strong do
-        "(deleted)"
-      end
+      content_tag(:strong, '(deleted)')
     end
   end
 
diff --git a/app/helpers/gitlab_routing_helper.rb b/app/helpers/gitlab_routing_helper.rb
index f07eff3fb57..2ce2d4e694f 100644
--- a/app/helpers/gitlab_routing_helper.rb
+++ b/app/helpers/gitlab_routing_helper.rb
@@ -33,6 +33,10 @@ module GitlabRoutingHelper
     namespace_project_builds_path(project.namespace, project, *args)
   end
 
+  def project_container_registry_path(project, *args)
+    namespace_project_container_registry_index_path(project.namespace, project, *args)
+  end
+
   def activity_project_path(project, *args)
     activity_namespace_project_path(project.namespace, project, *args)
   end
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index afe1e11a0da..198d39455d7 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -16,31 +16,49 @@ module IssuesHelper
   def url_for_project_issues(project = @project, options = {})
     return '' if project.nil?
 
-    if options[:only_path]
-      project.issues_tracker.project_path
-    else
-      project.issues_tracker.project_url
-    end
+    url =
+      if options[:only_path]
+        project.issues_tracker.project_path
+      else
+        project.issues_tracker.project_url
+      end
+
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
   end
 
   def url_for_new_issue(project = @project, options = {})
     return '' if project.nil?
 
-    if options[:only_path]
-      project.issues_tracker.new_issue_path
-    else
-      project.issues_tracker.new_issue_url
-    end
+    url =
+      if options[:only_path]
+        project.issues_tracker.new_issue_path
+      else
+        project.issues_tracker.new_issue_url
+      end
+
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
   end
 
   def url_for_issue(issue_iid, project = @project, options = {})
     return '' if project.nil?
 
-    if options[:only_path]
-      project.issues_tracker.issue_path(issue_iid)
-    else
-      project.issues_tracker.issue_url(issue_iid)
-    end
+    url =
+      if options[:only_path]
+        project.issues_tracker.issue_path(issue_iid)
+      else
+        project.issues_tracker.issue_url(issue_iid)
+      end
+
+    # Ensure we return a valid URL to prevent possible XSS.
+    URI.parse(url).to_s
+  rescue URI::InvalidURIError
+    ''
   end
 
   def bulk_update_milestone_options
diff --git a/app/helpers/labels_helper.rb b/app/helpers/labels_helper.rb
index 3dded7c2f23..c99b137cdaa 100644
--- a/app/helpers/labels_helper.rb
+++ b/app/helpers/labels_helper.rb
@@ -37,7 +37,7 @@ module LabelsHelper
     link = send("namespace_project_#{type.to_s.pluralize}_path",
                 project.namespace,
                 project,
-                label_name: label.name)
+                label_name: [label.name])
 
     if block_given?
       link_to link, &block
diff --git a/app/helpers/nav_helper.rb b/app/helpers/nav_helper.rb
index 5d86bd490a8..fbb799eecd3 100644
--- a/app/helpers/nav_helper.rb
+++ b/app/helpers/nav_helper.rb
@@ -34,10 +34,21 @@ module NavHelper
   end
 
   def nav_header_class
-    if nav_menu_collapsed?
-      "header-collapsed"
-    else
-      "header-expanded"
-    end
+    class_name =
+      if nav_menu_collapsed?
+        "header-collapsed"
+      else
+        "header-expanded"
+      end
+    class_name += " with-horizontal-nav" if defined?(nav) && nav
+    class_name
+  end
+
+  def layout_nav_class
+    "page-with-layout-nav" if defined?(nav) && nav
+  end
+
+  def layout_dropdown_class
+    "controls-dropdown-visible" if current_user
   end
 end
diff --git a/app/helpers/notes_helper.rb b/app/helpers/notes_helper.rb
index 95072b5373f..b401c8385be 100644
--- a/app/helpers/notes_helper.rb
+++ b/app/helpers/notes_helper.rb
@@ -1,7 +1,7 @@
 module NotesHelper
   # Helps to distinguish e.g. commit notes in mr notes list
   def note_for_main_target?(note)
-    (@noteable.class.name == note.noteable_type && !note.for_diff_line?)
+    @noteable.class.name == note.noteable_type && !note.diff_note?
   end
 
   def note_target_fields(note)
@@ -15,16 +15,6 @@ module NotesHelper
     note.editable? && can?(current_user, :admin_note, note)
   end
 
-  def link_to_commit_diff_line_note(note)
-    if note.for_commit_diff_line?
-      link_to(
-        "#{note.diff_file_name}:L#{note.diff_new_line}",
-        namespace_project_commit_path(@project.namespace, @project,
-                                      note.noteable, anchor: note.line_code)
-      )
-    end
-  end
-
   def noteable_json(noteable)
     {
       id: noteable.id,
@@ -35,7 +25,7 @@ module NotesHelper
   end
 
   def link_to_new_diff_note(line_code, line_type = nil)
-    discussion_id = Note.build_discussion_id(
+    discussion_id = LegacyDiffNote.build_discussion_id(
       @comments_target[:noteable_type],
       @comments_target[:noteable_id] || @comments_target[:commit_id],
       line_code
@@ -45,9 +35,10 @@ module NotesHelper
       noteable_type: @comments_target[:noteable_type],
       noteable_id:   @comments_target[:noteable_id],
       commit_id:     @comments_target[:commit_id],
+      line_type:     line_type,
       line_code:     line_code,
-      discussion_id: discussion_id,
-      line_type:     line_type
+      note_type:     LegacyDiffNote.name,
+      discussion_id: discussion_id
     }
 
     button_tag(class: 'btn add-diff-note js-add-diff-note-button',
@@ -57,18 +48,24 @@ module NotesHelper
     end
   end
 
-  def link_to_reply_diff(note, line_type = nil)
+  def link_to_reply_discussion(note, line_type = nil)
     return unless current_user
 
     data = {
       noteable_type: note.noteable_type,
       noteable_id:   note.noteable_id,
       commit_id:     note.commit_id,
-      line_code:     note.line_code,
       discussion_id: note.discussion_id,
       line_type:     line_type
     }
 
+    if note.diff_note?
+      data.merge!(
+        line_code: note.line_code,
+        note_type: LegacyDiffNote.name
+      )
+    end
+
     button_tag 'Reply...', class: 'btn btn-text-field js-discussion-reply-button',
                            data: data, title: 'Add a reply'
   end
diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb
index ab85694da3f..0825b5b6437 100644
--- a/app/helpers/projects_helper.rb
+++ b/app/helpers/projects_helper.rb
@@ -123,13 +123,21 @@ module ProjectsHelper
     end
   end
 
+  def license_short_name(project)
+    return 'LICENSE' if project.repository.license_key.nil?
+
+    license = Licensee::License.new(project.repository.license_key)
+
+    license.nickname || license.name
+  end
+
   private
 
   def get_project_nav_tabs(project, current_user)
-    nav_tabs = [:home, :forks]
+    nav_tabs = [:home]
 
     if !project.empty_repo? && can?(current_user, :download_code, project)
-      nav_tabs << [:files, :commits, :network, :graphs]
+      nav_tabs << [:files, :commits, :network, :graphs, :forks]
     end
 
     if project.repo_exists? && can?(current_user, :read_merge_request, project)
@@ -140,6 +148,10 @@ module ProjectsHelper
       nav_tabs << :builds
     end
 
+    if Gitlab.config.registry.enabled && can?(current_user, :read_container_image, project)
+      nav_tabs << :container_registry
+    end
+
     if can?(current_user, :admin_project, project)
       nav_tabs << :settings
     end
@@ -188,16 +200,13 @@ module ProjectsHelper
   end
 
   def repository_size(project = @project)
-    "#{project.repository_size} MB"
-  rescue
-    # In order to prevent 500 error
-    # when application cannot allocate memory
-    # to calculate repo size - just show 'Unknown'
-    'unknown'
+    size_in_bytes = project.repository_size * 1.megabyte
+    number_to_human_size(size_in_bytes, delimiter: ',', precision: 2)
   end
 
   def default_url_to_repo(project = @project)
-    if default_clone_protocol == "ssh"
+    case default_clone_protocol
+    when 'ssh'
       project.ssh_url_to_repo
     else
       project.http_url_to_repo
@@ -320,14 +329,6 @@ module ProjectsHelper
     @ref || @repository.try(:root_ref)
   end
 
-  def license_short_name(project)
-    license = Licensee::License.new(project.repository.license_key)
-
-    license.nickname || license.name
-  end
-
-  private
-
   def filename_path(project, filename)
     if project && blob = project.repository.send(filename)
       namespace_project_blob_path(
@@ -337,4 +338,10 @@ module ProjectsHelper
       )
     end
   end
+
+  def sanitize_repo_path(message)
+    return '' unless message.present?
+
+    message.strip.gsub(Gitlab.config.gitlab_shell.repos_path.chomp('/'), "[REPOS PATH]")
+  end
 end
diff --git a/app/helpers/search_helper.rb b/app/helpers/search_helper.rb
index 8a97a74ad73..d2f94d4ae6f 100644
--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -19,6 +19,16 @@ module SearchHelper
     end
   end
 
+  def search_entries_info(collection, scope, term)
+    return unless collection.count > 0
+
+    from = collection.offset_value + 1
+    to = collection.offset_value + collection.length
+    count = collection.total_count
+
+    "Showing #{from} - #{to} of #{count} #{scope.humanize(capitalize: false)} for \"#{term}\""
+  end
+
   private
 
   # Autocomplete results for various settings pages
@@ -49,7 +59,7 @@ module SearchHelper
   # Autocomplete results for the current project, if it's defined
   def project_autocomplete
     if @project && @project.repository.exists? && @project.repository.root_ref
-      ref    = @ref || @project.repository.root_ref
+      ref = @ref || @project.repository.root_ref
 
       [
         { category: "Current Project", label: "Files",          url: namespace_project_tree_path(@project.namespace, @project, ref) },
diff --git a/app/helpers/selects_helper.rb b/app/helpers/selects_helper.rb
index e951a87a212..bb395e37884 100644
--- a/app/helpers/selects_helper.rb
+++ b/app/helpers/selects_helper.rb
@@ -18,7 +18,7 @@ module SelectsHelper
         first_user: first_user,
         current_user: opts[:current_user] || false,
         "push-code-to-protected-branches" => opts[:push_code_to_protected_branches],
-        author_id: opts[:author_id]       || ''
+        author_id: opts[:author_id] || ''
       }
     }
 
diff --git a/app/mailers/emails/notes.rb b/app/mailers/emails/notes.rb
index cdc40b81ee1..96116e916dd 100644
--- a/app/mailers/emails/notes.rb
+++ b/app/mailers/emails/notes.rb
@@ -28,6 +28,14 @@ module Emails
       mail_answer_thread(@merge_request, note_thread_options(recipient_id))
     end
 
+    def note_snippet_email(recipient_id, note_id)
+      setup_note_mail(note_id, recipient_id)
+
+      @snippet = @note.noteable
+      @target_url = namespace_project_snippet_url(*note_target_url_options)
+      mail_answer_thread(@snippet, note_thread_options(recipient_id))
+    end
+
     private
 
     def note_target_url_options
diff --git a/app/mailers/emails/projects.rb b/app/mailers/emails/projects.rb
index 377c2999d6c..5489283432b 100644
--- a/app/mailers/emails/projects.rb
+++ b/app/mailers/emails/projects.rb
@@ -59,9 +59,9 @@ module Emails
            subject: subject("Project was moved"))
     end
 
-    def repository_push_email(project_id, recipient, opts = {})
+    def repository_push_email(project_id, opts = {})
       @message =
-        Gitlab::Email::Message::RepositoryPush.new(self, project_id, recipient, opts)
+        Gitlab::Email::Message::RepositoryPush.new(self, project_id, opts)
 
       # used in notify layout
       @target_url = @message.target_url
@@ -72,7 +72,6 @@ module Emails
 
       mail(from:      sender(@message.author_id, @message.send_from_committer_email?),
            reply_to:  @message.reply_to,
-           to:        @message.recipient,
            subject:   @message.subject)
     end
   end
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 6103a2947e2..f70268d3138 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -61,6 +61,7 @@ class Ability
           :read_merge_request,
           :read_note,
           :read_commit_status,
+          :read_container_image,
           :download_code
         ]
 
@@ -203,6 +204,7 @@ class Ability
         :admin_label,
         :read_commit_status,
         :read_build,
+        :read_container_image,
       ]
     end
 
@@ -216,7 +218,9 @@ class Ability
         :update_build,
         :create_merge_request,
         :create_wiki,
-        :push_code
+        :push_code,
+        :create_container_image,
+        :update_container_image,
       ]
     end
 
@@ -242,7 +246,8 @@ class Ability
         :admin_wiki,
         :admin_project,
         :admin_commit_status,
-        :admin_build
+        :admin_build,
+        :admin_container_image,
       ]
     end
 
@@ -287,6 +292,10 @@ class Ability
         rules += named_abilities('build')
       end
 
+      unless project.container_registry_enabled
+        rules += named_abilities('container_image')
+      end
+
       rules
     end
 
diff --git a/app/models/abuse_report.rb b/app/models/abuse_report.rb
index b61f5123127..b01a244032d 100644
--- a/app/models/abuse_report.rb
+++ b/app/models/abuse_report.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: abuse_reports
-#
-#  id          :integer          not null, primary key
-#  reporter_id :integer
-#  user_id     :integer
-#  message     :text
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 class AbuseReport < ActiveRecord::Base
   belongs_to :reporter, class_name: 'User'
   belongs_to :user
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 36f88154232..f5079f92444 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -1,59 +1,13 @@
-# == Schema Information
-#
-# Table name: application_settings
-#
-#  id                                :integer          not null, primary key
-#  default_projects_limit            :integer
-#  signup_enabled                    :boolean
-#  signin_enabled                    :boolean
-#  gravatar_enabled                  :boolean
-#  sign_in_text                      :text
-#  created_at                        :datetime
-#  updated_at                        :datetime
-#  home_page_url                     :string(255)
-#  default_branch_protection         :integer          default(2)
-#  restricted_visibility_levels      :text
-#  version_check_enabled             :boolean          default(TRUE)
-#  max_attachment_size               :integer          default(10), not null
-#  default_project_visibility        :integer
-#  default_snippet_visibility        :integer
-#  default_group_visibility          :integer
-#  restricted_signup_domains         :text
-#  user_oauth_applications           :boolean          default(TRUE)
-#  after_sign_out_path               :string(255)
-#  session_expire_delay              :integer          default(10080), not null
-#  import_sources                    :text
-#  help_page_text                    :text
-#  admin_notification_email          :string(255)
-#  shared_runners_enabled            :boolean          default(TRUE), not null
-#  max_artifacts_size                :integer          default(100), not null
-#  runners_registration_token        :string
-#  require_two_factor_authentication :boolean          default(FALSE)
-#  two_factor_grace_period           :integer          default(48)
-#  metrics_enabled                   :boolean          default(FALSE)
-#  metrics_host                      :string           default("localhost")
-#  metrics_username                  :string
-#  metrics_password                  :string
-#  metrics_pool_size                 :integer          default(16)
-#  metrics_timeout                   :integer          default(10)
-#  metrics_method_call_threshold     :integer          default(10)
-#  recaptcha_enabled                 :boolean          default(FALSE)
-#  recaptcha_site_key                :string
-#  recaptcha_private_key             :string
-#  metrics_port                      :integer          default(8089)
-#  sentry_enabled                    :boolean          default(FALSE)
-#  sentry_dsn                        :string
-#  email_author_in_body              :boolean          default(FALSE)
-#
-
 class ApplicationSetting < ActiveRecord::Base
   include TokenAuthenticatable
   add_authentication_token_field :runners_registration_token
+  add_authentication_token_field :health_check_access_token
 
   CACHE_KEY = 'application_setting.last'
 
   serialize :restricted_visibility_levels
   serialize :import_sources
+  serialize :disabled_oauth_sign_in_sources
   serialize :restricted_signup_domains, Array
   attr_accessor :restricted_signup_domains_raw
 
@@ -117,7 +71,18 @@ class ApplicationSetting < ActiveRecord::Base
     end
   end
 
+  validates_each :disabled_oauth_sign_in_sources do |record, attr, value|
+    unless value.nil?
+      value.each do |source|
+        unless Devise.omniauth_providers.include?(source.to_sym)
+          record.errors.add(attr, "'#{source}' is not an OAuth sign-in source")
+        end
+      end
+    end
+  end
+
   before_save :ensure_runners_registration_token
+  before_save :ensure_health_check_access_token
 
   after_commit do
     Rails.cache.write(CACHE_KEY, self)
@@ -155,6 +120,8 @@ class ApplicationSetting < ActiveRecord::Base
       recaptcha_enabled: false,
       akismet_enabled: false,
       repository_checks_enabled: true,
+      disabled_oauth_sign_in_sources: [],
+      send_user_confirmation_email: false
     )
   end
 
@@ -181,4 +148,8 @@ class ApplicationSetting < ActiveRecord::Base
   def runners_registration_token
     ensure_runners_registration_token!
   end
+
+  def health_check_access_token
+    ensure_health_check_access_token!
+  end
 end
diff --git a/app/models/audit_event.rb b/app/models/audit_event.rb
index 0ed0dd98a59..967ffd46db0 100644
--- a/app/models/audit_event.rb
+++ b/app/models/audit_event.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: audit_events
-#
-#  id          :integer          not null, primary key
-#  author_id   :integer          not null
-#  type        :string(255)      not null
-#  entity_id   :integer          not null
-#  entity_type :string(255)      not null
-#  details     :text
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 class AuditEvent < ActiveRecord::Base
   serialize :details, Hash
 
diff --git a/app/models/blob.rb b/app/models/blob.rb
index 72e6c5fa3fd..0fea6b7f576 100644
--- a/app/models/blob.rb
+++ b/app/models/blob.rb
@@ -19,6 +19,14 @@ class Blob < SimpleDelegator
     new(blob)
   end
 
+  def no_highlighting?
+    size && size > 1.megabyte
+  end
+
+  def only_display_raw?
+    size && size > 5.megabytes
+  end
+
   def svg?
     text? && language && language.name == 'SVG'
   end
diff --git a/app/models/broadcast_message.rb b/app/models/broadcast_message.rb
index 8a0a8a4c2a9..61498140f27 100644
--- a/app/models/broadcast_message.rb
+++ b/app/models/broadcast_message.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: broadcast_messages
-#
-#  id         :integer          not null, primary key
-#  message    :text             not null
-#  starts_at  :datetime
-#  ends_at    :datetime
-#  created_at :datetime
-#  updated_at :datetime
-#  color      :string(255)
-#  font       :string(255)
-#
-
 class BroadcastMessage < ActiveRecord::Base
   include Sortable
 
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 553cd447971..92327bdb08d 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -1,40 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_builds
-#
-#  id                 :integer          not null, primary key
-#  project_id         :integer
-#  status             :string(255)
-#  finished_at        :datetime
-#  trace              :text
-#  created_at         :datetime
-#  updated_at         :datetime
-#  started_at         :datetime
-#  runner_id          :integer
-#  coverage           :float
-#  commit_id          :integer
-#  commands           :text
-#  job_id             :integer
-#  name               :string(255)
-#  deploy             :boolean          default(FALSE)
-#  options            :text
-#  allow_failure      :boolean          default(FALSE), not null
-#  stage              :string(255)
-#  trigger_request_id :integer
-#  stage_idx          :integer
-#  tag                :boolean
-#  ref                :string(255)
-#  user_id            :integer
-#  type               :string(255)
-#  target_url         :string(255)
-#  description        :string(255)
-#  artifacts_file     :text
-#  gl_project_id      :integer
-#  artifacts_metadata :text
-#  erased_by_id       :integer
-#  erased_at          :datetime
-#
-
 module Ci
   class Build < CommitStatus
     belongs_to :runner, class_name: 'Ci::Runner'
@@ -132,8 +95,12 @@ module Ci
     end
 
     def trace_html
-      html = Ci::Ansi2html::convert(trace) if trace.present?
-      html || ''
+      trace_with_state[:html] || ''
+    end
+
+    def trace_with_state(state = nil)
+      trace_with_state = Ci::Ansi2html::convert(trace, state) if trace.present?
+      trace_with_state || {}
     end
 
     def timeout
@@ -238,7 +205,7 @@ module Ci
     end
 
     def recreate_trace_dir
-      unless Dir.exists?(dir_to_trace)
+      unless Dir.exist?(dir_to_trace)
         FileUtils.mkdir_p(dir_to_trace)
       end
     end
diff --git a/app/models/ci/commit.rb b/app/models/ci/commit.rb
index f2667e5476b..f4b61c75ab6 100644
--- a/app/models/ci/commit.rb
+++ b/app/models/ci/commit.rb
@@ -1,21 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_commits
-#
-#  id            :integer          not null, primary key
-#  project_id    :integer
-#  ref           :string(255)
-#  sha           :string(255)
-#  before_sha    :string(255)
-#  push_data     :text
-#  created_at    :datetime
-#  updated_at    :datetime
-#  tag           :boolean          default(FALSE)
-#  yaml_errors   :text
-#  committed_at  :datetime
-#  gl_project_id :integer
-#
-
 module Ci
   class Commit < ActiveRecord::Base
     extend Ci::Model
diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb
index 90349a07594..819064f99bb 100644
--- a/app/models/ci/runner.rb
+++ b/app/models/ci/runner.rb
@@ -1,28 +1,10 @@
-# == Schema Information
-#
-# Table name: ci_runners
-#
-#  id           :integer          not null, primary key
-#  token        :string(255)
-#  created_at   :datetime
-#  updated_at   :datetime
-#  description  :string(255)
-#  contacted_at :datetime
-#  active       :boolean          default(TRUE), not null
-#  is_shared    :boolean          default(FALSE)
-#  name         :string(255)
-#  version      :string(255)
-#  revision     :string(255)
-#  platform     :string(255)
-#  architecture :string(255)
-#
-
 module Ci
   class Runner < ActiveRecord::Base
     extend Ci::Model
 
     LAST_CONTACT_TIME = 5.minutes.ago
-    AVAILABLE_SCOPES = ['specific', 'shared', 'active', 'paused', 'online']
+    AVAILABLE_SCOPES = %w[specific shared active paused online]
+    FORM_EDITABLE = %i[description tag_list active]
 
     has_many :builds, class_name: 'Ci::Build'
     has_many :runner_projects, dependent: :destroy, class_name: 'Ci::RunnerProject'
diff --git a/app/models/ci/runner_project.rb b/app/models/ci/runner_project.rb
index 7b16f207a26..4b44ffa886e 100644
--- a/app/models/ci/runner_project.rb
+++ b/app/models/ci/runner_project.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_runner_projects
-#
-#  id            :integer          not null, primary key
-#  runner_id     :integer          not null
-#  project_id    :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  gl_project_id :integer
-#
-
 module Ci
   class RunnerProject < ActiveRecord::Base
     extend Ci::Model
diff --git a/app/models/ci/trigger.rb b/app/models/ci/trigger.rb
index 2b9a457c8ab..a0b19b51a12 100644
--- a/app/models/ci/trigger.rb
+++ b/app/models/ci/trigger.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_triggers
-#
-#  id            :integer          not null, primary key
-#  token         :string(255)
-#  project_id    :integer
-#  deleted_at    :datetime
-#  created_at    :datetime
-#  updated_at    :datetime
-#  gl_project_id :integer
-#
-
 module Ci
   class Trigger < ActiveRecord::Base
     extend Ci::Model
diff --git a/app/models/ci/trigger_request.rb b/app/models/ci/trigger_request.rb
index 9973d2e5ade..872d5fb31de 100644
--- a/app/models/ci/trigger_request.rb
+++ b/app/models/ci/trigger_request.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_trigger_requests
-#
-#  id         :integer          not null, primary key
-#  trigger_id :integer          not null
-#  variables  :text
-#  created_at :datetime
-#  updated_at :datetime
-#  commit_id  :integer
-#
-
 module Ci
   class TriggerRequest < ActiveRecord::Base
     extend Ci::Model
diff --git a/app/models/ci/variable.rb b/app/models/ci/variable.rb
index e786bd7dd93..10802f64813 100644
--- a/app/models/ci/variable.rb
+++ b/app/models/ci/variable.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_variables
-#
-#  id                   :integer          not null, primary key
-#  project_id           :integer
-#  key                  :string(255)
-#  value                :text
-#  encrypted_value      :text
-#  encrypted_value_salt :string(255)
-#  encrypted_value_iv   :string(255)
-#  gl_project_id        :integer
-#
-
 module Ci
   class Variable < ActiveRecord::Base
     extend Ci::Model
diff --git a/app/models/commit_status.rb b/app/models/commit_status.rb
index aa56314aa16..cacbc13b391 100644
--- a/app/models/commit_status.rb
+++ b/app/models/commit_status.rb
@@ -1,37 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_builds
-#
-#  id                 :integer          not null, primary key
-#  project_id         :integer
-#  status             :string(255)
-#  finished_at        :datetime
-#  trace              :text
-#  created_at         :datetime
-#  updated_at         :datetime
-#  started_at         :datetime
-#  runner_id          :integer
-#  coverage           :float
-#  commit_id          :integer
-#  commands           :text
-#  job_id             :integer
-#  name               :string(255)
-#  deploy             :boolean          default(FALSE)
-#  options            :text
-#  allow_failure      :boolean          default(FALSE), not null
-#  stage              :string(255)
-#  trigger_request_id :integer
-#  stage_idx          :integer
-#  tag                :boolean
-#  ref                :string(255)
-#  user_id            :integer
-#  type               :string(255)
-#  target_url         :string(255)
-#  description        :string(255)
-#  artifacts_file     :text
-#  gl_project_id      :integer
-#
-
 class CommitStatus < ActiveRecord::Base
   include Statuseable
 
diff --git a/app/models/concerns/issuable.rb b/app/models/concerns/issuable.rb
index d5166e81474..c1248b53031 100644
--- a/app/models/concerns/issuable.rb
+++ b/app/models/concerns/issuable.rb
@@ -35,13 +35,14 @@ module Issuable
     scope :only_opened, -> { with_state(:opened) }
     scope :only_reopened, -> { with_state(:reopened) }
     scope :closed, -> { with_state(:closed) }
-    scope :order_milestone_due_desc, -> { joins(:milestone).reorder('milestones.due_date DESC, milestones.id DESC') }
-    scope :order_milestone_due_asc, -> { joins(:milestone).reorder('milestones.due_date ASC, milestones.id ASC') }
+    scope :order_milestone_due_desc, -> { outer_join_milestone.reorder('milestones.due_date IS NULL ASC, milestones.due_date DESC, milestones.id DESC') }
+    scope :order_milestone_due_asc, -> { outer_join_milestone.reorder('milestones.due_date IS NULL ASC, milestones.due_date ASC, milestones.id ASC') }
     scope :without_label, -> { joins("LEFT OUTER JOIN label_links ON label_links.target_type = '#{name}' AND label_links.target_id = #{table_name}.id").where(label_links: { id: nil }) }
 
     scope :join_project, -> { joins(:project) }
     scope :references_project, -> { references(:project) }
     scope :non_archived, -> { join_project.where(projects: { archived: false }) }
+    scope :outer_join_milestone, -> { joins("LEFT OUTER JOIN milestones ON milestones.id = #{table_name}.milestone_id") }
 
     delegate :name,
              :email,
@@ -123,8 +124,8 @@ module Issuable
     end
 
     def with_label(title)
-      if title.is_a?(Array) && title.count > 1
-        joins(:labels).where(labels: { title: title }).group('issues.id').having("count(distinct labels.title) = #{title.count}")
+      if title.is_a?(Array) && title.size > 1
+        joins(:labels).where(labels: { title: title }).group(arel_table[:id]).having("COUNT(DISTINCT labels.title) = #{title.size}")
       else
         joins(:labels).where(labels: { title: title })
       end
@@ -159,6 +160,10 @@ module Issuable
     notes.awards.where(note: "thumbsup").count
   end
 
+  def user_notes_count
+    notes.user.count
+  end
+
   def subscribed_without_subscriptions?(user)
     participants(user).include?(user)
   end
diff --git a/app/models/concerns/mentionable.rb b/app/models/concerns/mentionable.rb
index 98f71ae8cb0..b381d225485 100644
--- a/app/models/concerns/mentionable.rb
+++ b/app/models/concerns/mentionable.rb
@@ -43,8 +43,8 @@ module Mentionable
     self
   end
 
-  def all_references(current_user = self.author, text = nil)
-    ext = Gitlab::ReferenceExtractor.new(self.project, current_user, self.author)
+  def all_references(current_user = nil, text = nil)
+    ext = Gitlab::ReferenceExtractor.new(self.project, current_user || self.author, self.author)
 
     if text
       ext.analyze(text)
diff --git a/app/models/concerns/milestoneish.rb b/app/models/concerns/milestoneish.rb
index 5b8e3f654ea..7bcc78247ba 100644
--- a/app/models/concerns/milestoneish.rb
+++ b/app/models/concerns/milestoneish.rb
@@ -8,7 +8,7 @@ module Milestoneish
   end
 
   def complete?(user = nil)
-    total_items_count(user) == closed_items_count(user)
+    total_items_count(user) > 0 && total_items_count(user) == closed_items_count(user)
   end
 
   def percent_complete(user = nil)
diff --git a/app/models/concerns/statuseable.rb b/app/models/concerns/statuseable.rb
index 8a293b7b76e..3ef91caad47 100644
--- a/app/models/concerns/statuseable.rb
+++ b/app/models/concerns/statuseable.rb
@@ -18,7 +18,7 @@ module Statuseable
         WHEN (#{builds})=0 THEN NULL
         WHEN (#{builds})=(#{success})+(#{ignored}) THEN 'success'
         WHEN (#{builds})=(#{pending}) THEN 'pending'
-        WHEN (#{builds})=(#{canceled}) THEN 'canceled'
+        WHEN (#{builds})=(#{canceled})+(#{success})+(#{ignored}) THEN 'canceled'
         WHEN (#{builds})=(#{skipped}) THEN 'skipped'
         WHEN (#{running})+(#{pending})>0 THEN 'running'
         ELSE 'failed'
diff --git a/app/models/concerns/subscribable.rb b/app/models/concerns/subscribable.rb
index d5a881b2445..083257f1005 100644
--- a/app/models/concerns/subscribable.rb
+++ b/app/models/concerns/subscribable.rb
@@ -36,6 +36,12 @@ module Subscribable
       update(subscribed: !subscribed?(user))
   end
 
+  def subscribe(user)
+    subscriptions.
+      find_or_initialize_by(user_id: user.id).
+      update(subscribed: true)
+  end
+
   def unsubscribe(user)
     subscriptions.
       find_or_initialize_by(user_id: user.id).
diff --git a/app/models/deploy_key.rb b/app/models/deploy_key.rb
index 9ab663c04ad..2c525d4cd7a 100644
--- a/app/models/deploy_key.rb
+++ b/app/models/deploy_key.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: keys
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  key         :text
-#  title       :string(255)
-#  type        :string(255)
-#  fingerprint :string(255)
-#  public      :boolean          default(FALSE), not null
-#
-
 class DeployKey < Key
   has_many :deploy_keys_projects, dependent: :destroy
   has_many :projects, through: :deploy_keys_projects
diff --git a/app/models/deploy_keys_project.rb b/app/models/deploy_keys_project.rb
index 18db521741f..ae8486bd9ac 100644
--- a/app/models/deploy_keys_project.rb
+++ b/app/models/deploy_keys_project.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: deploy_keys_projects
-#
-#  id            :integer          not null, primary key
-#  deploy_key_id :integer          not null
-#  project_id    :integer          not null
-#  created_at    :datetime
-#  updated_at    :datetime
-#
-
 class DeployKeysProject < ActiveRecord::Base
   belongs_to :project
   belongs_to :deploy_key
diff --git a/app/models/email.rb b/app/models/email.rb
index b323d1edd10..32a412ab878 100644
--- a/app/models/email.rb
+++ b/app/models/email.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: emails
-#
-#  id         :integer          not null, primary key
-#  user_id    :integer          not null
-#  email      :string(255)      not null
-#  created_at :datetime
-#  updated_at :datetime
-#
-
 class Email < ActiveRecord::Base
   include Sortable
 
diff --git a/app/models/event.rb b/app/models/event.rb
index 12183524b79..716039fb54b 100644
--- a/app/models/event.rb
+++ b/app/models/event.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: events
-#
-#  id          :integer          not null, primary key
-#  target_type :string(255)
-#  target_id   :integer
-#  title       :string(255)
-#  data        :text
-#  project_id  :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  action      :integer
-#  author_id   :integer
-#
-
 class Event < ActiveRecord::Base
   include Sortable
   default_scope { where.not(author_id: nil) }
@@ -96,7 +80,7 @@ class Event < ActiveRecord::Base
   end
 
   def target_title
-    target.title if target && target.respond_to?(:title)
+    target.try(:title)
   end
 
   def created?
@@ -282,28 +266,20 @@ class Event < ActiveRecord::Base
     branch? && project.default_branch != branch_name
   end
 
-  def note_commit_id
-    target.commit_id
-  end
-
   def target_iid
     target.respond_to?(:iid) ? target.iid : target_id
   end
 
-  def note_short_commit_id
-    Commit.truncate_sha(note_commit_id)
-  end
-
-  def note_commit?
-    target.noteable_type == "Commit"
+  def commit_note?
+    target.for_commit?
   end
 
   def issue_note?
-    note? && target && target.noteable_type == "Issue"
+    note? && target && target.for_issue?
   end
 
-  def note_project_snippet?
-    target.noteable_type == "Snippet"
+  def project_snippet_note?
+    target.for_snippet?
   end
 
   def note_target
@@ -311,19 +287,22 @@ class Event < ActiveRecord::Base
   end
 
   def note_target_id
-    if note_commit?
+    if commit_note?
       target.commit_id
     else
       target.noteable_id.to_s
     end
   end
 
-  def note_target_iid
-    if note_target.respond_to?(:iid)
-      note_target.iid
+  def note_target_reference
+    return unless note_target
+
+    # Commit#to_reference returns the full SHA, but we want the short one here
+    if commit_note?
+      note_target.short_id
     else
-      note_target_id
-    end.to_s
+      note_target.to_reference
+    end
   end
 
   def note_target_type
@@ -345,7 +324,7 @@ class Event < ActiveRecord::Base
   end
 
   def reset_project_activity
-    if project
+    if project && Gitlab::ExclusiveLease.new("project:update_last_activity_at:#{project.id}", timeout: 60).try_obtain
       project.update_column(:last_activity_at, self.created_at)
     end
   end
diff --git a/app/models/forked_project_link.rb b/app/models/forked_project_link.rb
index 9b0c6263a96..9803bae0bee 100644
--- a/app/models/forked_project_link.rb
+++ b/app/models/forked_project_link.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: forked_project_links
-#
-#  id                     :integer          not null, primary key
-#  forked_to_project_id   :integer          not null
-#  forked_from_project_id :integer          not null
-#  created_at             :datetime
-#  updated_at             :datetime
-#
-
 class ForkedProjectLink < ActiveRecord::Base
   belongs_to :forked_to_project, class_name: Project
   belongs_to :forked_from_project, class_name: Project
diff --git a/app/models/generic_commit_status.rb b/app/models/generic_commit_status.rb
index 97f4f03a9a5..fa54e3540d0 100644
--- a/app/models/generic_commit_status.rb
+++ b/app/models/generic_commit_status.rb
@@ -1,37 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_builds
-#
-#  id                 :integer          not null, primary key
-#  project_id         :integer
-#  status             :string(255)
-#  finished_at        :datetime
-#  trace              :text
-#  created_at         :datetime
-#  updated_at         :datetime
-#  started_at         :datetime
-#  runner_id          :integer
-#  coverage           :float
-#  commit_id          :integer
-#  commands           :text
-#  job_id             :integer
-#  name               :string(255)
-#  deploy             :boolean          default(FALSE)
-#  options            :text
-#  allow_failure      :boolean          default(FALSE), not null
-#  stage              :string(255)
-#  trigger_request_id :integer
-#  stage_idx          :integer
-#  tag                :boolean
-#  ref                :string(255)
-#  user_id            :integer
-#  type               :string(255)
-#  target_url         :string(255)
-#  description        :string(255)
-#  artifacts_file     :text
-#  gl_project_id      :integer
-#
-
 class GenericCommitStatus < CommitStatus
   before_validation :set_default_values
 
diff --git a/app/models/group.rb b/app/models/group.rb
index 1f8432e3320..aec92e335e6 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: namespaces
-#
-#  id                     :integer          not null, primary key
-#  name                   :string(255)      not null
-#  path                   :string(255)      not null
-#  owner_id               :integer
-#  visibility_level       :integer          default(20), not null
-#  created_at             :datetime
-#  updated_at             :datetime
-#  type                   :string(255)
-#  description            :string(255)      default(""), not null
-#  avatar                 :string(255)
-#
-
 require 'carrierwave/orm/activerecord'
 
 class Group < Namespace
diff --git a/app/models/hooks/project_hook.rb b/app/models/hooks/project_hook.rb
index bc6e0f98c3c..ba42a8eeb70 100644
--- a/app/models/hooks/project_hook.rb
+++ b/app/models/hooks/project_hook.rb
@@ -1,23 +1,3 @@
-# == Schema Information
-#
-# Table name: web_hooks
-#
-#  id                      :integer          not null, primary key
-#  url                     :string(2000)
-#  project_id              :integer
-#  created_at              :datetime
-#  updated_at              :datetime
-#  type                    :string           default("ProjectHook")
-#  service_id              :integer
-#  push_events             :boolean          default(TRUE), not null
-#  issues_events           :boolean          default(FALSE), not null
-#  merge_requests_events   :boolean          default(FALSE), not null
-#  tag_push_events         :boolean          default(FALSE)
-#  note_events             :boolean          default(FALSE), not null
-#  enable_ssl_verification :boolean          default(TRUE)
-#  build_events            :boolean          default(FALSE), not null
-#
-
 class ProjectHook < WebHook
   belongs_to :project
 
diff --git a/app/models/hooks/service_hook.rb b/app/models/hooks/service_hook.rb
index 80962264ba2..eef24052a06 100644
--- a/app/models/hooks/service_hook.rb
+++ b/app/models/hooks/service_hook.rb
@@ -1,23 +1,3 @@
-# == Schema Information
-#
-# Table name: web_hooks
-#
-#  id                      :integer          not null, primary key
-#  url                     :string(2000)
-#  project_id              :integer
-#  created_at              :datetime
-#  updated_at              :datetime
-#  type                    :string           default("ProjectHook")
-#  service_id              :integer
-#  push_events             :boolean          default(TRUE), not null
-#  issues_events           :boolean          default(FALSE), not null
-#  merge_requests_events   :boolean          default(FALSE), not null
-#  tag_push_events         :boolean          default(FALSE)
-#  note_events             :boolean          default(FALSE), not null
-#  enable_ssl_verification :boolean          default(TRUE)
-#  build_events            :boolean          default(FALSE), not null
-#
-
 class ServiceHook < WebHook
   belongs_to :service
 
diff --git a/app/models/hooks/system_hook.rb b/app/models/hooks/system_hook.rb
index 15dddcc2447..777bad1e724 100644
--- a/app/models/hooks/system_hook.rb
+++ b/app/models/hooks/system_hook.rb
@@ -1,23 +1,3 @@
-# == Schema Information
-#
-# Table name: web_hooks
-#
-#  id                      :integer          not null, primary key
-#  url                     :string(2000)
-#  project_id              :integer
-#  created_at              :datetime
-#  updated_at              :datetime
-#  type                    :string           default("ProjectHook")
-#  service_id              :integer
-#  push_events             :boolean          default(TRUE), not null
-#  issues_events           :boolean          default(FALSE), not null
-#  merge_requests_events   :boolean          default(FALSE), not null
-#  tag_push_events         :boolean          default(FALSE)
-#  note_events             :boolean          default(FALSE), not null
-#  enable_ssl_verification :boolean          default(TRUE)
-#  build_events            :boolean          default(FALSE), not null
-#
-
 class SystemHook < WebHook
   def async_execute(data, hook_name)
     Sidekiq::Client.enqueue(SystemHookWorker, id, data, hook_name)
diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb
index 3a2e4f546f7..8b87b6c3d64 100644
--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -1,23 +1,3 @@
-# == Schema Information
-#
-# Table name: web_hooks
-#
-#  id                      :integer          not null, primary key
-#  url                     :string(2000)
-#  project_id              :integer
-#  created_at              :datetime
-#  updated_at              :datetime
-#  type                    :string           default("ProjectHook")
-#  service_id              :integer
-#  push_events             :boolean          default(TRUE), not null
-#  issues_events           :boolean          default(FALSE), not null
-#  merge_requests_events   :boolean          default(FALSE), not null
-#  tag_push_events         :boolean          default(FALSE)
-#  note_events             :boolean          default(FALSE), not null
-#  enable_ssl_verification :boolean          default(TRUE)
-#  build_events            :boolean          default(FALSE), not null
-#
-
 class WebHook < ActiveRecord::Base
   include Sortable
   include HTTParty
@@ -43,28 +23,22 @@ class WebHook < ActiveRecord::Base
     if parsed_url.userinfo.blank?
       response = WebHook.post(url,
                               body: data.to_json,
-                              headers: {
-                                  "Content-Type" => "application/json",
-                                  "X-Gitlab-Event" => hook_name.singularize.titleize
-                              },
+                              headers: build_headers(hook_name),
                               verify: enable_ssl_verification)
     else
-      post_url = url.gsub("#{parsed_url.userinfo}@", "")
+      post_url = url.gsub("#{parsed_url.userinfo}@", '')
       auth = {
         username: CGI.unescape(parsed_url.user),
         password: CGI.unescape(parsed_url.password),
       }
       response = WebHook.post(post_url,
                               body: data.to_json,
-                              headers: {
-                                  "Content-Type" => "application/json",
-                                  "X-Gitlab-Event" => hook_name.singularize.titleize
-                              },
+                              headers: build_headers(hook_name),
                               verify: enable_ssl_verification,
                               basic_auth: auth)
     end
 
-    [(response.code >= 200 && response.code < 300), ActionView::Base.full_sanitizer.sanitize(response.to_s)]
+    [response.code, response.to_s]
   rescue SocketError, OpenSSL::SSL::SSLError, Errno::ECONNRESET, Errno::ECONNREFUSED, Net::OpenTimeout => e
     logger.error("WebHook Error => #{e}")
     [false, e.to_s]
@@ -73,4 +47,15 @@ class WebHook < ActiveRecord::Base
   def async_execute(data, hook_name)
     Sidekiq::Client.enqueue(ProjectWebHookWorker, id, data, hook_name)
   end
+
+  private
+
+  def build_headers(hook_name)
+    headers = {
+      'Content-Type' => 'application/json',
+      'X-Gitlab-Event' => hook_name.singularize.titleize
+    }
+    headers['X-Gitlab-Token'] = token if token.present?
+    headers
+  end
 end
diff --git a/app/models/identity.rb b/app/models/identity.rb
index e1915b079d4..3bacc450e6e 100644
--- a/app/models/identity.rb
+++ b/app/models/identity.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: identities
-#
-#  id         :integer          not null, primary key
-#  extern_uid :string(255)
-#  provider   :string(255)
-#  user_id    :integer
-#  created_at :datetime
-#  updated_at :datetime
-#
-
 class Identity < ActiveRecord::Base
   include Sortable
   include CaseSensitivity
diff --git a/app/models/issue.rb b/app/models/issue.rb
index ea1bfb776ee..2d4a9b9f19a 100644
--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: issues
-#
-#  id            :integer          not null, primary key
-#  title         :string(255)
-#  assignee_id   :integer
-#  author_id     :integer
-#  project_id    :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  position      :integer          default(0)
-#  branch_name   :string(255)
-#  description   :text
-#  milestone_id  :integer
-#  state         :string(255)
-#  iid           :integer
-#  updated_by_id :integer
-#  moved_to_id   :integer
-#
-
 require 'carrierwave/orm/activerecord'
 
 class Issue < ActiveRecord::Base
diff --git a/app/models/key.rb b/app/models/key.rb
index 0282ad18139..d52afda67d1 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: keys
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  key         :text
-#  title       :string(255)
-#  type        :string(255)
-#  fingerprint :string(255)
-#  public      :boolean          default(FALSE), not null
-#
-
 require 'digest/md5'
 
 class Key < ActiveRecord::Base
diff --git a/app/models/label.rb b/app/models/label.rb
index 60bdce32952..e5ad11983be 100644
--- a/app/models/label.rb
+++ b/app/models/label.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: labels
-#
-#  id           :integer          not null, primary key
-#  title        :string(255)
-#  color        :string(255)
-#  project_id   :integer
-#  created_at   :datetime
-#  updated_at   :datetime
-#  template     :boolean          default(FALSE)
-#  description  :string(255)
-#
-
 class Label < ActiveRecord::Base
   include Referable
   include Subscribable
@@ -117,6 +103,10 @@ class Label < ActiveRecord::Base
     LabelsHelper::text_color_for_bg(self.color)
   end
 
+  def title=(value)
+    write_attribute(:title, Sanitize.clean(value.to_s)) if value.present?
+  end
+
   private
 
   def label_format_reference(format = :id)
diff --git a/app/models/label_link.rb b/app/models/label_link.rb
index b94c9c777af..47bd6eaf35f 100644
--- a/app/models/label_link.rb
+++ b/app/models/label_link.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: label_links
-#
-#  id          :integer          not null, primary key
-#  label_id    :integer
-#  target_id   :integer
-#  target_type :string(255)
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 class LabelLink < ActiveRecord::Base
   belongs_to :target, polymorphic: true
   belongs_to :label
diff --git a/app/models/legacy_diff_note.rb b/app/models/legacy_diff_note.rb
new file mode 100644
index 00000000000..bbefc911b29
--- /dev/null
+++ b/app/models/legacy_diff_note.rb
@@ -0,0 +1,157 @@
+class LegacyDiffNote < Note
+  serialize :st_diff
+
+  validates :line_code, presence: true, line_code: true
+
+  before_create :set_diff
+
+  class << self
+    def build_discussion_id(noteable_type, noteable_id, line_code, active = true)
+      [super(noteable_type, noteable_id), line_code, active].join("-")
+    end
+  end
+
+  def diff_note?
+    true
+  end
+
+  def legacy_diff_note?
+    true
+  end
+
+  def discussion_id
+    @discussion_id ||= self.class.build_discussion_id(noteable_type, noteable_id || commit_id, line_code, active?)
+  end
+
+  def diff_file_hash
+    line_code.split('_')[0] if line_code
+  end
+
+  def diff_old_line
+    line_code.split('_')[1].to_i if line_code
+  end
+
+  def diff_new_line
+    line_code.split('_')[2].to_i if line_code
+  end
+
+  def diff
+    @diff ||= Gitlab::Git::Diff.new(st_diff) if st_diff.respond_to?(:map)
+  end
+
+  def diff_file_path
+    diff.new_path.presence || diff.old_path
+  end
+
+  def diff_lines
+    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.each_line)
+  end
+
+  def diff_line
+    @diff_line ||= diff_lines.find { |line| generate_line_code(line) == self.line_code }
+  end
+
+  def diff_line_text
+    diff_line.try(:text)
+  end
+
+  def diff_line_type
+    diff_line.try(:type)
+  end
+
+  def highlighted_diff_lines
+    Gitlab::Diff::Highlight.new(diff_lines).highlight
+  end
+
+  def truncated_diff_lines
+    max_number_of_lines = 16
+    prev_match_line = nil
+    prev_lines = []
+
+    highlighted_diff_lines.each do |line|
+      if line.type == "match"
+        prev_lines.clear
+        prev_match_line = line
+      else
+        prev_lines << line
+
+        break if generate_line_code(line) == self.line_code
+
+        prev_lines.shift if prev_lines.length >= max_number_of_lines
+      end
+    end
+
+    prev_lines
+  end
+
+  # Check if this note is part of an "active" discussion
+  #
+  # This will always return true for anything except MergeRequest noteables,
+  # which have special logic.
+  #
+  # If the note's current diff cannot be matched in the MergeRequest's current
+  # diff, it's considered inactive.
+  def active?
+    return @active if defined?(@active)
+    return true if for_commit?
+    return true unless self.diff
+    return false unless noteable
+
+    noteable_diff = find_noteable_diff
+
+    if noteable_diff
+      parsed_lines = Gitlab::Diff::Parser.new.parse(noteable_diff.diff.each_line)
+
+      @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line_text }
+    else
+      @active = false
+    end
+
+    @active
+  end
+
+  private
+
+  def find_diff
+    return nil unless noteable
+    return @diff if defined?(@diff)
+
+    @diff = noteable.diffs(Commit.max_diff_options).find do |d|
+      d.new_path && Digest::SHA1.hexdigest(d.new_path) == diff_file_hash
+    end
+  end
+
+  def set_diff
+    # First lets find notes with same diff
+    # before iterating over all mr diffs
+    diff = diff_for_line_code unless for_merge_request?
+    diff ||= find_diff
+
+    self.st_diff = diff.to_hash if diff
+  end
+
+  def diff_for_line_code
+    attributes = {
+      noteable_type: noteable_type,
+      line_code: line_code
+    }
+
+    if for_commit?
+      attributes[:commit_id] = commit_id
+    else
+      attributes[:noteable_id] = noteable_id
+    end
+
+    self.class.where(attributes).last.try(:diff)
+  end
+
+  def generate_line_code(line)
+    Gitlab::Diff::LineCode.generate(diff_file_path, line.new_pos, line.old_pos)
+  end
+
+  # Find the diff on noteable that matches our own
+  def find_noteable_diff
+    diffs = noteable.diffs(Commit.max_diff_options)
+    diffs.find { |d| d.new_path == self.diff.new_path }
+  end
+end
diff --git a/app/models/lfs_object.rb b/app/models/lfs_object.rb
index 86b1b7e2f99..18657c3e1c8 100644
--- a/app/models/lfs_object.rb
+++ b/app/models/lfs_object.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: lfs_objects
-#
-#  id         :integer          not null, primary key
-#  oid        :string(255)      not null
-#  size       :integer          not null
-#  created_at :datetime
-#  updated_at :datetime
-#  file       :string(255)
-#
-
 class LfsObject < ActiveRecord::Base
   has_many :lfs_objects_projects, dependent: :destroy
   has_many :projects, through: :lfs_objects_projects
diff --git a/app/models/lfs_objects_project.rb b/app/models/lfs_objects_project.rb
index 890736bfc80..0fd5f089db9 100644
--- a/app/models/lfs_objects_project.rb
+++ b/app/models/lfs_objects_project.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: lfs_objects_projects
-#
-#  id            :integer          not null, primary key
-#  lfs_object_id :integer          not null
-#  project_id    :integer          not null
-#  created_at    :datetime
-#  updated_at    :datetime
-#
-
 class LfsObjectsProject < ActiveRecord::Base
   belongs_to :project
   belongs_to :lfs_object
diff --git a/app/models/member.rb b/app/models/member.rb
index 60efafef211..d3060f07fc0 100644
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -1,22 +1,3 @@
-# == Schema Information
-#
-# Table name: members
-#
-#  id                 :integer          not null, primary key
-#  access_level       :integer          not null
-#  source_id          :integer          not null
-#  source_type        :string(255)      not null
-#  user_id            :integer
-#  notification_level :integer          not null
-#  type               :string(255)
-#  created_at         :datetime
-#  updated_at         :datetime
-#  created_by_id      :integer
-#  invite_email       :string(255)
-#  invite_token       :string(255)
-#  invite_accepted_at :datetime
-#
-
 class Member < ActiveRecord::Base
   include Sortable
   include Gitlab::Access
diff --git a/app/models/members/group_member.rb b/app/models/members/group_member.rb
index 9fb474a1a93..f63a0debf1a 100644
--- a/app/models/members/group_member.rb
+++ b/app/models/members/group_member.rb
@@ -1,22 +1,3 @@
-# == Schema Information
-#
-# Table name: members
-#
-#  id                 :integer          not null, primary key
-#  access_level       :integer          not null
-#  source_id          :integer          not null
-#  source_type        :string(255)      not null
-#  user_id            :integer
-#  notification_level :integer          not null
-#  type               :string(255)
-#  created_at         :datetime
-#  updated_at         :datetime
-#  created_by_id      :integer
-#  invite_email       :string(255)
-#  invite_token       :string(255)
-#  invite_accepted_at :datetime
-#
-
 class GroupMember < Member
   SOURCE_TYPE = 'Namespace'
 
diff --git a/app/models/members/project_member.rb b/app/models/members/project_member.rb
index 07ddb02ae9d..8dae3bb2ef2 100644
--- a/app/models/members/project_member.rb
+++ b/app/models/members/project_member.rb
@@ -1,22 +1,3 @@
-# == Schema Information
-#
-# Table name: members
-#
-#  id                 :integer          not null, primary key
-#  access_level       :integer          not null
-#  source_id          :integer          not null
-#  source_type        :string(255)      not null
-#  user_id            :integer
-#  notification_level :integer          not null
-#  type               :string(255)
-#  created_at         :datetime
-#  updated_at         :datetime
-#  created_by_id      :integer
-#  invite_email       :string(255)
-#  invite_token       :string(255)
-#  invite_accepted_at :datetime
-#
-
 class ProjectMember < Member
   SOURCE_TYPE = 'Project'
 
diff --git a/app/models/merge_request.rb b/app/models/merge_request.rb
index d00919c3b0c..45ddcf6812a 100644
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@@ -1,32 +1,3 @@
-# == Schema Information
-#
-# Table name: merge_requests
-#
-#  id                        :integer          not null, primary key
-#  target_branch             :string(255)      not null
-#  source_branch             :string(255)      not null
-#  source_project_id         :integer          not null
-#  author_id                 :integer
-#  assignee_id               :integer
-#  title                     :string(255)
-#  created_at                :datetime
-#  updated_at                :datetime
-#  milestone_id              :integer
-#  state                     :string(255)
-#  merge_status              :string(255)
-#  target_project_id         :integer          not null
-#  iid                       :integer
-#  description               :text
-#  position                  :integer          default(0)
-#  locked_at                 :datetime
-#  updated_by_id             :integer
-#  merge_error               :string(255)
-#  merge_params              :text
-#  merge_when_build_succeeds :boolean          default(FALSE), not null
-#  merge_user_id             :integer
-#  merge_commit_sha          :string
-#
-
 class MergeRequest < ActiveRecord::Base
   include InternalId
   include Issuable
@@ -55,6 +26,10 @@ class MergeRequest < ActiveRecord::Base
   # when creating new merge request
   attr_accessor :can_be_created, :compare_commits, :compare
 
+  # Temporary fields to store target_sha, and base_sha to
+  # compare when importing pull requests from GitHub
+  attr_accessor :base_target_sha, :head_source_sha
+
   state_machine :state, initial: :opened do
     event :close do
       transition [:reopened, :opened] => :closed
@@ -519,10 +494,14 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def target_sha
-    @target_sha ||= target_project.repository.commit(target_branch).try(:sha)
+    return @base_target_sha if defined?(@base_target_sha)
+
+    target_project.repository.commit(target_branch).try(:sha)
   end
 
   def source_sha
+    return @head_source_sha if defined?(@head_source_sha)
+
     last_commit.try(:sha) || source_tip.try(:sha)
   end
 
@@ -543,7 +522,7 @@ class MergeRequest < ActiveRecord::Base
   end
 
   def ref_is_fetched?
-    File.exists?(File.join(project.repository.path_to_repo, ref_path))
+    File.exist?(File.join(project.repository.path_to_repo, ref_path))
   end
 
   def ensure_ref_fetched
diff --git a/app/models/merge_request_diff.rb b/app/models/merge_request_diff.rb
index 0580cafdd1b..6ad8fc3f034 100644
--- a/app/models/merge_request_diff.rb
+++ b/app/models/merge_request_diff.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: merge_request_diffs
-#
-#  id               :integer          not null, primary key
-#  state            :string(255)
-#  st_commits       :text
-#  st_diffs         :text
-#  merge_request_id :integer          not null
-#  created_at       :datetime
-#  updated_at       :datetime
-#
-
 class MergeRequestDiff < ActiveRecord::Base
   include Sortable
 
@@ -19,7 +6,7 @@ class MergeRequestDiff < ActiveRecord::Base
 
   belongs_to :merge_request
 
-  delegate :target_branch, :source_branch, to: :merge_request, prefix: nil
+  delegate :head_source_sha, :target_branch, :source_branch, to: :merge_request, prefix: nil
 
   state_machine :state, initial: :empty do
     state :collected
@@ -51,8 +38,8 @@ class MergeRequestDiff < ActiveRecord::Base
       @diffs_no_whitespace ||= begin
         compare = Gitlab::Git::Compare.new(
           self.repository.raw_repository,
-          self.target_branch,
-          self.source_sha,
+          self.base,
+          self.head,
         )
         compare.diffs(options)
       end
@@ -157,7 +144,7 @@ class MergeRequestDiff < ActiveRecord::Base
 
     self.st_diffs = new_diffs
 
-    self.base_commit_sha = self.repository.merge_base(self.source_sha, self.target_branch)
+    self.base_commit_sha = self.repository.merge_base(self.head, self.base)
 
     self.save
   end
@@ -173,10 +160,24 @@ class MergeRequestDiff < ActiveRecord::Base
   end
 
   def source_sha
+    return head_source_sha if head_source_sha.present?
+
     source_commit = merge_request.source_project.commit(source_branch)
     source_commit.try(:sha)
   end
 
+  def target_sha
+    merge_request.target_sha
+  end
+
+  def base
+    self.target_sha || self.target_branch
+  end
+
+  def head
+    self.source_sha
+  end
+
   def compare
     @compare ||=
       begin
@@ -185,8 +186,8 @@ class MergeRequestDiff < ActiveRecord::Base
 
         Gitlab::Git::Compare.new(
           self.repository.raw_repository,
-          self.target_branch,
-          self.source_sha
+          self.base,
+          self.head
         )
       end
   end
diff --git a/app/models/milestone.rb b/app/models/milestone.rb
index 92c07fd20da..31a54f44453 100644
--- a/app/models/milestone.rb
+++ b/app/models/milestone.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: milestones
-#
-#  id          :integer          not null, primary key
-#  title       :string(255)      not null
-#  project_id  :integer          not null
-#  description :text
-#  due_date    :date
-#  created_at  :datetime
-#  updated_at  :datetime
-#  state       :string(255)
-#  iid         :integer
-#
-
 class Milestone < ActiveRecord::Base
   # Represents a "No Milestone" state used for filtering Issues and Merge
   # Requests that have no milestone assigned.
@@ -101,8 +86,18 @@ class Milestone < ActiveRecord::Base
     @link_reference_pattern ||= super("milestones", /(?<milestone>\d+)/)
   end
 
-  def self.upcoming
-    self.where('due_date > ?', Time.now).reorder(due_date: :asc).first
+  def self.upcoming_ids_by_projects(projects)
+    rel = unscoped.of_projects(projects).active.where('due_date > ?', Time.now)
+
+    if Gitlab::Database.postgresql?
+      rel.order(:project_id, :due_date).select('DISTINCT ON (project_id) id')
+    else
+      rel.
+        group(:project_id).
+        having('due_date = MIN(due_date)').
+        pluck(:id, :project_id, :due_date).
+        map(&:first)
+    end
   end
 
   ##
@@ -161,6 +156,10 @@ class Milestone < ActiveRecord::Base
     nil
   end
 
+  def title=(value)
+    write_attribute(:title, Sanitize.clean(value.to_s)) if value.present?
+  end
+
   # Sorts the issues for the given IDs.
   #
   # This method runs a single SQL query using a CASE statement to update the
diff --git a/app/models/namespace.rb b/app/models/namespace.rb
index 55842df1e2d..da19462f265 100644
--- a/app/models/namespace.rb
+++ b/app/models/namespace.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: namespaces
-#
-#  id          :integer          not null, primary key
-#  name        :string(255)      not null
-#  path        :string(255)      not null
-#  owner_id    :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  type        :string(255)
-#  description :string(255)      default(""), not null
-#  avatar      :string(255)
-#
-
 class Namespace < ActiveRecord::Base
   include Sortable
   include Gitlab::ShellAdapter
@@ -125,6 +110,10 @@ class Namespace < ActiveRecord::Base
     # Ensure old directory exists before moving it
     gitlab_shell.add_namespace(path_was)
 
+    if any_project_has_container_registry_tags?
+      raise Exception.new('Namespace cannot be moved, because at least one project has tags in container registry')
+    end
+
     if gitlab_shell.mv_namespace(path_was, path)
       Gitlab::UploadsTransfer.new.rename_namespace(path_was, path)
 
@@ -146,6 +135,10 @@ class Namespace < ActiveRecord::Base
     end
   end
 
+  def any_project_has_container_registry_tags?
+    projects.any?(&:has_container_registry_tags?)
+  end
+
   def send_update_instructions
     projects.each do |project|
       project.send_move_instructions("#{path_was}/#{project.path}")
diff --git a/app/models/note.rb b/app/models/note.rb
index 71b4293d57a..55b98557244 100644
--- a/app/models/note.rb
+++ b/app/models/note.rb
@@ -1,27 +1,5 @@
-# == Schema Information
-#
-# Table name: notes
-#
-#  id            :integer          not null, primary key
-#  note          :text
-#  noteable_type :string(255)
-#  author_id     :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  project_id    :integer
-#  attachment    :string(255)
-#  line_code     :string(255)
-#  commit_id     :string(255)
-#  noteable_id   :integer
-#  system        :boolean          default(FALSE), not null
-#  st_diff       :text
-#  updated_by_id :integer
-#  is_award      :boolean          default(FALSE), not null
-#
-
-require 'carrierwave/orm/activerecord'
-
 class Note < ActiveRecord::Base
+  extend ActiveModel::Naming
   include Gitlab::CurrentSettings
   include Participable
   include Mentionable
@@ -41,14 +19,13 @@ class Note < ActiveRecord::Base
   delegate :gfm_reference, :local_reference, to: :noteable
   delegate :name, to: :project, prefix: true
   delegate :name, :email, to: :author, prefix: true
+  delegate :title, to: :noteable, allow_nil: true
 
   before_validation :set_award!
-  before_validation :clear_blank_line_code!
 
   validates :note, :project, presence: true
   validates :note, uniqueness: { scope: [:author, :noteable_type, :noteable_id] }, if: ->(n) { n.is_award }
   validates :note, inclusion: { in: Emoji.emojis_names }, if: ->(n) { n.is_award }
-  validates :line_code, line_code: true, allow_blank: true
   # Attachments are deprecated and are handled by Markdown uploader
   validates :attachment, file_size: { maximum: :max_attachment_size }
 
@@ -62,8 +39,6 @@ class Note < ActiveRecord::Base
   scope :awards, ->{ where(is_award: true) }
   scope :nonawards, ->{ where(is_award: false) }
   scope :for_commit_id, ->(commit_id) { where(noteable_type: "Commit", commit_id: commit_id) }
-  scope :inline, ->{ where("line_code IS NOT NULL") }
-  scope :not_inline, ->{ where(line_code: nil) }
   scope :system, ->{ where(system: true) }
   scope :user, ->{ where(system: false) }
   scope :common, ->{ where(noteable_type: ["", nil]) }
@@ -71,38 +46,31 @@ class Note < ActiveRecord::Base
   scope :inc_author_project, ->{ includes(:project, :author) }
   scope :inc_author, ->{ includes(:author) }
 
+  scope :legacy_diff_notes, ->{ where(type: 'LegacyDiffNote') }
+  scope :non_diff_notes, ->{ where(type: ['Note', nil]) }
+
   scope :with_associations, -> do
     includes(:author, :noteable, :updated_by,
              project: [:project_members, { group: [:group_members] }])
   end
 
-  serialize :st_diff
-  before_create :set_diff, if: ->(n) { n.line_code.present? }
+  before_validation :clear_blank_line_code!
 
   class << self
-    def discussions_from_notes(notes)
-      discussion_ids = []
-      discussions = []
-
-      notes.each do |note|
-        next if discussion_ids.include?(note.discussion_id)
-
-        # don't group notes for the main target
-        if !note.for_diff_line? && note.for_merge_request?
-          discussions << [note]
-        else
-          discussions << notes.select do |other_note|
-            note.discussion_id == other_note.discussion_id
-          end
-          discussion_ids << note.discussion_id
-        end
-      end
-
-      discussions
+    def model_name
+      ActiveModel::Name.new(self, nil, 'note')
     end
 
-    def build_discussion_id(type, id, line_code)
-      [:discussion, type.try(:underscore), id, line_code].join("-").to_sym
+    def build_discussion_id(noteable_type, noteable_id)
+      [:discussion, noteable_type.try(:underscore), noteable_id].join("-")
+    end
+
+    def discussions
+      all.group_by(&:discussion_id).values
+    end
+
+    def grouped_diff_notes
+      legacy_diff_notes.select(&:active?).sort_by(&:created_at).group_by(&:line_code)
     end
 
     # Searches for notes matching the given query.
@@ -137,167 +105,39 @@ class Note < ActiveRecord::Base
     system && SystemNoteService.cross_reference?(note)
   end
 
-  def max_attachment_size
-    current_application_settings.max_attachment_size.megabytes.to_i
+  def diff_note?
+    false
   end
 
-  def find_diff
-    return nil unless noteable
-    return @diff if defined?(@diff)
+  def legacy_diff_note?
+    false
+  end
 
-    # Don't use ||= because nil is a valid value for @diff
-    @diff = noteable.diffs(Commit.max_diff_options).find do |d|
-      Digest::SHA1.hexdigest(d.new_path) == diff_file_index if d.new_path
-    end
+  def active?
+    true
+  end
+
+  def discussion_id
+    @discussion_id ||=
+      if for_merge_request?
+        [:discussion, :note, id].join("-")
+      else
+        self.class.build_discussion_id(noteable_type, noteable_id || commit_id)
+      end
+  end
+
+  def max_attachment_size
+    current_application_settings.max_attachment_size.megabytes.to_i
   end
 
   def hook_attrs
     attributes
   end
 
-  def set_diff
-    # First lets find notes with same diff
-    # before iterating over all mr diffs
-    diff = diff_for_line_code unless for_merge_request?
-    diff ||= find_diff
-
-    self.st_diff = diff.to_hash if diff
-  end
-
-  def diff
-    @diff ||= Gitlab::Git::Diff.new(st_diff) if st_diff.respond_to?(:map)
-  end
-
-  def diff_for_line_code
-    Note.where(noteable_id: noteable_id, noteable_type: noteable_type, line_code: line_code).last.try(:diff)
-  end
-
-  # Check if this note is part of an "active" discussion
-  #
-  # This will always return true for anything except MergeRequest noteables,
-  # which have special logic.
-  #
-  # If the note's current diff cannot be matched in the MergeRequest's current
-  # diff, it's considered inactive.
-  def active?
-    return true unless self.diff
-    return false unless noteable
-    return @active if defined?(@active)
-
-    noteable_diff = find_noteable_diff
-
-    if noteable_diff
-      parsed_lines = Gitlab::Diff::Parser.new.parse(noteable_diff.diff.each_line)
-
-      @active = parsed_lines.any? { |line_obj| line_obj.text == diff_line }
-    else
-      @active = false
-    end
-
-    @active
-  end
-
-  def diff_file_index
-    line_code.split('_')[0] if line_code
-  end
-
-  def diff_file_name
-    diff.new_path if diff
-  end
-
-  def file_path
-    if diff.new_path.present?
-      diff.new_path
-    elsif diff.old_path.present?
-      diff.old_path
-    end
-  end
-
-  def diff_old_line
-    line_code.split('_')[1].to_i if line_code
-  end
-
-  def diff_new_line
-    line_code.split('_')[2].to_i if line_code
-  end
-
-  def generate_line_code(line)
-    Gitlab::Diff::LineCode.generate(file_path, line.new_pos, line.old_pos)
-  end
-
-  def diff_line
-    return @diff_line if @diff_line
-
-    if diff
-      diff_lines.each do |line|
-        if generate_line_code(line) == self.line_code
-          @diff_line = line.text
-        end
-      end
-    end
-
-    @diff_line
-  end
-
-  def diff_line_type
-    return @diff_line_type if @diff_line_type
-
-    if diff
-      diff_lines.each do |line|
-        if generate_line_code(line) == self.line_code
-          @diff_line_type = line.type
-        end
-      end
-    end
-
-    @diff_line_type
-  end
-
-  def truncated_diff_lines
-    max_number_of_lines = 16
-    prev_match_line = nil
-    prev_lines = []
-
-    highlighted_diff_lines.each do |line|
-      if line.type == "match"
-        prev_lines.clear
-        prev_match_line = line
-      else
-        prev_lines << line
-
-        break if generate_line_code(line) == self.line_code
-
-        prev_lines.shift if prev_lines.length >= max_number_of_lines
-      end
-    end
-
-    prev_lines
-  end
-
-  def diff_lines
-    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.each_line)
-  end
-
-  def highlighted_diff_lines
-    Gitlab::Diff::Highlight.new(diff_lines).highlight
-  end
-
-  def discussion_id
-    @discussion_id ||= Note.build_discussion_id(noteable_type, noteable_id || commit_id, line_code)
-  end
-
   def for_commit?
     noteable_type == "Commit"
   end
 
-  def for_commit_diff_line?
-    for_commit? && for_diff_line?
-  end
-
-  def for_diff_line?
-    line_code.present?
-  end
-
   def for_issue?
     noteable_type == "Issue"
   end
@@ -306,10 +146,6 @@ class Note < ActiveRecord::Base
     noteable_type == "MergeRequest"
   end
 
-  def for_merge_request_diff_line?
-    for_merge_request? && for_diff_line?
-  end
-
   def for_snippet?
     noteable_type == "Snippet"
   end
@@ -382,14 +218,8 @@ class Note < ActiveRecord::Base
     self.line_code = nil if self.line_code.blank?
   end
 
-  # Find the diff on noteable that matches our own
-  def find_noteable_diff
-    diffs = noteable.diffs(Commit.max_diff_options)
-    diffs.find { |d| d.new_path == self.diff.new_path }
-  end
-
   def awards_supported?
-    (for_issue? || for_merge_request?) && !for_diff_line?
+    (for_issue? || for_merge_request?) && !diff_note?
   end
 
   def contains_emoji_only?
diff --git a/app/models/oauth_access_token.rb b/app/models/oauth_access_token.rb
index c78c7f4aa0e..116fb71ac08 100644
--- a/app/models/oauth_access_token.rb
+++ b/app/models/oauth_access_token.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: oauth_access_tokens
-#
-#  id                :integer          not null, primary key
-#  resource_owner_id :integer
-#  application_id    :integer
-#  token             :string           not null
-#  refresh_token     :string
-#  expires_in        :integer
-#  revoked_at        :datetime
-#  created_at        :datetime         not null
-#  scopes            :string
-#
-
 class OauthAccessToken < ActiveRecord::Base
   belongs_to :resource_owner, class_name: 'User'
   belongs_to :application, class_name: 'Doorkeeper::Application'
diff --git a/app/models/personal_snippet.rb b/app/models/personal_snippet.rb
index 452f3913eef..82c1c4de3a0 100644
--- a/app/models/personal_snippet.rb
+++ b/app/models/personal_snippet.rb
@@ -1,18 +1,2 @@
-# == Schema Information
-#
-# Table name: snippets
-#
-#  id               :integer          not null, primary key
-#  title            :string(255)
-#  content          :text
-#  author_id        :integer          not null
-#  project_id       :integer
-#  created_at       :datetime
-#  updated_at       :datetime
-#  file_name        :string(255)
-#  type             :string(255)
-#  visibility_level :integer          default(0), not null
-#
-
 class PersonalSnippet < Snippet
 end
diff --git a/app/models/project.rb b/app/models/project.rb
index 7aa21b19e67..9a34198e098 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -1,44 +1,3 @@
-# == Schema Information
-#
-# Table name: projects
-#
-#  id                     :integer          not null, primary key
-#  name                   :string(255)
-#  path                   :string(255)
-#  description            :text
-#  created_at             :datetime
-#  updated_at             :datetime
-#  creator_id             :integer
-#  issues_enabled         :boolean          default(TRUE), not null
-#  wall_enabled           :boolean          default(TRUE), not null
-#  merge_requests_enabled :boolean          default(TRUE), not null
-#  wiki_enabled           :boolean          default(TRUE), not null
-#  namespace_id           :integer
-#  issues_tracker         :string(255)      default("gitlab"), not null
-#  issues_tracker_id      :string(255)
-#  snippets_enabled       :boolean          default(TRUE), not null
-#  last_activity_at       :datetime
-#  import_url             :string(255)
-#  visibility_level       :integer          default(0), not null
-#  archived               :boolean          default(FALSE), not null
-#  avatar                 :string(255)
-#  import_status          :string(255)
-#  repository_size        :float            default(0.0)
-#  star_count             :integer          default(0), not null
-#  import_type            :string(255)
-#  import_source          :string(255)
-#  commit_count           :integer          default(0)
-#  import_error           :text
-#  ci_id                  :integer
-#  builds_enabled         :boolean          default(TRUE), not null
-#  shared_runners_enabled :boolean          default(TRUE), not null
-#  runners_token          :string
-#  build_coverage_regex   :string
-#  build_allow_git_fetch  :boolean          default(TRUE), not null
-#  build_timeout          :integer          default(3600), not null
-#  pending_delete         :boolean
-#
-
 require 'carrierwave/orm/activerecord'
 
 class Project < ActiveRecord::Base
@@ -62,8 +21,8 @@ class Project < ActiveRecord::Base
   default_value_for :merge_requests_enabled, gitlab_config_features.merge_requests
   default_value_for :builds_enabled, gitlab_config_features.builds
   default_value_for :wiki_enabled, gitlab_config_features.wiki
-  default_value_for :wall_enabled, false
   default_value_for :snippets_enabled, gitlab_config_features.snippets
+  default_value_for :container_registry_enabled, gitlab_config_features.container_registry
   default_value_for(:shared_runners_enabled) { current_application_settings.shared_runners_enabled }
 
   # set last_activity_at to the same as created_at
@@ -91,6 +50,8 @@ class Project < ActiveRecord::Base
   attr_accessor :new_default_branch
   attr_accessor :old_path_with_namespace
 
+  alias_attribute :title, :name
+
   # Relations
   belongs_to :creator, foreign_key: 'creator_id', class_name: 'User'
   belongs_to :group, -> { where(type: Group) }, foreign_key: 'namespace_id'
@@ -210,17 +171,17 @@ class Project < ActiveRecord::Base
 
   scope :sorted_by_activity, -> { reorder(last_activity_at: :desc) }
   scope :sorted_by_stars, -> { reorder('projects.star_count DESC') }
-  scope :sorted_by_names, -> { joins(:namespace).reorder('namespaces.name ASC, projects.name ASC') }
 
-  scope :without_user, ->(user)  { where('projects.id NOT IN (:ids)', ids: user.authorized_projects.map(&:id) ) }
-  scope :without_team, ->(team) { team.projects.present? ? where('projects.id NOT IN (:ids)', ids: team.projects.map(&:id)) : scoped  }
-  scope :not_in_group, ->(group) { where('projects.id NOT IN (:ids)', ids: group.project_ids ) }
   scope :in_namespace, ->(namespace_ids) { where(namespace_id: namespace_ids) }
-  scope :in_group_namespace, -> { joins(:group) }
   scope :personal, ->(user) { where(namespace_id: user.namespace_id) }
   scope :joined, ->(user) { where('namespace_id != ?', user.namespace_id) }
+  scope :visible_to_user, ->(user) { where(id: user.authorized_projects.select(:id).reorder(nil)) }
   scope :non_archived, -> { where(archived: false) }
   scope :for_milestones, ->(ids) { joins(:milestones).where('milestones.id' => ids).distinct }
+  scope :with_push, -> { joins(:events).where('events.action = ?', Event::PUSHED) }
+
+  scope :active, -> { joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC') }
+  scope :abandoned, -> { where('projects.last_activity_at < ?', 6.months.ago) }
 
   state_machine :import_status, initial: :none do
     event :import_start do
@@ -243,23 +204,10 @@ class Project < ActiveRecord::Base
     state :finished
     state :failed
 
-    after_transition any => :started, do: :schedule_add_import_job
     after_transition any => :finished, do: :clear_import_data
   end
 
   class << self
-    def abandoned
-      where('projects.last_activity_at < ?', 6.months.ago)
-    end
-
-    def with_push
-      joins(:events).where('events.action = ?', Event::PUSHED)
-    end
-
-    def active
-      joins(:issues, :notes, :merge_requests).order('issues.created_at, notes.created_at, merge_requests.created_at DESC')
-    end
-
     # Searches for a list of projects based on the query given in `query`.
     #
     # On PostgreSQL this method uses "ILIKE" to perform a case-insensitive
@@ -321,10 +269,6 @@ class Project < ActiveRecord::Base
         projects.iwhere('projects.path' => project_path).take
     end
 
-    def find_by_ci_id(id)
-      find_by(ci_id: id.to_i)
-    end
-
     def visibility_levels
       Gitlab::VisibilityLevel.options
     end
@@ -355,10 +299,6 @@ class Project < ActiveRecord::Base
 
       joins(join_body).reorder('join_note_counts.amount DESC')
     end
-
-    def visible_to_user(user)
-      where(id: user.authorized_projects.select(:id).reorder(nil))
-    end
   end
 
   def team
@@ -369,6 +309,30 @@ class Project < ActiveRecord::Base
     @repository ||= Repository.new(path_with_namespace, self)
   end
 
+  def container_registry_repository
+    return unless Gitlab.config.registry.enabled
+
+    @container_registry_repository ||= begin
+      token = Auth::ContainerRegistryAuthenticationService.full_access_token(path_with_namespace)
+      url = Gitlab.config.registry.api_url
+      host_port = Gitlab.config.registry.host_port
+      registry = ContainerRegistry::Registry.new(url, token: token, path: host_port)
+      registry.repository(path_with_namespace)
+    end
+  end
+
+  def container_registry_repository_url
+    if Gitlab.config.registry.enabled
+      "#{Gitlab.config.registry.host_port}/#{path_with_namespace}"
+    end
+  end
+
+  def has_container_registry_tags?
+    return unless container_registry_repository
+
+    container_registry_repository.tags.any?
+  end
+
   def commit(id = 'HEAD')
     repository.commit(id)
   end
@@ -382,10 +346,6 @@ class Project < ActiveRecord::Base
     id && persisted?
   end
 
-  def schedule_add_import_job
-    run_after_commit(:add_import_job)
-  end
-
   def add_import_job
     if forked?
       job_id = RepositoryForkWorker.perform_async(self.id, forked_from_project.path_with_namespace, self.namespace.path)
@@ -409,14 +369,14 @@ class Project < ActiveRecord::Base
   end
 
   def import_url=(value)
-    import_url = Gitlab::ImportUrl.new(value)
+    import_url = Gitlab::UrlSanitizer.new(value)
     create_or_update_import_data(credentials: import_url.credentials)
     super(import_url.sanitized_url)
   end
 
   def import_url
     if import_data && super
-      import_url = Gitlab::ImportUrl.new(super, credentials: import_data.credentials)
+      import_url = Gitlab::UrlSanitizer.new(super, credentials: import_data.credentials)
       import_url.full_url
     else
       super
@@ -735,19 +695,17 @@ class Project < ActiveRecord::Base
   end
 
   def open_branches
-    all_branches = repository.branches
+    # We're using a Set here as checking values in a large Set is faster than
+    # checking values in a large Array.
+    protected_set = Set.new(protected_branch_names)
 
-    if protected_branches.present?
-      all_branches.reject! do |branch|
-        protected_branches_names.include?(branch.name)
-      end
+    repository.branches.reject do |branch|
+      protected_set.include?(branch.name)
     end
-
-    all_branches
   end
 
-  def protected_branches_names
-    @protected_branches_names ||= protected_branches.map(&:name)
+  def protected_branch_names
+    @protected_branch_names ||= protected_branches.pluck(:name)
   end
 
   def root_ref?(branch)
@@ -764,7 +722,7 @@ class Project < ActiveRecord::Base
 
   # Check if current branch name is marked as protected in the system
   def protected_branch?(branch_name)
-    protected_branches_names.include?(branch_name)
+    protected_branch_names.include?(branch_name)
   end
 
   def developers_can_push_to_protected_branch?(branch_name)
@@ -786,6 +744,11 @@ class Project < ActiveRecord::Base
 
     expire_caches_before_rename(old_path_with_namespace)
 
+    if has_container_registry_tags?
+      # we currently doesn't support renaming repository if it contains tags in container registry
+      raise Exception.new('Project cannot be renamed, because tags are present in its container registry')
+    end
+
     if gitlab_shell.mv_repository(old_path_with_namespace, new_path_with_namespace)
       # If repository moved successfully we need to send update instructions to users.
       # However we cannot allow rollback since we moved repository
@@ -820,13 +783,11 @@ class Project < ActiveRecord::Base
     wiki = Repository.new("#{old_path}.wiki", self)
 
     if repo.exists?
-      repo.expire_cache
-      repo.expire_emptiness_caches
+      repo.before_delete
     end
 
     if wiki.exists?
-      wiki.expire_cache
-      wiki.expire_emptiness_caches
+      wiki.before_delete
     end
   end
 
@@ -903,6 +864,7 @@ class Project < ActiveRecord::Base
     repository.rugged.references.create('HEAD',
                                         "refs/heads/#{branch}",
                                         force: true)
+    repository.copy_gitattributes(branch)
     reload_default_branch
   end
 
@@ -1037,4 +999,11 @@ class Project < ActiveRecord::Base
   def wiki
     @wiki ||= ProjectWiki.new(self, self.owner)
   end
+
+  def schedule_delete!(user_id, params)
+    # Queue this task for after the commit, so once we mark pending_delete it will run
+    run_after_commit { ProjectDestroyWorker.perform_async(id, user_id, params) }
+
+    update_attribute(:pending_delete, true)
+  end
 end
diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index 2c0ae312f1b..e2f9ffb69ac 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -1,12 +1,3 @@
-# == Schema Information
-#
-# Table name: project_import_data
-#
-#  id         :integer          not null, primary key
-#  project_id :integer
-#  data       :text
-#
-
 require 'carrierwave/orm/activerecord'
 
 class ProjectImportData < ActiveRecord::Base
diff --git a/app/models/project_services/asana_service.rb b/app/models/project_services/asana_service.rb
index 792ad804575..7c23b766763 100644
--- a/app/models/project_services/asana_service.rb
+++ b/app/models/project_services/asana_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require 'asana'
 
 class AsanaService < Service
diff --git a/app/models/project_services/assembla_service.rb b/app/models/project_services/assembla_service.rb
index 29d841faed8..d839221d315 100644
--- a/app/models/project_services/assembla_service.rb
+++ b/app/models/project_services/assembla_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class AssemblaService < Service
   include HTTParty
 
diff --git a/app/models/project_services/bamboo_service.rb b/app/models/project_services/bamboo_service.rb
index 060062aaf7a..1d1780dcfbf 100644
--- a/app/models/project_services/bamboo_service.rb
+++ b/app/models/project_services/bamboo_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class BambooService < CiService
   include HTTParty
 
diff --git a/app/models/project_services/buildkite_service.rb b/app/models/project_services/buildkite_service.rb
index 3efbfd2eec3..86a06321e21 100644
--- a/app/models/project_services/buildkite_service.rb
+++ b/app/models/project_services/buildkite_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require "addressable/uri"
 
 class BuildkiteService < CiService
@@ -26,7 +5,7 @@ class BuildkiteService < CiService
 
   prop_accessor :project_url, :token, :enable_ssl_verification
 
-  validates :project_url, presence: true, if: :activated?
+  validates :project_url, presence: true, url: true, if: :activated?
   validates :token, presence: true, if: :activated?
 
   after_save :compose_service_hook, if: :activated?
@@ -91,7 +70,7 @@ class BuildkiteService < CiService
       { type: 'text',
         name: 'project_url',
         placeholder: "#{ENDPOINT}/example/project" },
-      
+
       { type: 'checkbox',
         name: 'enable_ssl_verification',
         title: "Enable SSL verification" }
diff --git a/app/models/project_services/builds_email_service.rb b/app/models/project_services/builds_email_service.rb
index 6ab6d7417b7..54da4d74fc5 100644
--- a/app/models/project_services/builds_email_service.rb
+++ b/app/models/project_services/builds_email_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class BuildsEmailService < Service
   prop_accessor :recipients
   boolean_accessor :add_pusher
diff --git a/app/models/project_services/campfire_service.rb b/app/models/project_services/campfire_service.rb
index 6e8f0842524..511b2eac792 100644
--- a/app/models/project_services/campfire_service.rb
+++ b/app/models/project_services/campfire_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class CampfireService < Service
   prop_accessor :token, :subdomain, :room
   validates :token, presence: true, if: :activated?
diff --git a/app/models/project_services/ci_service.rb b/app/models/project_services/ci_service.rb
index d9f0849d147..596c00705ad 100644
--- a/app/models/project_services/ci_service.rb
+++ b/app/models/project_services/ci_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 # Base class for CI services
 # List methods you need to implement to get your CI service
 # working with GitLab Merge Requests
diff --git a/app/models/project_services/custom_issue_tracker_service.rb b/app/models/project_services/custom_issue_tracker_service.rb
index 88a3e9218cb..6b2b1daa724 100644
--- a/app/models/project_services/custom_issue_tracker_service.rb
+++ b/app/models/project_services/custom_issue_tracker_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class CustomIssueTrackerService < IssueTrackerService
 
   prop_accessor :title, :description, :project_url, :issues_url, :new_issue_url
diff --git a/app/models/project_services/drone_ci_service.rb b/app/models/project_services/drone_ci_service.rb
index b4724bb647e..966dbc41d73 100644
--- a/app/models/project_services/drone_ci_service.rb
+++ b/app/models/project_services/drone_ci_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class DroneCiService < CiService
 
   prop_accessor :drone_url, :token, :enable_ssl_verification
diff --git a/app/models/project_services/emails_on_push_service.rb b/app/models/project_services/emails_on_push_service.rb
index b831577cd97..e0083c43adb 100644
--- a/app/models/project_services/emails_on_push_service.rb
+++ b/app/models/project_services/emails_on_push_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class EmailsOnPushService < Service
   prop_accessor :send_from_committer_email
   prop_accessor :disable_diffs
diff --git a/app/models/project_services/external_wiki_service.rb b/app/models/project_services/external_wiki_service.rb
index b402b68665a..d7b6e505191 100644
--- a/app/models/project_services/external_wiki_service.rb
+++ b/app/models/project_services/external_wiki_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class ExternalWikiService < Service
   include HTTParty
 
@@ -46,7 +25,7 @@ class ExternalWikiService < Service
 
   def execute(_data)
     @response = HTTParty.get(properties['external_wiki_url'], verify: true) rescue nil
-    if @response !=200
+    if @response != 200
       nil
     end
   end
diff --git a/app/models/project_services/flowdock_service.rb b/app/models/project_services/flowdock_service.rb
index 8605ce66e48..dd00275187f 100644
--- a/app/models/project_services/flowdock_service.rb
+++ b/app/models/project_services/flowdock_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require "flowdock-git-hook"
 
 class FlowdockService < Service
diff --git a/app/models/project_services/gemnasium_service.rb b/app/models/project_services/gemnasium_service.rb
index 61babe9cfe5..598aca5e06d 100644
--- a/app/models/project_services/gemnasium_service.rb
+++ b/app/models/project_services/gemnasium_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require "gemnasium/gitlab_service"
 
 class GemnasiumService < Service
diff --git a/app/models/project_services/gitlab_ci_service.rb b/app/models/project_services/gitlab_ci_service.rb
index 33f0d7ea01a..bbc312f5215 100644
--- a/app/models/project_services/gitlab_ci_service.rb
+++ b/app/models/project_services/gitlab_ci_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 # TODO(ayufan): The GitLabCiService is deprecated and the type should be removed when the database entries are removed
 class GitlabCiService < CiService
   # We override the active accessor to always make GitLabCiService disabled
diff --git a/app/models/project_services/gitlab_issue_tracker_service.rb b/app/models/project_services/gitlab_issue_tracker_service.rb
index eaa5654b9c6..5d17c358330 100644
--- a/app/models/project_services/gitlab_issue_tracker_service.rb
+++ b/app/models/project_services/gitlab_issue_tracker_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class GitlabIssueTrackerService < IssueTrackerService
   include Gitlab::Routing.url_helpers
 
diff --git a/app/models/project_services/hipchat_service.rb b/app/models/project_services/hipchat_service.rb
index 064ef8e8674..0ff4f4c8dd2 100644
--- a/app/models/project_services/hipchat_service.rb
+++ b/app/models/project_services/hipchat_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class HipchatService < Service
   MAX_COMMITS = 3
 
diff --git a/app/models/project_services/irker_service.rb b/app/models/project_services/irker_service.rb
index 04c714bfaad..91015e6c9b1 100644
--- a/app/models/project_services/irker_service.rb
+++ b/app/models/project_services/irker_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require 'uri'
 
 class IrkerService < Service
diff --git a/app/models/project_services/issue_tracker_service.rb b/app/models/project_services/issue_tracker_service.rb
index 25045224ce5..6ae9b16d3ce 100644
--- a/app/models/project_services/issue_tracker_service.rb
+++ b/app/models/project_services/issue_tracker_service.rb
@@ -1,27 +1,6 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class IssueTrackerService < Service
 
-  validates :project_url, :issues_url, :new_issue_url, presence: true, if: :activated?
+  validates :project_url, :issues_url, :new_issue_url, presence: true, url: true, if: :activated?
 
   default_value_for :category, 'issue_tracker'
 
diff --git a/app/models/project_services/jira_service.rb b/app/models/project_services/jira_service.rb
index 1ed42c4f3e7..beda89d3963 100644
--- a/app/models/project_services/jira_service.rb
+++ b/app/models/project_services/jira_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class JiraService < IssueTrackerService
   include HTTParty
   include Gitlab::Routing.url_helpers
@@ -28,6 +7,8 @@ class JiraService < IssueTrackerService
   prop_accessor :username, :password, :api_url, :jira_issue_transition_id,
                 :title, :description, :project_url, :issues_url, :new_issue_url
 
+  validates :api_url, presence: true, url: true, if: :activated?
+
   before_validation :set_api_url, :set_jira_issue_transition_id
 
   before_update :reset_password
diff --git a/app/models/project_services/pivotaltracker_service.rb b/app/models/project_services/pivotaltracker_service.rb
index c9a890c7e3f..ad19b7795da 100644
--- a/app/models/project_services/pivotaltracker_service.rb
+++ b/app/models/project_services/pivotaltracker_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class PivotaltrackerService < Service
   include HTTParty
 
diff --git a/app/models/project_services/pushover_service.rb b/app/models/project_services/pushover_service.rb
index e76d9eca2ab..3dd878e4c7d 100644
--- a/app/models/project_services/pushover_service.rb
+++ b/app/models/project_services/pushover_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class PushoverService < Service
   include HTTParty
   base_uri 'https://api.pushover.net/1'
diff --git a/app/models/project_services/redmine_service.rb b/app/models/project_services/redmine_service.rb
index de974354c77..11cce3e0561 100644
--- a/app/models/project_services/redmine_service.rb
+++ b/app/models/project_services/redmine_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class RedmineService < IssueTrackerService
 
   prop_accessor :title, :description, :project_url, :issues_url, :new_issue_url
diff --git a/app/models/project_services/slack_service.rb b/app/models/project_services/slack_service.rb
index fd65027f084..cf9e4d5a8b6 100644
--- a/app/models/project_services/slack_service.rb
+++ b/app/models/project_services/slack_service.rb
@@ -1,28 +1,7 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class SlackService < Service
   prop_accessor :webhook, :username, :channel
   boolean_accessor :notify_only_broken_builds
-  validates :webhook, presence: true, if: :activated?
+  validates :webhook, presence: true, url: true, if: :activated?
 
   def initialize_properties
     if properties.nil?
diff --git a/app/models/project_services/slack_service/issue_message.rb b/app/models/project_services/slack_service/issue_message.rb
index 438ff33fdff..88e053ec192 100644
--- a/app/models/project_services/slack_service/issue_message.rb
+++ b/app/models/project_services/slack_service/issue_message.rb
@@ -34,7 +34,12 @@ class SlackService
     private
 
     def message
-      "#{user_name} #{state} #{issue_link} in #{project_link}: *#{title}*"
+      case state
+      when "opened"
+        "[#{project_link}] Issue #{state} by #{user_name}"
+      else
+        "[#{project_link}] Issue #{issue_link} #{state} by #{user_name}"
+      end
     end
 
     def opened_issue?
@@ -42,7 +47,11 @@ class SlackService
     end
 
     def description_message
-      [{ text: format(description), color: attachment_color }]
+      [{
+        title: issue_title,
+        title_link: issue_url,
+        text: format(description),
+        color: "#C95823" }]
     end
 
     def project_link
@@ -50,7 +59,11 @@ class SlackService
     end
 
     def issue_link
-      "[issue ##{issue_iid}](#{issue_url})"
+      "[#{issue_title}](#{issue_url})"
+    end
+
+    def issue_title
+      "##{issue_iid} #{title}"
     end
   end
 end
diff --git a/app/models/project_services/teamcity_service.rb b/app/models/project_services/teamcity_service.rb
index 8dceee5e2c5..b0dcb52eba1 100644
--- a/app/models/project_services/teamcity_service.rb
+++ b/app/models/project_services/teamcity_service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 class TeamcityService < CiService
   include HTTParty
 
diff --git a/app/models/project_snippet.rb b/app/models/project_snippet.rb
index 1f7d85a5f3d..5fba6baa204 100644
--- a/app/models/project_snippet.rb
+++ b/app/models/project_snippet.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: snippets
-#
-#  id               :integer          not null, primary key
-#  title            :string(255)
-#  content          :text
-#  author_id        :integer          not null
-#  project_id       :integer
-#  created_at       :datetime
-#  updated_at       :datetime
-#  file_name        :string(255)
-#  type             :string(255)
-#  visibility_level :integer          default(0), not null
-#
-
 class ProjectSnippet < Snippet
   belongs_to :project
   belongs_to :author, class_name: "User"
@@ -22,4 +6,6 @@ class ProjectSnippet < Snippet
 
   # Scopes
   scope :fresh, -> { order("created_at DESC") }
+
+  participant :author, :notes
 end
diff --git a/app/models/project_wiki.rb b/app/models/project_wiki.rb
index 7c1a61bb0bf..339fb0b9f9d 100644
--- a/app/models/project_wiki.rb
+++ b/app/models/project_wiki.rb
@@ -40,7 +40,7 @@ class ProjectWiki
   end
 
   def wiki_base_path
-    ["/", @project.path_with_namespace, "/wikis"].join('')
+    [Gitlab.config.gitlab.relative_url_root, "/", @project.path_with_namespace, "/wikis"].join('')
   end
 
   # Returns the Gollum::Wiki object.
@@ -113,7 +113,7 @@ class ProjectWiki
   end
 
   def page_title_and_dir(title)
-    title_array =  title.split("/")
+    title_array = title.split("/")
     title = title_array.pop
     [title, title_array.join("/")]
   end
diff --git a/app/models/protected_branch.rb b/app/models/protected_branch.rb
index 8ebd790a89e..33cf046fa75 100644
--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: protected_branches
-#
-#  id                  :integer          not null, primary key
-#  project_id          :integer          not null
-#  name                :string(255)      not null
-#  created_at          :datetime
-#  updated_at          :datetime
-#  developers_can_push :boolean          default(FALSE), not null
-#
-
 class ProtectedBranch < ActiveRecord::Base
   include Gitlab::ShellAdapter
 
diff --git a/app/models/release.rb b/app/models/release.rb
index 89f70278af5..e196b84eb18 100644
--- a/app/models/release.rb
+++ b/app/models/release.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: releases
-#
-#  id          :integer          not null, primary key
-#  tag         :string(255)
-#  description :text
-#  project_id  :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 class Release < ActiveRecord::Base
   belongs_to :project
 
diff --git a/app/models/repository.rb b/app/models/repository.rb
index da751591103..3716ea6ad6c 100644
--- a/app/models/repository.rb
+++ b/app/models/repository.rb
@@ -81,19 +81,21 @@ class Repository
   def commit(id = 'HEAD')
     return nil unless exists?
     commit = Gitlab::Git::Commit.find(raw_repository, id)
-    commit = Commit.new(commit, @project) if commit
+    commit = ::Commit.new(commit, @project) if commit
     commit
   rescue Rugged::OdbError
     nil
   end
 
-  def commits(ref, path = nil, limit = nil, offset = nil, skip_merges = false)
+  def commits(ref, path: nil, limit: nil, offset: nil, skip_merges: false, after: nil, before: nil)
     options = {
       repo: raw_repository,
       ref: ref,
       path: path,
       limit: limit,
       offset: offset,
+      after: after,
+      before: before,
       # --follow doesn't play well with --skip. See:
       # https://gitlab.com/gitlab-org/gitlab-ce/issues/3574#note_3040520
       follow: false,
@@ -146,10 +148,20 @@ class Repository
     find_branch(branch_name)
   end
 
-  def add_tag(tag_name, ref, message = nil)
-    before_push_tag
+  def add_tag(user, tag_name, target, message = nil)
+    oldrev = Gitlab::Git::BLANK_SHA
+    ref    = Gitlab::Git::TAG_REF_PREFIX + tag_name
+    target = commit(target).try(:id)
 
-    gitlab_shell.add_tag(path_with_namespace, tag_name, ref, message)
+    return false unless target
+
+    options = { message: message, tagger: user_to_committer(user) } if message
+
+    GitHooksService.new.execute(user, path_to_repo, oldrev, target, ref) do
+      rugged.tags.create(tag_name, target, options)
+    end
+
+    find_tag(tag_name)
   end
 
   def rm_branch(user, branch_name)
@@ -183,6 +195,10 @@ class Repository
     cache.fetch(:branch_names) { branches.map(&:name) }
   end
 
+  def branch_exists?(branch_name)
+    branch_names.include?(branch_name)
+  end
+
   def tag_names
     cache.fetch(:tag_names) { raw_repository.tag_names }
   end
@@ -441,7 +457,7 @@ class Repository
   def version
     cache.fetch(:version) do
       tree(:head).blobs.find do |file|
-        file.name.downcase == 'version'
+        file.name.casecmp('version').zero?
       end
     end
   end
@@ -457,7 +473,7 @@ class Repository
   def changelog
     cache.fetch(:changelog) do
       tree(:head).blobs.find do |file|
-        file.name =~ /\A(changelog|history)/i
+        file.name =~ /\A(changelog|history|changes|news)/i
       end
     end
   end
@@ -466,8 +482,8 @@ class Repository
     return nil if !exists? || empty?
 
     cache.fetch(:license_blob) do
-      if licensee_project.license
-        blob_at_branch(root_ref, licensee_project.matched_file.filename)
+      tree(:head).blobs.find do |file|
+        file.name =~ /\A(licen[sc]e|copying)(\..+|\z)/i
       end
     end
   end
@@ -476,7 +492,7 @@ class Repository
     return nil if !exists? || empty?
 
     cache.fetch(:license_key) do
-      licensee_project.license.try(:key) || 'no-license'
+      Licensee.license(path).try(:key)
     end
   end
 
@@ -575,7 +591,7 @@ class Repository
   end
 
   def contributors
-    commits = self.commits(nil, nil, 2000, 0, true)
+    commits = self.commits(nil, limit: 2000, offset: 0, skip_merges: true)
 
     commits.group_by(&:author_email).map do |email, commits|
       contributor = Gitlab::Contributor.new
@@ -783,7 +799,7 @@ class Repository
   def check_revert_content(commit, base_branch)
     source_sha = find_branch(base_branch).target
     args       = [commit.id, source_sha]
-    args       << { mainline: 1 } if commit.merge_commit?
+    args << { mainline: 1 } if commit.merge_commit?
 
     revert_index = rugged.revert_commit(*args)
     return false if revert_index.conflicts?
@@ -797,7 +813,7 @@ class Repository
   def check_cherry_pick_content(commit, base_branch)
     source_sha = find_branch(base_branch).target
     args       = [commit.id, source_sha]
-    args       << 1 if commit.merge_commit?
+    args << 1 if commit.merge_commit?
 
     cherry_pick_index = rugged.cherrypick_commit(*args)
     return false if cherry_pick_index.conflicts?
@@ -938,6 +954,16 @@ class Repository
     raw_repository.ls_files(actual_ref)
   end
 
+  def copy_gitattributes(ref)
+    actual_ref = ref || root_ref
+    begin
+      raw_repository.copy_gitattributes(actual_ref)
+      true
+    rescue Gitlab::Git::Repository::InvalidRef
+      false
+    end
+  end
+
   def main_language
     return if empty? || rugged.head_unborn?
 
@@ -959,8 +985,4 @@ class Repository
   def cache
     @cache ||= RepositoryCache.new(path_with_namespace)
   end
-
-  def licensee_project
-    @licensee_project ||= Licensee.project(path)
-  end
 end
diff --git a/app/models/security_event.rb b/app/models/security_event.rb
index 68c00adad59..d131c11cb6c 100644
--- a/app/models/security_event.rb
+++ b/app/models/security_event.rb
@@ -1,16 +1,2 @@
-# == Schema Information
-#
-# Table name: audit_events
-#
-#  id          :integer          not null, primary key
-#  author_id   :integer          not null
-#  type        :string(255)      not null
-#  entity_id   :integer          not null
-#  entity_type :string(255)      not null
-#  details     :text
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 class SecurityEvent < AuditEvent
 end
diff --git a/app/models/sent_notification.rb b/app/models/sent_notification.rb
index 77115597d71..375f195dba7 100644
--- a/app/models/sent_notification.rb
+++ b/app/models/sent_notification.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: sent_notifications
-#
-#  id            :integer          not null, primary key
-#  project_id    :integer
-#  noteable_id   :integer
-#  noteable_type :string(255)
-#  recipient_id  :integer
-#  commit_id     :string(255)
-#  line_code     :string(255)
-#  reply_key     :string(255)      not null
-#
-
 class SentNotification < ActiveRecord::Base
   belongs_to :project
   belongs_to :noteable, polymorphic: true
diff --git a/app/models/service.rb b/app/models/service.rb
index 2645b8321d7..de3fd24584a 100644
--- a/app/models/service.rb
+++ b/app/models/service.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 # To add new service you should build a class inherited from Service
 # and implement a set of methods
 class Service < ActiveRecord::Base
diff --git a/app/models/snippet.rb b/app/models/snippet.rb
index b96e3937281..0a3c3b57669 100644
--- a/app/models/snippet.rb
+++ b/app/models/snippet.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: snippets
-#
-#  id               :integer          not null, primary key
-#  title            :string(255)
-#  content          :text
-#  author_id        :integer          not null
-#  project_id       :integer
-#  created_at       :datetime
-#  updated_at       :datetime
-#  file_name        :string(255)
-#  type             :string(255)
-#  visibility_level :integer          default(0), not null
-#
-
 class Snippet < ActiveRecord::Base
   include Gitlab::VisibilityLevel
   include Linguist::BlobHelper
@@ -112,6 +96,10 @@ class Snippet < ActiveRecord::Base
     visibility_level
   end
 
+  def no_highlighting?
+    content.lines.count > 1000
+  end
+
   class << self
     # Searches for snippets with a matching title or file name.
     #
diff --git a/app/models/subscription.rb b/app/models/subscription.rb
index dd800ce110f..3b8aa1eb866 100644
--- a/app/models/subscription.rb
+++ b/app/models/subscription.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: subscriptions
-#
-#  id                :integer          not null, primary key
-#  user_id           :integer
-#  subscribable_id   :integer
-#  subscribable_type :string(255)
-#  subscribed        :boolean
-#  created_at        :datetime
-#  updated_at        :datetime
-#
-
 class Subscription < ActiveRecord::Base
   belongs_to :user
   belongs_to :subscribable, polymorphic: true
diff --git a/app/models/todo.rb b/app/models/todo.rb
index d85f7bfdf57..f8b59fe4126 100644
--- a/app/models/todo.rb
+++ b/app/models/todo.rb
@@ -1,21 +1,3 @@
-# == Schema Information
-#
-# Table name: todos
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer          not null
-#  project_id  :integer          not null
-#  target_id   :integer
-#  target_type :string           not null
-#  author_id   :integer
-#  action      :integer          not null
-#  state       :string           not null
-#  created_at  :datetime
-#  updated_at  :datetime
-#  note_id     :integer
-#  commit_id   :string
-#
-
 class Todo < ActiveRecord::Base
   ASSIGNED  = 1
   MENTIONED = 2
diff --git a/app/models/user.rb b/app/models/user.rb
index ab48f8f1960..6a09b78455b 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,67 +1,3 @@
-# == Schema Information
-#
-# Table name: users
-#
-#  id                          :integer          not null, primary key
-#  email                       :string(255)      default(""), not null
-#  encrypted_password          :string(255)      default(""), not null
-#  reset_password_token        :string(255)
-#  reset_password_sent_at      :datetime
-#  remember_created_at         :datetime
-#  sign_in_count               :integer          default(0)
-#  current_sign_in_at          :datetime
-#  last_sign_in_at             :datetime
-#  current_sign_in_ip          :string(255)
-#  last_sign_in_ip             :string(255)
-#  created_at                  :datetime
-#  updated_at                  :datetime
-#  name                        :string(255)
-#  admin                       :boolean          default(FALSE), not null
-#  projects_limit              :integer          default(10)
-#  skype                       :string(255)      default(""), not null
-#  linkedin                    :string(255)      default(""), not null
-#  twitter                     :string(255)      default(""), not null
-#  authentication_token        :string(255)
-#  theme_id                    :integer          default(1), not null
-#  bio                         :string(255)
-#  failed_attempts             :integer          default(0)
-#  locked_at                   :datetime
-#  username                    :string(255)
-#  can_create_group            :boolean          default(TRUE), not null
-#  can_create_team             :boolean          default(TRUE), not null
-#  state                       :string(255)
-#  color_scheme_id             :integer          default(1), not null
-#  notification_level          :integer          default(1), not null
-#  password_expires_at         :datetime
-#  created_by_id               :integer
-#  last_credential_check_at    :datetime
-#  avatar                      :string(255)
-#  confirmation_token          :string(255)
-#  confirmed_at                :datetime
-#  confirmation_sent_at        :datetime
-#  unconfirmed_email           :string(255)
-#  hide_no_ssh_key             :boolean          default(FALSE)
-#  website_url                 :string(255)      default(""), not null
-#  notification_email          :string(255)
-#  hide_no_password            :boolean          default(FALSE)
-#  password_automatically_set  :boolean          default(FALSE)
-#  location                    :string(255)
-#  encrypted_otp_secret        :string(255)
-#  encrypted_otp_secret_iv     :string(255)
-#  encrypted_otp_secret_salt   :string(255)
-#  otp_required_for_login      :boolean          default(FALSE), not null
-#  otp_backup_codes            :text
-#  public_email                :string(255)      default(""), not null
-#  dashboard                   :integer          default(0)
-#  project_view                :integer          default(0)
-#  consumed_timestep           :integer
-#  layout                      :integer          default(0)
-#  hide_project_limit          :boolean          default(FALSE)
-#  unlock_token                :string
-#  otp_grace_period_started_at :datetime
-#  external                    :boolean           default(FALSE)
-#
-
 require 'carrierwave/orm/activerecord'
 
 class User < ActiveRecord::Base
@@ -85,7 +21,7 @@ class User < ActiveRecord::Base
   default_value_for :theme_id, gitlab_config.default_theme
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: File.read(Rails.root.join('.secret')).chomp
+         otp_secret_encryption_key: Gitlab::Application.config.secret_key_base
   alias_attribute :two_factor_enabled, :otp_required_for_login
 
   devise :two_factor_backupable, otp_number_of_backup_codes: 10
@@ -176,6 +112,7 @@ class User < ActiveRecord::Base
   before_save :ensure_external_user_rights
   after_save :ensure_namespace_correct
   after_initialize :set_projects_limit
+  before_create :check_confirmation_email
   after_create :post_create_hook
   after_destroy :post_destroy_hook
 
@@ -371,6 +308,10 @@ class User < ActiveRecord::Base
     @reset_token
   end
 
+  def check_confirmation_email
+    skip_confirmation! unless current_application_settings.send_user_confirmation_email
+  end
+
   def recently_sent_password_reset?
     reset_password_sent_at.present? && reset_password_sent_at >= 1.minute.ago
   end
@@ -445,17 +386,17 @@ class User < ActiveRecord::Base
     Project.where("projects.id IN (#{projects_union.to_sql})")
   end
 
+  def viewable_starred_projects
+    starred_projects.where("projects.visibility_level IN (?) OR projects.id IN (#{projects_union.to_sql})",
+                           [Project::PUBLIC, Project::INTERNAL])
+  end
+
   def owned_projects
     @owned_projects ||=
       Project.where('namespace_id IN (?) OR namespace_id = ?',
                     owned_groups.select(:id), namespace.id).joins(:namespace)
   end
 
-  # Team membership in authorized projects
-  def tm_in_authorized_projects
-    ProjectMember.where(source_id: authorized_projects.map(&:id), user_id: self.id)
-  end
-
   def is_admin?
     admin
   end
@@ -545,10 +486,6 @@ class User < ActiveRecord::Base
     "#{name} (#{username})"
   end
 
-  def tm_of(project)
-    project.project_member_by_id(self.id)
-  end
-
   def already_forked?(project)
     !!fork_of(project)
   end
diff --git a/app/models/users_star_project.rb b/app/models/users_star_project.rb
index 413f3f485a8..0dfe597317e 100644
--- a/app/models/users_star_project.rb
+++ b/app/models/users_star_project.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: users_star_projects
-#
-#  id         :integer          not null, primary key
-#  project_id :integer          not null
-#  user_id    :integer          not null
-#  created_at :datetime
-#  updated_at :datetime
-#
-
 class UsersStarProject < ActiveRecord::Base
   belongs_to :project, counter_cache: :star_count, touch: true
   belongs_to :user
diff --git a/app/services/auth/container_registry_authentication_service.rb b/app/services/auth/container_registry_authentication_service.rb
new file mode 100644
index 00000000000..3144e96ba31
--- /dev/null
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -0,0 +1,81 @@
+module Auth
+  class ContainerRegistryAuthenticationService < BaseService
+    AUDIENCE = 'container_registry'
+
+    def execute
+      return error('not found', 404) unless registry.enabled
+
+      if params[:offline_token]
+        return error('unauthorized', 401) unless current_user
+      else
+        return error('forbidden', 403) unless scope
+      end
+
+      { token: authorized_token(scope).encoded }
+    end
+
+    def self.full_access_token(*names)
+      registry = Gitlab.config.registry
+      token = JSONWebToken::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = AUDIENCE
+      token[:access] = names.map do |name|
+        { type: 'repository', name: name, actions: %w(pull push) }
+      end
+      token.encoded
+    end
+
+    private
+
+    def authorized_token(*accesses)
+      token = JSONWebToken::RSAToken.new(registry.key)
+      token.issuer = registry.issuer
+      token.audience = params[:service]
+      token.subject = current_user.try(:username)
+      token[:access] = accesses.compact
+      token
+    end
+
+    def scope
+      return unless params[:scope]
+
+      @scope ||= process_scope(params[:scope])
+    end
+
+    def process_scope(scope)
+      type, name, actions = scope.split(':', 3)
+      actions = actions.split(',')
+      return unless type == 'repository'
+
+      process_repository_access(type, name, actions)
+    end
+
+    def process_repository_access(type, name, actions)
+      requested_project = Project.find_with_namespace(name)
+      return unless requested_project
+
+      actions = actions.select do |action|
+        can_access?(requested_project, action)
+      end
+
+      { type: type, name: name, actions: actions } if actions.present?
+    end
+
+    def can_access?(requested_project, requested_action)
+      return false unless requested_project.container_registry_enabled?
+
+      case requested_action
+      when 'pull'
+        requested_project == project || can?(current_user, :read_container_image, requested_project)
+      when 'push'
+        requested_project == project || can?(current_user, :create_container_image, requested_project)
+      else
+        false
+      end
+    end
+
+    def registry
+      Gitlab.config.registry
+    end
+  end
+end
diff --git a/app/services/create_branch_service.rb b/app/services/create_branch_service.rb
index 707c2f7ff85..9f4481a8153 100644
--- a/app/services/create_branch_service.rb
+++ b/app/services/create_branch_service.rb
@@ -43,9 +43,4 @@ class CreateBranchService < BaseService
     out[:branch] = branch
     out
   end
-
-  def build_push_data(project, user, branch)
-    Gitlab::PushDataBuilder.
-      build(project, user, Gitlab::Git::BLANK_SHA, branch.target, "#{Gitlab::Git::BRANCH_REF_PREFIX}#{branch.name}", [])
-  end
 end
diff --git a/app/services/create_tag_service.rb b/app/services/create_tag_service.rb
index 55985380d31..91ed0e354d0 100644
--- a/app/services/create_tag_service.rb
+++ b/app/services/create_tag_service.rb
@@ -1,50 +1,30 @@
 require_relative 'base_service'
 
 class CreateTagService < BaseService
-  def execute(tag_name, ref, message, release_description = nil)
+  def execute(tag_name, target, message, release_description = nil)
     valid_tag = Gitlab::GitRefValidator.validate(tag_name)
-    if valid_tag == false
-      return error('Tag name invalid')
-    end
+    return error('Tag name invalid') unless valid_tag
 
     repository = project.repository
-    existing_tag = repository.find_tag(tag_name)
-    if existing_tag
-      return error('Tag already exists')
-    end
-
     message.strip! if message
 
-    repository.add_tag(tag_name, ref, message)
-    new_tag = repository.find_tag(tag_name)
+    new_tag = nil
+    begin
+      new_tag = repository.add_tag(current_user, tag_name, target, message)
+    rescue Rugged::TagError
+      return error("Tag #{tag_name} already exists")
+    rescue GitHooksService::PreReceiveError
+      return error('Tag creation was rejected by Git hook')
+    end
 
     if new_tag
-      push_data = create_push_data(project, current_user, new_tag)
-      EventCreateService.new.push(project, current_user, push_data)
-      project.execute_hooks(push_data.dup, :tag_push_hooks)
-      project.execute_services(push_data.dup, :tag_push_hooks)
-      CreateCommitBuildsService.new.execute(project, current_user, push_data)
-
       if release_description
         CreateReleaseService.new(@project, @current_user).
           execute(tag_name, release_description)
       end
-
-      success(new_tag)
+      success.merge(tag: new_tag)
     else
-      error('Invalid reference name')
+      error("Target #{target} is invalid")
     end
   end
-
-  def success(branch)
-    out = super()
-    out[:tag] = branch
-    out
-  end
-
-  def create_push_data(project, user, tag)
-    commits = [project.commit(tag.target)].compact
-    Gitlab::PushDataBuilder.
-      build(project, user, Gitlab::Git::BLANK_SHA, tag.target, "#{Gitlab::Git::TAG_REF_PREFIX}#{tag.name}", commits, tag.message)
-  end
 end
diff --git a/app/services/git_push_service.rb b/app/services/git_push_service.rb
index 1e1be8cd04b..66136b62617 100644
--- a/app/services/git_push_service.rb
+++ b/app/services/git_push_service.rb
@@ -17,6 +17,7 @@ class GitPushService < BaseService
   #  6. Checks if the project's main language has changed
   #
   def execute
+    @project.repository.after_create if @project.empty_repo?
     @project.repository.after_push_commit(branch_name, params[:newrev])
 
     if push_remove_branch?
@@ -42,7 +43,12 @@ class GitPushService < BaseService
       # Collect data for this git push
       @push_commits = @project.repository.commits_between(params[:oldrev], params[:newrev])
       process_commit_messages
+
+      # Update the bare repositories info/attributes file using the contents of the default branches
+      # .gitattributes file
+      update_gitattributes if is_default_branch?
     end
+
     # Update merge requests that may be affected by this push. A new branch
     # could cause the last commit of a merge request to change.
     update_merge_requests
@@ -54,6 +60,10 @@ class GitPushService < BaseService
     perform_housekeeping
   end
 
+  def update_gitattributes
+    @project.repository.copy_gitattributes(params[:ref])
+  end
+
   def update_main_language
     # Performance can be bad so for now only check main_language once
     # See https://gitlab.com/gitlab-org/gitlab-ce/issues/14937
diff --git a/app/services/git_tag_push_service.rb b/app/services/git_tag_push_service.rb
index 64271d8bc5c..7410442609d 100644
--- a/app/services/git_tag_push_service.rb
+++ b/app/services/git_tag_push_service.rb
@@ -2,6 +2,7 @@ class GitTagPushService < BaseService
   attr_accessor :push_data
 
   def execute
+    project.repository.after_create if project.empty_repo?
     project.repository.before_push_tag
 
     @push_data = build_push_data
diff --git a/app/services/issues/move_service.rb b/app/services/issues/move_service.rb
index 82e7090f1ea..e61628086f0 100644
--- a/app/services/issues/move_service.rb
+++ b/app/services/issues/move_service.rb
@@ -41,14 +41,25 @@ module Issues
     private
 
     def create_new_issue
-      new_params = { id: nil, iid: nil, label_ids: [], milestone: nil,
+      new_params = { id: nil, iid: nil, label_ids: cloneable_label_ids,
+                     milestone_id: cloneable_milestone_id,
                      project: @new_project, author: @old_issue.author,
                      description: rewrite_content(@old_issue.description) }
 
-      new_params = @old_issue.serializable_hash.merge(new_params)
+      new_params = @old_issue.serializable_hash.symbolize_keys.merge(new_params)
       CreateService.new(@new_project, @current_user, new_params).execute
     end
 
+    def cloneable_label_ids
+      @new_project.labels
+        .where(title: @old_issue.labels.pluck(:title)).pluck(:id)
+    end
+
+    def cloneable_milestone_id
+      @new_project.milestones
+        .find_by(title: @old_issue.milestone.try(:title)).try(:id)
+    end
+
     def rewrite_notes
       @old_issue.notes.find_each do |note|
         new_note = note.dup
diff --git a/app/services/merge_requests/build_service.rb b/app/services/merge_requests/build_service.rb
index fa34753c4fd..1b48899bb0a 100644
--- a/app/services/merge_requests/build_service.rb
+++ b/app/services/merge_requests/build_service.rb
@@ -7,6 +7,9 @@ module MergeRequests
       merge_request.can_be_created = false
       merge_request.compare_commits = []
       merge_request.source_project = project unless merge_request.source_project
+
+      merge_request.target_project = nil unless can?(current_user, :read_project, merge_request.target_project)
+
       merge_request.target_project ||= (project.forked_from_project || project)
       merge_request.target_branch ||= merge_request.target_project.default_branch
 
@@ -38,21 +41,45 @@ module MergeRequests
         merge_request.can_be_created = false
       end
 
+      set_title_and_description(merge_request)
+    end
+
+    private
+
+    # When your branch name starts with an iid followed by a dash this pattern will be
+    # interpreted as the user wants to close that issue on this project.
+    #
+    # For example:
+    # - Issue 112 exists, title: Emoji don't show up in commit title
+    # - Source branch is: 112-fix-mep-mep
+    #
+    # Will lead to:
+    # - Appending `Closes #112` to the description
+    # - Setting the title as 'Resolves "Emoji don't show up in commit title"' if there is
+    #   more than one commit in the MR
+    #
+    def set_title_and_description(merge_request)
+      if match = merge_request.source_branch.match(/\A(\d+)-/)
+        iid = match[1]
+      end
+
       commits = merge_request.compare_commits
       if commits && commits.count == 1
         commit = commits.first
-        merge_request.title       = commit.title
+        merge_request.title = commit.title
         merge_request.description ||= commit.description.try(:strip)
+      elsif iid && (issue = merge_request.target_project.get_issue(iid)) && !issue.try(:confidential?)
+        case issue
+        when Issue
+          merge_request.title = "Resolve \"#{issue.title}\""
+        when ExternalIssue
+          merge_request.title = "Resolve #{issue.title}"
+        end
       else
         merge_request.title = merge_request.source_branch.titleize.humanize
       end
 
-      # When your branch name starts with an iid followed by a dash this pattern will
-      # be interpreted as the use wants to close that issue on this project
-      # Pattern example: 112-fix-mep-mep
-      # Will lead to appending `Closes #112` to the description
-      if match = merge_request.source_branch.match(/\A(\d+)-/)
-        iid = match[1]
+      if iid
         closes_issue = "Closes ##{iid}"
 
         if merge_request.description.present?
diff --git a/app/services/notes/create_service.rb b/app/services/notes/create_service.rb
index 2bb312bb252..01586994813 100644
--- a/app/services/notes/create_service.rb
+++ b/app/services/notes/create_service.rb
@@ -5,6 +5,8 @@ module Notes
       note.author = current_user
       note.system = false
 
+      return unless valid_project?(note)
+
       if note.save
         # Finish the harder work in the background
         NewNoteWorker.perform_in(2.seconds, note.id, params)
@@ -13,5 +15,14 @@ module Notes
 
       note
     end
+
+    private
+
+    def valid_project?(note)
+      return false unless project
+      return true if note.for_commit?
+
+      note.noteable.try(:project) == project
+    end
   end
 end
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 501e58c1407..6728fabea1e 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -6,6 +6,7 @@ module Projects
 
     def execute
       forked_from_project_id = params.delete(:forked_from_project_id)
+      import_data = params.delete(:import_data)
 
       @project = Project.new(params)
 
@@ -49,16 +50,14 @@ module Projects
         @project.build_forked_project_link(forked_from_project_id: forked_from_project_id)
       end
 
-      Project.transaction do
-        @project.save
+      save_project_and_import_data(import_data)
 
-        if @project.persisted? && !@project.import?
-          raise 'Failed to create repository' unless @project.create_repository
-        end
-      end
+      @project.import_start if @project.import?
 
       after_create_actions if @project.persisted?
 
+      @project.add_import_job if @project.import?
+
       @project
     rescue => e
       message = "Unable to save project: #{e.message}"
@@ -93,8 +92,16 @@ module Projects
       unless @project.group
         @project.team << [current_user, :master, current_user]
       end
+    end
 
-      @project.import_start if @project.import?
+    def save_project_and_import_data(import_data)
+      Project.transaction do
+        @project.create_or_update_import_data(data: import_data[:data], credentials: import_data[:credentials]) if import_data
+
+        if @project.save && !@project.import?
+          raise 'Failed to create repository' unless @project.create_repository
+        end
+      end
     end
   end
 end
diff --git a/app/services/projects/destroy_service.rb b/app/services/projects/destroy_service.rb
index df5054f08d7..f09072975c3 100644
--- a/app/services/projects/destroy_service.rb
+++ b/app/services/projects/destroy_service.rb
@@ -7,9 +7,7 @@ module Projects
     DELETED_FLAG = '+deleted'
 
     def pending_delete!
-      project.update_attribute(:pending_delete, true)
-
-      ProjectDestroyWorker.perform_in(1.minute, project.id, current_user.id, params)
+      project.schedule_delete!(current_user.id, params)
     end
 
     def execute
@@ -28,6 +26,10 @@ module Projects
       Project.transaction do
         project.destroy!
 
+        unless remove_registry_tags
+          raise_error('Failed to remove project container registry. Please try again or contact administrator')
+        end
+
         unless remove_repository(repo_path)
           raise_error('Failed to remove project repository. Please try again or contact administrator')
         end
@@ -37,7 +39,7 @@ module Projects
         end
       end
 
-      log_info("Project \"#{project.name}\" was removed")
+      log_info("Project \"#{project.path_with_namespace}\" was removed")
       system_hook_service.execute_hooks_for(project, :destroy)
       true
     end
@@ -61,6 +63,12 @@ module Projects
       end
     end
 
+    def remove_registry_tags
+      return true unless Gitlab.config.registry.enabled
+
+      project.container_registry_repository.delete_tags
+    end
+
     def raise_error(message)
       raise DestroyError.new(message)
     end
diff --git a/app/services/projects/transfer_service.rb b/app/services/projects/transfer_service.rb
index 79a27f4af7e..03b57dea51e 100644
--- a/app/services/projects/transfer_service.rb
+++ b/app/services/projects/transfer_service.rb
@@ -34,6 +34,13 @@ module Projects
           raise TransferError.new("Project with same path in target namespace already exists")
         end
 
+        if project.has_container_registry_tags?
+          # we currently doesn't support renaming repository if it contains tags in container registry
+          raise TransferError.new('Project cannot be transferred, because tags are present in its container registry')
+        end
+
+        project.expire_caches_before_rename(old_path)
+
         # Apply new namespace id and visibility level
         project.namespace = new_namespace
         project.visibility_level = new_namespace.visibility_level unless project.visibility_level_allowed_by_group?
diff --git a/app/services/system_hooks_service.rb b/app/services/system_hooks_service.rb
index e43b5b51e5b..1fb72cf89e9 100644
--- a/app/services/system_hooks_service.rb
+++ b/app/services/system_hooks_service.rb
@@ -85,7 +85,7 @@ class SystemHooksService
       path_with_namespace: model.path_with_namespace,
       project_id: model.id,
       owner_name: owner.name,
-      owner_email: owner.respond_to?(:email) ?  owner.email : "",
+      owner_email: owner.respond_to?(:email) ? owner.email : "",
       project_visibility: Project.visibility_levels.key(model.visibility_level_field).downcase
     }
   end
diff --git a/app/services/system_note_service.rb b/app/services/system_note_service.rb
index 82a0e2fd1f5..4bdb1b0c074 100644
--- a/app/services/system_note_service.rb
+++ b/app/services/system_note_service.rb
@@ -351,7 +351,7 @@ class SystemNoteService
   # Returns an Array of Strings
   def self.new_commit_summary(new_commits)
     new_commits.collect do |commit|
-      "* #{commit.short_id} - #{commit.title}"
+      "* #{commit.short_id} - #{escape_html(commit.title)}"
     end
   end
 
@@ -433,4 +433,8 @@ class SystemNoteService
     body = "Moved #{direction} #{cross_reference}"
     create_note(noteable: noteable, project: project, author: author, note: body)
   end
+
+  def self.escape_html(text)
+    Rack::Utils.escape_html(text)
+  end
 end
diff --git a/app/services/wiki_pages/create_service.rb b/app/services/wiki_pages/create_service.rb
index 988c663b9d0..24a817c06c9 100644
--- a/app/services/wiki_pages/create_service.rb
+++ b/app/services/wiki_pages/create_service.rb
@@ -1,7 +1,8 @@
 module WikiPages
   class CreateService < WikiPages::BaseService
     def execute
-      page = WikiPage.new(@project.wiki)
+      project_wiki = ProjectWiki.new(@project, current_user)
+      page = WikiPage.new(project_wiki)
 
       if page.create(@params)
         execute_hooks(page, 'create')
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index e0d8d16a954..df286852b97 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -103,12 +103,25 @@
           = f.label :signup_enabled do
             = f.check_box :signup_enabled
             Sign-up enabled
+    .form-group
+      .col-sm-offset-2.col-sm-10
+        .checkbox
+          = f.label :send_user_confirmation_email do
+            = f.check_box :send_user_confirmation_email
+            Send confirmation email on sign-up
     .form-group
       .col-sm-offset-2.col-sm-10
         .checkbox
           = f.label :signin_enabled do
             = f.check_box :signin_enabled
             Sign-in enabled
+    - if omniauth_enabled? && button_based_providers.any?
+      .form-group
+        = f.label :enabled_oauth_sign_in_sources, 'Enabled OAuth Sign-In sources', class: 'control-label col-sm-2'
+        .col-sm-10
+          .btn-group{ data: { toggle: 'buttons' } }
+            - oauth_providers_checkboxes.each do |source|
+              = source
     .form-group
       = f.label :two_factor_authentication, 'Two-factor authentication', class: 'control-label col-sm-2'
       .col-sm-10
diff --git a/app/views/admin/builds/_build.html.haml b/app/views/admin/builds/_build.html.haml
index 3571eefd570..967151bc33b 100644
--- a/app/views/admin/builds/_build.html.haml
+++ b/app/views/admin/builds/_build.html.haml
@@ -35,15 +35,15 @@
   %td
     #{build.stage} / #{build.name}
 
-    .pull-right
-      - if build.tags.any?
-        - build.tags.each do |tag|
-          %span.label.label-primary
-            = tag
-      - if build.try(:trigger_request)
-        %span.label.label-info triggered
-      - if build.try(:allow_failure)
-        %span.label.label-danger allowed to fail
+  %td
+    - if build.tags.any?
+      - build.tags.each do |tag|
+        %span.label.label-primary
+          = tag
+    - if build.try(:trigger_request)
+      %span.label.label-info triggered
+    - if build.try(:allow_failure)
+      %span.label.label-danger allowed to fail
 
   %td.duration
     - if build.duration
@@ -61,12 +61,12 @@
   %td
     .pull-right
       - if can?(current_user, :read_build, project) && build.artifacts?
-        = link_to download_namespace_project_build_artifacts_path(build.project.namespace, build.project, build), title: 'Download artifacts' do
+        = link_to download_namespace_project_build_artifacts_path(build.project.namespace, build.project, build), title: 'Download artifacts', class: 'btn btn-build' do
           %i.fa.fa-download
       - if can?(current_user, :update_build, build.project)
         - if build.active?
-          = link_to cancel_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Cancel' do
+          = link_to cancel_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Cancel', class: 'btn btn-build' do
             %i.fa.fa-remove.cred
         - elsif defined?(allow_retry) && allow_retry && build.retryable?
-          = link_to retry_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Retry' do
-            %i.fa.fa-repeat
+          = link_to retry_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Retry', class: 'btn btn-build' do
+            %i.fa.fa-refresh
diff --git a/app/views/admin/builds/index.html.haml b/app/views/admin/builds/index.html.haml
index 5931efdefe6..ed24757087b 100644
--- a/app/views/admin/builds/index.html.haml
+++ b/app/views/admin/builds/index.html.haml
@@ -19,8 +19,8 @@
     - if @all_builds.running_or_pending.any?
       = link_to 'Cancel all', cancel_all_admin_builds_path, data: { confirm: 'Are you sure?' }, class: 'btn btn-danger', method: :post
 
-.gray-content-block.second-block
-  #{(@scope || 'running').capitalize} builds
+.row-content-block.second-block
+  #{(@scope || 'all').capitalize} builds
 
 %ul.content-list
   - if @builds.blank?
@@ -38,6 +38,7 @@
             %th Ref
             %th Runner
             %th Name
+            %th Tags
             %th Duration
             %th Finished at
             %th
diff --git a/app/views/admin/health_check/show.html.haml b/app/views/admin/health_check/show.html.haml
new file mode 100644
index 00000000000..c2313986a7f
--- /dev/null
+++ b/app/views/admin/health_check/show.html.haml
@@ -0,0 +1,49 @@
+- page_title "Health Check"
+
+%h3.page-title
+  Health Check
+.bs-callout.clearfix
+  .pull-left
+    %p
+  Access token is
+  %code#health-check-token= current_application_settings.health_check_access_token
+  = button_to reset_health_check_token_admin_application_settings_path,
+    method: :put, class: 'btn btn-default',
+    data: { confirm: 'Are you sure you want to reset the health check token?' } do
+    = icon('refresh')
+    Reset health check access token
+%p.light
+  Health information can be retrieved as plain text, JSON, or XML using:
+  %ul
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token)
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token, format: :json)
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token, format: :xml)
+
+%p.light
+  You can also ask for the status of specific services:
+  %ul
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :cache)
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :database)
+    %li
+      %code= health_check_url(token: current_application_settings.health_check_access_token, checks: :migrations)
+
+%hr
+.panel.panel-default
+  .panel-heading
+    Current Status:
+    - if @errors.blank?
+      = icon('circle', class: 'cgreen')
+      Healthy
+    - else
+      = icon('warning', class: 'cred')
+      Unhealthy
+  .panel-body
+    - if @errors.blank?
+      No Health Problems Detected
+    - else
+      = @errors
diff --git a/app/views/admin/hooks/index.html.haml b/app/views/admin/hooks/index.html.haml
index 67d23c80233..7b388cf7862 100644
--- a/app/views/admin/hooks/index.html.haml
+++ b/app/views/admin/hooks/index.html.haml
@@ -13,9 +13,15 @@
   = form_errors(@hook)
 
   .form-group
-    = f.label :url, "URL:", class: 'control-label'
+    = f.label :url, 'URL', class: 'control-label'
     .col-sm-10
-      = f.text_field :url, class: "form-control"
+      = f.text_field :url, class: 'form-control'
+  .form-group
+    = f.label :token, 'Secret Token', class: 'control-label'
+    .col-sm-10
+      = f.text_field :token, class: 'form-control'
+      %p.help-block
+        Use this token to validate received payloads
   .form-group
     = f.label :url, "Trigger", class: 'control-label'
     .col-sm-10.prepend-top-10
diff --git a/app/views/admin/logs/show.html.haml b/app/views/admin/logs/show.html.haml
index 4b475a4d8fa..698feb571ac 100644
--- a/app/views/admin/logs/show.html.haml
+++ b/app/views/admin/logs/show.html.haml
@@ -7,7 +7,7 @@
     %li{ class: (klass == Gitlab::GitLogger ? 'active' : '') }
       = link_to klass::file_name, "##{klass::file_name_noext}",
           'data-toggle' => 'tab'
-.gray-content-block
+.row-content-block
   To prevent performance issues admin logs output the last 2000 lines
 .tab-content
   - loggers.each do |klass|
diff --git a/app/views/admin/runners/_runner.html.haml b/app/views/admin/runners/_runner.html.haml
index 6745e58deca..36b21eefdee 100644
--- a/app/views/admin/runners/_runner.html.haml
+++ b/app/views/admin/runners/_runner.html.haml
@@ -11,18 +11,10 @@
     = link_to admin_runner_path(runner) do
       = runner.short_sha
   %td
-    .runner-description
-      = runner.description
-      %span (#{link_to 'edit', '#', class: 'edit-runner-link'})
-    .runner-description-form.hide
-      = form_for [:admin, runner], remote: true, html: { class: 'form-inline' } do |f|
-        .form-group
-          = f.text_field :description, class: 'form-control'
-        = f.submit 'Save', class: 'btn'
-        %span (#{link_to 'cancel', '#', class: 'cancel'})
+    = runner.description
   %td
     - if runner.shared?
-      \-
+      n/a
     - else
       = runner.projects.count(:all)
   %td
diff --git a/app/views/admin/runners/show.html.haml b/app/views/admin/runners/show.html.haml
index 8700b4820cd..4dfb3ed05bb 100644
--- a/app/views/admin/runners/show.html.haml
+++ b/app/views/admin/runners/show.html.haml
@@ -22,25 +22,9 @@
     %h4 This runner will process builds only from ASSIGNED projects
     %p You can't make this a shared runner.
 %hr
-= form_for @runner, url: admin_runner_path(@runner), html: { class: 'form-horizontal' } do |f|
-  .form-group
-    = label_tag :token, class: 'control-label' do
-      Token
-    .col-sm-10
-      = f.text_field :token, class: 'form-control', readonly: true
-  .form-group
-    = label_tag :description, class: 'control-label' do
-      Description
-    .col-sm-10
-      = f.text_field :description, class: 'form-control'
-  .form-group
-    = label_tag :tag_list, class: 'control-label' do
-      Tags
-    .col-sm-10
-      = f.text_field :tag_list, value: @runner.tag_list.to_s, class: 'form-control'
-      .help-block You can setup builds to only use runners with specific tags
-  .form-actions
-    = f.submit 'Save', class: 'btn btn-save'
+
+.append-bottom-20
+  = render '/projects/runners/form', runner: @runner, runner_form_url: admin_runner_path(@runner)
 
 .row
   .col-md-6
diff --git a/app/views/admin/users/index.html.haml b/app/views/admin/users/index.html.haml
index 0ee8dc962b9..d6743081c8e 100644
--- a/app/views/admin/users/index.html.haml
+++ b/app/views/admin/users/index.html.haml
@@ -32,7 +32,7 @@
         Without projects
         %small.badge= number_with_delimiter(User.without_projects.count)
 
-  .gray-content-block.second-block
+  .row-content-block.second-block
     .pull-right
       .dropdown.inline
         %a.dropdown-toggle.btn{href: '#', "data-toggle" => "dropdown"}
diff --git a/app/views/dashboard/todos/index.html.haml b/app/views/dashboard/todos/index.html.haml
index 49ab8aad1d5..fc42e5dcc66 100644
--- a/app/views/dashboard/todos/index.html.haml
+++ b/app/views/dashboard/todos/index.html.haml
@@ -8,14 +8,14 @@
       = link_to todos_filter_path(state: 'pending') do
         %span
           To do
-        %span{class: 'badge'}
+        %span.badge
           = todos_pending_count
     - todo_done_active = ('active' if params[:state] == 'done')
     %li{class: "todos-done #{todo_done_active}"}
       = link_to todos_filter_path(state: 'done') do
         %span
           Done
-        %span{class: 'badge'}
+        %span.badge
           = todos_done_count
 
   .nav-controls
@@ -25,7 +25,7 @@
         = icon('spinner spin')
 
 .todos-filters
-  .gray-content-block.second-block
+  .row-content-block.second-block
     = form_tag todos_filter_path(without: [:project_id, :author_id, :type, :action_id]), method: :get, class: 'filter-form' do
       .filter-item.inline
         = select_tag('project_id', todo_projects_options,
diff --git a/app/views/devise/sessions/new.html.haml b/app/views/devise/sessions/new.html.haml
index d65fa60025c..28194506acc 100644
--- a/app/views/devise/sessions/new.html.haml
+++ b/app/views/devise/sessions/new.html.haml
@@ -4,7 +4,7 @@
     = render 'devise/shared/signin_box'
 
   -# Omniauth fits between signin/ldap signin and signup and does not have a surrounding box
-  - if omniauth_enabled? && devise_mapping.omniauthable?
+  - if omniauth_enabled? && devise_mapping.omniauthable? && button_based_providers_enabled?
     .clearfix.prepend-top-20
       = render 'devise/shared/omniauth_box'
 
diff --git a/app/views/devise/sessions/two_factor.html.haml b/app/views/devise/sessions/two_factor.html.haml
index 22b2c1a186b..c9d1e454a5e 100644
--- a/app/views/devise/sessions/two_factor.html.haml
+++ b/app/views/devise/sessions/two_factor.html.haml
@@ -4,7 +4,7 @@
       %h3 Two-factor Authentication
     .login-body
       = form_for(resource, as: resource_name, url: session_path(resource_name), method: :post) do |f|
-        = f.text_field :otp_attempt, class: 'form-control', placeholder: 'Two-factor authentication code', required: true, autofocus: true
-        %p.help-block.hint If you've lost your phone, you may enter one of your recovery codes.
+        = f.text_field :otp_attempt, class: 'form-control', placeholder: 'Two-factor Authentication code', required: true, autofocus: true
+        %p.help-block.hint Enter the code from the two-factor app on your mobile device. If you've lost your device, you may enter one of your recovery codes.
         .prepend-top-20
           = f.submit "Verify code", class: "btn btn-save"
diff --git a/app/views/devise/shared/_omniauth_box.html.haml b/app/views/devise/shared/_omniauth_box.html.haml
index ecf680e7b23..de18bc2d844 100644
--- a/app/views/devise/shared/_omniauth_box.html.haml
+++ b/app/views/devise/shared/_omniauth_box.html.haml
@@ -1,7 +1,7 @@
 %p
   %span.light
     Sign in with &nbsp;
-  - providers = button_based_providers
+  - providers = enabled_button_based_providers
   - providers.each do |provider|
     %span.light
       - has_icon = provider_has_icon?(provider)
diff --git a/app/views/devise/shared/_signup_box.html.haml b/app/views/devise/shared/_signup_box.html.haml
index e5607dacd0d..510215bb8cd 100644
--- a/app/views/devise/shared/_signup_box.html.haml
+++ b/app/views/devise/shared/_signup_box.html.haml
@@ -6,7 +6,7 @@
     .login-heading
       %h3 Create an account
   .login-body
-    = form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
+    = form_for(resource, as: "new_#{resource_name}", url: registration_path(resource_name)) do |f|
       .devise-errors
         = devise_error_messages!
       %div
@@ -16,7 +16,7 @@
       %div
         = f.email_field :email, class: "form-control middle", placeholder: "Email", required: true
       .form-group.append-bottom-20#password-strength
-        = f.password_field :password, class: "form-control bottom", id: "user_password_sign_up", placeholder: "Password", required: true
+        = f.password_field :password, class: "form-control bottom", placeholder: "Password", required: true
       %div
       - if current_application_settings.recaptcha_enabled
         = recaptcha_tags
diff --git a/app/views/doorkeeper/applications/index.html.haml b/app/views/doorkeeper/applications/index.html.haml
index 79df17ba612..3998e66f40d 100644
--- a/app/views/doorkeeper/applications/index.html.haml
+++ b/app/views/doorkeeper/applications/index.html.haml
@@ -44,7 +44,7 @@
                         = icon('pencil')
                       = render 'delete_form', application: application, small: true
         - else
-          .profile-settings-message.text-center
+          .settings-message.text-center
             You don't have any applications
     .oauth-authorized-applications.prepend-top-20.append-bottom-default
       - if user_oauth_applications?
@@ -78,5 +78,5 @@
                   %td= token.scopes
                   %td= render 'doorkeeper/authorized_applications/delete_form', token: token
       - else
-        .profile-settings-message.text-center
+        .settings-message.text-center
           You don't have any authorized applications
diff --git a/app/views/events/_event.html.haml b/app/views/events/_event.html.haml
index 4d20dd5830e..e4629bae0e6 100644
--- a/app/views/events/_event.html.haml
+++ b/app/views/events/_event.html.haml
@@ -4,7 +4,12 @@
       #{time_ago_with_tooltip(event.created_at)}
 
     = cache [event, current_application_settings, "v2.2"] do
-      = image_tag avatar_icon(event.author_email, 40), class: "avatar s40", alt:''
+      - if event.author
+        = link_to user_path(event.author) do
+          = image_tag avatar_icon(event.author_email, 40), class: "avatar s40", alt:''
+      - else
+        = image_tag avatar_icon(event.author_email, 40), class: "avatar s40", alt:''
+
       - if event.created_project?
         = render "events/event/created_project", event: event
       - elsif event.push?
diff --git a/app/views/events/_event_last_push.html.haml b/app/views/events/_event_last_push.html.haml
index 5753158c24d..a1a282178e7 100644
--- a/app/views/events/_event_last_push.html.haml
+++ b/app/views/events/_event_last_push.html.haml
@@ -1,5 +1,5 @@
 - if show_last_push_widget?(event)
-  .gray-content-block.clear-block.last-push-widget
+  .row-content-block.clear-block.last-push-widget
     .event-last-push
       .event-last-push-text
         %span You pushed to
diff --git a/app/views/events/event/_common.html.haml b/app/views/events/event/_common.html.haml
index c994e3b997d..f9f623cc031 100644
--- a/app/views/events/event/_common.html.haml
+++ b/app/views/events/event/_common.html.haml
@@ -4,7 +4,7 @@
     = event_action_name(event)
 
   - if event.target
-    %strong= link_to event.target.reference_link_text, [event.project.namespace.becomes(Namespace), event.project, event.target]
+    %strong= link_to event.target.reference_link_text, [event.project.namespace.becomes(Namespace), event.project, event.target], title: event.target_title
 
   = event_preposition(event)
 
diff --git a/app/views/explore/groups/index.html.haml b/app/views/explore/groups/index.html.haml
index 8ffca96bb4e..57f6e7e0612 100644
--- a/app/views/explore/groups/index.html.haml
+++ b/app/views/explore/groups/index.html.haml
@@ -6,7 +6,7 @@
 - else
   = render 'explore/head'
 
-.gray-content-block.clearfix
+.row-content-block.clearfix
   .pull-left
     = form_tag explore_groups_path, method: :get, class: 'form-inline form-tiny' do |f|
       = hidden_field_tag :sort, @sort
diff --git a/app/views/explore/snippets/index.html.haml b/app/views/explore/snippets/index.html.haml
index 0f100c39ffb..9b838b9f3b7 100644
--- a/app/views/explore/snippets/index.html.haml
+++ b/app/views/explore/snippets/index.html.haml
@@ -6,7 +6,7 @@
 - else
   = render 'explore/head'
 
-.gray-content-block
+.row-content-block
   - if current_user
     .pull-right
       = link_to new_snippet_path, class: "btn btn-new", title: "New Snippet" do
diff --git a/app/views/groups/_activities.html.haml b/app/views/groups/_activities.html.haml
index dc76599b776..71cc4d87b1f 100644
--- a/app/views/groups/_activities.html.haml
+++ b/app/views/groups/_activities.html.haml
@@ -4,7 +4,7 @@
 .nav-block
   - if current_user
     .controls
-      = link_to dashboard_projects_path(:atom, { private_token: current_user.private_token }), class: 'btn rss-btn' do
+      = link_to group_path(@group, format: :atom, private_token: current_user.private_token), class: 'btn rss-btn' do
         %i.fa.fa-rss
   = render 'shared/event_filter'
 
diff --git a/app/views/groups/activity.html.haml b/app/views/groups/activity.html.haml
index f73e1d9e865..aaad265b3ee 100644
--- a/app/views/groups/activity.html.haml
+++ b/app/views/groups/activity.html.haml
@@ -3,7 +3,6 @@
     = auto_discovery_link_tag(:atom, group_url(@group, format: :atom, private_token: current_user.private_token), title: "#{@group.name} activity")
 
 - page_title    "Activity"
-- header_title  group_title(@group, "Activity", activity_group_path(@group))
 
 %section.activities
   = render 'activities'
diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml
index a698cbbe9db..92cd4c553d0 100644
--- a/app/views/groups/edit.html.haml
+++ b/app/views/groups/edit.html.haml
@@ -1,5 +1,3 @@
-- header_title group_title(@group, "Settings", edit_group_path(@group))
-
 .panel.panel-default.prepend-top-default
   .panel-heading
     Group settings
diff --git a/app/views/groups/group_members/index.html.haml b/app/views/groups/group_members/index.html.haml
index 6b7fd5746d6..0eb6bbd4420 100644
--- a/app/views/groups/group_members/index.html.haml
+++ b/app/views/groups/group_members/index.html.haml
@@ -1,5 +1,4 @@
 - page_title "Members"
-- header_title group_title(@group, "Members", group_group_members_path(@group))
 
 .group-members-page.prepend-top-default
   - if current_user && current_user.can?(:admin_group_member, @group)
diff --git a/app/views/groups/issues.atom.builder b/app/views/groups/issues.atom.builder
index 486d1d8587a..a6eb9abada6 100644
--- a/app/views/groups/issues.atom.builder
+++ b/app/views/groups/issues.atom.builder
@@ -1,9 +1,9 @@
 xml.instruct!
 xml.feed "xmlns" => "http://www.w3.org/2005/Atom", "xmlns:media" => "http://search.yahoo.com/mrss/" do
-  xml.title   "#{@user.name} issues"
-  xml.link    href: issues_dashboard_url(format: :atom, private_token: @user.private_token), rel: "self", type: "application/atom+xml"
-  xml.link    href: issues_dashboard_url, rel: "alternate", type: "text/html"
-  xml.id      issues_dashboard_url
+  xml.title   "#{@group.name} issues"
+  xml.link    href: issues_group_url(format: :atom, private_token: current_user.try(:private_token)), rel: "self", type: "application/atom+xml"
+  xml.link    href: issues_group_url, rel: "alternate", type: "text/html"
+  xml.id      issues_group_url
   xml.updated @issues.first.created_at.xmlschema if @issues.any?
 
   @issues.each do |issue|
diff --git a/app/views/groups/issues.html.haml b/app/views/groups/issues.html.haml
index aea35c50862..4434f1cbd35 100644
--- a/app/views/groups/issues.html.haml
+++ b/app/views/groups/issues.html.haml
@@ -1,5 +1,4 @@
 - page_title "Issues"
-- header_title group_title(@group, "Issues", issues_group_path(@group))
 = content_for :meta_tags do
   - if current_user
     = auto_discovery_link_tag(:atom, issues_group_url(@group, format: :atom, private_token: current_user.private_token), title: "#{@group.name} issues")
@@ -16,7 +15,7 @@
 
 = render 'shared/issuable/filter', type: :issues
 
-.gray-content-block.second-block
+.row-content-block.second-block
   Only issues from
   %strong #{@group.name}
   group are listed here.
diff --git a/app/views/groups/merge_requests.html.haml b/app/views/groups/merge_requests.html.haml
index e1c9dd931ee..e6953d94531 100644
--- a/app/views/groups/merge_requests.html.haml
+++ b/app/views/groups/merge_requests.html.haml
@@ -1,5 +1,4 @@
 - page_title "Merge Requests"
-- header_title group_title(@group, "Merge Requests", merge_requests_group_path(@group))
 
 .top-area
   = render 'shared/issuable/nav', type: :merge_requests
@@ -8,7 +7,7 @@
 
 = render 'shared/issuable/filter', type: :merge_requests
 
-.gray-content-block.second-block
+.row-content-block.second-block
   Only merge requests from
   %strong #{@group.name}
   group are listed here.
diff --git a/app/views/groups/milestones/index.html.haml b/app/views/groups/milestones/index.html.haml
index ab307708b75..121a7de3ad7 100644
--- a/app/views/groups/milestones/index.html.haml
+++ b/app/views/groups/milestones/index.html.haml
@@ -1,5 +1,4 @@
 - page_title "Milestones"
-- header_title group_title(@group, "Milestones", group_milestones_path(@group))
 
 .top-area
   = render 'shared/milestones_filter'
@@ -10,7 +9,7 @@
         = icon('plus')
         New Milestone
 
-.gray-content-block
+.row-content-block
   Only milestones from
   %strong #{@group.name}
   group are listed here.
diff --git a/app/views/groups/projects.html.haml b/app/views/groups/projects.html.haml
index dd75766121e..c2f2d9912f7 100644
--- a/app/views/groups/projects.html.haml
+++ b/app/views/groups/projects.html.haml
@@ -1,5 +1,4 @@
 - page_title "Projects"
-- header_title group_title(@group, "Projects", projects_group_path(@group))
 
 .panel.panel-default.prepend-top-default
   .panel-heading
diff --git a/app/views/groups/show.html.haml b/app/views/groups/show.html.haml
index 3d16ecb097a..77c297255b8 100644
--- a/app/views/groups/show.html.haml
+++ b/app/views/groups/show.html.haml
@@ -4,28 +4,20 @@
   - if current_user
     = auto_discovery_link_tag(:atom, group_url(@group, format: :atom, private_token: current_user.private_token), title: "#{@group.name} activity")
 
-.cover-block
-  .cover-controls
-    - if @group && can?(current_user, :admin_group, @group)
-      = link_to icon('pencil'), edit_group_path(@group), class: 'btn'
-    - if current_user
-      = link_to icon('rss'), group_path(@group, { format: :atom, private_token: current_user.private_token }), title: "Feed", class: 'btn rss-btn'
-
-  .avatar-holder
+.cover-block.groups-cover-block
+  .container-fluid.container-limited
     = link_to group_icon(@group), target: '_blank' do
-      = image_tag group_icon(@group), class: "avatar group-avatar s90"
-  .cover-title
-    %h1
-      = @group.name
-      %span.visibility-icon.has-tooltip{ data: { container: 'body' }, title: visibility_icon_description(@group) }
-        = visibility_level_icon(@group.visibility_level, fw: false)
+      = image_tag group_icon(@group), class: "avatar group-avatar s70"
+    .group-info
+      .cover-title
+        %h1
+          @#{@group.path}
+          %span.visibility-icon.has-tooltip{ data: { container: 'body' }, title: visibility_icon_description(@group) }
+            = visibility_level_icon(@group.visibility_level, fw: false)
 
-  .cover-desc.username
-    @#{@group.path}
-
-  - if @group.description.present?
-    .cover-desc.description
-      = markdown(@group.description, pipeline: :description)
+      - if @group.description.present?
+        .cover-desc.description
+          = markdown(@group.description, pipeline: :description)
 
 %div{ class: container_class }
   .top-area
diff --git a/app/views/help/_shortcuts.html.haml b/app/views/help/_shortcuts.html.haml
index da3c3711cdd..70e88da7aae 100644
--- a/app/views/help/_shortcuts.html.haml
+++ b/app/views/help/_shortcuts.html.haml
@@ -21,7 +21,7 @@
               %tr
                 %td.shortcut
                   .key ?
-                %td Show this dialog
+                %td Show/hide this dialog
               %tr
                 %td.shortcut
                   - if browser.mac?
@@ -169,6 +169,10 @@
                 %td.shortcut
                   .key t
                 %td Go to finding file
+              %tr
+                %td.shortcut
+                  .key i
+                %td New issue
         .col-lg-4
           %table.shortcut-mappings
             %tbody{ class: 'hidden-shortcut network', style: 'display:none' }
@@ -241,6 +245,10 @@
                 %td.shortcut
                   .key e
                 %td Edit issue
+              %tr
+                %td.shortcut
+                  .key l
+                %td Change Label
             %tbody{ class: 'hidden-shortcut merge_requests', style: 'display:none' }
               %tr
                 %th
@@ -261,3 +269,7 @@
                 %td.shortcut
                   .key e
                 %td Edit merge request
+              %tr
+                %td.shortcut
+                  .key l
+                %td Change Label
diff --git a/app/views/help/ui.html.haml b/app/views/help/ui.html.haml
index f12df5c8ffe..d676bc28c89 100644
--- a/app/views/help/ui.html.haml
+++ b/app/views/help/ui.html.haml
@@ -48,14 +48,14 @@
 
   .lead
     Gray content block with side padding using
-    %code .gray-content-block
+    %code .row-content-block
 
   .example
-    .gray-content-block
+    .row-content-block
       %h4 Normal block inside content
       = lorem
 
-    .gray-content-block.second-block
+    .row-content-block.second-block
       %h4 Second block
       = lorem
 
diff --git a/app/views/layouts/_page.html.haml b/app/views/layouts/_page.html.haml
index ca9c2a0bf2e..5be0b546a62 100644
--- a/app/views/layouts/_page.html.haml
+++ b/app/views/layouts/_page.html.haml
@@ -1,5 +1,4 @@
 .page-with-sidebar{ class: "#{page_sidebar_class} #{page_gutter_class}" }
-  = render "layouts/broadcast"
   .sidebar-wrapper.nicescroll{ class: nav_sidebar_class }
     .header-logo
       %a#logo
@@ -22,13 +21,14 @@
         = image_tag avatar_icon(current_user, 60), alt: 'Profile', class: 'avatar avatar s36'
         .username
           = current_user.username
-  .content-wrapper
+  - if defined?(nav) && nav
+    .layout-nav
+      .container-fluid
+        = render "layouts/nav/#{nav}"
+  .content-wrapper{ class: "#{layout_nav_class} #{layout_dropdown_class}" }
+    = render "layouts/broadcast"
     = render "layouts/flash"
     = yield :flash_message
-    - if defined?(nav) && nav
-      .layout-nav
-        %div{ class: container_class }
-          = render "layouts/nav/#{nav}"
     %div{ class: (container_class unless @no_container) }
       .content
         .clearfix
diff --git a/app/views/layouts/group.html.haml b/app/views/layouts/group.html.haml
index 2e483b7148d..f06acc98ca1 100644
--- a/app/views/layouts/group.html.haml
+++ b/app/views/layouts/group.html.haml
@@ -1,6 +1,6 @@
 - page_title       @group.name
 - page_description @group.description  unless page_description
 - header_title     group_title(@group) unless header_title
-- sidebar          "group"             unless sidebar
+- nav              "group"
 
 = render template: "layouts/application"
diff --git a/app/views/layouts/group_settings.html.haml b/app/views/layouts/group_settings.html.haml
index a1a1fc2f858..66b115e36de 100644
--- a/app/views/layouts/group_settings.html.haml
+++ b/app/views/layouts/group_settings.html.haml
@@ -1,5 +1,4 @@
 - page_title    "Settings"
-- header_title group_title(@group, "Settings", edit_group_path(@group))
-- sidebar       "group_settings"
+- nav           "group"
 
 = render template: "layouts/group"
diff --git a/app/views/layouts/header/_default.html.haml b/app/views/layouts/header/_default.html.haml
index 3beb8ff7c0d..c33740e23fa 100644
--- a/app/views/layouts/header/_default.html.haml
+++ b/app/views/layouts/header/_default.html.haml
@@ -1,9 +1,12 @@
 %header.navbar.navbar-fixed-top.navbar-gitlab{ class: nav_header_class }
   %div{ class: fluid_layout ? "container-fluid" : "container-fluid" }
     .header-content
-      %button.navbar-toggle{type: 'button'}
+      %button.side-nav-toggle{type: 'button'}
         %span.sr-only Toggle navigation
         = icon('bars')
+      %button.navbar-toggle{type: 'button'}
+        %span.sr-only Toggle navigation
+        = icon('angle-left')
 
       .navbar-collapse.collapse
         %ul.nav.navbar-nav
@@ -15,7 +18,7 @@
           - if current_user
             - if session[:impersonator_id]
               %li.impersonation
-                = link_to stop_impersonation_admin_users_path, method: :delete, title: 'Stop Impersonation', data: { toggle: 'tooltip', placement: 'bottom', container: 'body' } do
+                = link_to admin_impersonation_path, method: :delete, title: 'Stop Impersonation', data: { toggle: 'tooltip', placement: 'bottom', container: 'body' } do
                   = icon('user-secret fw')
             - if current_user.is_admin?
               %li
@@ -23,8 +26,10 @@
                   = icon('wrench fw')
             %li
               = link_to dashboard_todos_path, title: 'Todos', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
-                %span.badge.todos-pending-count
-                  = todos_pending_count
+                = icon('bell fw')
+                - unless todos_pending_count == 0
+                  %span.badge.todos-pending-count
+                    = todos_pending_count
             - if current_user.can_create_project?
               %li
                 = link_to new_project_path, title: 'New project', data: {toggle: 'tooltip', placement: 'bottom', container: 'body'} do
diff --git a/app/views/layouts/nav/_admin.html.haml b/app/views/layouts/nav/_admin.html.haml
index 280a1b93729..f292730fe45 100644
--- a/app/views/layouts/nav/_admin.html.haml
+++ b/app/views/layouts/nav/_admin.html.haml
@@ -41,6 +41,11 @@
       = icon('file-text fw')
       %span
         Logs
+  = nav_link(controller: :health_check) do
+    = link_to admin_health_check_path, title: 'Health Check' do
+      = icon('medkit fw')
+      %span
+        Health Check
   = nav_link(controller: :broadcast_messages) do
     = link_to admin_broadcast_messages_path, title: 'Messages' do
       = icon('bullhorn fw')
diff --git a/app/views/layouts/nav/_dashboard.html.haml b/app/views/layouts/nav/_dashboard.html.haml
index ca49c313ff7..fad4224e945 100644
--- a/app/views/layouts/nav/_dashboard.html.haml
+++ b/app/views/layouts/nav/_dashboard.html.haml
@@ -15,12 +15,12 @@
       = icon('dashboard fw')
       %span
         Activity
-  = nav_link(controller: :groups) do
+  = nav_link(controller: [:groups, 'groups/milestones', 'groups/group_members']) do
     = link_to dashboard_groups_path, title: 'Groups' do
       = icon('group fw')
       %span
         Groups
-  = nav_link(controller: :milestones) do
+  = nav_link(controller: 'dashboard/milestones') do
     = link_to dashboard_milestones_path, title: 'Milestones' do
       = icon('clock-o fw')
       %span
diff --git a/app/views/layouts/nav/_explore.html.haml b/app/views/layouts/nav/_explore.html.haml
index f08c5edf99c..3b40006a0cc 100644
--- a/app/views/layouts/nav/_explore.html.haml
+++ b/app/views/layouts/nav/_explore.html.haml
@@ -4,7 +4,7 @@
       = icon('bookmark fw')
       %span
         Projects
-  = nav_link(controller: :groups) do
+  = nav_link(controller: [:groups, 'groups/milestones', 'groups/group_members']) do
     = link_to explore_groups_path, title: 'Groups' do
       = icon('group fw')
       %span
diff --git a/app/views/layouts/nav/_group.html.haml b/app/views/layouts/nav/_group.html.haml
index 55940741dc0..3438005863a 100644
--- a/app/views/layouts/nav/_group.html.haml
+++ b/app/views/layouts/nav/_group.html.haml
@@ -1,12 +1,6 @@
-%ul.nav.nav-sidebar
-  = nav_link do
-    = link_to root_path, title: 'Go to dashboard', class: 'back-link' do
-      = icon('caret-square-o-left fw')
-      %span
-        Go to dashboard
-
-  %li.separate-item
+= render 'layouts/nav/group_settings'
 
+%ul.nav-links
   = nav_link(path: 'groups#show', html_options: {class: 'home'}) do
     = link_to group_path(@group), title: 'Home' do
       = icon('group fw')
@@ -28,22 +22,16 @@
       %span
         Issues
         - issues = IssuesFinder.new(current_user, group_id: @group.id, state: 'opened').execute
-        %span.count= number_with_delimiter(issues.count)
+        %span.badge.count= number_with_delimiter(issues.count)
   = nav_link(path: 'groups#merge_requests') do
     = link_to merge_requests_group_path(@group), title: 'Merge Requests' do
       = icon('tasks fw')
       %span
         Merge Requests
         - merge_requests = MergeRequestsFinder.new(current_user, group_id: @group.id, state: 'opened').execute
-        %span.count= number_with_delimiter(merge_requests.count)
+        %span.badge.count= number_with_delimiter(merge_requests.count)
   = nav_link(controller: [:group_members]) do
     = link_to group_group_members_path(@group), title: 'Members' do
       = icon('users fw')
       %span
         Members
-  - if can?(current_user, :admin_group, @group)
-    = nav_link(html_options: { class: "separate-item" }) do
-      = link_to edit_group_path(@group), title: 'Settings' do
-        = icon ('cogs fw')
-        %span
-          Settings
diff --git a/app/views/layouts/nav/_group_settings.html.haml b/app/views/layouts/nav/_group_settings.html.haml
index 56a92fe9103..0b2673f1a82 100644
--- a/app/views/layouts/nav/_group_settings.html.haml
+++ b/app/views/layouts/nav/_group_settings.html.haml
@@ -1,20 +1,20 @@
-%ul.nav.nav-sidebar
-  = nav_link do
-    = link_to group_path(@group), title: 'Go to group', class: 'back-link' do
-      = icon('caret-square-o-left fw')
-      %span
-        Go to group
-
-  %li.separate-item
-
-  %ul.sidebar-subnav
-    = nav_link(path: 'groups#edit') do
-      = link_to edit_group_path(@group), title: 'Group Settings' do
-        = icon ('pencil-square-o fw')
-        %span
-          Group Settings
-    = nav_link(path: 'groups#projects') do
-      = link_to projects_group_path(@group), title: 'Projects' do
-        = icon('folder fw')
-        %span
-          Projects
+- if current_user
+  - if access = @group.users.find_by(id: current_user.id)
+    .controls
+      .dropdown.group-settings-dropdown
+        %a.dropdown-new.btn.btn-default#group-settings-button{href: '#', 'data-toggle' => 'dropdown'}
+          = icon('cog')
+          = icon('caret-down')
+        %ul.dropdown-menu.dropdown-menu-align-right
+          - if can?(current_user, :admin_group, @group)
+            = nav_link(path: 'groups#projects') do
+              = link_to projects_group_path(@group), title: 'Projects' do
+                Projects
+            %li.divider
+            %li
+              = link_to edit_group_path(@group) do
+                Edit Group
+          %li
+            = link_to leave_group_group_members_path(@group),
+              data: { confirm: leave_group_message(@group.name) }, method: :delete, title: 'Leave group' do
+              Leave Group
diff --git a/app/views/layouts/nav/_project.html.haml b/app/views/layouts/nav/_project.html.haml
index a15b7758c4b..d3d715aad3b 100644
--- a/app/views/layouts/nav/_project.html.haml
+++ b/app/views/layouts/nav/_project.html.haml
@@ -46,6 +46,13 @@
           Builds
           %span.count.builds_counter= number_with_delimiter(@project.builds.running_or_pending.count(:all))
 
+  - if project_nav_tab? :container_registry
+    = nav_link(controller: %w(container_registry)) do
+      = link_to project_container_registry_path(@project), title: 'Container Registry', class: 'shortcuts-container-registry' do
+        = icon('hdd-o fw')
+        %span
+          Container Registry
+
   - if project_nav_tab? :graphs
     = nav_link(controller: %w(graphs)) do
       = link_to namespace_project_graph_path(@project.namespace, @project, current_ref), title: 'Graphs',  class: 'shortcuts-graphs' do
@@ -124,3 +131,8 @@
     %li.hidden
       = link_to namespace_project_network_path(@project.namespace, @project, current_ref), title: 'Network', class: 'shortcuts-network' do
         Network
+
+  -# Shortcut to create a new issue
+  %li.hidden
+    = link_to new_namespace_project_issue_path(@project.namespace, @project), class: 'shortcuts-new-issue' do
+      Create a new issue
diff --git a/app/views/notify/note_merge_request_email.html.haml b/app/views/notify/note_merge_request_email.html.haml
index 65f0e4c4068..a3643a00cfe 100644
--- a/app/views/notify/note_merge_request_email.html.haml
+++ b/app/views/notify/note_merge_request_email.html.haml
@@ -1,7 +1,7 @@
-- if @note.diff_file_name
+- if @note.legacy_diff_note?
   %p.details
     New comment on diff for
-    = link_to @note.diff_file_name, @target_url
+    = link_to @note.diff_file_path, @target_url
     \:
 
 = render 'note_message'
diff --git a/app/views/notify/note_snippet_email.html.haml b/app/views/notify/note_snippet_email.html.haml
new file mode 100644
index 00000000000..2fa2f784661
--- /dev/null
+++ b/app/views/notify/note_snippet_email.html.haml
@@ -0,0 +1 @@
+= render 'note_message'
diff --git a/app/views/notify/note_snippet_email.text.erb b/app/views/notify/note_snippet_email.text.erb
new file mode 100644
index 00000000000..4d5a406f4b0
--- /dev/null
+++ b/app/views/notify/note_snippet_email.text.erb
@@ -0,0 +1,8 @@
+New comment for Snippet <%= @snippet.id %>
+
+<%= url_for(namespace_project_snippet_url(@snippet.project.namespace, @snippet.project, @snippet, anchor: "note_#{@note.id}")) %>
+
+
+Author: <%= @note.author_name %>
+
+<%= @note.note %>
diff --git a/app/views/profiles/emails/index.html.haml b/app/views/profiles/emails/index.html.haml
index 57527361eb6..6f7fefdb46d 100644
--- a/app/views/profiles/emails/index.html.haml
+++ b/app/views/profiles/emails/index.html.haml
@@ -45,4 +45,4 @@
               %span.label.label-info Public Email
             - if email.email === current_user.notification_email
               %span.label.label-info Notification Email
-          = link_to 'Remove', profile_email_path(email), data: { confirm: 'Are you sure?'}, method: :delete, class: 'btn btn-sm btn-remove pull-right'
+            = link_to 'Remove', profile_email_path(email), data: { confirm: 'Are you sure?'}, method: :delete, class: 'btn btn-sm btn-warning prepend-left-10'
diff --git a/app/views/profiles/keys/_key.html.haml b/app/views/profiles/keys/_key.html.haml
index 4dbaa662b66..3276db6692c 100644
--- a/app/views/profiles/keys/_key.html.haml
+++ b/app/views/profiles/keys/_key.html.haml
@@ -1,6 +1,6 @@
 %li.key-list-item
   .pull-left.append-right-10
-    = icon 'key', class: "key-icon hidden-xs"
+    = icon 'key', class: "settings-list-icon hidden-xs"
   .key-list-item-info
     = link_to path_to_key(key, is_admin), class: "title" do
       = key.title
diff --git a/app/views/profiles/keys/_key_table.html.haml b/app/views/profiles/keys/_key_table.html.haml
index 296cafa6e31..e78763bdcb2 100644
--- a/app/views/profiles/keys/_key_table.html.haml
+++ b/app/views/profiles/keys/_key_table.html.haml
@@ -4,7 +4,7 @@
   %ul.well-list
     = render partial: 'profiles/keys/key', collection: @keys, locals: { is_admin: is_admin }
 - else
-  %p.profile-settings-message.text-center
+  %p.settings-message.text-center
     - if is_admin
       There are no SSH keys associated with this account.
     - else
diff --git a/app/views/profiles/show.html.haml b/app/views/profiles/show.html.haml
index f59d27f7ed0..eef50d887c7 100644
--- a/app/views/profiles/show.html.haml
+++ b/app/views/profiles/show.html.haml
@@ -8,11 +8,11 @@
       %p
         - if @user.avatar?
           You can change your avatar here
-          - if Gitlab.config.gravatar.enabled
+          - if gravatar_enabled?
             or remove the current avatar to revert to #{link_to Gitlab.config.gravatar.host, "http://" + Gitlab.config.gravatar.host}
         - else
           You can upload an avatar here
-          - if Gitlab.config.gravatar.enabled
+          - if gravatar_enabled?
             or change it at #{link_to Gitlab.config.gravatar.host, "http://" + Gitlab.config.gravatar.host}
     .col-lg-9
       .clearfix.avatar-image.append-bottom-default
diff --git a/app/views/projects/_last_push.html.haml b/app/views/projects/_last_push.html.haml
index f0a3e416db7..7c2b8d01508 100644
--- a/app/views/projects/_last_push.html.haml
+++ b/app/views/projects/_last_push.html.haml
@@ -1,7 +1,7 @@
 - if event = last_push_event
   - if show_last_push_widget?(event)
 
-    .gray-content-block.top-block.clear-block.hidden-xs
+    .row-content-block.top-block.clear-block.hidden-xs
       .event-last-push
         .event-last-push-text
           %span You pushed to
diff --git a/app/views/projects/_md_preview.html.haml b/app/views/projects/_md_preview.html.haml
index 8de44a6c914..81afea2c60a 100644
--- a/app/views/projects/_md_preview.html.haml
+++ b/app/views/projects/_md_preview.html.haml
@@ -8,7 +8,7 @@
         %a.js-md-preview-button{ href: "#md-preview-holder", tabindex: -1 }
           Preview
       %li.pull-right
-        %button.zen-cotrol.zen-control-full.js-zen-enter{ type: 'button', tabindex: -1 }
+        %button.zen-control.zen-control-full.js-zen-enter{ type: 'button', tabindex: -1 }
           Go full screen
 
   .md-write-holder
diff --git a/app/views/projects/_readme.html.haml b/app/views/projects/_readme.html.haml
index a9908eaecca..369a847e7d4 100644
--- a/app/views/projects/_readme.html.haml
+++ b/app/views/projects/_readme.html.haml
@@ -7,7 +7,7 @@
       = cache(readme_cache_key) do
         = render_readme(readme)
 - else
-  .gray-content-block.second-block.center
+  .row-content-block.second-block.center
     %h3.page-title
       This project does not have a README yet
     - if can?(current_user, :push_code, @project)
diff --git a/app/views/projects/_zen.html.haml b/app/views/projects/_zen.html.haml
index e1e35013968..413477a2d3a 100644
--- a/app/views/projects/_zen.html.haml
+++ b/app/views/projects/_zen.html.haml
@@ -4,5 +4,5 @@
     = f.text_area attr, class: classes, placeholder: placeholder
   - else
     = text_area_tag attr, nil, class: classes, placeholder: placeholder
-  %a.zen-cotrol.zen-control-leave.js-zen-leave{ href: "#" }
+  %a.zen-control.zen-control-leave.js-zen-leave{ href: "#" }
     = icon('compress')
diff --git a/app/views/projects/artifacts/browse.html.haml b/app/views/projects/artifacts/browse.html.haml
index 84034c8bf16..49f95ff37db 100644
--- a/app/views/projects/artifacts/browse.html.haml
+++ b/app/views/projects/artifacts/browse.html.haml
@@ -1,7 +1,7 @@
 - page_title 'Artifacts', "#{@build.name} (##{@build.id})", 'Builds'
 = render 'projects/builds/header_title'
 
-.top-block.gray-content-block.clearfix
+.top-block.row-content-block.clearfix
   .pull-right
     = link_to download_namespace_project_build_artifacts_path(@project.namespace, @project, @build),
       class: 'btn btn-default download' do
diff --git a/app/views/projects/blob/_text.html.haml b/app/views/projects/blob/_text.html.haml
index d09cd73558c..b1769759dce 100644
--- a/app/views/projects/blob/_text.html.haml
+++ b/app/views/projects/blob/_text.html.haml
@@ -1,10 +1,19 @@
-- blob.load_all_data!(@repository)
-- if markup?(blob.name)
-  .file-content.wiki
-    = render_markup(blob.name, blob.data)
+- if blob.only_display_raw?
+  .file-content.code
+    .nothing-here-block
+      File too large, you can
+      = succeed '.' do
+        = link_to 'view the raw file', namespace_project_raw_path(@project.namespace, @project, @id), target: '_blank'
+
 - else
-  - unless blob.empty?
-    = render 'shared/file_highlight', blob: blob
+  - blob.load_all_data!(@repository)
+
+  - if markup?(blob.name)
+    .file-content.wiki
+      = render_markup(blob.name, blob.data)
   - else
-    .file-content.code
-      .nothing-here-block Empty file
+    - if blob.empty?
+      .file-content.code
+        .nothing-here-block Empty file
+    - else
+      = render 'shared/file_highlight', blob: blob
diff --git a/app/views/projects/branches/index.html.haml b/app/views/projects/branches/index.html.haml
index 88266e21230..ac7790421a4 100644
--- a/app/views/projects/branches/index.html.haml
+++ b/app/views/projects/branches/index.html.haml
@@ -1,7 +1,7 @@
 - page_title "Branches"
 = render "projects/commits/header_title"
 = render "projects/commits/head"
-.gray-content-block
+.row-content-block
   .pull-right
     - if can? current_user, :push_code, @project
       = link_to new_namespace_project_branch_path(@project.namespace, @project), class: 'btn btn-create' do
diff --git a/app/views/projects/builds/index.html.haml b/app/views/projects/builds/index.html.haml
index 0406fc21d77..98f4a9416e5 100644
--- a/app/views/projects/builds/index.html.haml
+++ b/app/views/projects/builds/index.html.haml
@@ -9,6 +9,7 @@
         %span.badge.js-totalbuilds-count
           = number_with_delimiter(@all_builds.count(:id))
 
+
     %li{class: ('active' if @scope == 'running')}
       = link_to project_builds_path(@project, scope: :running) do
         Running
@@ -34,8 +35,8 @@
         = icon('wrench')
         %span CI Lint
 
-.gray-content-block
-  #{(@scope || 'running').capitalize} builds from this project
+.row-content-block
+  #{(@scope || 'all').capitalize} builds from this project
 
 %ul.content-list
   - if @builds.blank?
@@ -52,6 +53,7 @@
             %th Ref
             %th Stage
             %th Name
+            %th Tags
             %th Duration
             %th Finished at
             - if @project.build_coverage_enabled?
diff --git a/app/views/projects/builds/show.html.haml b/app/views/projects/builds/show.html.haml
index 99d72aa7935..c7b9c36a3ab 100644
--- a/app/views/projects/builds/show.html.haml
+++ b/app/views/projects/builds/show.html.haml
@@ -1,8 +1,9 @@
 - page_title "#{@build.name} (##{@build.id})", "Builds"
 = render "header_title"
+- trace_with_state = @build.trace_with_state
 
 .build-page
-  .gray-content-block.top-block
+  .row-content-block.top-block
     Build ##{@build.id} for commit
     %strong.monospace= link_to @build.commit.short_sha, ci_status_path(@build.commit)
     from
@@ -34,7 +35,7 @@
             %i.fa.fa-warning
             This build was retried.
 
-  .gray-content-block.middle-block
+  .row-content-block.middle-block
     .build-head
       .clearfix
         = ci_status_with_icon(@build.status)
@@ -85,7 +86,9 @@
         %pre.trace#build-trace
           %code.bash
             = preserve do
-              = raw @build.trace_html
+              = raw trace_with_state[:html]
+              - if @build.active?
+                %i{:class => "fa fa-refresh fa-spin"}
 
       %div#down-build-trace
 
@@ -216,4 +219,4 @@
 
 
   :javascript
-    new CiBuild("#{namespace_project_build_url(@project.namespace, @project, @build)}", "#{@build.status}")
+    new CiBuild("#{namespace_project_build_url(@project.namespace, @project, @build)}", "#{@build.status}", "#{trace_with_state[:state]}")
diff --git a/app/views/projects/ci/builds/_build.html.haml b/app/views/projects/ci/builds/_build.html.haml
index e123eb1cc7a..8e95f040273 100644
--- a/app/views/projects/ci/builds/_build.html.haml
+++ b/app/views/projects/ci/builds/_build.html.haml
@@ -40,6 +40,7 @@
   %td
     = build.name
 
+  %td
     .label-container
       - if build.tags.any?
         - build.tags.each do |tag|
@@ -68,12 +69,12 @@
   %td
     .pull-right
       - if can?(current_user, :read_build, build) && build.artifacts?
-        = link_to download_namespace_project_build_artifacts_path(build.project.namespace, build.project, build), title: 'Download artifacts' do
+        = link_to download_namespace_project_build_artifacts_path(build.project.namespace, build.project, build), title: 'Download artifacts', class: 'btn btn-build' do
           %i.fa.fa-download
       - if can?(current_user, :update_build, build)
         - if build.active?
-          = link_to cancel_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Cancel' do
+          = link_to cancel_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Cancel', class: 'btn btn-build' do
             %i.fa.fa-remove.cred
         - elsif defined?(allow_retry) && allow_retry && build.retryable?
-          = link_to retry_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Retry' do
-            %i.fa.fa-repeat
+          = link_to retry_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Retry', class: 'btn btn-build' do
+            %i.fa.fa-refresh
diff --git a/app/views/projects/commit/_ci_commit.html.haml b/app/views/projects/commit/_ci_commit.html.haml
index 25714e6cb47..e849aefb188 100644
--- a/app/views/projects/commit/_ci_commit.html.haml
+++ b/app/views/projects/commit/_ci_commit.html.haml
@@ -1,4 +1,4 @@
-.gray-content-block.middle-block
+.row-content-block.build-content.middle-block
   .pull-right
     - if can?(current_user, :update_build, @project)
       - if ci_commit.builds.latest.failed.any?(&:retryable?)
@@ -16,7 +16,7 @@
     - if defined?(link_to_commit) && link_to_commit
       for commit
       = link_to ci_commit.short_sha, namespace_project_commit_path(@project.namespace, @project, ci_commit.sha), class: "monospace"
-    - if ci_commit.duration > 0
+    - if ci_commit.duration
       in
       = time_interval_in_words ci_commit.duration
 
@@ -40,6 +40,7 @@
         %th Build ID
         %th Stage
         %th Name
+        %th Tags
         %th Duration
         %th Finished at
         - if @project.build_coverage_enabled?
@@ -49,7 +50,7 @@
     = render builds, coverage: @project.build_coverage_enabled?, stage: true, ref: false, allow_retry: true
 
 - if ci_commit.retried.any?
-  .gray-content-block.second-block
+  .row-content-block.second-block
     Retried builds
 
   .table-holder
@@ -61,6 +62,7 @@
           %th Ref
           %th Stage
           %th Name
+          %th Tags
           %th Duration
           %th Finished at
           - if @project.build_coverage_enabled?
diff --git a/app/views/projects/commit/_commit_box.html.haml b/app/views/projects/commit/_commit_box.html.haml
index 3d7c18a5f58..01163e526b2 100644
--- a/app/views/projects/commit/_commit_box.html.haml
+++ b/app/views/projects/commit/_commit_box.html.haml
@@ -1,4 +1,4 @@
-.pull-right
+.pull-right.commit-action-buttons
   %div
     - if @notes_count > 0
       %span.btn.disabled.btn-grouped
@@ -22,10 +22,12 @@
   %div
 
 %p
-  %span.light Commit
-  = link_to @commit.id, namespace_project_commit_path(@project.namespace, @project, @commit), class: "monospace"
-  = clipboard_button(clipboard_text: @commit.id)
 .commit-info-row
+  - if @commit.status
+    = link_to builds_namespace_project_commit_path(@project.namespace, @project, @commit.id), class: "ci-status ci-#{@commit.status}" do
+      = ci_icon_for_status(@commit.status)
+      build:
+      = ci_label_for_status(@commit.status)
   %span.light Authored by
   %strong
     = commit_author_link(@commit, avatar: true, size: 24)
@@ -39,19 +41,15 @@
     #{time_ago_with_tooltip(@commit.committed_date)}
 
 .commit-info-row
+  %span.light Commit
+  = link_to @commit.id, namespace_project_commit_path(@project.namespace, @project, @commit), class: "monospace"
+  = clipboard_button(clipboard_text: @commit.id)
   %span.cgray= pluralize(@commit.parents.count, "parent")
   - @commit.parents.each do |parent|
     = link_to parent.short_id, namespace_project_commit_path(@project.namespace, @project, parent), class: "monospace"
 
-- if @commit.status
-  .pull-right
-    = link_to builds_namespace_project_commit_path(@project.namespace, @project, @commit.id), class: "ci-status ci-#{@commit.status}" do
-      = ci_icon_for_status(@commit.status)
-      build:
-      = ci_label_for_status(@commit.status)
-
-.commit-info-row.branches
-  %i.fa.fa-spinner.fa-spin
+  %span.commit-info.branches
+    %i.fa.fa-spinner.fa-spin
 
 .commit-box.content-block
   %h3.commit-title
@@ -61,4 +59,4 @@
       = preserve(markdown(escape_once(@commit.description), pipeline: :single_line))
 
 :javascript
-  $(".commit-info-row.branches").load("#{branches_namespace_project_commit_path(@project.namespace, @project, @commit.id)}");
+  $(".commit-info.branches").load("#{branches_namespace_project_commit_path(@project.namespace, @project, @commit.id)}");
diff --git a/app/views/projects/commit/branches.html.haml b/app/views/projects/commit/branches.html.haml
index 82aac1fbd15..2b0c9a4b4de 100644
--- a/app/views/projects/commit/branches.html.haml
+++ b/app/views/projects/commit/branches.html.haml
@@ -3,7 +3,6 @@
     - branch = commit_default_branch(@project, @branches)
     = link_to(namespace_project_tree_path(@project.namespace, @project, branch)) do
       %span.label.label-gray
-        %i.fa.fa-code-fork
         = branch
     - if @branches.any? || @tags.any?
       = link_to("#", class: "js-details-expand") do
diff --git a/app/views/projects/commits/_commits.html.haml b/app/views/projects/commits/_commits.html.haml
index 64e8da9201d..82f39e59284 100644
--- a/app/views/projects/commits/_commits.html.haml
+++ b/app/views/projects/commits/_commits.html.haml
@@ -3,7 +3,7 @@
 
 - commits, hidden = limited_commits(@commits)
 
-- commits.group_by { |c| c.committed_date.to_date }.sort.reverse.each do |day, commits|
+- commits.group_by { |c| c.committed_date.in_time_zone.to_date }.sort.reverse.each do |day, commits|
   .row.commits-row
     .col-md-2.hidden-xs.hidden-sm
       %h5.commits-row-date
diff --git a/app/views/projects/commits/_head.html.haml b/app/views/projects/commits/_head.html.haml
index 7a5b0d993db..d1bd76ab529 100644
--- a/app/views/projects/commits/_head.html.haml
+++ b/app/views/projects/commits/_head.html.haml
@@ -2,7 +2,8 @@
   = nav_link(controller: [:commit, :commits]) do
     = link_to namespace_project_commits_path(@project.namespace, @project, current_ref) do
       Commits
-      %span.badge= number_with_delimiter(@repository.commit_count)
+      %span.badge
+        = number_with_delimiter(@repository.commit_count)
 
   = nav_link(controller: %w(network)) do
     = link_to namespace_project_network_path(@project.namespace, @project, current_ref) do
diff --git a/app/views/projects/commits/show.html.haml b/app/views/projects/commits/show.html.haml
index bcdb09208aa..088eaa28013 100644
--- a/app/views/projects/commits/show.html.haml
+++ b/app/views/projects/commits/show.html.haml
@@ -6,7 +6,7 @@
 
 = render "head"
 
-.gray-content-block.second-block
+.row-content-block.second-block
   .tree-ref-holder
     = render 'shared/ref_switcher', destination: 'commits'
 
diff --git a/app/views/projects/compare/index.html.haml b/app/views/projects/compare/index.html.haml
index 02be5a2d07f..5e188dd0f3c 100644
--- a/app/views/projects/compare/index.html.haml
+++ b/app/views/projects/compare/index.html.haml
@@ -2,7 +2,7 @@
 = render "projects/commits/header_title"
 = render "projects/commits/head"
 
-.gray-content-block
+.row-content-block
   Compare branches, tags or commit ranges.
   %br
   Fill input field with commit id like
diff --git a/app/views/projects/compare/show.html.haml b/app/views/projects/compare/show.html.haml
index da731f28bb6..62525168239 100644
--- a/app/views/projects/compare/show.html.haml
+++ b/app/views/projects/compare/show.html.haml
@@ -3,7 +3,7 @@
 = render "projects/commits/head"
 
 
-.gray-content-block
+.row-content-block
   = render "form"
 
 - if @commits.present?
diff --git a/app/views/projects/container_registry/_header_title.html.haml b/app/views/projects/container_registry/_header_title.html.haml
new file mode 100644
index 00000000000..f1863c52a3e
--- /dev/null
+++ b/app/views/projects/container_registry/_header_title.html.haml
@@ -0,0 +1 @@
+- header_title project_title(@project, "Container Registry", project_container_registry_path(@project))
diff --git a/app/views/projects/container_registry/_tag.html.haml b/app/views/projects/container_registry/_tag.html.haml
new file mode 100644
index 00000000000..4e9f936539b
--- /dev/null
+++ b/app/views/projects/container_registry/_tag.html.haml
@@ -0,0 +1,21 @@
+%tr.tag
+  %td
+    = escape_once(tag.name)
+    = clipboard_button(clipboard_text: "docker pull #{tag.path}")
+  %td
+    - if layer = tag.layers.first
+      %span.has-tooltip{ title: "#{layer.revision}" }
+        = layer.short_revision
+    - else
+      \-
+  %td
+    = number_to_human_size(tag.total_size)
+    &middot;
+    = pluralize(tag.layers.size, "layer")
+  %td
+    = time_ago_in_words(tag.created_at)
+  - if can?(current_user, :update_container_image, @project)
+    %td.content
+      .controls.hidden-xs.pull-right
+        = link_to namespace_project_container_registry_path(@project.namespace, @project, tag.name), class: 'btn btn-remove has-tooltip', title: "Remove", data: { confirm: "Are you sure?" }, method: :delete do
+          = icon("trash cred")
diff --git a/app/views/projects/container_registry/index.html.haml b/app/views/projects/container_registry/index.html.haml
new file mode 100644
index 00000000000..40957993b22
--- /dev/null
+++ b/app/views/projects/container_registry/index.html.haml
@@ -0,0 +1,40 @@
+- page_title "Container Registry"
+= render "header_title"
+
+%hr
+
+%ul.content-list
+  .light.prepend-top-default
+    %p
+      A 'container image' is a snapshot of a container.
+      You can host your container images with GitLab.
+      %br
+      To start using container images hosted on GitLab you first need to login:
+      %pre
+        %code
+          docker login #{Gitlab.config.registry.host_port}
+      %br
+      Then you are free to create and upload a container image with build and push commands:
+      %pre
+        docker build -t #{escape_once(@project.container_registry_repository_url)} .
+        %br
+        docker push #{escape_once(@project.container_registry_repository_url)}
+
+  - if @tags.blank?
+    %li
+      .nothing-here-block No images in Container Registry for this project.
+
+  - else
+    .table-holder
+      %table.table.tags
+        %thead
+          %tr
+            %th Name
+            %th Image ID
+            %th Size
+            %th Created
+            - if can?(current_user, :update_container_image, @project)
+              %th
+
+        - @tags.each do |tag|
+          = render 'tag', tag: tag
\ No newline at end of file
diff --git a/app/views/projects/deploy_keys/_deploy_key.html.haml b/app/views/projects/deploy_keys/_deploy_key.html.haml
index 8d66bae8cdf..450aaeb367c 100644
--- a/app/views/projects/deploy_keys/_deploy_key.html.haml
+++ b/app/views/projects/deploy_keys/_deploy_key.html.haml
@@ -1,32 +1,27 @@
 %li
-  .pull-right
+  .pull-left.append-right-10.hidden-xs
+    = icon "key", class: "key-icon"
+  .deploy-key-content.key-list-item-info
+    %strong.title
+      = deploy_key.title
+    .description
+      = deploy_key.fingerprint
+  .deploy-key-content.prepend-left-default.deploy-key-projects
+    - deploy_key.projects.each do |project|
+      - if can?(current_user, :read_project, project)
+        = link_to namespace_project_path(project.namespace, project), class: "label deploy-project-label" do
+          = project.name_with_namespace
+  .deploy-key-content
+    %span.key-created-at
+      created #{time_ago_with_tooltip(deploy_key.created_at)}
+    .visible-xs-block.visible-sm-block
     - if @available_keys.include?(deploy_key)
-      = link_to enable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), class: 'btn btn-sm', method: :put do
-        = icon('plus')
+      = link_to enable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), class: "btn btn-sm prepend-left-10", method: :put do
         Enable
     - else
       - if deploy_key.destroyed_when_orphaned? && deploy_key.almost_orphaned?
-        = link_to 'Remove', disable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), data: { confirm: 'You are going to remove deploy key. Are you sure?'}, method: :put, class: "btn btn-remove delete-key btn-sm pull-right"
+        = link_to disable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), data: { confirm: "You are going to remove deploy key. Are you sure?" }, method: :put, class: "btn btn-warning btn-sm prepend-left-10" do
+          Remove
       - else
-        = link_to disable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), class: 'btn btn-sm', method: :put do
-          = icon('power-off')
+        = link_to disable_namespace_project_deploy_key_path(@project.namespace, @project, deploy_key), class: "btn btn-warning btn-sm prepend-left-10", method: :put do
           Disable
-
-  = icon('key')
-  %strong= deploy_key.title
-  %br
-  %code.key-fingerprint= deploy_key.fingerprint
-
-  %p.light.prepend-top-10
-    - if deploy_key.public?
-      %span.label.label-info.deploy-project-label
-        Public deploy key
-
-    - deploy_key.projects.each do |project|
-      - if can?(current_user, :read_project, project)
-        %span.label.label-gray.deploy-project-label
-          = link_to namespace_project_path(project.namespace, project) do
-            = project.name_with_namespace
-
-    %small.pull-right
-      Created #{time_ago_with_tooltip(deploy_key.created_at)}
diff --git a/app/views/projects/deploy_keys/_form.html.haml b/app/views/projects/deploy_keys/_form.html.haml
index f6565f85836..894c36a96df 100644
--- a/app/views/projects/deploy_keys/_form.html.haml
+++ b/app/views/projects/deploy_keys/_form.html.haml
@@ -1,18 +1,13 @@
-%div
-  = form_for [@project.namespace.becomes(Namespace), @project, @key], url: namespace_project_deploy_keys_path, html: { class: 'deploy-key-form form-horizontal js-requires-input' } do |f|
-    = form_errors(@key)
-
-    .form-group
-      = f.label :title, class: "control-label"
-      .col-sm-10= f.text_field :title, class: 'form-control', autofocus: true, required: true
-    .form-group
-      = f.label :key, class: "control-label"
-      .col-sm-10
-        %p.light
-          Paste a machine public key here. Read more about how to generate it
-          = link_to "here", help_page_path("ssh", "README")
-        = f.text_area :key, class: "form-control thin_area", rows: 5, required: true
-
-    .form-actions
-      = f.submit 'Create Deploy Key', class: "btn-create btn"
-      = link_to "Cancel", namespace_project_deploy_keys_path(@project.namespace, @project), class: "btn btn-cancel"
+= form_for [@project.namespace.becomes(Namespace), @project, @key], url: namespace_project_deploy_keys_path, html: { class: "js-requires-input" } do |f|
+  = form_errors(@key)
+  .form-group
+    = f.label :title, class: "label-light"
+    = f.text_field :title, class: 'form-control', autofocus: true, required: true
+  .form-group
+    = f.label :key, class: "label-light"
+    = f.text_area :key, class: "form-control", rows: 5, required: true
+  .form-group
+    %p.light.append-bottom-0
+      Paste a machine public key here. Read more about how to generate it
+      = link_to "here", help_page_path("ssh", "README")
+  = f.submit "Add key", class: "btn-create btn"
diff --git a/app/views/projects/deploy_keys/index.html.haml b/app/views/projects/deploy_keys/index.html.haml
index 8e24c778b7c..e230834e8ba 100644
--- a/app/views/projects/deploy_keys/index.html.haml
+++ b/app/views/projects/deploy_keys/index.html.haml
@@ -1,43 +1,36 @@
 - page_title "Deploy Keys"
 
-%h3.page-title
-  Deploy keys allow read-only access to the repository
-
-  = link_to new_namespace_project_deploy_key_path(@project.namespace, @project), class: "btn btn-new pull-right", title: "New Deploy Key" do
-    %i.fa.fa-plus
-    New Deploy Key
-
-%p.light
-  Deploy keys can be used for CI, staging or production servers.
-  You can create a deploy key or add an existing one
-
-%hr.clearfix
-
-.row
-  .col-md-6.enabled-keys
-    %h5
-      %strong.cgreen Enabled deploy keys
-      for this project
-    %ul.bordered-list
-      = render @enabled_keys
-      - if @enabled_keys.blank?
-        .light-well
-          .nothing-here-block Create a #{link_to 'new deploy key', new_namespace_project_deploy_key_path(@project.namespace, @project)} or add an existing one
-  .col-md-6.available-keys
-    - # If there are available public deploy keys but no available project deploy keys, only public deploy keys are shown.
-    - if @available_project_keys.any? || @available_public_keys.blank?
-      %h5
-        %strong Deploy keys
-        from projects you have access to
-      %ul.bordered-list
+.row.prepend-top-default
+  .col-lg-3.profile-settings-sidebar
+    %h4.prepend-top-0
+      = page_title
+    %p
+      Deploy keys allow read-only access to your repository. Deploy keys can be used for CI, staging or production servers. You can create a deploy key or add an existing one.
+  .col-lg-9
+    %h5.prepend-top-0
+      Create a new deploy key for this project
+    = render "form"
+  .col-lg-9.col-lg-offset-3
+    %hr
+  .col-lg-9.col-lg-offset-3.append-bottom-default.deploy-keys
+    %h5.prepend-top-0
+      Enabled deploy keys for this project (#{@enabled_keys.size})
+    - if @enabled_keys.any?
+      %ul.well-list
+        = render @enabled_keys
+    - else
+      .profile-settings-message.text-center
+        No deploy keys found. Create one with the form above or add existing one below.
+    %h5.prepend-top-default
+      Deploy keys from projects you have access to (#{@available_project_keys.size})
+    - if @available_project_keys.any?
+      %ul.well-list
         = render @available_project_keys
-        - if @available_project_keys.blank?
-          .light-well
-            .nothing-here-block Deploy keys from projects you have access to will be displayed here
-
+    - else
+      .profile-settings-message.text-center
+        No deploy keys from your projects could be found. Create one with the form above or add existing one below.
     - if @available_public_keys.any?
-      %h5
-        %strong Public deploy keys
-        available to any project
-      %ul.bordered-list
+      %h5.prepend-top-default
+        Public deploy keys available to any project (#{@available_public_keys.size})
+      %ul.well-list
         = render @available_public_keys
diff --git a/app/views/projects/diffs/_diffs.html.haml b/app/views/projects/diffs/_diffs.html.haml
index eaab99973a4..d9c4b410d32 100644
--- a/app/views/projects/diffs/_diffs.html.haml
+++ b/app/views/projects/diffs/_diffs.html.haml
@@ -1,3 +1,4 @@
+- show_whitespace_toggle = local_assigns.fetch(:show_whitespace_toggle, true)
 - if diff_view == 'parallel'
   - fluid_layout true
 
@@ -5,6 +6,11 @@
 
 .content-block.oneline-block.files-changed
   .inline-parallel-buttons
+    - if show_whitespace_toggle
+      - if current_controller?(:commit)
+        = commit_diff_whitespace_link(@project, @commit, class: 'hidden-xs')
+      - elsif current_controller?(:merge_requests)
+        = diff_merge_request_whitespace_link(@project, @merge_request, class: 'hidden-xs')
     .btn-group
       = inline_diff_btn
       = parallel_diff_btn
diff --git a/app/views/projects/diffs/_file.html.haml b/app/views/projects/diffs/_file.html.haml
index 83a8d7ae9bf..0f04fc5d33c 100644
--- a/app/views/projects/diffs/_file.html.haml
+++ b/app/views/projects/diffs/_file.html.haml
@@ -40,19 +40,19 @@
         = view_file_btn(diff_commit.id, diff_file, project)
 
   .diff-content.diff-wrap-lines
-    -# Skipp all non non-supported blobs
+    - # Skip all non non-supported blobs
     - return unless blob.respond_to?('text?')
     - if diff_file.too_large?
-      .nothing-here-block
-        This diff could not be displayed because it is too large.
-    - else
-      - if blob_text_viewable?(blob)
-        - if diff_view == 'parallel'
-          = render "projects/diffs/parallel_view", diff_file: diff_file, project: project, blob: blob, index: i
-        - else
-          = render "projects/diffs/text_file", diff_file: diff_file, index: i
-      - elsif blob.image?
-        - old_file = project.repository.prev_blob_for_diff(diff_commit, diff_file)
-        = render "projects/diffs/image", diff_file: diff_file, old_file: old_file, file: blob, index: i, diff_refs: diff_refs
+      .nothing-here-block This diff could not be displayed because it is too large.
+    - elsif blob_text_viewable?(blob) && !project.repository.diffable?(blob)
+      .nothing-here-block This diff was suppressed by a .gitattributes entry.
+    - elsif blob_text_viewable?(blob)
+      - if diff_view == 'parallel'
+        = render "projects/diffs/parallel_view", diff_file: diff_file, project: project, blob: blob, index: i
       - else
-        .nothing-here-block No preview for this file type
+        = render "projects/diffs/text_file", diff_file: diff_file, index: i
+    - elsif blob.image?
+      - old_file = project.repository.prev_blob_for_diff(diff_commit, diff_file)
+      = render "projects/diffs/image", diff_file: diff_file, old_file: old_file, file: blob, index: i, diff_refs: diff_refs
+    - else
+      .nothing-here-block No preview for this file type
diff --git a/app/views/projects/diffs/_line.html.haml b/app/views/projects/diffs/_line.html.haml
index 107097ad963..f1577e8a47b 100644
--- a/app/views/projects/diffs/_line.html.haml
+++ b/app/views/projects/diffs/_line.html.haml
@@ -15,7 +15,7 @@
         = link_text
       - else
         = link_to "", "##{line_code}", id: line_code, data: { linenumber: link_text }
-      - if @comments_allowed && can?(current_user, :create_note, @project)
+      - if !@diff_notes_disabled && can?(current_user, :create_note, @project)
         = link_to_new_diff_note(line_code)
     %td.new_line.diff-line-num{ class: type, data: { linenumber: line.new_pos } }
       - link_text = type == "old" ? "&nbsp;".html_safe : line.new_pos
diff --git a/app/views/projects/diffs/_parallel_view.html.haml b/app/views/projects/diffs/_parallel_view.html.haml
index 81948513e43..4ecc9528bd2 100644
--- a/app/views/projects/diffs/_parallel_view.html.haml
+++ b/app/views/projects/diffs/_parallel_view.html.haml
@@ -16,7 +16,7 @@
         - else
           %td.old_line.diff-line-num{id: left[:line_code], class: "#{left[:type]} #{'empty-cell' if !left[:number]}"}
             = link_to raw(left[:number]), "##{left[:line_code]}", id: left[:line_code]
-            - if @comments_allowed && can?(current_user, :create_note, @project)
+            - if !@diff_notes_disabled && can?(current_user, :create_note, @project)
               = link_to_new_diff_note(left[:line_code], 'old')
           %td.line_content{class: "parallel noteable_line #{left[:type]} #{left[:line_code]} #{'empty-cell' if left[:text].empty?}", data: { line_code: left[:line_code] }}= diff_line_content(left[:text])
 
@@ -29,14 +29,14 @@
 
           %td.new_line.diff-line-num{id: new_line_code, class: "#{new_line_class} #{'empty-cell' if !right[:number]}", data: { linenumber: right[:number] }}
             = link_to raw(right[:number]), "##{new_line_code}", id: new_line_code
-            - if @comments_allowed && can?(current_user, :create_note, @project)
-              = link_to_new_diff_note(right[:line_code], 'new')
+            - if !@diff_notes_disabled && can?(current_user, :create_note, @project)
+              = link_to_new_diff_note(new_line_code, 'new')
           %td.line_content.parallel{class: "noteable_line #{new_line_class} #{new_line_code} #{'empty-cell' if right[:text].empty?}", data: { line_code: new_line_code }}= diff_line_content(right[:text])
 
-      - if @reply_allowed
-        - comments_left, comments_right = organize_comments(left[:type], right[:type], left[:line_code], right[:line_code])
-        - if comments_left.present? || comments_right.present?
-          = render "projects/notes/diff_notes_with_reply_parallel", notes_left: comments_left, notes_right: comments_right
+      - unless @diff_notes_disabled
+        - notes_left, notes_right = organize_comments(left, right)
+        - if notes_left.present? || notes_right.present?
+          = render "projects/notes/diff_notes_with_reply_parallel", notes_left: notes_left, notes_right: notes_right
 
 - if diff_file.diff.diff.blank? && diff_file.mode_changed?
   .file-mode-changed
diff --git a/app/views/projects/diffs/_text_file.html.haml b/app/views/projects/diffs/_text_file.html.haml
index e7169d7b599..068593a7dd1 100644
--- a/app/views/projects/diffs/_text_file.html.haml
+++ b/app/views/projects/diffs/_text_file.html.haml
@@ -6,16 +6,15 @@
 %table.text-file.code.js-syntax-highlight{ class: too_big ? 'hide' : '' }
 
   - last_line = 0
-  - raw_diff_lines = diff_file.diff_lines.to_a
   - diff_file.highlighted_diff_lines.each_with_index do |line, index|
     - line_code = generate_line_code(diff_file.file_path, line)
     - last_line = line.new_pos
     = render "projects/diffs/line", {line: line, diff_file: diff_file, line_code: line_code}
 
-    - if @reply_allowed
-      - comments = @line_notes.select { |n| n.line_code == line_code && n.active? }.sort_by(&:created_at)
-      - unless comments.empty?
-        = render "projects/notes/diff_notes_with_reply", notes: comments, line: raw_diff_lines[index].text
+    - unless @diff_notes_disabled
+      - diff_notes = @grouped_diff_notes[line_code]
+      - if diff_notes
+        = render "projects/notes/diff_notes_with_reply", notes: diff_notes
 
   - if last_line > 0
     = render "projects/diffs/match_line", { line: "",
diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml
index 76a4f41193c..f6a53fddf17 100644
--- a/app/views/projects/edit.html.haml
+++ b/app/views/projects/edit.html.haml
@@ -84,6 +84,16 @@
                     %br
                     %span.descr Share code pastes with others out of git repository
 
+            - if Gitlab.config.registry.enabled
+              .form-group
+                .col-sm-offset-2.col-sm-10
+                  .checkbox
+                    = f.label :container_registry_enabled do
+                      = f.check_box :container_registry_enabled
+                      %strong Container Registry
+                      %br
+                      %span.descr Enable Container Registry for this repository
+
           = render 'builds_settings', f: f
 
           %fieldset.features
diff --git a/app/views/projects/empty.html.haml b/app/views/projects/empty.html.haml
index 52d093871b4..1a2e59752fe 100644
--- a/app/views/projects/empty.html.haml
+++ b/app/views/projects/empty.html.haml
@@ -7,7 +7,7 @@
 
 = render "home_panel"
 
-.gray-content-block.second-block.center
+.row-content-block.second-block.center
   %h3.page-title
     The repository for this project is empty
   - if can?(current_user, :push_code, @project)
diff --git a/app/views/projects/graphs/ci.html.haml b/app/views/projects/graphs/ci.html.haml
index 6fa77cc10c6..9f05be9982b 100644
--- a/app/views/projects/graphs/ci.html.haml
+++ b/app/views/projects/graphs/ci.html.haml
@@ -1,7 +1,7 @@
 - page_title "Continuous Integration", "Graphs"
 = render "header_title"
 = render 'head'
-.gray-content-block.append-bottom-default
+.row-content-block.append-bottom-default
   .oneline
     A collection of graphs for Continuous Integration
 
diff --git a/app/views/projects/graphs/commits.html.haml b/app/views/projects/graphs/commits.html.haml
index fc465ab273b..da9f648cc9c 100644
--- a/app/views/projects/graphs/commits.html.haml
+++ b/app/views/projects/graphs/commits.html.haml
@@ -2,7 +2,7 @@
 = render "header_title"
 = render 'head'
 
-.gray-content-block.append-bottom-default
+.row-content-block.append-bottom-default
   .tree-ref-holder
     = render 'shared/ref_switcher', destination: 'graphs_commits'
   %ul.breadcrumb.repo-breadcrumb
diff --git a/app/views/projects/graphs/languages.html.haml b/app/views/projects/graphs/languages.html.haml
index a7fab5b6d72..ebecab1dbfc 100644
--- a/app/views/projects/graphs/languages.html.haml
+++ b/app/views/projects/graphs/languages.html.haml
@@ -2,7 +2,7 @@
 = render "header_title"
 = render 'head'
 
-.gray-content-block.append-bottom-default
+.row-content-block.append-bottom-default
   .oneline
     Programming languages used in this repository
 
diff --git a/app/views/projects/graphs/show.html.haml b/app/views/projects/graphs/show.html.haml
index 882e7d6b6ee..ad4a932d391 100644
--- a/app/views/projects/graphs/show.html.haml
+++ b/app/views/projects/graphs/show.html.haml
@@ -2,7 +2,7 @@
 = render "header_title"
 = render 'head'
 
-.gray-content-block.append-bottom-default
+.row-content-block.append-bottom-default
   .tree-ref-holder
     = render 'shared/ref_switcher', destination: 'graphs'
   %ul.breadcrumb.repo-breadcrumb
diff --git a/app/views/projects/group_links/index.html.haml b/app/views/projects/group_links/index.html.haml
index 13f5fc141fa..2b904544f28 100644
--- a/app/views/projects/group_links/index.html.haml
+++ b/app/views/projects/group_links/index.html.haml
@@ -1,41 +1,44 @@
 - page_title "Groups"
-%h3.page_title Share project with other groups
-%p.light
-  Projects can be stored in only one group at once. However you can share a project with other groups here.
-%hr
-- if @group_links.present?
-  .enabled-groups.panel.panel-default
-    .panel-heading
-      Already shared with
-    %ul.well-list
-      - @group_links.each do |group_link|
-        - group = group_link.group
-        %li
-          .pull-right
-            = link_to namespace_project_group_link_path(@project.namespace, @project, group_link), method: :delete, class: 'btn btn-sm' do
-              %i.icon-remove
-              disable sharing
-          = link_to group do
-            %strong
-              %i.icon-folder-open
-              = group.name
-          %br
-          .light up to #{group_link.human_access}
-
-
-.available-groups
-  %h4
-    Can be shared with
-  %div
-    = form_tag namespace_project_group_links_path(@project.namespace, @project), method: :post, class: 'form-horizontal' do
+.row.prepend-top-default
+  .col-lg-3.settings-sidebar
+    %h4.prepend-top-0
+      Share project with other groups
+    %p
+      Projects can be stored in only one group at once. However you can share a project with other groups here.
+  .col-lg-9
+    %h5.prepend-top-0
+      Set a group to share
+    = form_tag namespace_project_group_links_path(@project.namespace, @project), method: :post do
       .form-group
-        = label_tag :link_group_id, 'Group', class: 'control-label'
-        .col-sm-10
-          = groups_select_tag(:link_group_id, skip_group: @project.group.try(:path))
+        = label_tag :link_group_id, "Group", class: "label-light"
+        = groups_select_tag(:link_group_id, skip_group: @project.group.try(:path))
       .form-group
-        = label_tag :link_group_access, 'Max access level', class: 'control-label'
-        .col-sm-10
-          = select_tag :link_group_access, options_for_select(ProjectGroupLink.access_options, ProjectGroupLink.default_access), class: "form-control"
-      .form-actions
-        = submit_tag "Share", class: "btn btn-create"
-
+        = label_tag :link_group_access, "Max access level", class: "label-light"
+        .select-wrapper
+          = select_tag :link_group_access, options_for_select(ProjectGroupLink.access_options, ProjectGroupLink.default_access), class: "form-control select-control"
+          %span.caret
+      = submit_tag "Share", class: "btn btn-create"
+  .col-lg-9.col-lg-offset-3
+    %hr
+  .col-lg-9.col-lg-offset-3.append-bottom-default.enabled-groups
+    %h5.prepend-top-0
+      Groups you share with (#{@group_links.size})
+    - if @group_links.present?
+      %ul.well-list
+        - @group_links.each do |group_link|
+          - group = group_link.group
+          %li
+            .pull-left.append-right-10.hidden-xs
+              = icon("folder-open-o", class: "settings-list-icon")
+            .pull-left
+              = link_to group do
+                = group.name
+              %br
+              up to #{group_link.human_access}
+            .pull-right
+              = link_to namespace_project_group_link_path(@project.namespace, @project, group_link), method: :delete, class: "btn btn-transparent" do
+                %span.sr-only disable sharing
+                = icon("trash")
+    - else
+      .settings-message.text-center
+        There are no groups with access to your project, add one in the form above
diff --git a/app/views/projects/hooks/_project_hook.html.haml b/app/views/projects/hooks/_project_hook.html.haml
new file mode 100644
index 00000000000..62eba5888a4
--- /dev/null
+++ b/app/views/projects/hooks/_project_hook.html.haml
@@ -0,0 +1,15 @@
+%li
+  .row
+    .col-md-8.col-lg-7
+      %strong.light-header= hook.url
+      %div
+        - %w(push_events tag_push_events issues_events note_events merge_requests_events build_events).each do |trigger|
+          - if hook.send(trigger)
+            %span.label.label-gray.deploy-project-label= trigger.titleize
+    .col-md-4.col-lg-5.text-right-lg.prepend-top-5
+      %span.append-right-10.inline
+        SSL Verification: #{hook.enable_ssl_verification ? "enabled" : "disabled"}
+      = link_to "Test", test_namespace_project_hook_path(@project.namespace, @project, hook), class: "btn btn-sm"
+      = link_to namespace_project_hook_path(@project.namespace, @project, hook), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-transparent" do
+        %span.sr-only Remove
+        = icon('trash')
diff --git a/app/views/projects/hooks/index.html.haml b/app/views/projects/hooks/index.html.haml
index aae3abcad4b..36c1d69f060 100644
--- a/app/views/projects/hooks/index.html.haml
+++ b/app/views/projects/hooks/index.html.haml
@@ -1,88 +1,84 @@
 - page_title "Webhooks"
-%h3.page-title
-  Webhooks
+.row.prepend-top-default
+  .col-lg-3.profile-settings-sidebar
+    %h4.prepend-top-0
+      = page_title
+    %p
+      #{link_to "Webhooks", help_page_path("web_hooks", "web_hooks")} can be
+      used for binding events when something is happening within the project.
+  .col-lg-9.append-bottom-default
+    %h5.prepend-top-0
+      Add new webhook
+    = form_for [@project.namespace.becomes(Namespace), @project, @hook], as: :hook, url: namespace_project_hooks_path(@project.namespace, @project) do |f|
+      = form_errors(@hook)
 
-%p.light
-  #{link_to "Webhooks ", help_page_path("web_hooks", "web_hooks"), class: "vlink"} can be
-  used for binding events when something is happening within the project.
-
-%hr.clearfix
-
-= form_for [@project.namespace.becomes(Namespace), @project, @hook], as: :hook, url: namespace_project_hooks_path(@project.namespace, @project), html: { class: 'form-horizontal' } do |f|
-  = form_errors(@hook)
-
-  .form-group
-    = f.label :url, "URL", class: 'control-label'
-    .col-sm-10
-      = f.text_field :url, class: "form-control", placeholder: 'http://example.com/trigger-ci.json'
-  .form-group
-    = f.label :url, "Trigger", class: 'control-label'
-    .col-sm-10.prepend-top-10
-      %div
-        = f.check_box :push_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :push_events, class: 'list-label' do
-            %strong Push events
-          %p.light
-            This url will be triggered by a push to the repository
-      %div
-        = f.check_box :tag_push_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :tag_push_events, class: 'list-label' do
-            %strong Tag push events
-          %p.light
-            This url will be triggered when a new tag is pushed to the repository
-      %div
-        = f.check_box :note_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :note_events, class: 'list-label' do
-            %strong Comments
-          %p.light
-            This url will be triggered when someone adds a comment
-      %div
-        = f.check_box :issues_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :issues_events, class: 'list-label' do
-            %strong Issues events
-          %p.light
-            This url will be triggered when an issue is created/updated/merged
-      %div
-        = f.check_box :merge_requests_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :merge_requests_events, class: 'list-label' do
-            %strong Merge Request events
-          %p.light
-            This url will be triggered when a merge request is created/updated/merged
-      %div
-        = f.check_box :build_events, class: 'pull-left'
-        .prepend-left-20
-          = f.label :build_events, class: 'list-label' do
-            %strong Build events
-          %p.light
-            This url will be triggered when the build status changes
-  .form-group
-    = f.label :enable_ssl_verification, "SSL verification", class: 'control-label checkbox'
-    .col-sm-10
-      .checkbox
-        = f.label :enable_ssl_verification do
-          = f.check_box :enable_ssl_verification
-          %strong Enable SSL verification
-  .form-actions
-    = f.submit "Add Webhook", class: "btn btn-create"
-
--if @hooks.any?
-  .panel.panel-default
-    .panel-heading
+      .form-group
+        = f.label :url, "URL", class: "label-light"
+        = f.text_field :url, class: "form-control", placeholder: "http://example.com/trigger-ci.json"
+      .form-group
+        = f.label :token, "Secret Token", class: 'label-light'
+        = f.text_field :token, class: "form-control", placeholder: ''
+        %p.help-block
+          Use this token to validate received payloads
+      .form-group
+        = f.label :url, "Trigger", class: "label-light"
+        %div
+          = f.check_box :push_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :push_events, class: "label-light append-bottom-0" do
+              Push events
+            %p.light
+              This url will be triggered by a push to the repository
+        %div
+          = f.check_box :tag_push_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :tag_push_events, class: "label-light append-bottom-0" do
+              Tag push events
+            %p.light
+              This url will be triggered when a new tag is pushed to the repository
+        %div
+          = f.check_box :note_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :note_events, class: "label-light append-bottom-0" do
+              Comments
+            %p.light
+              This url will be triggered when someone adds a comment
+        %div
+          = f.check_box :issues_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :issues_events, class: "label-light append-bottom-0" do
+              Issues events
+            %p.light
+              This url will be triggered when an issue is created/updated/merged
+        %div
+          = f.check_box :merge_requests_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :merge_requests_events, class: "label-light append-bottom-0" do
+              Merge Request events
+            %p.light
+              This url will be triggered when a merge request is created/updated/merged
+        %div
+          = f.check_box :build_events, class: "pull-left"
+          .prepend-left-20
+            = f.label :build_events, class: "label-light append-bottom-0" do
+              Build events
+            %p.light
+              This url will be triggered when the build status changes
+      .form-group
+        = f.label :enable_ssl_verification, "SSL verification", class: "label-light"
+        %div
+          = f.check_box :enable_ssl_verification, class: "pull-left"
+          .prepend-left-20
+            = f.label :enable_ssl_verification, class: "label-light append-bottom-0" do
+              Enable SSL verification
+      = f.submit "Add Webhook", class: "btn btn-create"
+    %hr
+    %h5.prepend-top-default
       Webhooks (#{@hooks.count})
-    %ul.content-list
-      - @hooks.each do |hook|
-        %li
-          .controls
-            = link_to 'Test Hook', test_namespace_project_hook_path(@project.namespace, @project, hook), class: "btn btn-sm btn-grouped"
-            = link_to 'Remove', namespace_project_hook_path(@project.namespace, @project, hook), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-remove btn-sm btn-grouped"
-          .monospace= hook.url
-          %div
-            - %w(push_events tag_push_events issues_events note_events merge_requests_events build_events).each do |trigger|
-              - if hook.send(trigger)
-                %span.label.label-gray= trigger.titleize
-            %span.label.label-gray SSL Verification: #{hook.enable_ssl_verification ? "enabled" : "disabled"}
+    - if @hooks.any?
+      %ul.well-list
+        - @hooks.each do |hook|
+          = render "project_hook", hook: hook
+    - else
+      %p.profile-settings-message.text-center.append-bottom-0
+        No webhooks found, add one in the form above.
diff --git a/app/views/projects/imports/new.html.haml b/app/views/projects/imports/new.html.haml
index 6027fb23360..a8a8caf7280 100644
--- a/app/views/projects/imports/new.html.haml
+++ b/app/views/projects/imports/new.html.haml
@@ -10,7 +10,7 @@
     .panel-body
       %pre
         :preserve
-          #{@project.import_error.try(:strip)}
+          #{sanitize_repo_path(@project.import_error)}
 
 = form_for @project, url: namespace_project_import_path(@project.namespace, @project), method: :post, html: { class: 'form-horizontal' } do |f|
   = render "shared/import_form", f: f
diff --git a/app/views/projects/issues/_issue.html.haml b/app/views/projects/issues/_issue.html.haml
index 9ad86ed71c9..5cf70ea3bb7 100644
--- a/app/views/projects/issues/_issue.html.haml
+++ b/app/views/projects/issues/_issue.html.haml
@@ -28,16 +28,10 @@
           = downvotes
 
       - note_count = issue.notes.user.nonawards.count
-      - if note_count > 0
-        %li
-          = link_to issue_path(issue) + "#notes" do
-            = icon('comments')
-            = note_count
-      - else
-        %li
-          = link_to issue_path(issue) + "#notes", class: "issue-no-comments" do
-            = icon('comments')
-            = note_count
+      %li
+        = link_to issue_path(issue, anchor: 'notes'), class: ('issue-no-comments' if note_count.zero?) do
+          = icon('comments')
+          = note_count
 
   .issue-info
     #{issue.to_reference} &middot;
diff --git a/app/views/projects/issues/_new_branch.html.haml b/app/views/projects/issues/_new_branch.html.haml
index 6da8e4f33a9..469429ccf3c 100644
--- a/app/views/projects/issues/_new_branch.html.haml
+++ b/app/views/projects/issues/_new_branch.html.haml
@@ -1,5 +1,13 @@
-- if current_user && can?(current_user, :push_code, @project) && @issue.can_be_worked_on?(current_user)
+- if can?(current_user, :push_code, @project)
   .pull-right
-    = link_to namespace_project_branches_path(@project.namespace, @project, branch_name: @issue.to_branch_name, issue_iid: @issue.iid), method: :post, class: 'btn has-tooltip', title: @issue.to_branch_name do
-      = icon('code-fork')
-      New Branch
+    #new-branch{'data-path' => can_create_branch_namespace_project_issue_path(@project.namespace, @project, @issue)}
+      = link_to namespace_project_branches_path(@project.namespace, @project, branch_name: @issue.to_branch_name, issue_iid: @issue.iid), method: :post, class: 'btn has-tooltip', title: @issue.to_branch_name, disabled: 'disabled' do
+        .checking
+          %i.fa.fa-spinner.fa-spin
+          Checking branches
+        .available(style="display: none")
+          %i.fa.fa-code-fork
+          New branch
+        .unavailable(style="display: none")
+          %i.fa.fa-exclamation-triangle
+          New branch unavailable
diff --git a/app/views/projects/merge_requests/_merge_request.html.haml b/app/views/projects/merge_requests/_merge_request.html.haml
index e740fe8c84d..73c6a95f5ca 100644
--- a/app/views/projects/merge_requests/_merge_request.html.haml
+++ b/app/views/projects/merge_requests/_merge_request.html.haml
@@ -36,16 +36,10 @@
           = downvotes
 
       - note_count = merge_request.mr_and_commit_notes.user.nonawards.count
-      - if note_count > 0
-        %li
-          = link_to merge_request_path(merge_request) + "#notes" do
-            = icon('comments')
-            = note_count
-      - else
-        %li
-          = link_to merge_request_path(merge_request) + "#notes", class: "merge-request-no-comments" do
-            = icon('comments')
-            = note_count
+      %li
+        = link_to merge_request_path(merge_request, anchor: 'notes'), class: ('merge-request-no-comments' if note_count.zero?) do
+          = icon('comments')
+          = note_count
 
   .merge-request-info
     #{merge_request.to_reference} &middot;
diff --git a/app/views/projects/merge_requests/_new_submit.html.haml b/app/views/projects/merge_requests/_new_submit.html.haml
index 2f14a91e64f..18b3f9e1549 100644
--- a/app/views/projects/merge_requests/_new_submit.html.haml
+++ b/app/views/projects/merge_requests/_new_submit.html.haml
@@ -42,7 +42,7 @@
           %h4 This comparison includes more than #{MergeRequestDiff::COMMITS_SAFE_SIZE} commits.
           %p To preserve performance the line changes are not shown.
       - else
-        = render "projects/diffs/diffs", diffs: @diffs, project: @project, diff_refs: @merge_request.diff_refs
+        = render "projects/diffs/diffs", diffs: @diffs, project: @project, diff_refs: @merge_request.diff_refs, show_whitespace_toggle: false
     - if @ci_commit
       #builds.builds.tab-pane
         = render "projects/merge_requests/show/builds"
diff --git a/app/views/projects/merge_requests/widget/_heading.html.haml b/app/views/projects/merge_requests/widget/_heading.html.haml
index 2ec0d20a879..4d381754610 100644
--- a/app/views/projects/merge_requests/widget/_heading.html.haml
+++ b/app/views/projects/merge_requests/widget/_heading.html.haml
@@ -41,9 +41,4 @@
 
     .ci_widget.ci-error{style: "display:none"}
       = icon("times-circle")
-      Could not connect to the CI server. Please check your settings and try again.
-
-  :javascript
-    $(function() {
-      merge_request_widget.getCIStatus(false);
-    });
+      Could not connect to the CI server. Please check your settings and try again.
\ No newline at end of file
diff --git a/app/views/projects/milestones/show.html.haml b/app/views/projects/milestones/show.html.haml
index be63875ab34..6ec84660157 100644
--- a/app/views/projects/milestones/show.html.haml
+++ b/app/views/projects/milestones/show.html.haml
@@ -24,15 +24,15 @@
       - else
         = link_to 'Reopen Milestone', namespace_project_milestone_path(@project.namespace, @project, @milestone, milestone: {state_event: :activate }), method: :put, class: "btn btn-reopen btn-nr btn-grouped"
 
-      = link_to namespace_project_milestone_path(@project.namespace, @project, @milestone), data: { confirm: 'Are you sure?' }, method: :delete, class: "btn btn-grouped btn-nr" do
-        = icon('trash-o')
-        Delete
-
       = link_to edit_namespace_project_milestone_path(@project.namespace, @project, @milestone), class: "btn btn-grouped btn-nr" do
         = icon('pencil-square-o')
         Edit
 
-.detail-page-description.milestone-detail.second-block
+      = link_to namespace_project_milestone_path(@project.namespace, @project, @milestone), data: { confirm: 'Are you sure?' }, method: :delete, class: "btn btn-grouped btn-danger" do
+        = icon('trash-o')
+        Delete
+
+.detail-page-description.milestone-detail
   %h2.title
     = markdown escape_once(@milestone.title), pipeline: :single_line
   %div
@@ -42,9 +42,12 @@
           = preserve do
             = markdown @milestone.description
 
-- if @milestone.complete?(current_user) && @milestone.active?
+- if @milestone.total_items_count(current_user).zero?
   .alert.alert-success.prepend-top-default
-    %span All issues for this milestone are closed. You may close milestone now.
+    %span Assign some issues to this milestone.
+- elsif @milestone.complete?(current_user) && @milestone.active?
+  .alert.alert-success.prepend-top-default
+    %span All issues for this milestone are closed. You may close this milestone now.
 
 = render 'shared/milestones/summary', milestone: @milestone, project: @project
 = render 'shared/milestones/tabs', milestone: @milestone
diff --git a/app/views/projects/network/_head.html.haml b/app/views/projects/network/_head.html.haml
index 28a617538b5..c609c505def 100644
--- a/app/views/projects/network/_head.html.haml
+++ b/app/views/projects/network/_head.html.haml
@@ -1,4 +1,4 @@
-.gray-content-block.append-bottom-default
+.row-content-block.append-bottom-default
   .tree-ref-holder
     = render partial: 'shared/ref_switcher', locals: {destination: 'graph'}
 
diff --git a/app/views/projects/notes/_diff_notes_with_reply.html.haml b/app/views/projects/notes/_diff_notes_with_reply.html.haml
index 39be072855a..8144c1ba49e 100644
--- a/app/views/projects/notes/_diff_notes_with_reply.html.haml
+++ b/app/views/projects/notes/_diff_notes_with_reply.html.haml
@@ -1,10 +1,8 @@
-- note = notes.first # example note
--# Check if line want not changed since comment was left
-- if !defined?(line) || line == note.diff_line
-  %tr.notes_holder
-    %td.notes_line{ colspan: 2 }
-    %td.notes_content
-      %ul.notes{ data: { discussion_id: note.discussion_id } }
-        = render notes
-      .discussion-reply-holder
-        = link_to_reply_diff(note)
+- note = notes.first
+%tr.notes_holder
+  %td.notes_line{ colspan: 2 }
+  %td.notes_content
+    %ul.notes{ data: { discussion_id: note.discussion_id } }
+      = render partial: "projects/notes/note", collection: notes, as: :note
+    .discussion-reply-holder
+      = link_to_reply_discussion(note)
diff --git a/app/views/projects/notes/_diff_notes_with_reply_parallel.html.haml b/app/views/projects/notes/_diff_notes_with_reply_parallel.html.haml
index f8aa5e2fa7d..45986b0d1e8 100644
--- a/app/views/projects/notes/_diff_notes_with_reply_parallel.html.haml
+++ b/app/views/projects/notes/_diff_notes_with_reply_parallel.html.haml
@@ -1,27 +1,27 @@
-- note1 = notes_left.present? ? notes_left.first : nil
-- note2 = notes_right.present? ? notes_right.first : nil
+- note_left = notes_left.present? ? notes_left.first : nil
+- note_right = notes_right.present? ? notes_right.first : nil
 
 %tr.notes_holder
-  - if note1
+  - if note_left
     %td.notes_line.old
     %td.notes_content.parallel.old
-      %ul.notes{ data: { discussion_id: note1.discussion_id } }
-        = render notes_left
+      %ul.notes{ data: { discussion_id: note_left.discussion_id } }
+        = render partial: "projects/notes/note", collection: notes_left, as: :note
 
       .discussion-reply-holder
-        = link_to_reply_diff(note1, 'old')
+        = link_to_reply_discussion(note_left, 'old')
   - else
     %td.notes_line.old= ""
     %td.notes_content.parallel.old= ""
 
-  - if note2
+  - if note_right
     %td.notes_line.new
     %td.notes_content.parallel.new
-      %ul.notes{ data: { discussion_id: note2.discussion_id } }
-        = render notes_right
+      %ul.notes{ data: { discussion_id: note_right.discussion_id } }
+        = render partial: "projects/notes/note", collection: notes_right, as: :note
 
       .discussion-reply-holder
-        = link_to_reply_diff(note2, 'new')
+        = link_to_reply_discussion(note_right, 'new')
   - else
     %td.notes_line.new= ""
     %td.notes_content.parallel.new= ""
diff --git a/app/views/projects/notes/_discussion.html.haml b/app/views/projects/notes/_discussion.html.haml
index 572b00a38c7..7869d6413d8 100644
--- a/app/views/projects/notes/_discussion.html.haml
+++ b/app/views/projects/notes/_discussion.html.haml
@@ -1,13 +1,46 @@
 - note = discussion_notes.first
+- expanded = !note.diff_note? || note.active?
 %li.note.note-discussion.timeline-entry
   .timeline-entry-inner
     .timeline-icon
       = link_to user_path(note.author) do
-        = image_tag avatar_icon(note.author_email), class: "avatar s40"
+        = image_tag avatar_icon(note.author), class: "avatar s40"
     .timeline-content
-      - if note.for_merge_request?
-        - (active_notes, outdated_notes) = discussion_notes.partition(&:active?)
-        = render "projects/notes/discussions/active", discussion_notes: active_notes if active_notes.length > 0
-        = render "projects/notes/discussions/outdated", discussion_notes: outdated_notes if outdated_notes.length > 0
-      - else
-        = render "projects/notes/discussions/commit", discussion_notes: discussion_notes
+      .discussion.js-toggle-container{ class: note.discussion_id }
+        .discussion-header
+          = link_to_member(@project, note.author, avatar: false)
+
+          .inline.discussion-headline-light
+            = note.author.to_reference
+            started a discussion on
+
+            - if note.for_commit?
+              - commit = note.noteable
+              - if commit
+                commit
+                = link_to commit.short_id, namespace_project_commit_path(note.project.namespace, note.project, note.noteable, anchor: note.line_code), class: 'monospace'
+              - else
+                a deleted commit
+            - else
+              - if note.active?
+                = link_to diffs_namespace_project_merge_request_path(note.project.namespace, note.project, note.noteable, anchor: note.line_code) do
+                  the diff
+              - else
+                an outdated diff
+
+            = time_ago_with_tooltip(note.created_at, placement: "bottom", html_class: "note-created-ago")
+
+          .discussion-actions
+            = link_to "#", class: "note-action-button discussion-toggle-button js-toggle-button" do
+              - if expanded
+                = icon("chevron-up")
+              - else
+                = icon("chevron-down")
+
+              Toggle discussion
+
+        .discussion-body.js-toggle-content{ class: ("hide" unless expanded) }
+          - if note.diff_note?
+            = render "projects/notes/discussions/diff_with_notes", discussion_notes: discussion_notes
+          - else
+            = render "projects/notes/discussions/notes", discussion_notes: discussion_notes
diff --git a/app/views/projects/notes/_form.html.haml b/app/views/projects/notes/_form.html.haml
index d0ac380f216..67ed38a7b22 100644
--- a/app/views/projects/notes/_form.html.haml
+++ b/app/views/projects/notes/_form.html.haml
@@ -6,6 +6,7 @@
   = f.hidden_field :line_code
   = f.hidden_field :noteable_id
   = f.hidden_field :noteable_type
+  = f.hidden_field :type
 
   = render layout: 'projects/md_preview', locals: { preview_class: "md-preview", referenced_users: true } do
     = render 'projects/zen', f: f, attr: :note, classes: 'note-textarea js-note-text', placeholder: "Write a comment or drag your files here..."
diff --git a/app/views/projects/notes/_note.html.haml b/app/views/projects/notes/_note.html.haml
index aeb7c1d5ee4..9fbc9a45549 100644
--- a/app/views/projects/notes/_note.html.haml
+++ b/app/views/projects/notes/_note.html.haml
@@ -1,5 +1,8 @@
+- return unless note.author
+- return if note.cross_reference_not_visible_for?(current_user)
+
 - note_editable = note_editable?(note)
-%li.timeline-entry{ id: dom_id(note), class: [dom_class(note), "note-row-#{note.id}", ('system-note' if note.system)], data: {author_id: note.author.id, editable: note_editable} }
+%li.timeline-entry{ id: dom_id(note), class: ["note", "note-row-#{note.id}", ('system-note' if note.system)], data: {author_id: note.author.id, editable: note_editable} }
   .timeline-entry-inner
     .timeline-icon
       %a{href: user_path(note.author)}
@@ -8,8 +11,8 @@
       .note-header
         = link_to_member(note.project, note.author, avatar: false)
         .inline.note-headline-light
-          = "#{note.author.to_reference}"
-          - if !note.system
+          = note.author.to_reference
+          - unless note.system
             commented
           %a{ href: "##{dom_id(note)}" }
             = time_ago_with_tooltip(note.created_at, placement: 'bottom', html_class: 'note-created-ago')
diff --git a/app/views/projects/notes/_notes.html.haml b/app/views/projects/notes/_notes.html.haml
index 62db86fb181..ebf7e8a9cb3 100644
--- a/app/views/projects/notes/_notes.html.haml
+++ b/app/views/projects/notes/_notes.html.haml
@@ -2,14 +2,9 @@
   - @discussions.each do |discussion_notes|
     - note = discussion_notes.first
     - if note_for_main_target?(note)
-      - next if note.cross_reference_not_visible_for?(current_user)
-
-      = render discussion_notes
+      = render partial: "projects/notes/note", object: note, as: :note
     - else
       = render 'projects/notes/discussion', discussion_notes: discussion_notes
 - else
   - @notes.each do |note|
-    - next unless note.author
-    - next if note.cross_reference_not_visible_for?(current_user)
-
-    = render note
+    = render partial: "projects/notes/note", object: note, as: :note
diff --git a/app/views/projects/notes/discussions/_active.html.haml b/app/views/projects/notes/discussions/_active.html.haml
deleted file mode 100644
index 0ea8862a684..00000000000
--- a/app/views/projects/notes/discussions/_active.html.haml
+++ /dev/null
@@ -1,16 +0,0 @@
-- note = discussion_notes.first
-.discussion.js-toggle-container{ class: note.discussion_id }
-  .discussion-header
-    = link_to_member(@project, note.author, avatar: false)
-    .inline.discussion-headline-light
-      = "#{note.author.to_reference} started a discussion"
-      = link_to diffs_namespace_project_merge_request_path(note.project.namespace, note.project, note.noteable, anchor: note.line_code) do
-        on the diff
-      = time_ago_with_tooltip(note.created_at, placement: "bottom", html_class: "discussion_updated_ago")
-    .discussion-actions
-      = link_to "#", class: "discussion-action-button discussion-toggle-button js-toggle-button" do
-        %i.fa.fa-chevron-up
-        Show/hide discussion
-
-  .discussion-body.js-toggle-content
-    = render "projects/notes/discussions/diff", discussion_notes: discussion_notes, note: note
diff --git a/app/views/projects/notes/discussions/_commit.html.haml b/app/views/projects/notes/discussions/_commit.html.haml
deleted file mode 100644
index 2a2ead58eeb..00000000000
--- a/app/views/projects/notes/discussions/_commit.html.haml
+++ /dev/null
@@ -1,25 +0,0 @@
-- note = discussion_notes.first
-- commit = note.noteable
-- commit_description = commit ? 'commit' : 'a deleted commit'
-.discussion.js-toggle-container{ class: note.discussion_id }
-  .discussion-header
-    = link_to_member(@project, note.author, avatar: false)
-    .inline.discussion-headline-light
-      = "#{note.author.to_reference} started a discussion on #{commit_description}"
-      - if commit
-        = link_to(commit.short_id, namespace_project_commit_path(note.project.namespace, note.project, note.noteable), class: 'monospace')
-      = time_ago_with_tooltip(note.created_at, placement: "bottom", html_class: "discussion_updated_ago")
-    .discussion-actions
-      = link_to "#", class: "note-action-button discussion-toggle-button js-toggle-button" do
-        %i.fa.fa-chevron-up
-        Show/hide discussion
-  .discussion-body.js-toggle-content
-    - if note.for_diff_line?
-      = render "projects/notes/discussions/diff", discussion_notes: discussion_notes, note: note
-    - else
-      .panel.panel-default
-        .notes{ data: { discussion_id: discussion_notes.first.discussion_id } }
-          %ul.notes.timeline
-            = render discussion_notes
-        .discussion-reply-holder
-          = link_to_reply_diff(discussion_notes.first)
diff --git a/app/views/projects/notes/discussions/_diff.html.haml b/app/views/projects/notes/discussions/_diff.html.haml
deleted file mode 100644
index d46aab000c3..00000000000
--- a/app/views/projects/notes/discussions/_diff.html.haml
+++ /dev/null
@@ -1,28 +0,0 @@
-- diff = note.diff
-- if diff
-  .diff-file
-    .diff-header
-      %span
-        - if diff.deleted_file
-          = diff.old_path
-        - else
-          = diff.new_path
-          - if diff.a_mode && diff.b_mode && diff.a_mode != diff.b_mode
-            %span.file-mode= "#{diff.a_mode} → #{diff.b_mode}"
-    .diff-content.code.js-syntax-highlight
-      %table
-        - note.truncated_diff_lines.each do |line|
-          - type = line.type
-          - line_code = generate_line_code(note.file_path, line)
-          %tr.line_holder{ id: line_code, class: "#{type}" }
-            - if type == "match"
-              %td.old_line.diff-line-num= "..."
-              %td.new_line.diff-line-num= "..."
-              %td.line_content.match= line.text
-            - else
-              %td.old_line.diff-line-num{ data: { linenumber: type == "new" ? "&nbsp;".html_safe : line.old_pos } }
-              %td.new_line.diff-line-num{ data: { linenumber: type == "old" ? "&nbsp;".html_safe : line.new_pos } }
-              %td.line_content{ class: ['noteable_line', type, line_code], line_code: line_code }= diff_line_content(line.text, type)
-
-              - if line_code == note.line_code
-                = render "projects/notes/diff_notes_with_reply", notes: discussion_notes
diff --git a/app/views/projects/notes/discussions/_diff_with_notes.html.haml b/app/views/projects/notes/discussions/_diff_with_notes.html.haml
new file mode 100644
index 00000000000..6401245bf73
--- /dev/null
+++ b/app/views/projects/notes/discussions/_diff_with_notes.html.haml
@@ -0,0 +1,30 @@
+- note = discussion_notes.first
+- diff = note.diff
+- return unless diff
+
+.diff-file
+  .diff-header
+    %span
+      - if diff.deleted_file
+        = diff.old_path
+      - else
+        = diff.new_path
+        - if diff.a_mode && diff.b_mode && diff.a_mode != diff.b_mode
+          %span.file-mode= "#{diff.a_mode} → #{diff.b_mode}"
+  .diff-content.code.js-syntax-highlight
+    %table
+      - note.truncated_diff_lines.each do |line|
+        - type = line.type
+        - line_code = generate_line_code(note.diff_file_path, line)
+        %tr.line_holder{ id: line_code, class: "#{type}" }
+          - if type == "match"
+            %td.old_line.diff-line-num= "..."
+            %td.new_line.diff-line-num= "..."
+            %td.line_content.match= line.text
+          - else
+            %td.old_line.diff-line-num{ data: { linenumber: type == "new" ? "&nbsp;".html_safe : line.old_pos } }
+            %td.new_line.diff-line-num{ data: { linenumber: type == "old" ? "&nbsp;".html_safe : line.new_pos } }
+            %td.line_content{ class: ['noteable_line', type, line_code], line_code: line_code }= diff_line_content(line.text, type)
+
+            - if line_code == note.line_code
+              = render "projects/notes/diff_notes_with_reply", notes: discussion_notes
diff --git a/app/views/projects/notes/discussions/_notes.html.haml b/app/views/projects/notes/discussions/_notes.html.haml
new file mode 100644
index 00000000000..e598e3c7c63
--- /dev/null
+++ b/app/views/projects/notes/discussions/_notes.html.haml
@@ -0,0 +1,7 @@
+- note = discussion_notes.first
+.panel.panel-default
+  .notes{ data: { discussion_id: note.discussion_id } }
+    %ul.notes.timeline
+      = render partial: "projects/notes/note", collection: discussion_notes, as: :note
+  .discussion-reply-holder
+    = link_to_reply_discussion(note)
diff --git a/app/views/projects/notes/discussions/_outdated.html.haml b/app/views/projects/notes/discussions/_outdated.html.haml
deleted file mode 100644
index 45141bcd1df..00000000000
--- a/app/views/projects/notes/discussions/_outdated.html.haml
+++ /dev/null
@@ -1,14 +0,0 @@
-- note = discussion_notes.first
-.discussion.js-toggle-container{ class: note.discussion_id }
-  .discussion-header
-    = link_to_member(@project, note.author, avatar: false)
-    .inline.discussion-headline-light
-      = "#{note.author.to_reference} started a discussion"
-      on the outdated diff
-      = time_ago_with_tooltip(note.created_at, placement: "bottom", html_class: "discussion_updated_ago")
-    .discussion-actions
-      = link_to "#", class: "note-action-button discussion-toggle-button js-toggle-button" do
-        %i.fa.fa-chevron-down
-        Show/hide discussion
-  .discussion-body.js-toggle-content.hide
-    = render "projects/notes/discussions/diff", discussion_notes: discussion_notes, note: note
diff --git a/app/views/projects/protected_branches/_branches_list.html.haml b/app/views/projects/protected_branches/_branches_list.html.haml
index f68449b1863..b9e9dd8aaea 100644
--- a/app/views/projects/protected_branches/_branches_list.html.haml
+++ b/app/views/projects/protected_branches/_branches_list.html.haml
@@ -1,35 +1,41 @@
-- unless @branches.empty?
-  %br
-  %h4 Already Protected:
-  .table-holder
+%h5.prepend-top-0
+  Already Protected (#{@branches.size})
+- if @branches.empty?
+  %p.profile-settings-message.text-center
+    No branches are protected, protect a branch with the form above.
+- else
+  - can_admin_project = can?(current_user, :admin_project, @project)
+  .table-responsive
     %table.table.protected-branches-list
+      %colgroup
+        %col{ width: "30%" }
+        %col{ width: "30%" }
+        %col{ width: "25%" }
+        - if can_admin_project
+          %col
       %thead
-        %tr.no-border
+        %tr
           %th Branch
-          %th Developers can push
           %th Last commit
-          %th
-
+          %th Developers can push
+          - if can_admin_project
+            %th
       %tbody
         - @branches.each do |branch|
           - @url = namespace_project_protected_branch_path(@project.namespace, @project, branch)
           %tr
             %td
-              = link_to namespace_project_commits_path(@project.namespace, @project, branch.name) do
-                %strong= branch.name
-                - if @project.root_ref?(branch.name)
-                  %span.label.label-info default
+              = link_to(branch.name, namespace_project_commits_path(@project.namespace, @project, branch.name))
+              - if @project.root_ref?(branch.name)
+                %span.label.label-info.prepend-left-5 default
+            %td
+              - if commit = branch.commit
+                = link_to(commit.short_id, namespace_project_commit_path(@project.namespace, @project, commit.id), class: 'commit_short_id')
+                #{time_ago_with_tooltip(commit.committed_date)}
+              - else
+                (branch was removed from repository)
+            %td
+              = check_box_tag("developers_can_push", branch.id, branch.developers_can_push, data: { url: @url })
+            - if can_admin_project
               %td
-                = check_box_tag "developers_can_push", branch.id, branch.developers_can_push, "data-url" => @url
-              %td
-                - if commit = branch.commit
-                  = link_to namespace_project_commit_path(@project.namespace, @project, commit.id), class: 'commit_short_id' do
-                    = commit.short_id
-                  &middot;
-                  #{time_ago_with_tooltip(commit.committed_date)}
-                - else
-                  (branch was removed from repository)
-              %td
-                .pull-right
-                  - if can? current_user, :admin_project, @project
-                    = link_to 'Unprotect', [@project.namespace.becomes(Namespace), @project, branch], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: "btn btn-remove btn-sm"
+                = link_to 'Unprotect', [@project.namespace.becomes(Namespace), @project, branch], data: { confirm: 'Branch will be writable for developers. Are you sure?' }, method: :delete, class: "btn btn-warning btn-sm"
diff --git a/app/views/projects/protected_branches/index.html.haml b/app/views/projects/protected_branches/index.html.haml
index 653b02da4db..c7d317dbaee 100644
--- a/app/views/projects/protected_branches/index.html.haml
+++ b/app/views/projects/protected_branches/index.html.haml
@@ -1,31 +1,33 @@
 - page_title "Protected branches"
-%h3.page-title Protected branches
-%p.light Keep stable branches secure and force developers to use Merge Requests
-%hr
 
-.well
-  %p Protected branches are designed to
-  %ul
-    %li prevent pushes from everybody except #{link_to "masters", help_page_path("permissions", "permissions"), class: "vlink"}
-    %li prevent anyone from force pushing to the branch
-    %li prevent anyone from deleting the branch
-  %p Read more about #{link_to "project permissions", help_page_path("permissions", "permissions"), class: "underlined-link"}
+.row.prepend-top-default.append-bottom-default
+  .col-lg-3
+    %h4.prepend-top-0
+      = page_title
+    %p Keep stable branches secure and force developers to use Merge Requests
+  .col-lg-9
+    %h5.prepend-top-0
+      Protect a branch
+    .account-well.append-bottom-default
+      %p.light-header.append-bottom-0 Protected branches are designed to
+      %ul
+        %li prevent pushes from everybody except #{link_to "masters", help_page_path("permissions", "permissions"), class: "vlink"}
+        %li prevent anyone from force pushing to the branch
+        %li prevent anyone from deleting the branch
+      %p.append-bottom-0 Read more about #{link_to "project permissions", help_page_path("permissions", "permissions"), class: "underlined-link"}
+    - if can? current_user, :admin_project, @project
+      = form_for [@project.namespace.becomes(Namespace), @project, @protected_branch] do |f|
+        = form_errors(@protected_branch)
 
-- if can? current_user, :admin_project, @project
-  = form_for [@project.namespace.becomes(Namespace), @project, @protected_branch], html: { class: 'form-horizontal' } do |f|
-    = form_errors(@protected_branch)
-
-    .form-group
-      = f.label :name, "Branch", class: 'control-label'
-      .col-sm-10
-        = f.select(:name, @project.open_branches.map { |br| [br.name, br.name] } , {include_blank: true}, {class: "select2", data: {placeholder: "Select branch"}})
-    .form-group
-      .col-sm-offset-2.col-sm-10
-        .checkbox
-          = f.label :developers_can_push do
-            = f.check_box :developers_can_push
-            %strong Developers can push
-          .help-block Allow developers to push to this branch
-    .form-actions
-      = f.submit 'Protect', class: "btn-create btn"
-= render 'branches_list'
+        .form-group
+          = f.label :name, "Branch", class: "label-light"
+          = f.select(:name, @project.open_branches.map { |br| [br.name, br.name] } , {include_blank: true}, {class: "select2", data: {placeholder: "Select branch"}})
+        .form-group
+          = f.check_box :developers_can_push, class: "pull-left"
+          .prepend-left-20
+            = f.label :developers_can_push, "Developers can push", class: "label-light append-bottom-0"
+            %p.light.append-bottom-0
+              Allow developers to push to this branch
+        = f.submit "Protect", class: "btn-create btn"
+    %hr
+    = render "branches_list"
diff --git a/app/views/projects/releases/edit.html.haml b/app/views/projects/releases/edit.html.haml
index 6f0b32aa165..0d59cec322c 100644
--- a/app/views/projects/releases/edit.html.haml
+++ b/app/views/projects/releases/edit.html.haml
@@ -2,7 +2,7 @@
 = render "projects/commits/header_title"
 = render "projects/commits/head"
 
-.gray-content-block
+.row-content-block
   .oneline
     .title
       Release notes for tag
diff --git a/app/views/projects/runners/_form.html.haml b/app/views/projects/runners/_form.html.haml
new file mode 100644
index 00000000000..2d6c964ae94
--- /dev/null
+++ b/app/views/projects/runners/_form.html.haml
@@ -0,0 +1,25 @@
+= form_for runner, url: runner_form_url, html: { class: 'form-horizontal' } do |f|
+  .form-group
+    = label :active, "Active", class: 'control-label'
+    .col-sm-10
+      .checkbox
+        = f.check_box :active
+        %span.light Paused runners don't accept new builds
+  .form-group
+    = label_tag :token, class: 'control-label' do
+      Token
+    .col-sm-10
+      = f.text_field :token, class: 'form-control', readonly: true
+  .form-group
+    = label_tag :description, class: 'control-label' do
+      Description
+    .col-sm-10
+      = f.text_field :description, class: 'form-control'
+  .form-group
+    = label_tag :tag_list, class: 'control-label' do
+      Tags
+    .col-sm-10
+      = f.text_field :tag_list, value: runner.tag_list.to_s, class: 'form-control'
+      .help-block You can setup jobs to only use runners with specific tags
+  .form-actions
+    = f.submit 'Save changes', class: 'btn btn-save'
diff --git a/app/views/projects/runners/edit.html.haml b/app/views/projects/runners/edit.html.haml
index eba03028af8..771947d7908 100644
--- a/app/views/projects/runners/edit.html.haml
+++ b/app/views/projects/runners/edit.html.haml
@@ -2,28 +2,4 @@
 
 %h4 Runner ##{@runner.id}
 %hr
-= form_for @runner, url: runner_path(@runner), html: { class: 'form-horizontal' } do |f|
-  .form-group
-    = label :active, "Active", class: 'control-label'
-    .col-sm-10
-      .checkbox
-        = f.check_box :active
-        %span.light Paused runners don't accept new builds
-  .form-group
-    = label_tag :token, class: 'control-label' do
-      Token
-    .col-sm-10
-      = f.text_field :token, class: 'form-control', readonly: true
-  .form-group
-    = label_tag :description, class: 'control-label' do
-      Description
-    .col-sm-10
-      = f.text_field :description, class: 'form-control'
-  .form-group
-    = label_tag :tag_list, class: 'control-label' do
-      Tags
-    .col-sm-10
-      = f.text_field :tag_list, value: @runner.tag_list.to_s, class: 'form-control'
-      .help-block You can setup jobs to only use runners with specific tags
-  .form-actions
-    = f.submit 'Save changes', class: 'btn btn-save'
+ = render 'form', runner: @runner, runner_form_url: runner_path(@runner)
diff --git a/app/views/projects/show.html.haml b/app/views/projects/show.html.haml
index d854ac21725..74feb9e3282 100644
--- a/app/views/projects/show.html.haml
+++ b/app/views/projects/show.html.haml
@@ -12,7 +12,7 @@
 = render 'projects/last_push'
 = render "home_panel"
 
-.project-stats.gray-content-block.second-block
+.project-stats.row-content-block.second-block
   %ul.nav
     %li
       = link_to namespace_project_commits_path(@project.namespace, @project, current_ref) do
diff --git a/app/views/projects/snippets/index.html.haml b/app/views/projects/snippets/index.html.haml
index 4af963e14da..103ff447464 100644
--- a/app/views/projects/snippets/index.html.haml
+++ b/app/views/projects/snippets/index.html.haml
@@ -1,7 +1,7 @@
 - page_title "Snippets"
 = render "header_title"
 
-.gray-content-block.top-block
+.row-content-block.top-block
   .pull-right
     = link_to new_namespace_project_snippet_path(@project.namespace, @project), class: "btn btn-new", title: "New Snippet" do
       = icon('plus')
diff --git a/app/views/projects/tags/index.html.haml b/app/views/projects/tags/index.html.haml
index 760347de0a9..dc6ece30dd2 100644
--- a/app/views/projects/tags/index.html.haml
+++ b/app/views/projects/tags/index.html.haml
@@ -2,7 +2,7 @@
 = render "projects/commits/header_title"
 = render "projects/commits/head"
 
-.gray-content-block
+.row-content-block
   - if can? current_user, :push_code, @project
     .pull-right
       = link_to new_namespace_project_tag_path(@project.namespace, @project), class: 'btn btn-create new-tag-btn' do
diff --git a/app/views/projects/tags/new.html.haml b/app/views/projects/tags/new.html.haml
index b40a6e5cb2d..f9306453297 100644
--- a/app/views/projects/tags/new.html.haml
+++ b/app/views/projects/tags/new.html.haml
@@ -23,7 +23,7 @@
   .form-group
     = label_tag :message, nil, class: 'control-label'
     .col-sm-10
-      = text_field_tag :message, nil, required: false, tabindex: 3, class: 'form-control'
+      = text_area_tag :message, nil, required: false, tabindex: 3, class: 'form-control', rows: 5
       .help-block Optionally, enter a message to create an annotated tag.
   %hr
   .form-group
diff --git a/app/views/projects/tags/show.html.haml b/app/views/projects/tags/show.html.haml
index 1dc9b799a95..9f1424aecc7 100644
--- a/app/views/projects/tags/show.html.haml
+++ b/app/views/projects/tags/show.html.haml
@@ -2,7 +2,7 @@
 = render "projects/commits/header_title"
 = render "projects/commits/head"
 
-.gray-content-block
+.row-content-block
   .pull-right
     - if can?(current_user, :push_code, @project)
       = link_to edit_namespace_project_tag_release_path(@project.namespace, @project, @tag.name), class: 'btn-grouped btn has-tooltip', title: 'Edit release notes' do
@@ -19,15 +19,13 @@
           %i.fa.fa-trash-o
   .title
     %span.item-title= @tag.name
-    - if @tag.message.present?
-      %span.light
-        &nbsp;
-        = strip_gpg_signature(@tag.message)
   - if @commit
     = render 'projects/branches/commit', commit: @commit, project: @project
   - else
     Cant find HEAD commit for this tag
-
+  - if @tag.message.present?
+    %pre.body
+      = strip_gpg_signature(@tag.message)
 
 .append-bottom-default.prepend-top-default
   - if @release.description.present?
diff --git a/app/views/projects/triggers/_trigger.html.haml b/app/views/projects/triggers/_trigger.html.haml
index 48b3b5c9920..112b51712ef 100644
--- a/app/views/projects/triggers/_trigger.html.haml
+++ b/app/views/projects/triggers/_trigger.html.haml
@@ -1,7 +1,6 @@
 %tr
   %td
-    .clearfix
-      %span.monospace= trigger.token
+    %span.monospace= trigger.token
 
   %td
     - if trigger.last_trigger_request
@@ -9,6 +8,5 @@
     - else
       Never
 
-  %td
-    .pull-right
-      = link_to 'Revoke', namespace_project_trigger_path(@project.namespace, @project, trigger), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-danger btn-sm btn-grouped"
+  %td.text-right
+    = link_to 'Revoke', namespace_project_trigger_path(@project.namespace, @project, trigger), data: { confirm: 'Are you sure?'}, method: :delete, class: "btn btn-warning btn-sm"
diff --git a/app/views/projects/triggers/index.html.haml b/app/views/projects/triggers/index.html.haml
index bd346c4b8e6..f91885b216d 100644
--- a/app/views/projects/triggers/index.html.haml
+++ b/app/views/projects/triggers/index.html.haml
@@ -1,71 +1,70 @@
 - page_title "Triggers"
-%h3.page-title
-  Triggers
 
-%p.light
-  Triggers can be used to force a rebuild of a specific branch or tag with an API call.
+.row.prepend-top-default.append-bottom-default
+  .col-lg-3
+    %h4.prepend-top-0
+      = page_title
+    %p
+      Triggers can be used to force a rebuild of a specific branch or tag with an API call.
+  .col-lg-9
+    %h5.prepend-top-0
+      Your triggers
+    - if @triggers.any?
+      .table-responsive
+        %table.table
+          %thead
+            %th Token
+            %th Last used
+            %th
+          = render partial: 'trigger', collection: @triggers, as: :trigger
+    - else
+      %p.profile-settings-message.text-center.append-bottom-default
+        There are no triggers to use, add one by the button below.
 
-%hr.clearfix
+    = form_for @trigger, url: url_for(controller: 'projects/triggers', action: 'create') do |f|
+      = f.submit "Add Trigger", class: 'btn btn-success'
 
--if @triggers.any?
-  .table-holder
-    %table.table
-      %thead
-        %th Token
-        %th Last used
-        %th
-      = render partial: 'trigger', collection: @triggers, as: :trigger
-- else
-  %h4 No triggers
+    %h5.prepend-top-default
+      Use CURL
 
-= form_for @trigger, url: url_for(controller: 'projects/triggers', action: 'create'), html: { class: 'form-horizontal' } do |f|
-  .clearfix
-    = f.submit "Add Trigger", class: 'btn btn-success pull-right'
-
-%hr.clearfix
-
--if @triggers.any?
-  %h3
-    Use CURL
-
-  %p.light
-    Copy the token above and set your branch or tag name. This is the reference that will be rebuild.
+    %p.light
+      Copy the token above and set your branch or tag name. This is the reference that will be rebuild.
 
 
-  %pre
-    :plain
-      curl -X POST \
-           -F token=TOKEN \
-           -F ref=REF_NAME \
-           #{builds_trigger_url(@project.id)}
-  %h3
-    Use .gitlab-ci.yml
+    %pre
+      :plain
+        curl -X POST \
+             -F token=TOKEN \
+             -F ref=REF_NAME \
+             #{builds_trigger_url(@project.id)}
+    %h5.prepend-top-default
+      Use .gitlab-ci.yml
 
-  %p.light
-    Copy the snippet to
-    %i .gitlab-ci.yml
-    of dependent project.
-    At the end of your build it will trigger this project to rebuilt.
+    %p.light
+      Copy the snippet to
+      %i .gitlab-ci.yml
+      of dependent project.
+      At the end of your build it will trigger this project to rebuilt.
 
-  %pre
-    :plain
-      trigger:
-        type: deploy
-        script:
-          - "curl -X POST -F token=TOKEN -F ref=REF_NAME #{builds_trigger_url(@project.id)}"
-  %h3
-    Pass build variables
+    %pre
+      :plain
+        trigger:
+          type: deploy
+          script:
+            - "curl -X POST -F token=TOKEN -F ref=REF_NAME #{builds_trigger_url(@project.id)}"
+    %h5.prepend-top-default
+      Pass build variables
 
-  %p.light
-    Add
-    %strong variables[VARIABLE]=VALUE
-    to API request.
-    The value of variable could then be used to distinguish triggered build from normal one.
+    %p.light
+      Add
+      %strong variables[VARIABLE]=VALUE
+      to API request.
+      The value of variable could then be used to distinguish triggered build from normal one.
 
-  %pre
-    :plain
-      curl -X POST \
-           -F token=TOKEN \
-           -F "ref=REF_NAME" \
-           -F "variables[RUN_NIGHTLY_BUILD]=true" \
-           #{builds_trigger_url(@project.id)}
+    %pre.append-bottom-0
+      :plain
+        curl -X POST \
+             -F token=TOKEN \
+             -F "ref=REF_NAME" \
+             -F "variables[RUN_NIGHTLY_BUILD]=true" \
+             #{builds_trigger_url(@project.id)}
diff --git a/app/views/projects/wikis/git_access.html.haml b/app/views/projects/wikis/git_access.html.haml
index dd27ea2b11b..ba3f2cadc48 100644
--- a/app/views/projects/wikis/git_access.html.haml
+++ b/app/views/projects/wikis/git_access.html.haml
@@ -2,7 +2,7 @@
 = render "header_title"
 
 = render 'nav'
-.gray-content-block
+.row-content-block
   %span.oneline
     Git access for
     %strong= @project_wiki.path_with_namespace
diff --git a/app/views/search/_category.html.haml b/app/views/search/_category.html.haml
index 2c3fca439f3..2c378231237 100644
--- a/app/views/search/_category.html.haml
+++ b/app/views/search/_category.html.haml
@@ -2,97 +2,70 @@
   - if @project
     %li{class: ("active" if @scope == 'blobs')}
       = link_to search_filter_path(scope: 'blobs') do
-        = icon('code fw')
-        %span
-          Code
-          %span.badge
-            = @search_results.blobs_count
+        Code
+        %span.badge
+          = @search_results.blobs_count
     %li{class: ("active" if @scope == 'issues')}
       = link_to search_filter_path(scope: 'issues') do
-        = icon('exclamation-circle fw')
-        %span
-          Issues
-          %span.badge
-            = @search_results.issues_count
+        Issues
+        %span.badge
+          = @search_results.issues_count
     %li{class: ("active" if @scope == 'merge_requests')}
       = link_to search_filter_path(scope: 'merge_requests') do
-        = icon('tasks fw')
-        %span
-          Merge requests
-          %span.badge
-            = @search_results.merge_requests_count
+        Merge requests
+        %span.badge
+          = @search_results.merge_requests_count
     %li{class: ("active" if @scope == 'milestones')}
       = link_to search_filter_path(scope: 'milestones') do
-        = icon('clock-o fw')
-        %span
-          Milestones
-          %span.badge
-            = @search_results.milestones_count
+        Milestones
+        %span.badge
+          = @search_results.milestones_count
     %li{class: ("active" if @scope == 'notes')}
       = link_to search_filter_path(scope: 'notes') do
-        = icon('comments fw')
-        %span
-          Comments
-          %span.badge
-            = @search_results.notes_count
+        Comments
+        %span.badge
+          = @search_results.notes_count
     %li{class: ("active" if @scope == 'wiki_blobs')}
       = link_to search_filter_path(scope: 'wiki_blobs') do
-        = icon('book fw')
-        %span
-          Wiki
-          %span.badge
-            = @search_results.wiki_blobs_count
+        Wiki
+        %span.badge
+          = @search_results.wiki_blobs_count
     %li{class: ("active" if @scope == 'commits')}
       = link_to search_filter_path(scope: 'commits') do
-        = icon('history fw')
-        %span
-          Commits
-          %span.badge
-            = @search_results.commits_count
+        Commits
+        %span.badge
+          = @search_results.commits_count
 
   - elsif @show_snippets
     %li{class: ("active" if @scope == 'snippet_blobs')}
       = link_to search_filter_path(scope: 'snippet_blobs', snippets: true, group_id: nil, project_id: nil) do
-        = icon('code fw')
-        %span
-          Snippet Contents
-          %span.badge
-            = @search_results.snippet_blobs_count
+        Snippet Contents
+        %span.badge
+          = @search_results.snippet_blobs_count
     %li{class: ("active" if @scope == 'snippet_titles')}
       = link_to search_filter_path(scope: 'snippet_titles', snippets: true, group_id: nil, project_id: nil) do
-        = icon('book fw')
-        %span
-          Titles and Filenames
-          %span.badge
-            = @search_results.snippet_titles_count
+        Titles and Filenames
+        %span.badge
+          = @search_results.snippet_titles_count
 
   - else
     %li{class: ("active" if @scope == 'projects')}
       = link_to search_filter_path(scope: 'projects') do
-        = icon('bookmark fw')
-        %span
-          Projects
-          %span.badge
-            = @search_results.projects_count
+        Projects
+        %span.badge
+          = @search_results.projects_count
     %li{class: ("active" if @scope == 'issues')}
       = link_to search_filter_path(scope: 'issues') do
-        = icon('exclamation-circle fw')
-        %span
-          Issues
-          %span.badge
-            = @search_results.issues_count
+        Issues
+        %span.badge
+          = @search_results.issues_count
     %li{class: ("active" if @scope == 'merge_requests')}
       = link_to search_filter_path(scope: 'merge_requests') do
-        = icon('tasks fw')
-        %span
-          Merge requests
-          %span.badge
-            = @search_results.merge_requests_count
+        Merge requests
+        %span.badge
+          = @search_results.merge_requests_count
     %li{class: ("active" if @scope == 'milestones')}
       = link_to search_filter_path(scope: 'milestones') do
-        = icon('clock-o fw')
-        %span
-          Milestones
-          %span.badge
-            = @search_results.milestones_count
-
+        Milestones
+        %span.badge
+          = @search_results.milestones_count
diff --git a/app/views/search/_filter.html.haml b/app/views/search/_filter.html.haml
index 4ef544136a8..ef1c0296d49 100644
--- a/app/views/search/_filter.html.haml
+++ b/app/views/search/_filter.html.haml
@@ -1,47 +1,33 @@
-.dropdown.inline
-  %button.dropdown-toggle.btn.btn-sm{type: 'button', 'data-toggle' => 'dropdown'}
-    %span.light Group:
-    - if @group.present?
-      %strong= @group.name
-    - else
-      Any
-    %b.caret
-  .dropdown-menu.dropdown-select.dropdown-menu-selectable
-    .dropdown-title
-      %span Filter results by group
-      %button.dropdown-title-button.dropdown-menu-close{aria: {label: "Close"}}
-        = icon('times')
-    .dropdown-content
-      %ul
-        %li
-          = link_to search_filter_path(group_id: nil), class: ("is-active" if !params[:group_id].present?) do
-            Any
-        %li.divider
-        - current_user.authorized_groups.sort_by(&:name).each do |group|
-          %li
-            = link_to search_filter_path(group_id: group.id, project_id: nil), class: ("is-active" if params[:group_id] == group.id.to_s) do
-              = group.name
+- if params[:group_id].present?
+  = hidden_field_tag :group_id, params[:group_id]
+- if params[:project_id].present?
+  = hidden_field_tag :project_id, params[:project_id]
+.dropdown
+  %button.dropdown-menu-toggle.btn.js-search-group-dropdown{ type: "button", data: { toggle: "dropdown", default_label: "Group:" } }
+    %span.dropdown-toggle-text
+      Group:
+      - if @group.present?
+        = @group.name
+      - else
+        Any
+    = icon("chevron-down")
+  .dropdown-menu.dropdown-select.dropdown-menu-selectable.dropdown-menu-align-right
+    = dropdown_title("Filter results by group")
+    = dropdown_filter("Search groups")
+    = dropdown_content
+    = dropdown_loading
 
-.dropdown.inline.prepend-left-10.project-filter
-  %button.dropdown-toggle.btn.btn-sm{type: 'button', 'data-toggle' => 'dropdown'}
-    %span.light Project:
-    - if @project.present?
-      %strong= @project.name_with_namespace
-    - else
-      Any
-    %b.caret
-  .dropdown-menu.dropdown-select.dropdown-menu-selectable
-    .dropdown-title
-      %span Filter results by project
-      %button.dropdown-title-button.dropdown-menu-close{aria: {label: "Close"}}
-        = icon('times')
-    .dropdown-content
-      %ul
-        %li
-          = link_to search_filter_path(project_id: nil), class: ("is-active" if !params[:project_id].present?) do
-            Any
-        %li.divider
-        - current_user.authorized_projects.sort_by(&:name_with_namespace).each do |project|
-          %li
-            = link_to search_filter_path(project_id: project.id, group_id: nil), class: ("is-active" if params[:project_id] == project.id.to_s) do
-              = project.name_with_namespace
+.dropdown.project-filter
+  %button.dropdown-menu-toggle.btn.js-search-project-dropdown{ type: "button", data: { toggle: "dropdown", default_label: "Project:" } }
+    %span.dropdown-toggle-text
+      Project:
+      - if @project.present?
+        = @project.name_with_namespace
+      - else
+        Any
+    = icon("chevron-down")
+  .dropdown-menu.dropdown-select.dropdown-menu-selectable.dropdown-menu-align-right
+    = dropdown_title("Filter results by project")
+    = dropdown_filter("Search projects")
+    = dropdown_content
+    = dropdown_loading
diff --git a/app/views/search/_form.html.haml b/app/views/search/_form.html.haml
index a9dbc84da29..3139be1cd37 100644
--- a/app/views/search/_form.html.haml
+++ b/app/views/search/_form.html.haml
@@ -1,14 +1,15 @@
-= form_tag search_path, method: :get do |f|
-  = hidden_field_tag :project_id, params[:project_id]
-  = hidden_field_tag :group_id, params[:group_id]
+= form_tag search_path, method: :get, class: 'js-search-form' do |f|
   = hidden_field_tag :snippets, params[:snippets]
   = hidden_field_tag :scope, params[:scope]
 
-  .search-holder.clearfix
-    .input-group
-      = search_field_tag :search, params[:search], placeholder: "Search for projects, issues etc", class: "form-control search-text-input", id: "dashboard_search", autofocus: true, spellcheck: false
-      %span.input-group-btn
-        = button_tag 'Search', class: "btn btn-primary"
+  .search-holder
+    .search-field-holder
+      = search_field_tag :search, params[:search], placeholder: "Search for projects, issues etc", class: "form-control search-text-input js-search-input", id: "dashboard_search", autofocus: true, spellcheck: false
+      = icon("search", class: "search-icon")
+      %button.search-clear.js-search-clear{ class: ("hidden" if !params[:search].present?), type: "button", tabindex: "-1" }
+        = icon("times-circle")
+        %span.sr-only
+          Clear search
     - unless params[:snippets].eql? 'true'
-      %br
       = render 'filter' if current_user
+    = button_tag "Search", class: "btn btn-success btn-search"
diff --git a/app/views/search/_results.html.haml b/app/views/search/_results.html.haml
index 60df348891c..252c37532e1 100644
--- a/app/views/search/_results.html.haml
+++ b/app/views/search/_results.html.haml
@@ -1,10 +1,8 @@
-- if @search_results.empty?
+- if @search_objects.empty?
   = render partial: "search/results/empty"
 - else
-  .gray-content-block
-    Search results for
-    %code
-      = @search_term
+  .row-content-block
+    = search_entries_info(@search_objects, @scope, @search_term)
     - unless @show_snippets
       - if @project
         in project #{link_to @project.name_with_namespace, [@project.namespace.becomes(Namespace), @project]}
@@ -15,12 +13,9 @@
     .search-results
       - if @scope == 'projects'
         .term
-          = render 'shared/projects/list', projects: @objects
+          = render 'shared/projects/list', projects: @search_objects
       - else
-        = render partial: "search/results/#{@scope.singularize}", collection: @objects
+        = render partial: "search/results/#{@scope.singularize}", collection: @search_objects
 
     - if @scope != 'projects'
-      = paginate @objects, theme: 'gitlab'
-
-:javascript
-  $(".search-results .term").highlight("#{escape_javascript(params[:search])}");
+      = paginate(@search_objects, theme: 'gitlab')
diff --git a/app/views/search/results/_issue.html.haml b/app/views/search/results/_issue.html.haml
index 710f5613c81..640890fbe92 100644
--- a/app/views/search/results/_issue.html.haml
+++ b/app/views/search/results/_issue.html.haml
@@ -7,7 +7,7 @@
   - if issue.description.present?
     .description.term
       = preserve do
-        = search_md_sanitize(markdown(issue.description, { project: issue.project }))
+        = search_md_sanitize(markdown(truncate(issue.description, length: 200, separator: " "), { project: issue.project }))
   %span.light
     #{issue.project.name_with_namespace}
   - if issue.closed?
diff --git a/app/views/shared/_confirm_modal.html.haml b/app/views/shared/_confirm_modal.html.haml
index 34241cd8aad..b0fc60573f7 100644
--- a/app/views/shared/_confirm_modal.html.haml
+++ b/app/views/shared/_confirm_modal.html.haml
@@ -7,7 +7,7 @@
           Confirmation required
 
       .modal-body
-        %p.cred.lead.js-confirm-text
+        %p.text-danger.js-confirm-text
 
         %p
           This action can lead to data loss.
diff --git a/app/views/shared/_file_highlight.html.haml b/app/views/shared/_file_highlight.html.haml
index 57856031d6e..37dcf39c062 100644
--- a/app/views/shared/_file_highlight.html.haml
+++ b/app/views/shared/_file_highlight.html.haml
@@ -1,12 +1,13 @@
 .file-content.code.js-syntax-highlight
   .line-numbers
     - if blob.data.present?
+      - link_icon = icon('link')
       - blob.data.each_line.each_with_index do |_, index|
         - offset = defined?(first_line_number) ? first_line_number : 1
         - i = index + offset
         -# We're not using `link_to` because it is too slow once we get to thousands of lines.
         %a.diff-line-num{href: "#L#{i}", id: "L#{i}", 'data-line-number' => i}
-          %i.fa.fa-link
+          = link_icon
           = i
   .blob-content{data: {blob_id: blob.id}}
-    = highlight(blob.name, blob.data)
+    = highlight(blob.name, blob.data, plain: blob.no_highlighting?)
diff --git a/app/views/shared/issuable/_filter.html.haml b/app/views/shared/issuable/_filter.html.haml
index fc1101646fb..9474462cbd1 100644
--- a/app/views/shared/issuable/_filter.html.haml
+++ b/app/views/shared/issuable/_filter.html.haml
@@ -1,5 +1,5 @@
 .issues-filters
-  .issues-details-filters.gray-content-block.second-block
+  .issues-details-filters.row-content-block.second-block
     = form_tag page_filter_path(without: [:assignee_id, :author_id, :milestone_title, :label_name]), method: :get, class: 'filter-form' do
       - if controller.controller_name == 'issues' && can?(current_user, :admin_issue, @project)
         .check-all-holder
@@ -48,7 +48,7 @@
             = button_tag "Update issues", class: "btn update_selected_issues btn-save"
 
   - if !@labels.nil?
-    .gray-content-block.second-block.filtered-labels{ class: ("hidden" if !@labels.any?) }
+    .row-content-block.second-block.filtered-labels{ class: ("hidden" if !@labels.any?) }
       - if @labels.any?
         = render "shared/labels_row", labels: @labels
 
diff --git a/app/views/shared/issuable/_form.html.haml b/app/views/shared/issuable/_form.html.haml
index 18b091df39b..5c52cc6d1da 100644
--- a/app/views/shared/issuable/_form.html.haml
+++ b/app/views/shared/issuable/_form.html.haml
@@ -116,7 +116,7 @@
         = link_to 'Change branches', mr_change_branches_path(@merge_request)
 
 - is_footer = !(issuable.is_a?(MergeRequest) && issuable.new_record?)
-.gray-content-block{class: (is_footer ? "footer-block" : "middle-block")}
+.row-content-block{class: (is_footer ? "footer-block" : "middle-block")}
   - if issuable.new_record?
     = f.submit "Submit #{issuable.class.model_name.human.downcase}", class: 'btn btn-create'
   - else
diff --git a/app/views/shared/issuable/_sidebar.html.haml b/app/views/shared/issuable/_sidebar.html.haml
index 04b834ba5d1..ed1b8a8da2a 100644
--- a/app/views/shared/issuable/_sidebar.html.haml
+++ b/app/views/shared/issuable/_sidebar.html.haml
@@ -166,5 +166,5 @@
       new LabelsSelect();
       new IssuableContext('#{escape_javascript(current_user.to_json(only: [:username, :id, :name]))}');
       new Subscription('.subscription')
-      new Sidebar();
       new DueDateSelect();
+      sidebar = new Sidebar();
diff --git a/app/views/shared/milestones/_top.html.haml b/app/views/shared/milestones/_top.html.haml
index cab8743a077..7ff947a51db 100644
--- a/app/views/shared/milestones/_top.html.haml
+++ b/app/views/shared/milestones/_top.html.haml
@@ -24,7 +24,7 @@
         - else
           = link_to 'Reopen Milestone', group_milestone_path(group, milestone.safe_title, title: milestone.title, milestone: {state_event: :activate }), method: :put, class: "btn btn-grouped btn-reopen"
 
-.detail-page-description.gray-content-block.second-block
+.detail-page-description.milestone-detail
   %h2.title
     = markdown escape_once(milestone.title), pipeline: :single_line
 
diff --git a/app/views/shared/snippets/_header.html.haml b/app/views/shared/snippets/_header.html.haml
index 3c445f67236..e65b1814872 100644
--- a/app/views/shared/snippets/_header.html.haml
+++ b/app/views/shared/snippets/_header.html.haml
@@ -20,6 +20,6 @@
     - else
       = render "snippets/actions"
 
-.detail-page-description.gray-content-block.second-block
+.detail-page-description.row-content-block.second-block
   %h2.title
     = markdown escape_once(@snippet.title), pipeline: :single_line
diff --git a/app/views/sherlock/file_samples/show.html.haml b/app/views/sherlock/file_samples/show.html.haml
index cfd11e45b6a..94d4dd4fa7d 100644
--- a/app/views/sherlock/file_samples/show.html.haml
+++ b/app/views/sherlock/file_samples/show.html.haml
@@ -3,7 +3,7 @@
 
 - header_title t('sherlock.title'), sherlock_transactions_path
 
-.gray-content-block
+.row-content-block
   .pull-right
     = link_to(sherlock_transaction_path(@transaction), class: 'btn') do
       %i.fa.fa-arrow-left
diff --git a/app/views/sherlock/queries/show.html.haml b/app/views/sherlock/queries/show.html.haml
index 83f61ce4b07..fc2863dca8e 100644
--- a/app/views/sherlock/queries/show.html.haml
+++ b/app/views/sherlock/queries/show.html.haml
@@ -9,7 +9,7 @@
     %a(href="#tab-backtrace" data-toggle="tab")
       = t('sherlock.backtrace')
 
-.gray-content-block
+.row-content-block
   .pull-right
     = link_to(sherlock_transaction_path(@transaction), class: 'btn') do
       %i.fa.fa-arrow-left
diff --git a/app/views/sherlock/transactions/index.html.haml b/app/views/sherlock/transactions/index.html.haml
index 010e1a2a902..da969c02765 100644
--- a/app/views/sherlock/transactions/index.html.haml
+++ b/app/views/sherlock/transactions/index.html.haml
@@ -1,7 +1,7 @@
 - page_title t('sherlock.title')
 - header_title t('sherlock.title'), sherlock_transactions_path
 
-.gray-content-block
+.row-content-block
   .pull-right
     = link_to(destroy_all_sherlock_transactions_path,
       class: 'btn btn-danger',
diff --git a/app/views/sherlock/transactions/show.html.haml b/app/views/sherlock/transactions/show.html.haml
index 9d4b0b2724c..8aa6b437d95 100644
--- a/app/views/sherlock/transactions/show.html.haml
+++ b/app/views/sherlock/transactions/show.html.haml
@@ -16,7 +16,7 @@
       %span.badge
         #{@transaction.file_samples.length}
 
-.gray-content-block
+.row-content-block
   .pull-right
     = link_to(sherlock_transactions_path, class: 'btn') do
       %i.fa.fa-arrow-left
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
index 3028491e5b6..9017fd54fcc 100644
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@@ -69,23 +69,26 @@
           = @user.location
 
     %ul.nav-links.center.user-profile-nav
-      %li.activity-tab
+      %li.js-activity-tab
         = link_to user_calendar_activities_path, data: {target: 'div#activity', action: 'activity', toggle: 'tab'} do
           Activity
-      %li.groups-tab
+      %li.js-groups-tab
         = link_to user_groups_path, data: {target: 'div#groups', action: 'groups', toggle: 'tab'} do
           Groups
-      %li.contributed-tab
+      %li.js-contributed-tab
         = link_to user_contributed_projects_path, data: {target: 'div#contributed', action: 'contributed', toggle: 'tab'} do
           Contributed projects
       %li.projects-tab
         = link_to user_projects_path, data: {target: 'div#projects', action: 'projects', toggle: 'tab'} do
           Personal projects
+      %li.snippets-tab
+        = link_to user_snippets_path, data: {target: 'div#snippets', action: 'snippets', toggle: 'tab'} do
+          Snippets
 
   %div{ class: container_class }
     .tab-content
       #activity.tab-pane
-        .gray-content-block.calender-block.white.second-block.hidden-xs
+        .row-content-block.calender-block.white.second-block.hidden-xs
           %div{ class: container_class }
             .user-calendar{data: {href: user_calendar_path}}
               %h4.center.light
@@ -98,12 +101,15 @@
       #groups.tab-pane
         - # This tab is always loaded via AJAX
 
-      #contributed.contributed-projects.tab-pane
+      #contributed.tab-pane
         - # This tab is always loaded via AJAX
 
       #projects.tab-pane
         - # This tab is always loaded via AJAX
 
+      #snippets.tab-pane
+        - # This tab is always loaded via AJAX
+
     .loading-status
       = spinner
 
diff --git a/app/views/votes/_votes_block.html.haml b/app/views/votes/_votes_block.html.haml
index dc249155b92..4beb8746444 100644
--- a/app/views/votes/_votes_block.html.haml
+++ b/app/views/votes/_votes_block.html.haml
@@ -15,16 +15,16 @@
 
 - if current_user
   :javascript
-    var get_emojis_url = "#{emojis_path}";
-    var post_emoji_url = "#{award_toggle_namespace_project_notes_path(@project.namespace, @project)}";
-    var noteable_type = "#{votable.class.name.underscore}";
-    var noteable_id = "#{votable.id}";
-    var aliases = #{AwardEmoji.aliases.to_json};
+    var getEmojisUrl = "#{emojis_path}";
+    var postEmojiUrl = "#{award_toggle_namespace_project_notes_path(@project.namespace, @project)}";
+    var noteableType = "#{votable.class.name.underscore}";
+    var noteableId = "#{votable.id}";
+    var unicodes = #{AwardEmoji.unicode.to_json};
 
-    window.awards_handler = new AwardsHandler(
-      get_emojis_url,
-      post_emoji_url,
-      noteable_type,
-      noteable_id,
-      aliases
+    window.awardsHandler = new AwardsHandler(
+      getEmojisUrl,
+      postEmojiUrl,
+      noteableType,
+      noteableId,
+      unicodes
     );
diff --git a/app/workers/emails_on_push_worker.rb b/app/workers/emails_on_push_worker.rb
index c4d8595d45d..6ebcba5f39b 100644
--- a/app/workers/emails_on_push_worker.rb
+++ b/app/workers/emails_on_push_worker.rb
@@ -1,6 +1,8 @@
 class EmailsOnPushWorker
   include Sidekiq::Worker
 
+  attr_reader :email, :skip_premailer
+
   def perform(project_id, recipients, push_data, options = {})
     options.symbolize_keys!
     options.reverse_merge!(
@@ -41,11 +43,11 @@ class EmailsOnPushWorker
       end
     end
 
-    recipients.split(" ").each do |recipient|
+    recipients.split.each do |recipient|
       begin
-        Notify.repository_push_email(
-          project_id,
+        send_email(
           recipient,
+          project_id,
           author_id:                  author_id,
           ref:                        ref,
           action:                     action,
@@ -53,14 +55,29 @@ class EmailsOnPushWorker
           reverse_compare:            reverse_compare,
           send_from_committer_email:  send_from_committer_email,
           disable_diffs:              disable_diffs
-        ).deliver_now
+        )
+
       # These are input errors and won't be corrected even if Sidekiq retries
       rescue Net::SMTPFatalError, Net::SMTPSyntaxError => e
         logger.info("Failed to send e-mail for project '#{project.name_with_namespace}' to #{recipient}: #{e}")
       end
     end
   ensure
+    @email = nil
     compare = nil
     GC.start
   end
+
+  private
+
+  def send_email(recipient, project_id, options)
+    # Generating the body of this email can be expensive, so only do it once
+    @skip_premailer ||= email.present?
+    @email ||= Notify.repository_push_email(project_id, options)
+
+    email.to = recipient
+    email.add_message_id
+    email.header[:skip_premailer] = true if skip_premailer
+    email.deliver_now
+  end
 end
diff --git a/app/workers/repository_check/batch_worker.rb b/app/workers/repository_check/batch_worker.rb
index 44b3145d50f..a3e16fa5212 100644
--- a/app/workers/repository_check/batch_worker.rb
+++ b/app/workers/repository_check/batch_worker.rb
@@ -33,8 +33,8 @@ module RepositoryCheck
     # has to sit and wait for this query to finish.
     def project_ids
       limit = 10_000
-      never_checked_projects = Project.where('last_repository_check_at IS NULL').limit(limit).
-        pluck(:id)
+      never_checked_projects = Project.where('last_repository_check_at IS NULL AND created_at < ?', 24.hours.ago).
+        limit(limit).pluck(:id)
       old_check_projects = Project.where('last_repository_check_at < ?', 1.month.ago).
         reorder('last_repository_check_at ASC').limit(limit).pluck(:id)
       never_checked_projects + old_check_projects
diff --git a/app/workers/repository_check/single_repository_worker.rb b/app/workers/repository_check/single_repository_worker.rb
index a76729e3c74..f2d12ba5a7d 100644
--- a/app/workers/repository_check/single_repository_worker.rb
+++ b/app/workers/repository_check/single_repository_worker.rb
@@ -1,9 +1,9 @@
 module RepositoryCheck
   class SingleRepositoryWorker
     include Sidekiq::Worker
-  
+
     sidekiq_options retry: false
-  
+
     def perform(project_id)
       project = Project.find(project_id)
       project.update_columns(
@@ -11,20 +11,32 @@ module RepositoryCheck
         last_repository_check_at: Time.now,
       )
     end
-  
+
     private
-  
+
     def check(project)
-      repositories = [project.repository]
-      repositories << project.wiki.repository if project.wiki_enabled?
-      # Use 'map do', not 'all? do', to prevent short-circuiting
-      repositories.map { |repository| git_fsck(repository.path_to_repo) }.all?
+      if !git_fsck(project.repository)
+        false
+      elsif project.wiki_enabled?
+        # Historically some projects never had their wiki repos initialized;
+        # this happens on project creation now. Let's initialize an empty repo
+        # if it is not already there.
+        begin
+          project.create_wiki
+        rescue Rugged::RepositoryError
+        end
+
+        git_fsck(project.wiki.repository)
+      else
+        true
+      end
     end
-  
-    def git_fsck(path)
+
+    def git_fsck(repository)
+      path = repository.path_to_repo
       cmd = %W(nice git --git-dir=#{path} fsck)
       output, status = Gitlab::Popen.popen(cmd)
-  
+
       if status.zero?
         true
       else
diff --git a/app/workers/repository_import_worker.rb b/app/workers/repository_import_worker.rb
index 2937493c614..fbc7ed63c6a 100644
--- a/app/workers/repository_import_worker.rb
+++ b/app/workers/repository_import_worker.rb
@@ -13,7 +13,7 @@ class RepositoryImportWorker
     result = Projects::ImportService.new(project, current_user).execute
 
     if result[:status] == :error
-      project.update(import_error: result[:message])
+      project.update(import_error: Gitlab::UrlSanitizer.sanitize(result[:message]))
       project.import_fail
       return
     end
diff --git a/bin/background_jobs b/bin/background_jobs
index 1f67d732949..25a578a1c49 100755
--- a/bin/background_jobs
+++ b/bin/background_jobs
@@ -37,7 +37,7 @@ start_no_deamonize()
 
 start_sidekiq()
 {
-  bundle exec sidekiq -q post_receive -q mailers -q archive_repo -q system_hook -q project_web_hook -q gitlab_shell -q incoming_email -q runner -q common -q default -e $RAILS_ENV -P $sidekiq_pidfile "$@"
+  exec bundle exec sidekiq -q post_receive -q mailers -q archive_repo -q system_hook -q project_web_hook -q gitlab_shell -q incoming_email -q runner -q common -q default -e $RAILS_ENV -P $sidekiq_pidfile "$@"
 }
 
 load_ok()
diff --git a/bin/web b/bin/web
index 03fe7a6354b..ecd0bbd10b0 100755
--- a/bin/web
+++ b/bin/web
@@ -19,12 +19,12 @@ get_unicorn_pid()
 
 start()
 {
-  $unicorn_cmd -D
+  exec $unicorn_cmd -D
 }
 
 start_foreground()
 {
-  $unicorn_cmd
+  exec $unicorn_cmd
 }
 
 stop()
diff --git a/config/application.rb b/config/application.rb
index 2e2ed48db07..cba80f38f1f 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,23 +1,30 @@
 require File.expand_path('../boot', __FILE__)
 
 require 'rails/all'
-require 'devise'
-I18n.config.enforce_available_locales = false
+
 Bundler.require(:default, Rails.env)
-require_relative '../lib/gitlab/redis'
 
 module Gitlab
   class Application < Rails::Application
+    require_dependency Rails.root.join('lib/gitlab/redis')
+
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
 
-    # Custom directories with classes and modules you want to be autoloadable.
-    config.autoload_paths.push(*%W(#{config.root}/lib
-                                   #{config.root}/app/models/hooks
-                                   #{config.root}/app/models/concerns
-                                   #{config.root}/app/models/project_services
-                                   #{config.root}/app/models/members))
+    # Sidekiq uses eager loading, but directories not in the standard Rails
+    # directories must be added to the eager load paths:
+    # https://github.com/mperham/sidekiq/wiki/FAQ#why-doesnt-sidekiq-autoload-my-rails-application-code
+    # Also, there is no need to add `lib` to autoload_paths since autoloading is
+    # configured to check for eager loaded paths:
+    # https://github.com/rails/rails/blob/v4.2.6/railties/lib/rails/engine.rb#L687
+    # This is a nice reference article on autoloading/eager loading:
+    # http://blog.arkency.com/2014/11/dont-forget-about-eager-load-when-extending-autoload
+    config.eager_load_paths.push(*%W(#{config.root}/lib
+                                     #{config.root}/app/models/ci
+                                     #{config.root}/app/models/hooks
+                                     #{config.root}/app/models/members
+                                     #{config.root}/app/models/project_services))
 
     # Only load the plugins named here, in the order given (default is alphabetical).
     # :all can be used as a placeholder for all plugins not explicitly named.
@@ -32,7 +39,30 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables, :import_url)
+    # 
+    # Parameters filtered:
+    # - Password (:password, :password_confirmation)
+    # - Private tokens (:private_token)
+    # - Two-factor tokens (:otp_attempt)
+    # - Repo/Project Import URLs (:import_url)
+    # - Build variables (:variables)
+    # - GitLab Pages SSL cert/key info (:certificate, :encrypted_key)
+    # - Webhook URLs (:hook)
+    # - Sentry DSN (:sentry_dsn)
+    # - Deploy keys (:key)
+    config.filter_parameters += %i(
+      certificate
+      encrypted_key
+      hook
+      import_url
+      key
+      otp_attempt
+      password
+      password_confirmation
+      private_token
+      sentry_dsn
+      variables
+    )
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true
diff --git a/config/boot.rb b/config/boot.rb
index 4489e58688c..f2830ae3166 100644
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -3,4 +3,4 @@ require 'rubygems'
 # Set up gems listed in the Gemfile.
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
 
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 689694a3480..4f39016bfa4 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -36,7 +36,7 @@ Rails.application.configure do
   # For having correct urls in mails
   config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
   # Open sent mails in browser
-  config.action_mailer.delivery_method = :letter_opener
+  config.action_mailer.delivery_method = :letter_opener_web
   # Don't make a mess when bootstrapping a development environment
   config.action_mailer.perform_deliveries = (ENV['BOOTSTRAP'] != '1')
 
diff --git a/config/environments/test.rb b/config/environments/test.rb
index a703c0934f7..fb25d3a8b14 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -20,7 +20,7 @@ Rails.application.configure do
   config.action_dispatch.show_exceptions = false
 
   # Disable request forgery protection in test environment
-  config.action_controller.allow_forgery_protection    = false
+  config.action_controller.allow_forgery_protection = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
diff --git a/config/gitlab.teatro.yml b/config/gitlab.teatro.yml
index f0656400beb..01c8dc5ff98 100644
--- a/config/gitlab.teatro.yml
+++ b/config/gitlab.teatro.yml
@@ -15,7 +15,6 @@ production: &base
       issues: true
       merge_requests: true
       wiki: true
-      wall: false
       snippets: false
       visibility_level: "private"  # can be "private" | "internal" | "public"
 
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index d9c15f81404..0cef2794f4e 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -98,6 +98,7 @@ production: &base
       wiki: true
       snippets: false
       builds: true
+      container_registry: true
 
     ## Webhook settings
     # Number of seconds to wait for HTTP response after sending webhook HTTP POST request (default: 10)
@@ -152,7 +153,6 @@ production: &base
   ## Gravatar
   ## For Libravatar see: http://doc.gitlab.com/ce/customization/libravatar.html
   gravatar:
-    enabled: true                 # Use user avatar image from Gravatar.com (default: true)
     # gravatar urls: possible placeholders: %{hash} %{size} %{email}
     # plain_url: "http://..."     # default: http://www.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
     # ssl_url:   "https://..."    # default: https://secure.gravatar.com/avatar/%{hash}?s=%{size}&d=identicon
@@ -168,14 +168,23 @@ production: &base
     # once per hour you will have concurrent 'git fsck' jobs.
     repository_check_worker:
       cron: "20 * * * *"
-    # Send admin emails once a day
+    # Send admin emails once a week
     admin_email_worker:
-      cron: "0 0 * * *"
+      cron: "0 0 * * 0"
 
     # Remove outdated repository archives
     repository_archive_cache_worker:
       cron: "0 * * * *"
 
+  registry:
+    # enabled: true
+    # host: registry.example.com
+    # port: 5000
+    # api_url: http://localhost:5000/
+    # key: config/registry.key
+    # issuer: omnibus-certificate
+    # path: shared/registry
+
   #
   # 2. GitLab CI settings
   # ==========================
@@ -350,6 +359,8 @@ production: &base
       # - { name: 'github',
       #     app_id: 'YOUR_APP_ID',
       #     app_secret: 'YOUR_APP_SECRET',
+      #     url: "https://github.com/",
+      #     verify_ssl: true,
       #     args: { scope: 'user:email' } }
       # - { name: 'bitbucket',
       #     app_id: 'YOUR_APP_ID',
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 10c25044b75..124d63ce3ac 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -1,4 +1,4 @@
-require 'gitlab' # Load lib/gitlab.rb as soon as possible
+require_dependency Rails.root.join('lib/gitlab') # Load Gitlab as soon as possible
 
 class Settings < Settingslogic
   source ENV.fetch('GITLAB_CONFIG') { "#{Rails.root}/config/gitlab.yml" }
@@ -126,7 +126,7 @@ end
 
 
 Settings['omniauth'] ||= Settingslogic.new({})
-Settings.omniauth['enabled']      = false if Settings.omniauth['enabled'].nil?
+Settings.omniauth['enabled'] = false if Settings.omniauth['enabled'].nil?
 Settings.omniauth['auto_sign_in_with_provider'] = false if Settings.omniauth['auto_sign_in_with_provider'].nil?
 Settings.omniauth['allow_single_sign_on'] = false if Settings.omniauth['allow_single_sign_on'].nil?
 Settings.omniauth['external_providers'] = [] if Settings.omniauth['external_providers'].nil?
@@ -134,17 +134,41 @@ Settings.omniauth['block_auto_created_users'] = true if Settings.omniauth['block
 Settings.omniauth['auto_link_ldap_user'] = false if Settings.omniauth['auto_link_ldap_user'].nil?
 Settings.omniauth['auto_link_saml_user'] = false if Settings.omniauth['auto_link_saml_user'].nil?
 
-Settings.omniauth['providers']  ||= []
+Settings.omniauth['providers'] ||= []
 Settings.omniauth['cas3'] ||= Settingslogic.new({})
 Settings.omniauth.cas3['session_duration'] ||= 8.hours
 Settings.omniauth['session_tickets'] ||= Settingslogic.new({})
 Settings.omniauth.session_tickets['cas3'] = 'ticket'
 
+# Fill out omniauth-gitlab settings. It is needed for easy set up GHE or GH by just specifying url.
+
+github_default_url = "https://github.com"
+github_settings = Settings.omniauth['providers'].find { |provider| provider["name"] == "github" }
+
+if github_settings
+  # For compatibility with old config files (before 7.8)
+  # where people dont have url in github settings
+  if github_settings['url'].blank?
+    github_settings['url'] = github_default_url
+  end
+
+  github_settings["args"] ||= Settingslogic.new({})
+
+  if github_settings["url"].include?(github_default_url)
+    github_settings["args"]["client_options"] = OmniAuth::Strategies::GitHub.default_options[:client_options]
+  else
+    github_settings["args"]["client_options"] = {
+      "site"          => File.join(github_settings["url"], "api/v3"),
+      "authorize_url" => File.join(github_settings["url"], "login/oauth/authorize"),
+      "token_url"     => File.join(github_settings["url"], "login/oauth/access_token")
+    }
+  end
+end
 
 Settings['shared'] ||= Settingslogic.new({})
 Settings.shared['path'] = File.expand_path(Settings.shared['path'] || "shared", Rails.root)
 
-Settings['issues_tracker']  ||= {}
+Settings['issues_tracker'] ||= {}
 
 #
 # GitLab
@@ -159,7 +183,7 @@ Settings.gitlab['ssh_host']   ||= Settings.gitlab.host
 Settings.gitlab['https']        = false if Settings.gitlab['https'].nil?
 Settings.gitlab['port']       ||= Settings.gitlab.https ? 443 : 80
 Settings.gitlab['relative_url_root'] ||= ENV['RAILS_RELATIVE_URL_ROOT'] || ''
-Settings.gitlab['protocol']   ||= Settings.gitlab.https ? "https" : "http"
+Settings.gitlab['protocol'] ||= Settings.gitlab.https ? "https" : "http"
 Settings.gitlab['email_enabled'] ||= true if Settings.gitlab['email_enabled'].nil?
 Settings.gitlab['email_from'] ||= ENV['GITLAB_EMAIL_FROM'] || "gitlab@#{Settings.gitlab.host}"
 Settings.gitlab['email_display_name'] ||= ENV['GITLAB_EMAIL_DISPLAY_NAME'] || 'GitLab'
@@ -172,7 +196,7 @@ Settings.gitlab['user_home']  ||= begin
 rescue ArgumentError # no user configured
   '/home/' + Settings.gitlab['user']
 end
-Settings.gitlab['time_zone']  ||= nil
+Settings.gitlab['time_zone'] ||= nil
 Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].nil?
 Settings.gitlab['signin_enabled'] ||= true if Settings.gitlab['signin_enabled'].nil?
 Settings.gitlab['restricted_visibility_levels'] = Settings.send(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
@@ -182,12 +206,13 @@ Settings.gitlab['default_projects_features'] ||= {}
 Settings.gitlab['webhook_timeout'] ||= 10
 Settings.gitlab['max_attachment_size'] ||= 10
 Settings.gitlab['session_expire_delay'] ||= 10080
-Settings.gitlab.default_projects_features['issues']         = true if Settings.gitlab.default_projects_features['issues'].nil?
-Settings.gitlab.default_projects_features['merge_requests'] = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
-Settings.gitlab.default_projects_features['wiki']           = true if Settings.gitlab.default_projects_features['wiki'].nil?
-Settings.gitlab.default_projects_features['snippets']       = false if Settings.gitlab.default_projects_features['snippets'].nil?
-Settings.gitlab.default_projects_features['builds']         = true if Settings.gitlab.default_projects_features['builds'].nil?
-Settings.gitlab.default_projects_features['visibility_level']    = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
+Settings.gitlab.default_projects_features['issues']             = true if Settings.gitlab.default_projects_features['issues'].nil?
+Settings.gitlab.default_projects_features['merge_requests']     = true if Settings.gitlab.default_projects_features['merge_requests'].nil?
+Settings.gitlab.default_projects_features['wiki']               = true if Settings.gitlab.default_projects_features['wiki'].nil?
+Settings.gitlab.default_projects_features['snippets']           = false if Settings.gitlab.default_projects_features['snippets'].nil?
+Settings.gitlab.default_projects_features['builds']             = true if Settings.gitlab.default_projects_features['builds'].nil?
+Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil?
+Settings.gitlab.default_projects_features['visibility_level']   = Settings.send(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
 Settings.gitlab['repository_downloads_path'] = File.join(Settings.shared['path'], 'cache/archive') if Settings.gitlab['repository_downloads_path'].nil?
 Settings.gitlab['restricted_signup_domains'] ||= []
 Settings.gitlab['import_sources'] ||= ['github','bitbucket','gitlab','gitorious','google_code','fogbugz','git']
@@ -201,8 +226,8 @@ Settings['gitlab_ci'] ||= Settingslogic.new({})
 Settings.gitlab_ci['shared_runners_enabled'] = true if Settings.gitlab_ci['shared_runners_enabled'].nil?
 Settings.gitlab_ci['all_broken_builds']     = true if Settings.gitlab_ci['all_broken_builds'].nil?
 Settings.gitlab_ci['add_pusher']            = false if Settings.gitlab_ci['add_pusher'].nil?
-Settings.gitlab_ci['url']                   ||= Settings.send(:build_gitlab_ci_url)
 Settings.gitlab_ci['builds_path']           = File.expand_path(Settings.gitlab_ci['builds_path'] || "builds/", Rails.root)
+Settings.gitlab_ci['url']                 ||= Settings.send(:build_gitlab_ci_url)
 
 #
 # Reply by email
@@ -216,7 +241,20 @@ Settings.incoming_email['enabled'] = false if Settings.incoming_email['enabled']
 Settings['artifacts'] ||= Settingslogic.new({})
 Settings.artifacts['enabled']      = true if Settings.artifacts['enabled'].nil?
 Settings.artifacts['path']         = File.expand_path(Settings.artifacts['path'] || File.join(Settings.shared['path'], "artifacts"), Rails.root)
-Settings.artifacts['max_size']    ||= 100 # in megabytes
+Settings.artifacts['max_size']   ||= 100 # in megabytes
+
+#
+# Registry
+#
+Settings['registry'] ||= Settingslogic.new({})
+Settings.registry['enabled']       ||= false
+Settings.registry['host']          ||= "example.com"
+Settings.registry['port']          ||= nil
+Settings.registry['api_url']       ||= "http://localhost:5000/"
+Settings.registry['key']           ||= nil
+Settings.registry['issuer']        ||= nil
+Settings.registry['host_port']     ||= [Settings.registry['host'], Settings.registry['port']].compact.join(':')
+Settings.registry['path']            = File.expand_path(Settings.registry['path'] || File.join(Settings.shared['path'], 'registry'), Rails.root)
 
 #
 # Git LFS
@@ -245,7 +283,7 @@ Settings.cron_jobs['repository_check_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_check_worker']['cron'] ||= '20 * * * *'
 Settings.cron_jobs['repository_check_worker']['job_class'] = 'RepositoryCheck::BatchWorker'
 Settings.cron_jobs['admin_email_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * *'
+Settings.cron_jobs['admin_email_worker']['cron'] ||= '0 0 * * 0'
 Settings.cron_jobs['admin_email_worker']['job_class'] = 'AdminEmailWorker'
 Settings.cron_jobs['repository_archive_cache_worker'] ||= Settingslogic.new({})
 Settings.cron_jobs['repository_archive_cache_worker']['cron'] ||= '0 * * * *'
@@ -274,7 +312,7 @@ Settings['backup'] ||= Settingslogic.new({})
 Settings.backup['keep_time']  ||= 0
 Settings.backup['pg_schema']    = nil
 Settings.backup['path']         = File.expand_path(Settings.backup['path'] || "tmp/backups/", Rails.root)
-Settings.backup['archive_permissions']          ||= 0600
+Settings.backup['archive_permissions'] ||= 0600
 Settings.backup['upload'] ||= Settingslogic.new({ 'remote_directory' => nil, 'connection' => nil })
 # Convert upload connection settings to use symbol keys, to make Fog happy
 if Settings.backup['upload']['connection']
diff --git a/config/initializers/5_backend.rb b/config/initializers/5_backend.rb
index 80d641d73a3..e026151a032 100644
--- a/config/initializers/5_backend.rb
+++ b/config/initializers/5_backend.rb
@@ -1,11 +1,11 @@
 # GIT over HTTP
-require Rails.root.join("lib", "gitlab", "backend", "grack_auth")
+require_dependency Rails.root.join('lib/gitlab/backend/grack_auth')
 
 # GIT over SSH
-require Rails.root.join("lib", "gitlab", "backend", "shell")
+require_dependency Rails.root.join('lib/gitlab/backend/shell')
 
 # GitLab shell adapter
-require Rails.root.join("lib", "gitlab", "backend", "shell_adapter")
+require_dependency Rails.root.join('lib/gitlab/backend/shell_adapter')
 
 required_version = Gitlab::VersionInfo.parse(Gitlab::Shell.version_required)
 current_version = Gitlab::VersionInfo.parse(Gitlab::Shell.new.version)
diff --git a/config/initializers/carrierwave.rb b/config/initializers/carrierwave.rb
index df28d30d750..1933afcbfb1 100644
--- a/config/initializers/carrierwave.rb
+++ b/config/initializers/carrierwave.rb
@@ -2,7 +2,7 @@ CarrierWave::SanitizedFile.sanitize_regexp = /[^[:word:]\.\-\+]/
 
 aws_file = Rails.root.join('config', 'aws.yml')
 
-if File.exists?(aws_file)
+if File.exist?(aws_file)
   AWS_CONFIG = YAML.load(File.read(aws_file))[Rails.env]
 
   CarrierWave.configure do |config|
@@ -20,7 +20,7 @@ if File.exists?(aws_file)
     config.fog_public = false
 
     # optional, defaults to {}
-    config.fog_attributes = { 'Cache-Control'=>'max-age=315576000' }
+    config.fog_attributes = { 'Cache-Control' => 'max-age=315576000' }
 
     # optional time (in seconds) that authenticated urls will be valid.
     # when fog_public is false and provider is AWS or Google, defaults to 600
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 31dceaebcad..021bdb11251 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -243,7 +243,7 @@ Devise.setup do |config|
     when Hash
       # Add procs for handling SLO
       if provider['name'] == 'cas3'
-        provider['args'][:on_single_sign_out]  = lambda do |request|
+        provider['args'][:on_single_sign_out] = lambda do |request|
           ticket = request.params[:session_index]
           raise "Service Ticket not found." unless Gitlab::OAuth::Session.valid?(:cas3, ticket)
           Gitlab::OAuth::Session.destroy(:cas3, ticket)
diff --git a/config/initializers/health_check.rb b/config/initializers/health_check.rb
new file mode 100644
index 00000000000..79e2d23ab2e
--- /dev/null
+++ b/config/initializers/health_check.rb
@@ -0,0 +1,3 @@
+HealthCheck.setup do |config|
+  config.standard_checks = ['database', 'migrations', 'cache']
+end
diff --git a/config/initializers/metrics.rb b/config/initializers/metrics.rb
index 283936d0efc..2338916e9da 100644
--- a/config/initializers/metrics.rb
+++ b/config/initializers/metrics.rb
@@ -61,12 +61,30 @@ if Gitlab::Metrics.enabled?
       config.instrument_instance_methods(const)
     end
 
-    Dir[Rails.root.join('app', 'finders', '*.rb')].each do |path|
-      const = File.basename(path, '.rb').camelize.constantize
+    # Path to search => prefix to strip from constant
+    paths_to_instrument = {
+      ['app', 'finders']                    => ['app', 'finders'],
+      ['app', 'mailers', 'emails']          => ['app', 'mailers'],
+      ['app', 'services', '**']             => ['app', 'services'],
+      ['lib', 'gitlab', 'diff']             => ['lib'],
+      ['lib', 'gitlab', 'email', 'message'] => ['lib']
+    }
 
-      config.instrument_instance_methods(const)
+    paths_to_instrument.each do |(path, prefix)|
+      prefix = Rails.root.join(*prefix)
+
+      Dir[Rails.root.join(*path + ['*.rb'])].each do |file_path|
+        path = Pathname.new(file_path).relative_path_from(prefix)
+        const = path.to_s.sub('.rb', '').camelize.constantize
+
+        config.instrument_methods(const)
+        config.instrument_instance_methods(const)
+      end
     end
 
+    config.instrument_methods(Premailer::Adapter::Nokogiri)
+    config.instrument_instance_methods(Premailer::Adapter::Nokogiri)
+
     [
       :Blame, :Branch, :BranchCollection, :Blob, :Commit, :Diff, :Repository,
       :Tag, :TagCollection, :Tree
@@ -97,20 +115,11 @@ if Gitlab::Metrics.enabled?
     config.instrument_methods(Gitlab::ReferenceExtractor)
     config.instrument_instance_methods(Gitlab::ReferenceExtractor)
 
-    # Instrument all service classes
-    services = Rails.root.join('app', 'services')
-
-    Dir[services.join('**', '*.rb')].each do |file_path|
-      path = Pathname.new(file_path).relative_path_from(services)
-      const = path.to_s.sub('.rb', '').camelize.constantize
-
-      config.instrument_methods(const)
-      config.instrument_instance_methods(const)
-    end
-
     # Instrument the classes used for checking if somebody has push access.
     config.instrument_instance_methods(Gitlab::GitAccess)
     config.instrument_instance_methods(Gitlab::GitAccessWiki)
+
+    config.instrument_instance_methods(API::Helpers)
   end
 
   GC::Profiler.enable
diff --git a/config/initializers/monkey_patch.rb b/config/initializers/monkey_patch.rb
deleted file mode 100644
index 62b05a55285..00000000000
--- a/config/initializers/monkey_patch.rb
+++ /dev/null
@@ -1,48 +0,0 @@
-## This patch is from rails 4.2-stable. Remove it when 4.2.6 is released
-## https://github.com/rails/rails/issues/21108
-
-module ActiveRecord
-  module ConnectionAdapters
-    class AbstractMysqlAdapter < AbstractAdapter
-      # SHOW VARIABLES LIKE 'name'
-      def show_variable(name)
-        variables = select_all("select @@#{name} as 'Value'", 'SCHEMA')
-        variables.first['Value'] unless variables.empty?
-      rescue ActiveRecord::StatementInvalid
-        nil
-      end
-
-      
-      # MySQL is too stupid to create a temporary table for use subquery, so we have
-      # to give it some prompting in the form of a subsubquery. Ugh!
-      def subquery_for(key, select)
-        subsubselect = select.clone
-        subsubselect.projections = [key]
-
-        subselect = Arel::SelectManager.new(select.engine)
-        subselect.project Arel.sql(key.name)
-        # Materialized subquery by adding distinct
-        # to work with MySQL 5.7.6 which sets optimizer_switch='derived_merge=on'
-        subselect.from subsubselect.distinct.as('__active_record_temp')
-      end
-    end
-  end
-end
-
-module ActiveRecord
-  module ConnectionAdapters
-    class MysqlAdapter < AbstractMysqlAdapter
-      ADAPTER_NAME = 'MySQL'.freeze
-
-      # Get the client encoding for this database
-      def client_encoding
-        return @client_encoding if @client_encoding
-
-        result = exec_query(
-          "select @@character_set_client",
-          'SCHEMA')
-        @client_encoding = ENCODINGS[result.rows.last.last]
-      end
-    end
-  end
-end
diff --git a/config/initializers/rack_attack.rb.example b/config/initializers/rack_attack.rb.example
index b1bbcca1d61..30d05f16153 100644
--- a/config/initializers/rack_attack.rb.example
+++ b/config/initializers/rack_attack.rb.example
@@ -17,8 +17,9 @@ paths_to_be_protected = [
 # Create one big regular expression that matches strings starting with any of
 # the paths_to_be_protected.
 paths_regex = Regexp.union(paths_to_be_protected.map { |path| /\A#{Regexp.escape(path)}/ })
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
 
-unless Rails.env.test?
+unless Rails.env.test? || !rack_attack_enabled
   Rack::Attack.throttle('protected paths', limit: 10, period: 60.seconds) do |req|
     if req.post? && req.path =~ paths_regex
       req.ip
diff --git a/config/initializers/rack_attack_git_basic_auth.rb b/config/initializers/rack_attack_git_basic_auth.rb
index bbbfed68329..6a721826170 100644
--- a/config/initializers/rack_attack_git_basic_auth.rb
+++ b/config/initializers/rack_attack_git_basic_auth.rb
@@ -1,4 +1,6 @@
-unless Rails.env.test?
+rack_attack_enabled = Gitlab.config.rack_attack.git_basic_auth['enabled']
+
+unless Rails.env.test? || !rack_attack_enabled
   # Tell the Rack::Attack Rack middleware to maintain an IP blacklist. We will
   # update the blacklist from Grack::Auth#authenticate_user.
   Rack::Attack.blacklist('Git HTTP Basic Auth') do |req|
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index e87899b2d5c..74fef7cadfe 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -15,6 +15,9 @@ if Rails.env.production?
     Raven.configure do |config|
       config.dsn = current_application_settings.sentry_dsn
       config.release = Gitlab::REVISION
+      
+      # Sanitize fields based on those sanitized from Rails.
+      config.sanitize_fields = Rails.application.config.filter_parameters.map(&:to_s)
     end
   end
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 88cb859871c..599dabb9e50 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -22,7 +22,7 @@ else
     key: '_gitlab_session',
     secure: Gitlab.config.gitlab.https,
     httponly: true,
-    expire_after: Settings.gitlab['session_expire_delay'] * 60,
+    expires_in: Settings.gitlab['session_expire_delay'] * 60,
     path: (Rails.application.config.relative_url_root.nil?) ? '/' : Gitlab::Application.config.relative_url_root
   )
 end
diff --git a/config/initializers/trusted_proxies.rb b/config/initializers/trusted_proxies.rb
index b8cc025bae2..d256a16d42b 100644
--- a/config/initializers/trusted_proxies.rb
+++ b/config/initializers/trusted_proxies.rb
@@ -1,2 +1,3 @@
-Rails.application.config.action_dispatch.trusted_proxies =
+Rails.application.config.action_dispatch.trusted_proxies = (
   [ '127.0.0.1', '::1' ] + Array(Gitlab.config.gitlab.trusted_proxies)
+).map { |proxy| IPAddr.new(proxy) }
diff --git a/config/routes.rb b/config/routes.rb
index 2f820aafed1..09264b5493e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,16 +16,18 @@ Rails.application.routes.draw do
     end
   end
 
-  # Make the built-in Rails routes available in development, otherwise they'd
-  # get swallowed by the `namespace/project` route matcher below.
-  #
-  # See https://git.io/va79N
   if Rails.env.development?
+    # Make the built-in Rails routes available in development, otherwise they'd
+    # get swallowed by the `namespace/project` route matcher below.
+    #
+    # See https://git.io/va79N
     get '/rails/mailers'         => 'rails/mailers#index'
     get '/rails/mailers/:path'   => 'rails/mailers#preview'
     get '/rails/info/properties' => 'rails/info#properties'
     get '/rails/info/routes'     => 'rails/info#routes'
     get '/rails/info'            => 'rails/info#index'
+
+    mount LetterOpenerWeb::Engine, at: '/rails/letter_opener'
   end
 
   namespace :ci do
@@ -62,6 +64,9 @@ Rails.application.routes.draw do
   get 'search' => 'search#show'
   get 'search/autocomplete' => 'search#autocomplete', as: :search_autocomplete
 
+  # JSON Web Token
+  get 'jwt/auth' => 'jwt#auth'
+
   # API
   API::API.logger Rails.logger
   mount API::API => '/api'
@@ -71,6 +76,9 @@ Rails.application.routes.draw do
     mount Sidekiq::Web, at: '/admin/sidekiq', as: :sidekiq
   end
 
+  # Health check
+  get 'health_check(/:checks)' => 'health_check#index', as: :health_check
+
   # Enable Grack support
   mount Grack::AuthSpawner, at: '/', constraints: lambda { |request| /[-\/\w\.]+\.git\//.match(request.path_info) }, via: [:get, :post, :put]
 
@@ -78,7 +86,7 @@ Rails.application.routes.draw do
   get 'help'                  => 'help#index'
   get 'help/:category/:file'  => 'help#show', as: :help_page, constraints: { category: /.*/, file: /[^\/\.]+/ }
   get 'help/shortcuts'
-  get 'help/ui'               => 'help#ui'
+  get 'help/ui' => 'help#ui'
 
   #
   # Global snippets
@@ -89,7 +97,8 @@ Rails.application.routes.draw do
     end
   end
 
-  get '/s/:username' => 'snippets#index', as: :user_snippets, constraints: { username: /.*/ }
+  get '/s/:username', to: redirect('/u/%{username}/snippets'),
+                      constraints: { username: /[a-zA-Z.0-9_\-]+(?<!\.atom)/ }
 
   #
   # Invites
@@ -212,8 +221,6 @@ Rails.application.routes.draw do
       resources :keys, only: [:show, :destroy]
       resources :identities, except: [:show]
 
-      delete 'stop_impersonation' => 'impersonation#destroy', on: :collection
-
       member do
         get :projects
         get :keys
@@ -223,12 +230,14 @@ Rails.application.routes.draw do
         put :unblock
         put :unlock
         put :confirm
-        post 'impersonate' => 'impersonation#create'
+        post :impersonate
         patch :disable_two_factor
         delete 'remove/:email_id', action: 'remove_email', as: 'remove_email'
       end
     end
 
+    resource :impersonation, only: :destroy
+
     resources :abuse_reports, only: [:index, :destroy]
     resources :spam_logs, only: [:index, :destroy]
 
@@ -251,6 +260,7 @@ Rails.application.routes.draw do
     end
 
     resource :logs, only: [:show]
+    resource :health_check, controller: 'health_check', only: [:show]
     resource :background_jobs, controller: 'background_jobs', only: [:show]
 
     resources :namespaces, path: '/projects', constraints: { id: /[a-zA-Z.0-9_\-]+/ }, only: [] do
@@ -282,6 +292,7 @@ Rails.application.routes.draw do
     resource :application_settings, only: [:show, :update] do
       resources :services
       put :reset_runners_token
+      put :reset_health_check_token
       put :clear_repository_check_states
     end
 
@@ -340,23 +351,18 @@ Rails.application.routes.draw do
     end
   end
 
-  get 'u/:username/calendar' => 'users#calendar', as: :user_calendar,
-      constraints: { username: /.*/ }
-
-  get 'u/:username/calendar_activities' => 'users#calendar_activities', as: :user_calendar_activities,
-      constraints: { username: /.*/ }
-
-  get 'u/:username/groups' => 'users#groups', as: :user_groups,
-      constraints: { username: /.*/ }
-
-  get 'u/:username/projects' => 'users#projects', as: :user_projects,
-      constraints: { username: /.*/ }
-
-  get 'u/:username/contributed' => 'users#contributed', as: :user_contributed_projects,
-      constraints: { username: /.*/ }
-
-  get '/u/:username' => 'users#show', as: :user,
-      constraints: { username: /[a-zA-Z.0-9_\-]+(?<!\.atom)/ }
+  scope(path: 'u/:username',
+        as: :user,
+        constraints: { username: /[a-zA-Z.0-9_\-]+(?<!\.atom)/ },
+        controller: :users) do
+    get :calendar
+    get :calendar_activities
+    get :groups
+    get :projects
+    get :contributed, as: :contributed_projects
+    get :snippets
+    get '/', action: :show
+  end
 
   #
   # Dashboard Area
@@ -670,6 +676,7 @@ Rails.application.routes.draw do
             post :cancel
             post :retry
             post :erase
+            get :trace
             get :raw
           end
 
@@ -686,6 +693,8 @@ Rails.application.routes.draw do
           end
         end
 
+        resources :container_registry, only: [:index, :destroy], constraints: { id: Gitlab::Regex.container_registry_reference_regex }
+
         resources :milestones, constraints: { id: /\d+/ } do
           member do
             put :sort_issues
@@ -708,6 +717,7 @@ Rails.application.routes.draw do
             post :toggle_subscription
             get :referenced_merge_requests
             get :related_branches
+            get :can_create_branch
           end
           collection do
             post  :bulk_update
diff --git a/db/fixtures/development/10_merge_requests.rb b/db/fixtures/development/10_merge_requests.rb
index 0825776ffaa..87fb8e3300d 100644
--- a/db/fixtures/development/10_merge_requests.rb
+++ b/db/fixtures/development/10_merge_requests.rb
@@ -1,6 +1,9 @@
 Gitlab::Seeder.quiet do
+  # Limit the number of merge requests per project to avoid long seeds
+  MAX_NUM_MERGE_REQUESTS = 10
+
   Project.all.reject(&:empty_repo?).each do |project|
-    branches = project.repository.branch_names
+    branches = project.repository.branch_names.sample(MAX_NUM_MERGE_REQUESTS * 2)
 
     branches.each do |branch_name|
       break if branches.size < 2
diff --git a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
index 8a351cf27a3..561c18a5776 100644
--- a/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
+++ b/db/migrate/20160302152808_remove_wrong_import_url_from_projects.rb
@@ -24,7 +24,7 @@ class RemoveWrongImportUrlFromProjects < ActiveRecord::Migration
   def process_projects_with_wrong_url
     projects_with_wrong_import_url.each do |project|
       begin
-        import_url = Gitlab::ImportUrl.new(project["import_url"])
+        import_url = Gitlab::UrlSanitizer.new(project["import_url"])
 
         update_import_url(import_url, project)
         update_import_data(import_url, project)
diff --git a/db/migrate/20160407120251_add_images_enabled_for_project.rb b/db/migrate/20160407120251_add_images_enabled_for_project.rb
new file mode 100644
index 00000000000..47f0ca8e8de
--- /dev/null
+++ b/db/migrate/20160407120251_add_images_enabled_for_project.rb
@@ -0,0 +1,5 @@
+class AddImagesEnabledForProject < ActiveRecord::Migration
+  def change
+    add_column :projects, :container_registry_enabled, :boolean
+  end
+end
diff --git a/db/migrate/20160413115152_add_token_to_web_hooks.rb b/db/migrate/20160413115152_add_token_to_web_hooks.rb
new file mode 100644
index 00000000000..f04225068cd
--- /dev/null
+++ b/db/migrate/20160413115152_add_token_to_web_hooks.rb
@@ -0,0 +1,5 @@
+class AddTokenToWebHooks < ActiveRecord::Migration
+  def change
+    add_column :web_hooks, :token, :string
+  end
+end
diff --git a/db/migrate/20160504091942_add_disabled_oauth_sign_in_sources_to_application_settings.rb b/db/migrate/20160504091942_add_disabled_oauth_sign_in_sources_to_application_settings.rb
new file mode 100644
index 00000000000..facd33875ba
--- /dev/null
+++ b/db/migrate/20160504091942_add_disabled_oauth_sign_in_sources_to_application_settings.rb
@@ -0,0 +1,5 @@
+class AddDisabledOauthSignInSourcesToApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :disabled_oauth_sign_in_sources, :text
+  end
+end
diff --git a/db/migrate/20160508194200_remove_wall_enabled_from_projects.rb b/db/migrate/20160508194200_remove_wall_enabled_from_projects.rb
new file mode 100644
index 00000000000..aa560bc0f0c
--- /dev/null
+++ b/db/migrate/20160508194200_remove_wall_enabled_from_projects.rb
@@ -0,0 +1,5 @@
+class RemoveWallEnabledFromProjects < ActiveRecord::Migration
+  def change
+    remove_column :projects, :wall_enabled, :boolean, default: true, null: false
+  end
+end
diff --git a/db/migrate/20160508215820_add_type_to_notes.rb b/db/migrate/20160508215820_add_type_to_notes.rb
new file mode 100644
index 00000000000..58944d4e651
--- /dev/null
+++ b/db/migrate/20160508215820_add_type_to_notes.rb
@@ -0,0 +1,5 @@
+class AddTypeToNotes < ActiveRecord::Migration
+  def change
+    add_column :notes, :type, :string
+  end
+end
diff --git a/db/migrate/20160508221410_set_type_on_legacy_diff_notes.rb b/db/migrate/20160508221410_set_type_on_legacy_diff_notes.rb
new file mode 100644
index 00000000000..c3f23d89d5a
--- /dev/null
+++ b/db/migrate/20160508221410_set_type_on_legacy_diff_notes.rb
@@ -0,0 +1,5 @@
+class SetTypeOnLegacyDiffNotes < ActiveRecord::Migration
+  def change
+    execute "UPDATE notes SET type = 'LegacyDiffNote' WHERE line_code IS NOT NULL"
+  end
+end
diff --git a/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb b/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb
new file mode 100644
index 00000000000..9d729fec189
--- /dev/null
+++ b/db/migrate/20160509201028_add_health_check_access_token_to_application_settings.rb
@@ -0,0 +1,5 @@
+class AddHealthCheckAccessTokenToApplicationSettings < ActiveRecord::Migration
+  def change
+    add_column :application_settings, :health_check_access_token, :string
+  end
+end
diff --git a/db/migrate/20160516174813_add_send_user_confirmation_email_to_application_settings.rb b/db/migrate/20160516174813_add_send_user_confirmation_email_to_application_settings.rb
new file mode 100644
index 00000000000..c34e7ba5409
--- /dev/null
+++ b/db/migrate/20160516174813_add_send_user_confirmation_email_to_application_settings.rb
@@ -0,0 +1,12 @@
+class AddSendUserConfirmationEmailToApplicationSettings < ActiveRecord::Migration
+  def up
+    add_column :application_settings, :send_user_confirmation_email, :boolean, default: false
+
+    #Sets confirmation email to true by default on existing installations.
+    execute "UPDATE application_settings SET send_user_confirmation_email=true"
+  end
+
+  def down
+    remove_column :application_settings, :send_user_confirmation_email
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 42457d92353..af4f4c609e7 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160421130527) do
+ActiveRecord::Schema.define(version: 20160509201028) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -70,16 +70,18 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.string   "recaptcha_site_key"
     t.string   "recaptcha_private_key"
     t.integer  "metrics_port",                      default: 8089
+    t.boolean  "akismet_enabled",                   default: false
+    t.string   "akismet_api_key"
     t.integer  "metrics_sample_interval",           default: 15
     t.boolean  "sentry_enabled",                    default: false
     t.string   "sentry_dsn"
-    t.boolean  "akismet_enabled",                   default: false
-    t.string   "akismet_api_key"
     t.boolean  "email_author_in_body",              default: false
     t.integer  "default_group_visibility"
     t.boolean  "repository_checks_enabled",         default: false
-    t.integer  "metrics_packet_size",               default: 1
     t.text     "shared_runners_text"
+    t.integer  "metrics_packet_size",               default: 1
+    t.text     "disabled_oauth_sign_in_sources"
+    t.string   "health_check_access_token"
   end
 
   create_table "audit_events", force: :cascade do |t|
@@ -426,10 +428,10 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.string   "state"
     t.integer  "iid"
     t.integer  "updated_by_id"
-    t.integer  "moved_to_id"
     t.boolean  "confidential",  default: false
     t.datetime "deleted_at"
     t.date     "due_date"
+    t.integer  "moved_to_id"
   end
 
   add_index "issues", ["assignee_id"], name: "index_issues_on_assignee_id", using: :btree
@@ -630,10 +632,11 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.string   "line_code"
     t.string   "commit_id"
     t.integer  "noteable_id"
-    t.boolean  "system",        default: false, null: false
+    t.boolean  "system",            default: false, null: false
     t.text     "st_diff"
     t.integer  "updated_by_id"
-    t.boolean  "is_award",      default: false, null: false
+    t.boolean  "is_award",          default: false, null: false
+    t.string   "type"
   end
 
   add_index "notes", ["author_id"], name: "index_notes_on_author_id", using: :btree
@@ -716,8 +719,8 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.integer "project_id"
     t.text    "data"
     t.text    "encrypted_credentials"
-    t.text    "encrypted_credentials_iv"
-    t.text    "encrypted_credentials_salt"
+    t.string  "encrypted_credentials_iv"
+    t.string  "encrypted_credentials_salt"
   end
 
   create_table "projects", force: :cascade do |t|
@@ -728,7 +731,6 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.datetime "updated_at"
     t.integer  "creator_id"
     t.boolean  "issues_enabled",               default: true,     null: false
-    t.boolean  "wall_enabled",                 default: true,     null: false
     t.boolean  "merge_requests_enabled",       default: true,     null: false
     t.boolean  "wiki_enabled",                 default: true,     null: false
     t.integer  "namespace_id"
@@ -760,6 +762,7 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.integer  "pushes_since_gc",              default: 0
     t.boolean  "last_repository_check_failed"
     t.datetime "last_repository_check_at"
+    t.boolean  "container_registry_enabled"
   end
 
   add_index "projects", ["builds_enabled", "shared_runners_enabled"], name: "index_projects_on_builds_enabled_and_shared_runners_enabled", using: :btree
@@ -816,9 +819,9 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.string   "type"
     t.string   "title"
     t.integer  "project_id"
-    t.datetime "created_at",                               null: false
-    t.datetime "updated_at",                               null: false
-    t.boolean  "active",                                   null: false
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.boolean  "active",                default: false,    null: false
     t.text     "properties"
     t.boolean  "template",              default: false
     t.boolean  "push_events",           default: true
@@ -1025,6 +1028,7 @@ ActiveRecord::Schema.define(version: 20160421130527) do
     t.boolean  "enable_ssl_verification",              default: true
     t.boolean  "build_events",                         default: false,         null: false
     t.boolean  "wiki_page_events",                     default: false,         null: false
+    t.string   "token"
   end
 
   add_index "web_hooks", ["created_at", "id"], name: "index_web_hooks_on_created_at_and_id", using: :btree
diff --git a/doc/administration/environment_variables.md b/doc/administration/environment_variables.md
index 43ab153d76d..7f53915a4d7 100644
--- a/doc/administration/environment_variables.md
+++ b/doc/administration/environment_variables.md
@@ -58,4 +58,4 @@ to the naming scheme `GITLAB_#{name in 1_settings.rb in upper case}`.
 
 It's possible to preconfigure the GitLab docker image by adding the environment
 variable `GITLAB_OMNIBUS_CONFIG` to the `docker run` command.
-For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](http://doc.gitlab.com/omnibus/docker/#preconfigure-docker-container).
+For more information see the ['preconfigure-docker-container' section in the Omnibus documentation](http://docs.gitlab.com/omnibus/docker/#preconfigure-docker-container).
diff --git a/doc/administration/high_availability/load_balancer.md b/doc/administration/high_availability/load_balancer.md
index b1fe34ed9a1..136f570ac27 100644
--- a/doc/administration/high_availability/load_balancer.md
+++ b/doc/administration/high_availability/load_balancer.md
@@ -60,4 +60,4 @@ Read more on high-availability configuration:
       configure custom domains with custom SSL, which would not be possible
       if SSL was terminated at the load balancer.
 
-[gitlab-pages]: http://doc.gitlab.com/ee/pages/administration.html
+[gitlab-pages]: http://docs.gitlab.com/ee/pages/administration.html
diff --git a/doc/administration/high_availability/nfs.md b/doc/administration/high_availability/nfs.md
index e4e124e200a..49ff5d536a1 100644
--- a/doc/administration/high_availability/nfs.md
+++ b/doc/administration/high_availability/nfs.md
@@ -113,4 +113,4 @@ Read more on high-availability configuration:
 1. [Configure the GitLab application servers](gitlab.md)
 1. [Configure the load balancers](load_balancer.md)
 
-[udp-log-shipping]: http://doc.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping"
+[udp-log-shipping]: http://docs.gitlab.com/omnibus/settings/logs.html#udp-log-shipping-gitlab-enterprise-edition-only "UDP log shipping"
diff --git a/doc/api/README.md b/doc/api/README.md
index ff039f1886f..27c5962decf 100644
--- a/doc/api/README.md
+++ b/doc/api/README.md
@@ -33,7 +33,7 @@ following locations:
 - [Build triggers](build_triggers.md)
 - [Build Variables](build_variables.md)
 - [Runners](runners.md)
-- [Licenses](licenses.md)
+- [Open source license templates](licenses.md)
 
 ## Authentication
 
diff --git a/doc/api/build_triggers.md b/doc/api/build_triggers.md
index 4a12e962b62..0881a7d7a90 100644
--- a/doc/api/build_triggers.md
+++ b/doc/api/build_triggers.md
@@ -101,8 +101,18 @@ DELETE /projects/:id/triggers/:token
 | Attribute | Type    | required | Description              |
 |-----------|---------|----------|--------------------------|
 | `id`      | integer | yes      | The ID of a project      |
-| `token`   | string  | yes      | The `token` of a project |
+| `token`   | string  | yes      | The `token` of a trigger |
 
 ```
 curl -X DELETE -H "PRIVATE_TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/1/triggers/7b9148c158980bbd9bcea92c17522d"
 ```
+
+```json
+{
+    "created_at": "2015-12-23T16:25:56.760Z",
+    "deleted_at": "2015-12-24T12:32:20.100Z",
+    "last_used": null,
+    "token": "7b9148c158980bbd9bcea92c17522d",
+    "updated_at": "2015-12-24T12:32:20.100Z"
+}
+```
diff --git a/doc/api/commits.md b/doc/api/commits.md
index 6341440c58b..57c2e1d9b87 100644
--- a/doc/api/commits.md
+++ b/doc/api/commits.md
@@ -12,6 +12,8 @@ GET /projects/:id/repository/commits
 | --------- | ---- | -------- | ----------- |
 | `id` | integer | yes | The ID of a project |
 | `ref_name` | string | no | The name of a repository branch or tag or if not given the default branch |
+| `since` | string | no | Only commits after or in this date will be returned in ISO 8601 format YYYY-MM-DDTHH:MM:SSZ |
+| `until` | string | no | Only commits before or in this date will be returned in ISO 8601 format YYYY-MM-DDTHH:MM:SSZ |
 
 ```bash
 curl -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/5/repository/commits"
diff --git a/doc/api/issues.md b/doc/api/issues.md
index 3e78149f442..fc7a7ae0c0c 100644
--- a/doc/api/issues.md
+++ b/doc/api/issues.md
@@ -77,7 +77,8 @@ Example response:
       "created_at" : "2016-01-04T15:31:51.081Z",
       "iid" : 6,
       "labels" : [],
-      "subscribed" : false
+      "subscribed" : false,
+      "user_notes_count": 1
    }
 ]
 ```
@@ -154,7 +155,8 @@ Example response:
       "title" : "Ut commodi ullam eos dolores perferendis nihil sunt.",
       "updated_at" : "2016-01-04T15:31:46.176Z",
       "created_at" : "2016-01-04T15:31:46.176Z",
-      "subscribed" : false
+      "subscribed" : false,
+      "user_notes_count": 1
    }
 ]
 ```
@@ -216,7 +218,8 @@ Example response:
    "title" : "Ut commodi ullam eos dolores perferendis nihil sunt.",
    "updated_at" : "2016-01-04T15:31:46.176Z",
    "created_at" : "2016-01-04T15:31:46.176Z",
-   "subscribed": false
+   "subscribed": false,
+   "user_notes_count": 1
 }
 ```
 
@@ -271,7 +274,8 @@ Example response:
    "description" : null,
    "updated_at" : "2016-01-07T12:44:33.959Z",
    "milestone" : null,
-   "subscribed" : true
+   "subscribed" : true,
+   "user_notes_count": 0
 }
 ```
 
@@ -329,7 +333,8 @@ Example response:
    "id" : 85,
    "assignee" : null,
    "milestone" : null,
-   "subscribed" : true
+   "subscribed" : true,
+   "user_notes_count": 0
 }
 ```
 
diff --git a/doc/api/labels.md b/doc/api/labels.md
index 3730c07c5a7..b857d81768e 100644
--- a/doc/api/labels.md
+++ b/doc/api/labels.md
@@ -165,3 +165,73 @@ Example response:
    "description": "Documentation"
 }
 ```
+
+## Subscribe to a label
+
+Subscribes the authenticated user to a label to receive notifications. If the
+operation is successful, status code `201` together with the updated label is
+returned. If the user is already subscribed to the label, the status code `304`
+is returned. If the project or label is not found, status code `404` is
+returned.
+
+```
+POST /projects/:id/labels/:label_id/subscription
+```
+
+| Attribute  | Type              | Required | Description                          |
+| ---------- | ----------------- | -------- | ------------------------------------ |
+| `id`       | integer           | yes      | The ID of a project                  |
+| `label_id` | integer or string | yes      | The ID or title of a project's label |
+
+```bash
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/5/labels/1/subscription
+```
+
+Example response:
+
+```json
+{
+    "name": "Docs",
+    "color": "#cc0033",
+    "description": "",
+    "open_issues_count": 0,
+    "closed_issues_count": 0,
+    "open_merge_requests_count": 0,
+    "subscribed": true
+}
+```
+
+## Unsubscribe from a label
+
+Unsubscribes the authenticated user from a label to not receive notifications
+from it. If the operation is successful, status code `200` together with the
+updated label is returned. If the user is not subscribed to the label, the
+status code `304` is returned. If the project or label is not found, status code
+`404` is returned.
+
+```
+DELETE /projects/:id/labels/:label_id/subscription
+```
+
+| Attribute  | Type              | Required | Description                          |
+| ---------- | ----------------- | -------- | ------------------------------------ |
+| `id`       | integer           | yes      | The ID of a project                  |
+| `label_id` | integer or string | yes      | The ID or title of a project's label |
+
+```bash
+curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v3/projects/5/labels/1/subscription
+```
+
+Example response:
+
+```json
+{
+    "name": "Docs",
+    "color": "#cc0033",
+    "description": "",
+    "open_issues_count": 0,
+    "closed_issues_count": 0,
+    "open_merge_requests_count": 0,
+    "subscribed": false
+}
+```
diff --git a/doc/api/merge_requests.md b/doc/api/merge_requests.md
index 2057f9d77aa..8217e30fe25 100644
--- a/doc/api/merge_requests.md
+++ b/doc/api/merge_requests.md
@@ -67,7 +67,8 @@ Parameters:
     },
     "merge_when_build_succeeds": true,
     "merge_status": "can_be_merged",
-    "subscribed" : false
+    "subscribed" : false,
+    "user_notes_count": 1
   }
 ]
 ```
@@ -130,7 +131,8 @@ Parameters:
   },
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
-  "subscribed" : true
+  "subscribed" : true,
+  "user_notes_count": 1
 }
 ```
 
@@ -230,6 +232,7 @@ Parameters:
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
   "subscribed" : true,
+  "user_notes_count": 1,
   "changes": [
     {
     "old_path": "VERSION",
@@ -308,7 +311,8 @@ Parameters:
   },
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
-  "subscribed" : true
+  "subscribed" : true,
+  "user_notes_count": 0
 }
 ```
 
@@ -378,7 +382,8 @@ Parameters:
   },
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
-  "subscribed" : true
+  "subscribed" : true,
+  "user_notes_count": 1
 }
 ```
 
@@ -472,7 +477,8 @@ Parameters:
   },
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
-  "subscribed" : true
+  "subscribed" : true,
+  "user_notes_count": 1
 }
 ```
 
@@ -537,7 +543,8 @@ Parameters:
   },
   "merge_when_build_succeeds": true,
   "merge_status": "can_be_merged",
-  "subscribed" : true
+  "subscribed" : true,
+  "user_notes_count": 1
 }
 ```
 
@@ -602,7 +609,8 @@ Example response:
       "title" : "Consequatur vero maxime deserunt laboriosam est voluptas dolorem.",
       "created_at" : "2016-01-04T15:31:51.081Z",
       "iid" : 6,
-      "labels" : []
+      "labels" : [],
+      "user_notes_count": 1
    },
 ]
 ```
diff --git a/doc/api/projects.md b/doc/api/projects.md
index de1faadebf5..f5f195b97df 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -424,6 +424,7 @@ Parameters:
 - `builds_enabled` (optional)
 - `wiki_enabled` (optional)
 - `snippets_enabled` (optional)
+- `container_registry_enabled` (optional)
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
 - `import_url` (optional)
@@ -447,6 +448,7 @@ Parameters:
 - `builds_enabled` (optional)
 - `wiki_enabled` (optional)
 - `snippets_enabled` (optional)
+- `container_registry_enabled` (optional)
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
 - `import_url` (optional)
@@ -472,6 +474,7 @@ Parameters:
 - `builds_enabled` (optional)
 - `wiki_enabled` (optional)
 - `snippets_enabled` (optional)
+- `container_registry_enabled` (optional)
 - `public` (optional) - if `true` same as setting visibility_level = 20
 - `visibility_level` (optional)
 - `public_builds` (optional)
diff --git a/doc/api/runners.md b/doc/api/runners.md
index cc6c6b7cb2f..ddfa298f79d 100644
--- a/doc/api/runners.md
+++ b/doc/api/runners.md
@@ -275,7 +275,7 @@ POST /projects/:id/runners
 | `runner_id` | integer | yes      | The ID of a runner  |
 
 ```
-curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/project/9/runners" -F "runner_id=9"
+curl -X POST -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/9/runners" -F "runner_id=9"
 ```
 
 Example response:
@@ -306,7 +306,7 @@ DELETE /projects/:id/runners/:runner_id
 | `runner_id` | integer | yes      | The ID of a runner  |
 
 ```
-curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/project/9/runners/9"
+curl -X DELETE -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" "https://gitlab.example.com/api/v3/projects/9/runners/9"
 ```
 
 Example response:
diff --git a/doc/api/services.md b/doc/api/services.md
index 7d45b2cf463..83ac7845156 100644
--- a/doc/api/services.md
+++ b/doc/api/services.md
@@ -491,7 +491,7 @@ Jira issue tracker
 
 Set JIRA service for a project.
 
-> Setting `project_url`, `issues_url` and `new_issue_url` will allow a user to easily navigate to the Jira issue tracker. See the [integration doc](http://doc.gitlab.com/ce/integration/external-issue-tracker.html) for details.  Support for referencing commits and automatic closing of Jira issues directly from GitLab is [available in GitLab EE.](http://doc.gitlab.com/ee/integration/jira.html)
+> Setting `project_url`, `issues_url` and `new_issue_url` will allow a user to easily navigate to the Jira issue tracker. See the [integration doc](http://docs.gitlab.com/ce/integration/external-issue-tracker.html) for details.  Support for referencing commits and automatic closing of Jira issues directly from GitLab is [available in GitLab EE.](http://docs.gitlab.com/ee/integration/jira.html)
 
 ```
 PUT /projects/:id/services/jira
diff --git a/doc/api/users.md b/doc/api/users.md
index 7d2b4897cff..7e848586dbd 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -20,6 +20,7 @@ GET /users
     "name": "John Smith",
     "state": "active",
     "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
+    "web_url": "http://localhost:3000/u/john_smith"
   },
   {
     "id": 2,
@@ -27,6 +28,7 @@ GET /users
     "name": "Jack Smith",
     "state": "blocked",
     "avatar_url": "http://gravatar.com/../e32131cd8.jpeg",
+    "web_url": "http://localhost:3000/u/jack_smith"
   }
 ]
 ```
@@ -45,21 +47,31 @@ GET /users
     "email": "john@example.com",
     "name": "John Smith",
     "state": "active",
+    "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg",
+    "web_url": "http://localhost:3000/u/john_smith",
     "created_at": "2012-05-23T08:00:58Z",
+    "is_admin": false,
     "bio": null,
+    "location": null,
     "skype": "",
     "linkedin": "",
     "twitter": "",
     "website_url": "",
-    "extern_uid": "john.smith",
-    "provider": "provider_name",
+    "last_sign_in_at": "2012-06-01T11:41:01Z",
+    "confirmed_at": "2012-05-23T09:05:22Z",
     "theme_id": 1,
     "color_scheme_id": 2,
-    "is_admin": false,
-    "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
+    "projects_limit": 100,
+    "current_sign_in_at": "2012-06-02T06:36:55Z",
+    "identities": [
+      {"provider": "github", "extern_uid": "2435223452345"},
+      {"provider": "bitbucket", "extern_uid": "john.smith"},
+      {"provider": "google_oauth2", "extern_uid": "8776128412476123468721346"}
+    ],
     "can_create_group": true,
-    "current_sign_in_at": "2014-03-19T13:12:15Z",
-    "two_factor_enabled": true
+    "can_create_project": true,
+    "two_factor_enabled": true,
+    "external": false
   },
   {
     "id": 2,
@@ -67,24 +79,27 @@ GET /users
     "email": "jack@example.com",
     "name": "Jack Smith",
     "state": "blocked",
+    "avatar_url": "http://localhost:3000/uploads/user/avatar/2/index.jpg",
+    "web_url": "http://localhost:3000/u/jack_smith",
     "created_at": "2012-05-23T08:01:01Z",
+    "is_admin": false,
     "bio": null,
     "location": null,
     "skype": "",
     "linkedin": "",
     "twitter": "",
     "website_url": "",
-    "extern_uid": "jack.smith",
-    "provider": "provider_name",
+    "last_sign_in_at": null,
+    "confirmed_at": "2012-05-30T16:53:06.148Z",
     "theme_id": 1,
     "color_scheme_id": 3,
-    "is_admin": false,
-    "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
-    "can_create_group": true,
-    "can_create_project": true,
     "projects_limit": 100,
     "current_sign_in_at": "2014-03-19T17:54:13Z",
-    "two_factor_enabled": false
+    "identities": [],
+    "can_create_group": true,
+    "can_create_project": true,
+    "two_factor_enabled": true,
+    "external": false
   }
 ]
 ```
@@ -124,6 +139,7 @@ Parameters:
   "name": "John Smith",
   "state": "active",
   "avatar_url": "http://localhost:3000/uploads/user/avatar/1/cd8.jpeg",
+  "web_url": "http://localhost:3000/u/john_smith",
   "created_at": "2012-05-23T08:00:58Z",
   "is_admin": false,
   "bio": null,
@@ -152,23 +168,31 @@ Parameters:
   "email": "john@example.com",
   "name": "John Smith",
   "state": "active",
+  "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg",
+  "web_url": "http://localhost:3000/u/john_smith",
   "created_at": "2012-05-23T08:00:58Z",
-  "confirmed_at": "2012-05-23T08:00:58Z",
-  "last_sign_in_at": "2015-03-23T08:00:58Z",
+  "is_admin": false,
   "bio": null,
   "location": null,
   "skype": "",
   "linkedin": "",
   "twitter": "",
   "website_url": "",
-  "extern_uid": "john.smith",
-  "provider": "provider_name",
+  "last_sign_in_at": "2012-06-01T11:41:01Z",
+  "confirmed_at": "2012-05-23T09:05:22Z",
   "theme_id": 1,
   "color_scheme_id": 2,
-  "is_admin": false,
+  "projects_limit": 100,
+  "current_sign_in_at": "2012-06-02T06:36:55Z",
+  "identities": [
+    {"provider": "github", "extern_uid": "2435223452345"},
+    {"provider": "bitbucket", "extern_uid": "john.smith"},
+    {"provider": "google_oauth2", "extern_uid": "8776128412476123468721346"}
+  ],
   "can_create_group": true,
   "can_create_project": true,
-  "projects_limit": 100
+  "two_factor_enabled": true,
+  "external": false
 }
 ```
 
@@ -261,21 +285,33 @@ GET /user
   "username": "john_smith",
   "email": "john@example.com",
   "name": "John Smith",
-  "private_token": "dd34asd13as",
   "state": "active",
+  "avatar_url": "http://localhost:3000/uploads/user/avatar/1/index.jpg",
+  "web_url": "http://localhost:3000/u/john_smith",
   "created_at": "2012-05-23T08:00:58Z",
+  "is_admin": false,
   "bio": null,
   "location": null,
   "skype": "",
   "linkedin": "",
   "twitter": "",
   "website_url": "",
+  "last_sign_in_at": "2012-06-01T11:41:01Z",
+  "confirmed_at": "2012-05-23T09:05:22Z",
   "theme_id": 1,
   "color_scheme_id": 2,
-  "is_admin": false,
+  "projects_limit": 100,
+  "current_sign_in_at": "2012-06-02T06:36:55Z",
+  "identities": [
+    {"provider": "github", "extern_uid": "2435223452345"},
+    {"provider": "bitbucket", "extern_uid": "john_smith"},
+    {"provider": "google_oauth2", "extern_uid": "8776128412476123468721346"}
+  ],
   "can_create_group": true,
   "can_create_project": true,
-  "projects_limit": 100
+  "two_factor_enabled": true,
+  "external": false,
+  "private_token": "dd34asd13as"
 }
 ```
 
diff --git a/doc/ci/docker/using_docker_build.md b/doc/ci/docker/using_docker_build.md
index 4b1788a9af0..ca52a483a59 100644
--- a/doc/ci/docker/using_docker_build.md
+++ b/doc/ci/docker/using_docker_build.md
@@ -8,7 +8,7 @@ This is one of new trends in Continuous Integration/Deployment to:
 
 1. create application image,
 1. run test against created image,
-1. push image to remote registry, 
+1. push image to remote registry,
 1. deploy server from pushed image
 
 It's also useful in case when your application already has the `Dockerfile` that can be used to create and test image:
@@ -41,27 +41,27 @@ GitLab Runner then executes build scripts as `gitlab-runner` user.
       --description "My Runner"
     ```
 
-2. Install Docker on server.
+2. Install Docker Engine on server.
 
-    For more information how to install Docker on different systems checkout the [Supported installations](https://docs.docker.com/installation/).
+    For more information how to install Docker Engine on different systems checkout the [Supported installations](https://docs.docker.com/engine/installation/).
 
 3. Add `gitlab-runner` user to `docker` group:
-    
+
     ```bash
     $ sudo usermod -aG docker gitlab-runner
     ```
 
 4. Verify that `gitlab-runner` has access to Docker:
-  
+
     ```bash
     $ sudo -u gitlab-runner -H docker info
     ```
-    
+
     You can now verify that everything works by adding `docker info` to `.gitlab-ci.yml`:
     ```yaml
     before_script:
       - docker info
-    
+
     build_image:
       script:
         - docker build -t my-docker-image .
@@ -75,37 +75,80 @@ For more information please checkout [On Docker security: `docker` group conside
 
 ## 2. Use docker-in-docker executor
 
-Second approach is to use special Docker image with all tools installed (`docker` and `docker-compose`) and run build script in context of that image in privileged mode.
+The second approach is to use the special Docker image with all tools installed
+(`docker` and `docker-compose`) and run the build script in context of that
+image in privileged mode.
+
 In order to do that follow the steps:
 
 1. Install [GitLab Runner](https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/#installation).
 
-1. Register GitLab Runner from command line to use `docker` and `privileged` mode:
+1. Register GitLab Runner from the command line to use `docker` and `privileged`
+   mode:
 
     ```bash
-    $ sudo gitlab-runner register -n \
+    sudo gitlab-runner register -n \
       --url https://gitlab.com/ci \
       --token RUNNER_TOKEN \
       --executor docker \
       --description "My Docker Runner" \
-      --docker-image "gitlab/dind:latest" \
+      --docker-image "docker:latest" \
       --docker-privileged
     ```
-  
-    The above command will register new Runner to use special [gitlab/dind](https://registry.hub.docker.com/u/gitlab/dind/) image which is provided by GitLab Inc.
-    The image at the start runs Docker daemon in [docker-in-docker](https://blog.docker.com/2013/09/docker-can-now-run-within-docker/) mode.
 
-1. You can now use `docker` from build script:
-    
-    ```yaml
-    before_script:
-      - docker info
-    
-    build_image:
-      script:
-        - docker build -t my-docker-image .
-        - docker run my-docker-image /script/to/run/tests
+    The above command will register a new Runner to use the special
+    `docker:latest` image which is provided by Docker. **Notice that it's using
+    the `privileged` mode to start the build and service containers.** If you
+    want to use [docker-in-docker] mode, you always have to use `privileged = true`
+    in your Docker containers.
+
+    The above command will create a `config.toml` entry similar to this:
+
+    ```
+    [[runners]]
+      url = "https://gitlab.com/ci"
+      token = TOKEN
+      executor = "docker"
+      [runners.docker]
+        tls_verify = false
+        image = "docker:latest"
+        privileged = true
+        disable_cache = false
+        volumes = ["/cache"]
+      [runners.cache]
+        Insecure = false
     ```
 
-1. However, by enabling `--docker-privileged` you are effectively disables all security mechanisms of containers and exposing your host to privilege escalation which can lead to container breakout.
-For more information, check out [Runtime privilege](https://docs.docker.com/reference/run/#runtime-privilege-linux-capabilities-and-lxc-configuration).
\ No newline at end of file
+    If you want to use the Shared Runners available on your GitLab CE/EE
+    installation in order to build Docker images, then make sure that your
+    Shared Runners configuration has the `privileged` mode set to `true`.
+
+1. You can now use `docker` from build script:
+
+    ```yaml
+    image: docker:latest
+
+    services:
+    - docker:dind
+
+    before_script:
+    - docker info
+
+    build:
+      stage: build
+      script:
+      - docker build -t my-docker-image .
+      - docker run my-docker-image /script/to/run/tests
+    ```
+
+1. However, by enabling `--docker-privileged` you are effectively disabling all
+   the security mechanisms of containers and exposing your host to privilege
+   escalation which can lead to container breakout.
+
+   For more information, check out the official Docker documentation on
+   [Runtime privilege and Linux capabilities][docker-cap].
+
+An example project using this approach can be found here: https://gitlab.com/gitlab-examples/docker.
+
+[docker-in-docker]: https://blog.docker.com/2013/09/docker-can-now-run-within-docker/
+[docker-cap]: https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
diff --git a/doc/ci/docker/using_docker_images.md b/doc/ci/docker/using_docker_images.md
index bd748f1b986..56ac2195c49 100644
--- a/doc/ci/docker/using_docker_images.md
+++ b/doc/ci/docker/using_docker_images.md
@@ -64,7 +64,7 @@ You can see some widely used services examples in the relevant documentation of
 ### How is service linked to the build
 
 To better understand how the container linking works, read
-[Linking containers together](https://docs.docker.com/userguide/dockerlinks/).
+[Linking containers together][linking-containers].
 
 To summarize, if you add `mysql` as service to your application, the image will
 then be used to create a container that is linked to the build container.
@@ -239,8 +239,8 @@ is specific to your project.
 Then create some service containers:
 
 ```
-docker run -d -n service-mysql mysql:latest
-docker run -d -n service-postgres postgres:latest
+docker run -d --name service-mysql mysql:latest
+docker run -d --name service-postgres postgres:latest
 ```
 
 This will create two service containers, named `service-mysql` and
@@ -273,7 +273,7 @@ creation.
 [Docker Fundamentals]: https://docs.docker.com/engine/understanding-docker/
 [hub]: https://hub.docker.com/
 [linking-containers]: https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/
-[tutum/wordpress]: https://registry.hub.docker.com/u/tutum/wordpress/
-[postgres-hub]: https://registry.hub.docker.com/u/library/postgres/
-[mysql-hub]: https://registry.hub.docker.com/u/library/mysql/
+[tutum/wordpress]: https://hub.docker.com/r/tutum/wordpress/
+[postgres-hub]: https://hub.docker.com/r/_/postgres/
+[mysql-hub]: https://hub.docker.com/r/_/mysql/
 [runner-priv-reg]: https://gitlab.com/gitlab-org/gitlab-ci-multi-runner/blob/master/docs/configuration/advanced-configuration.md#using-a-private-docker-registry
diff --git a/doc/ci/examples/README.md b/doc/ci/examples/README.md
index cc059dc4376..61294be599d 100644
--- a/doc/ci/examples/README.md
+++ b/doc/ci/examples/README.md
@@ -4,12 +4,12 @@
 - [Test and deploy a Ruby application to Heroku](test-and-deploy-ruby-application-to-heroku.md)
 - [Test and deploy a Python application to Heroku](test-and-deploy-python-application-to-heroku.md)
 - [Test a Clojure application](test-clojure-application.md)
-- [Using `dpl` as deployment tool](deployment/README.md)
+- [Using `dpl` as deployment tool](../deployment/README.md)
 - Help your favorite programming language and GitLab by sending a merge request
   with a guide for that language.
 
 ## Outside the documentation
 
-- [Blost post about using GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/)
+- [Blog post about using GitLab CI for iOS projects](https://about.gitlab.com/2016/03/10/setting-up-gitlab-ci-for-ios-projects/)
 - [Repo's with examples for various languages](https://gitlab.com/groups/gitlab-examples)
 - [The .gitlab-ci.yml file for GitLab itself](https://gitlab.com/gitlab-org/gitlab-ce/blob/master/.gitlab-ci.yml)
diff --git a/doc/ci/examples/php.md b/doc/ci/examples/php.md
index aeadd6a448e..26953014502 100644
--- a/doc/ci/examples/php.md
+++ b/doc/ci/examples/php.md
@@ -40,7 +40,7 @@ repository with the following content:
 #!/bin/bash
 
 # We need to install dependencies only for Docker
-[[ ! -e /.dockerinit ]] && exit 0
+[[ ! -e /.dockerenv ]] && [[ ! -e /.dockerinit ]] && exit 0
 
 set -xe
 
@@ -60,7 +60,7 @@ docker-php-ext-install pdo_mysql
 You might wonder what `docker-php-ext-install` is. In short, it is a script
 provided by the official php docker image that you can use to easilly install
 extensions. For more information read the the documentation at
-<https://hub.docker.com/_/php/>.
+<https://hub.docker.com/r/_/php/>.
 
 Now that we created the script that contains all prerequisites for our build
 environment, let's add it in `.gitlab-ci.yml`:
@@ -92,7 +92,7 @@ Finally, commit your files and push them to GitLab to see your build succeeding
 The final `.gitlab-ci.yml` should look similar to this:
 
 ```yaml
-# Select image from https://hub.docker.com/_/php/
+# Select image from https://hub.docker.com/r/_/php/
 image: php:5.6
 
 before_script:
@@ -278,7 +278,7 @@ that runs on [GitLab.com](https://gitlab.com) using our publicly available
 Want to hack on it? Simply fork it, commit and push  your changes. Within a few
 moments the changes will be picked by a public runner and the build will begin.
 
-[php-hub]: https://hub.docker.com/_/php/
+[php-hub]: https://hub.docker.com/r/_/php/
 [phpenv]: https://github.com/phpenv/phpenv
 [phpenv-installation]: https://github.com/phpenv/phpenv#installation
 [php-example-repo]: https://gitlab.com/gitlab-examples/php
diff --git a/doc/ci/examples/test-and-deploy-python-application-to-heroku.md b/doc/ci/examples/test-and-deploy-python-application-to-heroku.md
index a236da53fe9..e4d3970deac 100644
--- a/doc/ci/examples/test-and-deploy-python-application-to-heroku.md
+++ b/doc/ci/examples/test-and-deploy-python-application-to-heroku.md
@@ -8,7 +8,7 @@ This is what the `.gitlab-ci.yml` file looks like for this project:
 ```yaml
 test:
   script:
-  # this configures django application to use attached postgres database that is run on `postgres` host
+  # this configures Django application to use attached postgres database that is run on `postgres` host
   - export DATABASE_URL=postgres://postgres:@postgres:5432/python-test-app
   - apt-get update -qy
   - apt-get install -y python-dev python-pip
@@ -37,7 +37,7 @@ production:
 ```
 
 This project has three jobs:
-1. `test` - used to test rails application,
+1. `test` - used to test Django application,
 2. `staging` - used to automatically deploy staging environment every push to `master` branch
 3. `production` - used to automatically deploy production environmnet for every created tag
 
@@ -61,12 +61,12 @@ gitlab-ci-multi-runner register \
   --non-interactive \
   --url "https://gitlab.com/ci/" \
   --registration-token "PROJECT_REGISTRATION_TOKEN" \
-  --description "python-3.2" \
+  --description "python-3.5" \
   --executor "docker" \
-  --docker-image python:3.2 \
+  --docker-image python:3.5 \
   --docker-postgres latest
 ```
 
-With the command above, you create a runner that uses [python:3.2](https://registry.hub.docker.com/u/library/python/) image and uses [postgres](https://registry.hub.docker.com/u/library/postgres/) database.
+With the command above, you create a runner that uses [python:3.5](https://hub.docker.com/r/_/python/) image and uses [postgres](https://hub.docker.com/r/_/postgres/) database.
 
 To access PostgreSQL database you need to connect to `host: postgres` as user `postgres` without password.
diff --git a/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md b/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
index f5645d586ae..08c10d391ea 100644
--- a/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
+++ b/doc/ci/examples/test-and-deploy-ruby-application-to-heroku.md
@@ -1,5 +1,5 @@
 ## Test and Deploy a ruby application
-This example will guide you how to run tests in your Ruby application and deploy it automatically as Heroku application.
+This example will guide you how to run tests in your Ruby on Rails application and deploy it automatically as Heroku application.
 
 You can checkout the example [source](https://gitlab.com/ayufan/ruby-getting-started) and check [CI status](https://gitlab.com/ayufan/ruby-getting-started/builds?scope=all).
 
@@ -32,7 +32,7 @@ production:
 ```
 
 This project has three jobs:
-1. `test` - used to test rails application,
+1. `test` - used to test Rails application,
 2. `staging` - used to automatically deploy staging environment every push to `master` branch
 3. `production` - used to automatically deploy production environmnet for every created tag
 
@@ -62,6 +62,6 @@ gitlab-ci-multi-runner register \
   --docker-postgres latest
 ```
 
-With the command above, you create a runner that uses [ruby:2.2](https://registry.hub.docker.com/u/library/ruby/) image and uses [postgres](https://registry.hub.docker.com/u/library/postgres/) database.
+With the command above, you create a runner that uses [ruby:2.2](https://hub.docker.com/r/_/ruby/) image and uses [postgres](https://hub.docker.com/r/_/postgres/) database.
 
 To access PostgreSQL database you need to connect to `host: postgres` as user `postgres` without password.
diff --git a/doc/ci/quick_start/README.md b/doc/ci/quick_start/README.md
index 6a42a935abd..386b8e29fcf 100644
--- a/doc/ci/quick_start/README.md
+++ b/doc/ci/quick_start/README.md
@@ -212,8 +212,8 @@ If you want to receive e-mail notifications about the result status of the
 builds, you should explicitly enable the **Builds Emails** service under your
 project's settings.
 
-For more information read the [Builds emails service documentation]
-(../../project_services/builds_emails.md).
+For more information read the
+[Builds emails service documentation](../../project_services/builds_emails.md).
 
 ## Builds badge
 
diff --git a/doc/ci/services/mysql.md b/doc/ci/services/mysql.md
index c66d77122b2..aaf3aa77837 100644
--- a/doc/ci/services/mysql.md
+++ b/doc/ci/services/mysql.md
@@ -16,7 +16,7 @@ services:
   - mysql:latest
 
 variables:
-  # Configure mysql environment variables (https://hub.docker.com/_/mysql/)
+  # Configure mysql environment variables (https://hub.docker.com/r/_/mysql/)
   MYSQL_DATABASE: el_duderino
   MYSQL_ROOT_PASSWORD: mysql_strong_password
 ```
@@ -114,5 +114,5 @@ available [shared runners](../runners/README.md).
 Want to hack on it? Simply fork it, commit and push  your changes. Within a few
 moments the changes will be picked by a public runner and the build will begin.
 
-[hub-mysql]: https://hub.docker.com/_/mysql/
+[hub-mysql]: https://hub.docker.com/r/_/mysql/
 [mysql-example-repo]: https://gitlab.com/gitlab-examples/mysql
diff --git a/doc/ci/services/postgres.md b/doc/ci/services/postgres.md
index 17d21dbda1c..f787cc0a124 100644
--- a/doc/ci/services/postgres.md
+++ b/doc/ci/services/postgres.md
@@ -110,5 +110,5 @@ available [shared runners](../runners/README.md).
 Want to hack on it? Simply fork it, commit and push  your changes. Within a few
 moments the changes will be picked by a public runner and the build will begin.
 
-[hub-pg]: https://hub.docker.com/_/postgres/
+[hub-pg]: https://hub.docker.com/r/_/postgres/
 [postgres-example-repo]: https://gitlab.com/gitlab-examples/postgres
diff --git a/doc/ci/services/redis.md b/doc/ci/services/redis.md
index b281e8f9f60..80705024d2f 100644
--- a/doc/ci/services/redis.md
+++ b/doc/ci/services/redis.md
@@ -65,5 +65,5 @@ that runs on [GitLab.com](https://gitlab.com) using our publicly available
 Want to hack on it? Simply fork it, commit and push  your changes. Within a few
 moments the changes will be picked by a public runner and the build will begin.
 
-[hub-redis]: https://hub.docker.com/_/redis/
+[hub-redis]: https://hub.docker.com/r/_/redis/
 [redis-example-repo]: https://gitlab.com/gitlab-examples/redis
diff --git a/doc/ci/ssh_keys/README.md b/doc/ci/ssh_keys/README.md
index 7f825e6a065..7c0fb225dac 100644
--- a/doc/ci/ssh_keys/README.md
+++ b/doc/ci/ssh_keys/README.md
@@ -57,7 +57,7 @@ before_script:
   # WARNING: Use this only with the Docker executor, if you use it with shell
   # you will overwrite your user's SSH config.
   - mkdir -p ~/.ssh
-  - '[[ -f /.dockerinit ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
+  - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
 ```
 
 As a final step, add the _public_ key from the one you created earlier to the
diff --git a/doc/ci/triggers/README.md b/doc/ci/triggers/README.md
index 9f7c1bfe6a0..79ed512aabb 100644
--- a/doc/ci/triggers/README.md
+++ b/doc/ci/triggers/README.md
@@ -85,6 +85,12 @@ curl -X POST \
 
 In this case, the project with ID `9` will get rebuilt on `master` branch.
 
+Alternatively, you can pass the `token` and `ref` arguments in the query string:
+
+```bash
+curl -X POST \
+    "https://gitlab.example.com/api/v3/projects/9/trigger/builds?token=TOKEN&ref=master"
+```
 
 ### Triggering a build within `.gitlab-ci.yml`
 
diff --git a/doc/customization/libravatar.md b/doc/customization/libravatar.md
index bd2c242afc2..c46ce2ee203 100644
--- a/doc/customization/libravatar.md
+++ b/doc/customization/libravatar.md
@@ -67,3 +67,16 @@ Run `sudo gitlab-ctl reconfigure` for changes to take effect.
 
 In order to use a different set other than `identicon`, replace `&d=identicon` portion of the URL with another supported set.
 For example, you can use `retro` set in which case the URL would look like: `plain_url: "http://cdn.libravatar.org/avatar/%{hash}?s=%{size}&d=retro"`
+
+
+## Usage examples
+
+#### For Microsoft Office 365
+
+If your users are Office 365-users, the "GetPersonaPhoto" service can be used. Note that this service requires login, so this use case is
+most useful in a corporate installation, where all users have access to Office 365.
+
+```ruby
+gitlab_rails['gravatar_plain_url'] = 'http://outlook.office365.com/owa/service.svc/s/GetPersonaPhoto?email=%{email}&size=HR120x120'
+gitlab_rails['gravatar_ssl_url'] = 'https://outlook.office365.com/owa/service.svc/s/GetPersonaPhoto?email=%{email}&size=HR120x120'
+```
diff --git a/doc/development/README.md b/doc/development/README.md
index 3f3ef068f96..aa7d54c01d0 100644
--- a/doc/development/README.md
+++ b/doc/development/README.md
@@ -8,6 +8,7 @@
 - [How to dump production data to staging](db_dump.md)
 - [Instrumentation](instrumentation.md)
 - [Migration Style Guide](migration_style_guide.md) for creating safe migrations
+- [Performance guidelines](performance.md)
 - [Rake tasks](rake_tasks.md) for development
 - [Shell commands](shell_commands.md) in the GitLab codebase
 - [Sidekiq debugging](sidekiq_debugging.md)
diff --git a/doc/development/doc_styleguide.md b/doc/development/doc_styleguide.md
index 187ec9e7b75..8292b393757 100644
--- a/doc/development/doc_styleguide.md
+++ b/doc/development/doc_styleguide.md
@@ -127,7 +127,7 @@ Inside the document:
     ```
   If the document you are editing resides in a place other than the GitLab CE/EE
   `doc/` directory, instead of the relative link, use the full path:
-  `http://doc.gitlab.com/ce/administration/restart_gitlab.html`.
+  `http://docs.gitlab.com/ce/administration/restart_gitlab.html`.
   Replace `reconfigure` with `restart` where appropriate.
 
 ## Installation guide
@@ -266,5 +266,5 @@ curl -X PUT -H "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" -d "restricted_signup_domai
 
 [cURL]: http://curl.haxx.se/ "cURL website"
 [single spaces]: http://www.slate.com/articles/technology/technology/2011/01/space_invaders.html
-[gfm]: http://doc.gitlab.com/ce/markdown/markdown.html#newlines "GitLab flavored markdown documentation"
+[gfm]: http://docs.gitlab.com/ce/markdown/markdown.html#newlines "GitLab flavored markdown documentation"
 [doc-restart]: ../administration/restart_gitlab.md "GitLab restart documentation"
diff --git a/doc/development/instrumentation.md b/doc/development/instrumentation.md
index c1cf2e77c26..9168c70945a 100644
--- a/doc/development/instrumentation.md
+++ b/doc/development/instrumentation.md
@@ -1,12 +1,125 @@
 # Instrumenting Ruby Code
 
-GitLab Performance Monitoring allows instrumenting of custom blocks of Ruby
-code. This can be used to measure the time spent in a specific part of a larger
-chunk of code. The resulting data is stored as a field in the transaction that
-executed the block.
+GitLab Performance Monitoring allows instrumenting of both methods and custom
+blocks of Ruby code. Method instrumentation is the primary form of
+instrumentation with block-based instrumentation only being used when we want to
+drill down to specific regions of code within a method.
 
-To start measuring a block of Ruby code you should use `Gitlab::Metrics.measure`
-and give it a name:
+## Instrumenting Methods
+
+Instrumenting methods is done by using the `Gitlab::Metrics::Instrumentation`
+module. This module offers a few different methods that can be used to
+instrument code:
+
+* `instrument_method`: instruments a single class method.
+* `instrument_instance_method`: instruments a single instance method.
+* `instrument_class_hierarchy`: given a Class this method will recursively
+  instrument all sub-classes (both class and instance methods).
+* `instrument_methods`: instruments all public class methods of a Module.
+* `instrument_instance_methods`: instruments all public instance methods of a
+  Module.
+
+To remove the need for typing the full `Gitlab::Metrics::Instrumentation`
+namespace you can use the `configure` class method. This method simply yields
+the supplied block while passing `Gitlab::Metrics::Instrumentation` as its
+argument. An example:
+
+```
+Gitlab::Metrics::Instrumentation.configure do |conf|
+  conf.instrument_method(Foo, :bar)
+  conf.instrument_method(Foo, :baz)
+end
+```
+
+Using this method is in general preferred over directly calling the various
+instrumentation methods.
+
+Method instrumentation should be added in the initializer
+`config/initializers/metrics.rb`.
+
+### Examples
+
+Instrumenting a single method:
+
+```
+Gitlab::Metrics::Instrumentation.configure do |conf|
+  conf.instrument_method(User, :find_by)
+end
+```
+
+Instrumenting an entire class hierarchy:
+
+```
+Gitlab::Metrics::Instrumentation.configure do |conf|
+  conf.instrument_class_hierarchy(ActiveRecord::Base)
+end
+```
+
+Instrumenting all public class methods:
+
+```
+Gitlab::Metrics::Instrumentation.configure do |conf|
+  conf.instrument_methods(User)
+end
+```
+
+### Checking Instrumented Methods
+
+The easiest way to check if a method has been instrumented is to check its
+source location. For example:
+
+```
+method = Rugged::TagCollection.instance_method(:[])
+
+method.source_location
+```
+
+If the source location points to `lib/gitlab/metrics/instrumentation.rb` you
+know the method has been instrumented.
+
+If you're using Pry you can use the `$` command to display the source code of a
+method (along with its source location), this is easier than running the above
+Ruby code. In case of the above snippet you'd run the following:
+
+```
+$ Rugged::TagCollection#[]
+```
+
+This will print out something along the lines of:
+
+```
+From: /path/to/your/gitlab/lib/gitlab/metrics/instrumentation.rb @ line 148:
+Owner: #<Module:0x0055f0865c6d50>
+Visibility: public
+Number of lines: 21
+
+def #{name}(#{args_signature})
+  trans = Gitlab::Metrics::Instrumentation.transaction
+
+  if trans
+    start    = Time.now
+    retval   = super
+    duration = (Time.now - start) * 1000.0
+
+    if duration >= Gitlab::Metrics.method_call_threshold
+      trans.increment(:method_duration, duration)
+
+      trans.add_metric(Gitlab::Metrics::Instrumentation::SERIES,
+                       { duration: duration },
+                       method: #{label.inspect})
+    end
+
+    retval
+  else
+    super
+  end
+end
+```
+
+## Instrumenting Ruby Blocks
+
+Measuring blocks of Ruby code is done by calling `Gitlab::Metrics.measure` and
+passing it a block. For example:
 
 ```ruby
 Gitlab::Metrics.measure(:foo) do
@@ -14,6 +127,10 @@ Gitlab::Metrics.measure(:foo) do
 end
 ```
 
+The block is executed and the execution time is stored as a set of fields in the
+currently running transaction. If no transaction is present the block is yielded
+without measuring anything.
+
 3 values are measured for a block:
 
 1. The real time elapsed, stored in NAME_real_time.
diff --git a/doc/development/performance.md b/doc/development/performance.md
new file mode 100644
index 00000000000..fb37b3a889c
--- /dev/null
+++ b/doc/development/performance.md
@@ -0,0 +1,258 @@
+# Performance Guidelines
+
+This document describes various guidelines to follow to ensure good and
+consistent performance of GitLab.
+
+## Workflow
+
+The process of solving performance problems is roughly as follows:
+
+1. Make sure there's an issue open somewhere (e.g., on the GitLab CE issue
+   tracker), create one if there isn't. See [#15607][#15607] for an example.
+2. Measure the performance of the code in a production environment such as
+   GitLab.com (see the [Tooling](#tooling) section below). Performance should be
+   measured over a period of _at least_ 24 hours.
+3. Add your findings based on the measurement period (screenshots of graphs,
+   timings, etc) to the issue mentioned in step 1.
+4. Solve the problem.
+5. Create a merge request, assign the "performance" label and ping the right
+   people (e.g. [@yorickpeterse][yorickpeterse] and [@joshfng][joshfng]).
+6. Once a change has been deployed make sure to _again_ measure for at least 24
+   hours to see if your changes have any impact on the production environment.
+7. Repeat until you're done.
+
+When providing timings make sure to provide:
+
+* The 95th percentile
+* The 99th percentile
+* The mean
+
+When providing screenshots of graphs, make sure that both the X and Y axes and
+the legend are clearly visible. If you happen to have access to GitLab.com's own
+monitoring tools you should also provide a link to any relevant
+graphs/dashboards.
+
+## Tooling
+
+GitLab provides two built-in tools to aid the process of improving performance:
+
+* [Sherlock](doc/development/profiling.md#sherlock)
+* [GitLab Performance Monitoring](doc/monitoring/performance/monitoring.md)
+
+GitLab employees can use GitLab.com's performance monitoring systems located at
+<http://performance.gitlab.net>, this requires you to log in using your
+`@gitlab.com` Email address. Non-GitLab employees are advised to set up their
+own InfluxDB + Grafana stack.
+
+## Benchmarks
+
+Benchmarks are almost always useless. Benchmarks usually only test small bits of
+code in isolation and often only measure the best case scenario. On top of that,
+benchmarks for libraries (e.g., a Gem) tend to be biased in favour of the
+library. After all there's little benefit to an author publishing a benchmark
+that shows they perform worse than their competitors.
+
+Benchmarks are only really useful when you need a rough (emphasis on "rough")
+understanding of the impact of your changes. For example, if a certain method is
+slow a benchmark can be used to see if the changes you're making have any impact
+on the method's performance. However, even when a benchmark shows your changes
+improve performance there's no guarantee the performance also improves in a
+production environment.
+
+When writing benchmarks you should almost always use
+[benchmark-ips](https://github.com/evanphx/benchmark-ips). Ruby's `Benchmark`
+module that comes with the standard library is rarely useful as it runs either a
+single iteration (when using `Benchmark.bm`) or two iterations (when using
+`Benchmark.bmbm`). Running this few iterations means external factors (e.g. a
+video streaming in the background) can very easily skew the benchmark
+statistics.
+
+Another problem with the `Benchmark` module is that it displays timings, not
+iterations. This means that if a piece of code completes in a very short period
+of time it can be very difficult to compare the timings before and after a
+certain change. This in turn leads to patterns such as the following:
+
+```ruby
+Benchmark.bmbm(10) do |bench|
+  bench.report 'do something' do
+    100.times do
+      ... work here ...
+    end
+  end
+end
+```
+
+This however leads to the question: how many iterations should we run to get
+meaningful statistics?
+
+The benchmark-ips Gem basically takes care of all this and much more, and as a
+result of this should be used instead of the `Benchmark` module.
+
+In short:
+
+1. Don't trust benchmarks you find on the internet.
+2. Never make claims based on just benchmarks, always measure in production to
+   confirm your findings.
+3. X being N times faster than Y is meaningless if you don't know what impact it
+   will actually have on your production environment.
+4. A production environment is the _only_ benchmark that always tells the truth
+   (unless your performance monitoring systems are not set up correctly).
+5. If you must write a benchmark use the benchmark-ips Gem instead of Ruby's
+   `Benchmark` module.
+
+## Importance of Changes
+
+When working on performance improvements, it's important to always ask yourself
+the question "How important is it to improve the performance of this piece of
+code?". Not every piece of code is equally important and it would be a waste to
+spend a week trying to improve something that only impacts a tiny fraction of
+our users. For example, spending a week trying to squeeze 10 milliseconds out of
+a method is a waste of time when you could have spent a week squeezing out 10
+seconds elsewhere.
+
+There is no clear set of steps that you can follow to determine if a certain
+piece of code is worth optimizing. The only two things you can do are:
+
+1. Think about what the code does, how it's used, how many times it's called and
+   how much time is spent in it relative to the total execution time (e.g., the
+   total time spent in a web request).
+2. Ask others (preferably in the form of an issue).
+
+Some examples of changes that aren't really important/worth the effort:
+
+* Replacing double quotes with single quotes.
+* Replacing usage of Array with Set when the list of values is very small.
+* Replacing library A with library B when both only take up 0.1% of the total
+  execution time.
+* Calling `freeze` on every string (see [String Freezing](#string-freezing)).
+
+## Slow Operations & Sidekiq
+
+Slow operations (e.g. merging branches) or operations that are prone to errors
+(using external APIs) should be performed in a Sidekiq worker instead of
+directly in a web request as much as possible. This has numerous benefits such
+as:
+
+1. An error won't prevent the request from completing.
+2. The process being slow won't affect the loading time of a page.
+3. In case of a failure it's easy to re-try the process (Sidekiq takes care of
+   this automatically).
+4. By isolating the code from a web request it will hopefully be easier to test
+   and maintain.
+
+It's especially important to use Sidekiq as much as possible when dealing with
+Git operations as these operations can take quite some time to complete
+depending on the performance of the underlying storage system.
+
+## Git Operations
+
+Care should be taken to not run unnecessary Git operations. For example,
+retrieving the list of branch names using `Repository#branch_names` can be done
+without an explicit check if a repository exists or not. In other words, instead
+of this:
+
+```ruby
+if repository.exists?
+  repository.branch_names.each do |name|
+    ...
+  end
+end
+```
+
+You can just write:
+
+```ruby
+repository.branch_names.each do |name|
+  ...
+end
+```
+
+## Caching
+
+Operations that will often return the same result should be cached using Redis,
+in particular Git operations. When caching data in Redis, make sure the cache is
+flushed whenever needed. For example, a cache for the list of tags should be
+flushed whenever a new tag is pushed or a tag is removed.
+
+When adding cache expiration code for repositories, this code should be placed
+in one of the before/after hooks residing in the Repository class. For example,
+if a cache should be flushed after importing a repository this code should be
+added to `Repository#after_import`. This ensures the cache logic stays within
+the Repository class instead of leaking into other classes.
+
+When caching data, make sure to also memoize the result in an instance variable.
+While retrieving data from Redis is much faster than raw Git operations, it still
+has overhead. By caching the result in an instance variable, repeated calls to
+the same method won't end up retrieving data from Redis upon every call. When
+memoizing cached data in an instance variable, make sure to also reset the
+instance variable when flushing the cache. An example:
+
+
+```ruby
+def first_branch
+  @first_branch ||= cache.fetch(:first_branch) { branches.first }
+end
+
+def expire_first_branch_cache
+  cache.expire(:first_branch)
+  @first_branch = nil
+end
+```
+
+## Anti-Patterns
+
+This is a collection of [anti-patterns][anti-pattern] that should be avoided
+unless these changes have a measurable, significant and positive impact on
+production environments.
+
+### String Freezing
+
+In recent Ruby versions calling `freeze` on a String leads to it being allocated
+only once and re-used. For example, on Ruby 2.3 this will only allocate the
+"foo" String once:
+
+```ruby
+10.times do
+  'foo'.freeze
+end
+```
+
+Blindly adding a `.freeze` call to every String is an anti-pattern that should
+be avoided unless one can prove (using production data) the call actually has a
+positive impact on performance.
+
+This feature of Ruby wasn't really meant to make things faster directly, instead
+it was meant to reduce the number of allocations. Depending on the size of the
+String and how frequently it would be allocated (before the `.freeze` call was
+added), this _may_ make things faster, but there's no guarantee it will.
+
+Another common flavour of this is to not only freeze a String, but also assign
+it to a constant, for example:
+
+```ruby
+SOME_CONSTANT = 'foo'.freeze
+
+9000.times do
+  SOME_CONSTANT
+end
+```
+
+The only reason you should be doing this is to prevent somebody from mutating
+the global String. However, since you can just re-assign constants in Ruby
+there's nothing stopping somebody from doing this elsewhere in the code:
+
+```ruby
+SOME_CONSTANT = 'bar'
+```
+
+### Moving Allocations to Constants
+
+Storing an object as a constant so you only allocate it once _may_ improve
+performance, but there's no guarantee this will. Looking up constants has an
+impact on runtime performance, and as such, using a constant instead of
+referencing an object directly may even slow code down.
+
+[#15607]: https://gitlab.com/gitlab-org/gitlab-ce/issues/15607
+[yorickpeterse]: https://gitlab.com/u/yorickpeterse
+[joshfng]: https://gitlab.com/u/joshfng
+[anti-pattern]: https://en.wikipedia.org/wiki/Anti-pattern
diff --git a/doc/development/testing.md b/doc/development/testing.md
index 672e3fb4649..33eed29ba5c 100644
--- a/doc/development/testing.md
+++ b/doc/development/testing.md
@@ -64,6 +64,7 @@ the command line via `bundle exec teaspoon`, or via a web browser at
   methods.
 - Use `context` to test branching logic.
 - Don't `describe` symbols (see [Gotchas](gotchas.md#dont-describe-symbols)).
+- Don't supply the `:each` argument to hooks since it's the default.
 - Prefer `not_to` to `to_not`.
 - Try to match the ordering of tests to the ordering within the class.
 - Try to follow the [Four-Phase Test][four-phase-test] pattern, using newlines
diff --git a/doc/gitlab-basics/create-issue.md b/doc/gitlab-basics/create-issue.md
index 87f078def04..5221d85b661 100644
--- a/doc/gitlab-basics/create-issue.md
+++ b/doc/gitlab-basics/create-issue.md
@@ -24,4 +24,4 @@ You may assign the Issue to a user, add a milestone and add labels (they are all
 
 ![Submit new issue](basicsimages/submit_new_issue.png)
 
-Your Issue will now be added to the Issue Tracker and will be ready to be reviewed. You can comment on it and mention the people involved. You can also link Issues to the Merge Requests where the Issues are solved. To do this, you can use an [Issue closing pattern](http://doc.gitlab.com/ce/customization/issue_closing.html).
+Your Issue will now be added to the Issue Tracker and will be ready to be reviewed. You can comment on it and mention the people involved. You can also link Issues to the Merge Requests where the Issues are solved. To do this, you can use an [Issue closing pattern](http://docs.gitlab.com/ce/customization/issue_closing.html).
diff --git a/doc/gitlab-basics/create-project.md b/doc/gitlab-basics/create-project.md
index b545d62549d..f737dffc024 100644
--- a/doc/gitlab-basics/create-project.md
+++ b/doc/gitlab-basics/create-project.md
@@ -14,7 +14,7 @@ Fill out the required information:
 
 1. Select a [visibility level](https://gitlab.com/help/public_access/public_access)
 
-1. You can also [import your existing projects](http://doc.gitlab.com/ce/workflow/importing/README.html)
+1. You can also [import your existing projects](http://docs.gitlab.com/ce/workflow/importing/README.html)
 
 1. Click on "create project"
 
diff --git a/doc/hooks/custom_hooks.md b/doc/hooks/custom_hooks.md
index dcdf49d3379..820934f97f1 100644
--- a/doc/hooks/custom_hooks.md
+++ b/doc/hooks/custom_hooks.md
@@ -2,7 +2,7 @@
 
 **Note: Custom git hooks must be configured on the filesystem of the GitLab
 server. Only GitLab server administrators will be able to complete these tasks.
-Please explore [webhooks](../web_hooks/web_hooks.md) as an option if you do not have filesystem access. For a user configurable Git Hooks interface, please see [GitLab Enterprise Edition Git Hooks](http://doc.gitlab.com/ee/git_hooks/git_hooks.html).**
+Please explore [webhooks](../web_hooks/web_hooks.md) as an option if you do not have filesystem access. For a user configurable Git Hooks interface, please see [GitLab Enterprise Edition Git Hooks](http://docs.gitlab.com/ee/git_hooks/git_hooks.html).**
 
 Git natively supports hooks that are executed on different actions.
 Examples of server-side git hooks include pre-receive, post-receive, and update.
diff --git a/doc/install/installation.md b/doc/install/installation.md
index e721e70a596..fa11eb9ba6a 100644
--- a/doc/install/installation.md
+++ b/doc/install/installation.md
@@ -6,7 +6,7 @@ Since an installation from source is a lot of work and error prone we strongly r
 
 One reason the Omnibus package is more reliable is its use of Runit to restart any of the GitLab processes in case one crashes.
 On heavily used GitLab instances the memory usage of the Sidekiq background worker will grow over time.
-Omnibus packages solve this by [letting the Sidekiq terminate gracefully](http://doc.gitlab.com/ce/operations/sidekiq_memory_killer.html) if it uses too much memory.
+Omnibus packages solve this by [letting the Sidekiq terminate gracefully](http://docs.gitlab.com/ce/operations/sidekiq_memory_killer.html) if it uses too much memory.
 After this termination Runit will detect Sidekiq is not running and will start it.
 Since installations from source don't have Runit, Sidekiq can't be terminated and its memory usage will grow over time.
 
@@ -157,22 +157,64 @@ Create a `git` user for GitLab:
 
 ## 5. Database
 
-We recommend using a PostgreSQL database. For MySQL check [MySQL setup guide](database_mysql.md). *Note*: because we need to make use of extensions you need at least pgsql 9.1.
+We recommend using a PostgreSQL database. For MySQL check the
+[MySQL setup guide](database_mysql.md).
 
-    # Install the database packages
-    sudo apt-get install -y postgresql postgresql-client libpq-dev
+> **Note**: because we need to make use of extensions you need at least pgsql 9.1.
 
-    # Create a user for GitLab
+1. Install the database packages:
+
+    ```bash
+    sudo apt-get install -y postgresql postgresql-client libpq-dev postgresql-contrib
+    ```
+
+1. Create a database user for GitLab:
+
+    ```bash
     sudo -u postgres psql -d template1 -c "CREATE USER git CREATEDB;"
+    ```
 
-    # Create the GitLab production database & grant all privileges on database
+1. Create the GitLab production database and grant all privileges on database:
+
+    ```bash
     sudo -u postgres psql -d template1 -c "CREATE DATABASE gitlabhq_production OWNER git;"
+    ```
 
-    # Try connecting to the new database with the new user
+1. Create the `pg_trgm` extension (required for GitLab 8.6+):
+
+    ```bash
+    sudo -u postgres psql -d template1 -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
+    ```
+
+1. Try connecting to the new database with the new user:
+
+    ```bash
     sudo -u git -H psql -d gitlabhq_production
+    ```
 
-    # Quit the database session
+1. Check if the `pg_trgm` extension is enabled:
+
+    ```bash
+    SELECT true AS enabled
+    FROM pg_available_extensions
+    WHERE name = 'pg_trgm'
+    AND installed_version IS NOT NULL;
+    ```
+
+    If the extension is enabled this will produce the following output:
+
+    ```
+    enabled
+    ---------
+     t
+    (1 row)
+    ```
+
+1. Quit the database session:
+
+    ```bash
     gitlabhq_production> \q
+    ```
 
 ## 6. Redis
 
@@ -227,7 +269,7 @@ sudo usermod -aG redis git
 ### Clone the Source
 
     # Clone GitLab repository
-    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-7-stable gitlab
+    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-8-stable gitlab
 
 **Note:** You can change `8-7-stable` to `master` if you want the *bleeding edge* version, but never install master on a production server!
 
diff --git a/doc/install/relative_url.md b/doc/install/relative_url.md
index 0245febfcd8..44d2a14f366 100644
--- a/doc/install/relative_url.md
+++ b/doc/install/relative_url.md
@@ -132,5 +132,5 @@ To disable the relative URL:
 1.  Follow the same as above starting from 2. and set up the
     GitLab URL to one that doesn't contain a relative path.
 
-[omnibus-rel]: http://doc.gitlab.com/omnibus/settings/configuration.html#configuring-a-relative-url-for-gitlab "How to setup relative URL in Omnibus GitLab"
+[omnibus-rel]: http://docs.gitlab.com/omnibus/settings/configuration.html#configuring-a-relative-url-for-gitlab "How to setup relative URL in Omnibus GitLab"
 [restart gitlab]: ../administration/restart_gitlab.md#installations-from-source "How to restart GitLab"
diff --git a/doc/install/requirements.md b/doc/install/requirements.md
index eb9fe5e1b1b..df8e8bdc476 100644
--- a/doc/install/requirements.md
+++ b/doc/install/requirements.md
@@ -64,7 +64,10 @@ If you have enough RAM memory and a recent CPU the speed of GitLab is mainly lim
 ### Memory
 
 You need at least 2GB of addressable memory (RAM + swap) to install and use GitLab!
-With less memory GitLab will give strange errors during the reconfigure run and 500 errors during usage.
+The operating system and any other running applications will also be using memory
+so keep in mind that you need at least 2GB available before running GitLab. With
+less memory GitLab will give strange errors during the reconfigure run and 500
+errors during usage.
 
 - 512MB RAM + 1.5GB of swap is the absolute minimum but we strongly **advise against** this amount of memory. See the unicorn worker section below for more advice.
 - 1GB RAM + 1GB swap supports up to 100 users but it will be very slow
@@ -77,6 +80,10 @@ With less memory GitLab will give strange errors during the reconfigure run and
 - 128GB RAM supports up to 32,000 users
 - More users? Run it on [multiple application servers](https://about.gitlab.com/high-availability/)
 
+We recommend having at least 1GB of swap on your server, even if you currently have
+enough available RAM. Having swap will help reduce the chance of errors occuring
+if your available memory changes.
+
 Notice: The 25 workers of Sidekiq will show up as separate processes in your process overview (such as top or htop) but they share the same RAM allocation since Sidekiq is a multithreaded application. Please see the section below about Unicorn workers for information about many you need of those.
 
 ## Gitlab Runner
@@ -142,4 +149,4 @@ On a very active server (10,000 active users) the Sidekiq process can use 1GB+ o
 - Firefox (Latest released version and [latest ESR version](https://www.mozilla.org/en-US/firefox/organizations/))
 - Safari 7+ (known problem: required fields in html5 do not work)
 - Opera (Latest released version)
-- Internet Explorer (IE) 10+ but please make sure that you have the `Compatibility View` mode disabled.
+- Internet Explorer (IE) 11+ but please make sure that you have the `Compatibility View` mode disabled.
diff --git a/doc/integration/README.md b/doc/integration/README.md
index 6fe04aa2a06..fd330dd7a7d 100644
--- a/doc/integration/README.md
+++ b/doc/integration/README.md
@@ -19,7 +19,7 @@ See the documentation below for details on how to configure these services.
 
 GitLab Enterprise Edition contains [advanced Jenkins support][jenkins].
 
-[jenkins]: http://doc.gitlab.com/ee/integration/jenkins.html
+[jenkins]: http://docs.gitlab.com/ee/integration/jenkins.html
 
 
 ## Project services
diff --git a/doc/integration/cas.md b/doc/integration/cas.md
index e6b2071f193..e34e306f9ac 100644
--- a/doc/integration/cas.md
+++ b/doc/integration/cas.md
@@ -27,17 +27,18 @@ To enable the CAS OmniAuth provider you must register your application with your
     ```ruby
       gitlab_rails['omniauth_providers'] = [
         {
-          name: "cas3",
-          label: "cas",
-          args: {
-                  url: 'CAS_SERVER',
-                  login_url: '/CAS_PATH/login',
-                  service_validate_url: '/CAS_PATH/p3/serviceValidate',
-                  logout_url: '/CAS_PATH/logout'} }
-          }
+            "name"=> "cas3",
+            "label"=> "cas",
+            "args"=> {
+                "url"=> 'CAS_SERVER',
+                "login_url"=> '/CAS_PATH/login',
+                "service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
+                "logout_url"=> '/CAS_PATH/logout'
+            }
         }
       ]
     ```
+    
 
     For installations from source:
 
@@ -57,6 +58,8 @@ To enable the CAS OmniAuth provider you must register your application with your
 
 1.  Save the configuration file.
 
+1.  Run `gitlab-ctl reconfigure` for the omnibus package.
+
 1.  Restart GitLab for the changes to take effect.
 
 On the sign in page there should now be a CAS tab in the sign in form.
diff --git a/doc/integration/github.md b/doc/integration/github.md
index 1890edd7a4c..e7497e475c9 100644
--- a/doc/integration/github.md
+++ b/doc/integration/github.md
@@ -9,7 +9,9 @@ GitHub will generate an application ID and secret key for you to use.
 
 1.  Navigate to your individual user settings or an organization's settings, depending on how you want the application registered. It does not matter if the application is registered as an individual or an organization - that is entirely up to you.
 
-1.  Select "Applications" in the left menu.
+1.  Select "OAuth applications" in the left menu.
+
+1.  If you already have applications listed, switch to the "Developer applications" tab.
 
 1.  Select "Register new application".
 
@@ -60,12 +62,26 @@ GitHub will generate an application ID and secret key for you to use.
 
     For installation from source:
 
+    For GitHub.com:
+
     ```
       - { name: 'github', app_id: 'YOUR_APP_ID',
         app_secret: 'YOUR_APP_SECRET',
         args: { scope: 'user:email' } }
     ```
 
+
+    For GitHub Enterprise:
+
+    ```
+      - { name: 'github', app_id: 'YOUR_APP_ID',
+        app_secret: 'YOUR_APP_SECRET',
+        url: "https://github.example.com/",
+        args: { scope: 'user:email' } }
+    ```
+
+    __Replace `https://github.example.com/` with your GitHub URL.__
+
 1.  Change 'YOUR_APP_ID' to the client ID from the GitHub application page from step 7.
 
 1.  Change 'YOUR_APP_SECRET' to the client secret from the GitHub application page  from step 7.
diff --git a/doc/integration/img/enabled-oauth-sign-in-sources.png b/doc/integration/img/enabled-oauth-sign-in-sources.png
new file mode 100644
index 00000000000..95f8bbdcd24
Binary files /dev/null and b/doc/integration/img/enabled-oauth-sign-in-sources.png differ
diff --git a/doc/integration/omniauth.md b/doc/integration/omniauth.md
index cab329c0dec..820f40f81a9 100644
--- a/doc/integration/omniauth.md
+++ b/doc/integration/omniauth.md
@@ -11,6 +11,7 @@ of the configured mechanisms.
 - [Supported Providers](#supported-providers)
 - [Enable OmniAuth for an Existing User](#enable-omniauth-for-an-existing-user)
 - [OmniAuth configuration sample when using Omnibus GitLab](https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master#omniauth-google-twitter-github-login)
+- [Enable or disable Sign In with an OmniAuth provider without disabling import sources](#enable-or-disable-sign-in-with-an-omniauth-provider-without-disabling-import-sources)
 
 ## Supported Providers
 
@@ -191,3 +192,17 @@ experience [in the public Wiki](https://github.com/gitlabhq/gitlab-public-wiki/w
 
 While we can't officially support every possible authentication mechanism out there,
 we'd like to at least help those with specific needs.
+
+## Enable or disable Sign In with an OmniAuth provider without disabling import sources
+
+>**Note:**
+This setting was introduced with version 8.8 of GitLab.
+
+Administrators are able to enable or disable Sign In via some OmniAuth providers.
+
+>**Note:**
+By default Sign In is enabled via all the OAuth Providers that have been configured in `config/gitlab.yml`.
+
+In order to enable/disable an OmniAuth provider, go to Admin Area -> Settings -> Sign-in Restrictions section -> Enabled OAuth Sign-In sources and select the providers you want to enable or disable.
+
+![Enabled OAuth Sign-In sources](img/enabled-oauth-sign-in-sources.png)
diff --git a/doc/intro/README.md b/doc/intro/README.md
index ab298d3808e..382d10aaf40 100644
--- a/doc/intro/README.md
+++ b/doc/intro/README.md
@@ -39,4 +39,4 @@ Install and update your GitLab installation.
 
 - [Install GitLab](https://about.gitlab.com/installation/)
 - [Update GitLab](https://about.gitlab.com/update/)
-- [Explore Omnibus GitLab configuration options](http://doc.gitlab.com/omnibus/settings/configuration.html)
+- [Explore Omnibus GitLab configuration options](http://docs.gitlab.com/omnibus/settings/configuration.html)
diff --git a/doc/logs/logs.md b/doc/logs/logs.md
index 27937e51764..ef5affa2ebd 100644
--- a/doc/logs/logs.md
+++ b/doc/logs/logs.md
@@ -1,6 +1,6 @@
 ## Log system
 GitLab has advanced log system so everything is logging and you can analize your instance using various system log files.
-In addition to system log files, GitLab Enterprise Edition comes with Audit Events. Find more about them [in Audit Events documentation](http://doc.gitlab.com/ee/administration/audit_events.html)
+In addition to system log files, GitLab Enterprise Edition comes with Audit Events. Find more about them [in Audit Events documentation](http://docs.gitlab.com/ee/administration/audit_events.html)
 
 System log files are typically plain text in a standard log file format. This guide talks about how to read and use these system log files.
 
diff --git a/doc/monitoring/performance/gitlab_configuration.md b/doc/monitoring/performance/gitlab_configuration.md
index 90e99302210..771584268d9 100644
--- a/doc/monitoring/performance/gitlab_configuration.md
+++ b/doc/monitoring/performance/gitlab_configuration.md
@@ -37,4 +37,4 @@ Read more on:
 - [Introduction to GitLab Performance Monitoring](introduction.md)
 - [InfluxDB Configuration](influxdb_configuration.md)
 - [InfluxDB Schema](influxdb_schema.md)
-- [Grafana Install/Configuration](grafana_configuration.md
+- [Grafana Install/Configuration](grafana_configuration.md)
diff --git a/doc/monitoring/performance/grafana_configuration.md b/doc/monitoring/performance/grafana_configuration.md
index a79c8d48d3b..168bd85c26a 100644
--- a/doc/monitoring/performance/grafana_configuration.md
+++ b/doc/monitoring/performance/grafana_configuration.md
@@ -59,34 +59,53 @@ This will drop you in to an InfluxDB interactive session. Copy the entire
 contents below and paste it in to the interactive session:
 
 ```
-CREATE RETENTION POLICY gitlab_30d ON gitlab DURATION 30d REPLICATION 1 DEFAULT
-CREATE RETENTION POLICY seven_days ON gitlab DURATION 7d REPLICATION 1
-CREATE CONTINUOUS QUERY rails_transaction_counts_seven_days ON gitlab BEGIN SELECT count("duration") AS "count" INTO gitlab.seven_days.rails_transaction_counts FROM rails_transactions GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_transaction_counts_seven_days ON gitlab BEGIN SELECT count("duration") AS "count" INTO gitlab.seven_days.sidekiq_transaction_counts FROM sidekiq_transactions GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_method_call_timings_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS "duration_95th", percentile("duration", 99.000) AS "duration_99th", mean("duration") AS "duration_mean" INTO gitlab.seven_days.rails_method_call_timings FROM rails_method_calls GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_method_call_timings_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS "duration_95th", percentile("duration", 99.000) AS "duration_99th", mean("duration") AS "duration_mean" INTO gitlab.seven_days.sidekiq_method_call_timings FROM sidekiq_method_calls GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_method_call_timings_per_method_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS duration_95th, percentile("duration", 99.000) AS duration_99th, mean("duration") AS duration_mean INTO gitlab.seven_days.rails_method_call_timings_per_method FROM rails_method_calls GROUP BY time(1m), method END;
-CREATE CONTINUOUS QUERY sidekiq_method_call_timings_per_method_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS duration_95th, percentile("duration", 99.000) AS duration_99th, mean("duration") AS duration_mean INTO gitlab.seven_days.sidekiq_method_call_timings_per_method FROM sidekiq_method_calls GROUP BY time(1m), method END;
-CREATE CONTINUOUS QUERY rails_memory_usage_per_minute ON gitlab BEGIN SELECT percentile(value, 95.000) AS memory_95th, percentile(value, 99.000) AS memory_99th, mean(value) AS memory_mean INTO gitlab.seven_days.rails_memory_usage_per_minute FROM rails_memory_usage GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_memory_usage_per_minute ON gitlab BEGIN SELECT percentile(value, 95.000) AS memory_95th, percentile(value, 99.000) AS memory_99th, mean(value) AS memory_mean INTO gitlab.seven_days.sidekiq_memory_usage_per_minute FROM sidekiq_memory_usage GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_file_descriptors_per_minute ON gitlab BEGIN SELECT sum(value) AS value INTO gitlab.seven_days.sidekiq_file_descriptors_per_minute FROM sidekiq_file_descriptors GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_file_descriptors_per_minute ON gitlab BEGIN SELECT sum(value) AS value INTO gitlab.seven_days.rails_file_descriptors_per_minute FROM rails_file_descriptors GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_gc_counts_per_minute ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.seven_days.rails_gc_counts_per_minute FROM rails_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_gc_counts_per_minute ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.seven_days.sidekiq_gc_counts_per_minute FROM sidekiq_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_gc_timings_per_minute ON gitlab BEGIN SELECT percentile(total_time, 95.000) AS duration_95th, percentile(total_time, 99.000) AS duration_99th, mean(total_time) AS duration_mean INTO gitlab.seven_days.rails_gc_timings_per_minute FROM rails_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_gc_timings_per_minute ON gitlab BEGIN SELECT percentile(total_time, 95.000) AS duration_95th, percentile(total_time, 99.000) AS duration_99th, mean(total_time) AS duration_mean INTO gitlab.seven_days.sidekiq_gc_timings_per_minute FROM sidekiq_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_gc_major_minor_per_minute ON gitlab BEGIN SELECT sum(major_gc_count) AS major, sum(minor_gc_count) AS minor INTO gitlab.seven_days.rails_gc_major_minor_per_minute FROM rails_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_gc_major_minor_per_minute ON gitlab BEGIN SELECT sum(major_gc_count) AS major, sum(minor_gc_count) AS minor INTO gitlab.seven_days.sidekiq_gc_major_minor_per_minute FROM sidekiq_gc_statistics GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_allowed_request_counts_per_minute ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.seven_days.grape_internal_allowed_request_counts_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/allowed' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_allowed_request_timings_per_minute ON gitlab BEGIN SELECT percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean("duration") AS duration_mean INTO gitlab.seven_days.grape_internal_allowed_request_timings_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/allowed' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_allowed_sql_timings_per_minute ON gitlab BEGIN SELECT percentile(sql_duration, 95) AS duration_95th, percentile(sql_duration, 99) AS duration_99th, mean(sql_duration) AS duration_mean INTO gitlab.seven_days.grape_internal_allowed_sql_timings_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/allowed' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_authorized_keys_request_counts_per_minute ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.seven_days.grape_internal_authorized_keys_request_counts_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/authorized_keys' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_authorized_keys_request_timings_per_minute ON gitlab BEGIN SELECT percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean("duration") AS duration_mean INTO gitlab.seven_days.grape_internal_authorized_keys_request_timings_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/authorized_keys' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_internal_authorized_keys_sql_timings_per_minute ON gitlab BEGIN SELECT percentile(sql_duration, 95) AS duration_95th, percentile(sql_duration, 99) AS duration_99th, mean(sql_duration) AS duration_mean INTO gitlab.seven_days.grape_internal_authorized_keys_sql_timings_per_minute FROM rails_transactions WHERE request_uri = '/api/v3/internal/authorized_keys' GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY rails_transaction_timings_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS duration_95th, percentile("duration", 99.000) AS duration_99th, mean("duration") AS duration_mean, percentile(sql_duration, 95.000) AS sql_duration_95th, percentile(sql_duration, 99.000) AS sql_duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(view_duration, 95.000) AS view_duration_95th, percentile(view_duration, 99.000) AS view_duration_99th, mean(view_duration) AS view_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(cache_duration) AS cache_duration_mean INTO gitlab.seven_days.rails_transaction_timings FROM rails_transactions GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY sidekiq_transaction_timings_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS duration_95th, percentile("duration", 99.000) AS duration_99th, mean("duration") AS duration_mean, percentile(sql_duration, 95.000) AS sql_duration_95th, percentile(sql_duration, 99.000) AS sql_duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(view_duration, 95.000) AS view_duration_95th, percentile(view_duration, 99.000) AS view_duration_99th, mean(view_duration) AS view_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(cache_duration) AS cache_duration_mean INTO gitlab.seven_days.sidekiq_transaction_timings FROM sidekiq_transactions GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_transaction_counts_seven_days ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.seven_days.grape_transaction_counts FROM rails_transactions WHERE action !~ /.+/ GROUP BY time(1m) END;
-CREATE CONTINUOUS QUERY grape_transaction_timings_seven_days ON gitlab BEGIN SELECT percentile("duration", 95.000) AS duration_95th, percentile("duration", 99.000) AS duration_99th, mean("duration") AS duration_mean, percentile(sql_duration, 95.000) AS sql_duration_95th, percentile(sql_duration, 99.000) AS sql_duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(cache_duration) AS cache_duration_mean INTO gitlab.seven_days.grape_transaction_timings FROM rails_transactions WHERE action !~ /.+/ GROUP BY time(1m) END;
+CREATE RETENTION POLICY default ON gitlab DURATION 1h REPLICATION 1 DEFAULT
+CREATE RETENTION POLICY downsampled ON gitlab DURATION 7d REPLICATION 1
+CREATE CONTINUOUS QUERY grape_git_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.grape_git_timings_per_action FROM gitlab."default".rails_method_calls WHERE (action !~ /.+/ OR action =~ /^Grape#/) AND method =~ /^(Rugged|Gitlab::Git)/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY grape_markdown_render_timings_overall ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.grape_markdown_render_timings_overall FROM gitlab."default".rails_transactions WHERE (action !~ /.+/ OR action =~ /^Grape#/) AND (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY grape_markdown_render_timings_per_action ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.grape_markdown_render_timings_per_action FROM gitlab."default".rails_transactions WHERE (action !~ /.+/ OR action =~ /^Grape#/) AND (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY grape_markdown_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.grape_markdown_timings_overall FROM gitlab."default".rails_method_calls WHERE (action !~ /.+/ OR action =~ /^Grape#/) AND method =~ /^Banzai/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY grape_method_call_timings_per_action_and_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.grape_method_call_timings_per_action_and_method FROM gitlab."default".rails_method_calls WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m), method, action END;
+CREATE CONTINUOUS QUERY grape_method_call_timings_per_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.grape_method_call_timings_per_method FROM gitlab."default".rails_method_calls WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m), method END;
+CREATE CONTINUOUS QUERY grape_transaction_counts_overall ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.grape_transaction_counts_overall FROM gitlab."default".rails_transactions WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY grape_transaction_counts_per_action ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.grape_transaction_counts_per_action FROM gitlab."default".rails_transactions WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY grape_transaction_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.grape_transaction_timings_overall FROM gitlab."default".rails_transactions WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY grape_transaction_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.grape_transaction_timings_per_action FROM gitlab."default".rails_transactions WHERE action !~ /.+/ OR action =~ /^Grape#/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY rails_file_descriptor_counts ON gitlab BEGIN SELECT sum(value) AS count INTO gitlab.downsampled.rails_file_descriptor_counts FROM gitlab."default".rails_file_descriptors GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_gc_counts ON gitlab BEGIN SELECT sum(count) AS total, sum(minor_gc_count) AS minor, sum(major_gc_count) AS major INTO gitlab.downsampled.rails_gc_counts FROM gitlab."default".rails_gc_statistics GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_gc_timings ON gitlab BEGIN SELECT mean(total_time) AS duration_mean, percentile(total_time, 95) AS duration_95th, percentile(total_time, 99) AS duration_99th INTO gitlab.downsampled.rails_gc_timings FROM gitlab."default".rails_gc_statistics GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_git_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.rails_git_timings_per_action FROM gitlab."default".rails_method_calls WHERE (action =~ /.+/ AND action !~ /^Grape#/) AND method =~ /^(Rugged|Gitlab::Git)/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY rails_markdown_render_timings_overall ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.rails_markdown_render_timings_overall FROM gitlab."default".rails_transactions WHERE (action =~ /.+/ AND action !~ /^Grape#/) AND (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_markdown_render_timings_per_action ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.rails_markdown_render_timings_per_action FROM gitlab."default".rails_transactions WHERE (action =~ /.+/ AND action !~ /^Grape#/) AND (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY rails_markdown_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.rails_markdown_timings_overall FROM gitlab."default".rails_method_calls WHERE (action =~ /.+/ AND action !~ /^Grape#/) AND method =~ /^Banzai/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_memory_usage_overall ON gitlab BEGIN SELECT mean(value) AS memory_mean, percentile(value, 95) AS memory_95th, percentile(value, 99) AS memory_99th INTO gitlab.downsampled.rails_memory_usage_overall FROM gitlab."default".rails_memory_usage GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_method_call_timings_per_action_and_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.rails_method_call_timings_per_action_and_method FROM gitlab."default".rails_method_calls WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m), method, action END;
+CREATE CONTINUOUS QUERY rails_method_call_timings_per_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.rails_method_call_timings_per_method FROM gitlab."default".rails_method_calls WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m), method END;
+CREATE CONTINUOUS QUERY rails_object_counts_overall ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.downsampled.rails_object_counts_overall FROM gitlab."default".rails_object_counts GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_object_counts_per_type ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.downsampled.rails_object_counts_per_type FROM gitlab."default".rails_object_counts GROUP BY time(1m), type END;
+CREATE CONTINUOUS QUERY rails_transaction_counts_overall ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.rails_transaction_counts_overall FROM gitlab."default".rails_transactions WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_transaction_counts_per_action ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.rails_transaction_counts_per_action FROM gitlab."default".rails_transactions WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY rails_transaction_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.rails_transaction_timings_overall FROM gitlab."default".rails_transactions WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY rails_transaction_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.rails_transaction_timings_per_action FROM gitlab."default".rails_transactions WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY rails_view_timings_per_action_and_view ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.rails_view_timings_per_action_and_view FROM gitlab."default".rails_views WHERE action =~ /.+/ AND action !~ /^Grape#/ GROUP BY time(1m), action, view END;
+CREATE CONTINUOUS QUERY sidekiq_file_descriptor_counts ON gitlab BEGIN SELECT sum(value) AS count INTO gitlab.downsampled.sidekiq_file_descriptor_counts FROM gitlab."default".sidekiq_file_descriptors GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_gc_counts ON gitlab BEGIN SELECT sum(count) AS total, sum(minor_gc_count) AS minor, sum(major_gc_count) AS major INTO gitlab.downsampled.sidekiq_gc_counts FROM gitlab."default".sidekiq_gc_statistics GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_gc_timings ON gitlab BEGIN SELECT mean(total_time) AS duration_mean, percentile(total_time, 95) AS duration_95th, percentile(total_time, 99) AS duration_99th INTO gitlab.downsampled.sidekiq_gc_timings FROM gitlab."default".sidekiq_gc_statistics GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_git_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.sidekiq_git_timings_per_action FROM gitlab."default".sidekiq_method_calls WHERE method =~ /^(Rugged|Gitlab::Git)/ GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY sidekiq_markdown_render_timings_overall ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.sidekiq_markdown_render_timings_overall FROM gitlab."default".sidekiq_transactions WHERE (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_markdown_render_timings_per_action ON gitlab BEGIN SELECT mean(banzai_cached_render_real_time) AS cached_real_mean, percentile(banzai_cached_render_real_time, 95) AS cached_real_95th, percentile(banzai_cached_render_real_time, 99) AS cached_real_99th, mean(banzai_cached_render_cpu_time) AS cached_cpu_mean, percentile(banzai_cached_render_cpu_time, 95) AS cached_cpu_95th, percentile(banzai_cached_render_cpu_time, 99) AS cached_cpu_99th, sum(banzai_cached_render_call_count) AS cached_call_count, mean(banzai_cacheless_render_real_time) AS cacheless_real_mean, percentile(banzai_cacheless_render_real_time, 95) AS cacheless_real_95th, percentile(banzai_cacheless_render_real_time, 99) AS cacheless_real_99th, mean(banzai_cacheless_render_cpu_time) AS cacheless_cpu_mean, percentile(banzai_cacheless_render_cpu_time, 95) AS cacheless_cpu_95th, percentile(banzai_cacheless_render_cpu_time, 99) AS cacheless_cpu_99th, sum(banzai_cacheless_render_call_count) AS cacheless_call_count INTO gitlab.downsampled.sidekiq_markdown_render_timings_per_action FROM gitlab."default".sidekiq_transactions WHERE (banzai_cached_render_call_count > 0 OR banzai_cacheless_render_call_count > 0) GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY sidekiq_markdown_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.sidekiq_markdown_timings_overall FROM gitlab."default".sidekiq_method_calls WHERE method =~ /^Banzai/ GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_memory_usage_overall ON gitlab BEGIN SELECT mean(value) AS memory_mean, percentile(value, 95) AS memory_95th, percentile(value, 99) AS memory_99th INTO gitlab.downsampled.sidekiq_memory_usage_overall FROM gitlab."default".sidekiq_memory_usage GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_method_call_timings_per_action_and_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.sidekiq_method_call_timings_per_action_and_method FROM gitlab."default".sidekiq_method_calls GROUP BY time(1m), method, action END;
+CREATE CONTINUOUS QUERY sidekiq_method_call_timings_per_method ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.sidekiq_method_call_timings_per_method FROM gitlab."default".sidekiq_method_calls GROUP BY time(1m), method END;
+CREATE CONTINUOUS QUERY sidekiq_object_counts_overall ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.downsampled.sidekiq_object_counts_overall FROM gitlab."default".sidekiq_object_counts GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_object_counts_per_type ON gitlab BEGIN SELECT sum(count) AS count INTO gitlab.downsampled.sidekiq_object_counts_per_type FROM gitlab."default".sidekiq_object_counts GROUP BY time(1m), type END;
+CREATE CONTINUOUS QUERY sidekiq_transaction_counts_overall ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.sidekiq_transaction_counts_overall FROM gitlab."default".sidekiq_transactions GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_transaction_counts_per_action ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.sidekiq_transaction_counts_per_action FROM gitlab."default".sidekiq_transactions GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY sidekiq_transaction_timings_overall ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.sidekiq_transaction_timings_overall FROM gitlab."default".sidekiq_transactions GROUP BY time(1m) END;
+CREATE CONTINUOUS QUERY sidekiq_transaction_timings_per_action ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th, mean(sql_duration) AS sql_duration_mean, percentile(sql_duration, 95) AS sql_duration_95th, percentile(sql_duration, 99) AS sql_duration_99th, mean(view_duration) AS view_duration_mean, percentile(view_duration, 95) AS view_duration_95th, percentile(view_duration, 99) AS view_duration_99th, mean(cache_read_duration) AS cache_read_duration_mean, percentile(cache_read_duration, 99) AS cache_read_duration_99th, percentile(cache_read_duration, 95) AS cache_read_duration_95th, mean(cache_write_duration) AS cache_write_duration_mean, percentile(cache_write_duration, 99) AS cache_write_duration_99th, percentile(cache_write_duration, 95) AS cache_write_duration_95th, mean(cache_delete_duration) AS cache_delete_duration_mean, percentile(cache_delete_duration, 99) AS cache_delete_duration_99th, percentile(cache_delete_duration, 95) AS cache_delete_duration_95th, mean(cache_exists_duration) AS cache_exists_duration_mean, percentile(cache_exists_duration, 99) AS cache_exists_duration_99th, percentile(cache_exists_duration, 95) AS cache_exists_duration_95th, mean(cache_duration) AS cache_duration_mean, percentile(cache_duration, 99) AS cache_duration_99th, percentile(cache_duration, 95) AS cache_duration_95th, mean(method_duration) AS method_duration_mean, percentile(method_duration, 99) AS method_duration_99th, percentile(method_duration, 95) AS method_duration_95th INTO gitlab.downsampled.sidekiq_transaction_timings_per_action FROM gitlab."default".sidekiq_transactions GROUP BY time(1m), action END;
+CREATE CONTINUOUS QUERY sidekiq_view_timings_per_action_and_view ON gitlab BEGIN SELECT mean("duration") AS duration_mean, percentile("duration", 95) AS duration_95th, percentile("duration", 99) AS duration_99th INTO gitlab.downsampled.sidekiq_view_timings_per_action_and_view FROM gitlab."default".sidekiq_views GROUP BY time(1m), action, view END;
+CREATE CONTINUOUS QUERY web_transaction_counts_overall ON gitlab BEGIN SELECT count("duration") AS count INTO gitlab.downsampled.web_transaction_counts_overall FROM gitlab."default".rails_transactions GROUP BY time(1m) END;
 ```
 
 ## Import Dashboards
diff --git a/doc/monitoring/performance/influxdb_configuration.md b/doc/monitoring/performance/influxdb_configuration.md
index 63aa03985ef..c30cd2950d8 100644
--- a/doc/monitoring/performance/influxdb_configuration.md
+++ b/doc/monitoring/performance/influxdb_configuration.md
@@ -181,7 +181,7 @@ Read more on:
 - [Introduction to GitLab Performance Monitoring](introduction.md)
 - [GitLab Configuration](gitlab_configuration.md)
 - [InfluxDB Schema](influxdb_schema.md)
-- [Grafana Install/Configuration](grafana_configuration.md
+- [Grafana Install/Configuration](grafana_configuration.md)
 
 [influxdb-retention]: https://docs.influxdata.com/influxdb/v0.9/query_language/database_management/#retention-policy-management
 [influxdb documentation]: https://docs.influxdata.com/influxdb/v0.9/
diff --git a/doc/monitoring/performance/influxdb_schema.md b/doc/monitoring/performance/influxdb_schema.md
index d31b3788f36..41861860b6d 100644
--- a/doc/monitoring/performance/influxdb_schema.md
+++ b/doc/monitoring/performance/influxdb_schema.md
@@ -85,4 +85,4 @@ Read more on:
 - [Introduction to GitLab Performance Monitoring](introduction.md)
 - [GitLab Configuration](gitlab_configuration.md)
 - [InfluxDB Configuration](influxdb_configuration.md)
-- [Grafana Install/Configuration](grafana_configuration.md
+- [Grafana Install/Configuration](grafana_configuration.md)
diff --git a/doc/operations/sidekiq_memory_killer.md b/doc/operations/sidekiq_memory_killer.md
index 811c2192a19..b5e78348989 100644
--- a/doc/operations/sidekiq_memory_killer.md
+++ b/doc/operations/sidekiq_memory_killer.md
@@ -36,5 +36,5 @@ The MemoryKiller is controlled using environment variables.
   Existing jobs get 30 seconds to finish. After that, the MemoryKiller tells
   Sidekiq to shut down, and an external supervision mechanism (e.g. Runit) must
   restart Sidekiq.
-- `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_SIGNAL`: defaults to 'SIGTERM'. The name of
+- `SIDEKIQ_MEMORY_KILLER_SHUTDOWN_SIGNAL`: defaults to `SIGKILL`. The name of
   the final signal sent to the Sidekiq process when we want it to shut down.
diff --git a/doc/permissions/permissions.md b/doc/permissions/permissions.md
index 6219693b8a8..b76ce31cbad 100644
--- a/doc/permissions/permissions.md
+++ b/doc/permissions/permissions.md
@@ -27,6 +27,7 @@ documentation](../workflow/add-user/add-user.md).
 | Manage issue tracker                  |         | ✓          | ✓           | ✓        | ✓      |
 | Manage labels                         |         | ✓          | ✓           | ✓        | ✓      |
 | See a commit status                   |         | ✓          | ✓           | ✓        | ✓      |
+| See a container registry              |         | ✓          | ✓           | ✓        | ✓      |
 | Manage merge requests                 |         |            | ✓           | ✓        | ✓      |
 | Create new merge request              |         |            | ✓           | ✓        | ✓      |
 | Create new branches                   |         |            | ✓           | ✓        | ✓      |
@@ -37,6 +38,8 @@ documentation](../workflow/add-user/add-user.md).
 | Write a wiki                          |         |            | ✓           | ✓        | ✓      |
 | Cancel and retry builds               |         |            | ✓           | ✓        | ✓      |
 | Create or update commit status        |         |            | ✓           | ✓        | ✓      |
+| Update a container registry           |         |            | ✓           | ✓        | ✓      |
+| Remove a container registry image     |         |            | ✓           | ✓        | ✓      |
 | Create new milestones                 |         |            |             | ✓        | ✓      |
 | Add new team members                  |         |            |             | ✓        | ✓      |
 | Push to protected branches            |         |            |             | ✓        | ✓      |
diff --git a/doc/raketasks/README.md b/doc/raketasks/README.md
index 6be954ad68b..a49c43b8ef2 100644
--- a/doc/raketasks/README.md
+++ b/doc/raketasks/README.md
@@ -8,4 +8,4 @@
 - [User management](user_management.md)
 - [Webhooks](web_hooks.md)
 - [Import](import.md) of git repositories in bulk
-- [Rebuild authorized_keys file](http://doc.gitlab.com/ce/raketasks/maintenance.html#rebuild-authorized_keys-file) task for administrators
+- [Rebuild authorized_keys file](http://docs.gitlab.com/ce/raketasks/maintenance.html#rebuild-authorized_keys-file) task for administrators
diff --git a/doc/raketasks/backup_restore.md b/doc/raketasks/backup_restore.md
index 4329ac30a1c..fa976134341 100644
--- a/doc/raketasks/backup_restore.md
+++ b/doc/raketasks/backup_restore.md
@@ -295,36 +295,49 @@ Deleting tmp directories...[DONE]
 
 ### Omnibus installations
 
-We will assume that you have installed GitLab from an omnibus package and run
-`sudo gitlab-ctl reconfigure` at least once.
+This procedure assumes that:
 
-First make sure your backup tar file is in `/var/opt/gitlab/backups` (or wherever `gitlab_rails['backup_path']` points to).
+- You have installed the exact same version of GitLab Omnibus with which the
+  backup was created
+- You have run `sudo gitlab-ctl reconfigure` at least once
+- GitLab is running.  If not, start it using `sudo gitlab-ctl start`.
+
+First make sure your backup tar file is in the backup directory described in the
+`gitlab.rb` configuration `gitlab_rails['backup_path']`. The default is
+`/var/opt/gitlab/backups`.
 
 ```shell
 sudo cp 1393513186_gitlab_backup.tar /var/opt/gitlab/backups/
 ```
 
-Next, restore the backup by running the restore command. You need to specify the
-timestamp of the backup you are restoring.
+Stop the processes that are connected to the database.  Leave the rest of GitLab
+running:
 
 ```shell
-# Stop processes that are connected to the database
 sudo gitlab-ctl stop unicorn
 sudo gitlab-ctl stop sidekiq
+# Verify
+sudo gitlab-ctl status
+```
 
+Next, restore the backup, specifying the timestamp of the backup you wish to
+restore:
+
+```shell
 # This command will overwrite the contents of your GitLab database!
 sudo gitlab-rake gitlab:backup:restore BACKUP=1393513186
+```
 
-# Start GitLab
+Restart and check GitLab:
+
+```shell
 sudo gitlab-ctl start
-
-# Check GitLab
 sudo gitlab-rake gitlab:check SANITIZE=true
 ```
 
 If there is a GitLab version mismatch between your backup tar file and the installed
-version of GitLab, the restore command will abort with an error. Install a package for
-the [required version](https://www.gitlab.com/downloads/archives/) and try again.
+version of GitLab, the restore command will abort with an error. Install the
+[correct GitLab version](https://www.gitlab.com/downloads/archives/) and try again.
 
 ## Configure cron to make daily backups
 
diff --git a/doc/security/README.md b/doc/security/README.md
index 4cd0fdd4094..38706e48ec5 100644
--- a/doc/security/README.md
+++ b/doc/security/README.md
@@ -8,3 +8,4 @@
 - [User File Uploads](user_file_uploads.md)
 - [How we manage the CRIME vulnerability](crime_vulnerability.md)
 - [Enforce Two-factor authentication](two_factor_authentication.md)
+- [Send email confirmation on sign-up](user_email_confirmation.md)
diff --git a/doc/security/user_email_confirmation.md b/doc/security/user_email_confirmation.md
new file mode 100644
index 00000000000..4293944ae8b
--- /dev/null
+++ b/doc/security/user_email_confirmation.md
@@ -0,0 +1,7 @@
+# User email confirmation at sign-up
+
+Gitlab admin can enable email confirmation on sign-up, if you want to confirm all
+user emails before they are able to sign-in.
+
+In the Admin area under **Settings** (`/admin/application_settings`), go to section
+**Sign-in Restrictions** and look for **Send confirmation email on sign-up** option.
diff --git a/doc/update/8.7-to-8.8.md b/doc/update/8.7-to-8.8.md
new file mode 100644
index 00000000000..b4d9212289c
--- /dev/null
+++ b/doc/update/8.7-to-8.8.md
@@ -0,0 +1,154 @@
+# From 8.7 to 8.8
+
+Make sure you view this update guide from the tag (version) of GitLab you would
+like to install. In most cases this should be the highest numbered production
+tag (without rc in it). You can select the tag in the version dropdown at the
+top left corner of GitLab (below the menu bar).
+
+If the highest number stable branch is unclear please check the
+[GitLab Blog](https://about.gitlab.com/blog/archives.html) for installation
+guide links by version.
+
+### 1. Stop server
+
+    sudo service gitlab stop
+
+### 2. Backup
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
+```
+
+### 3. Get latest code
+
+```bash
+sudo -u git -H git fetch --all
+sudo -u git -H git checkout -- db/schema.rb # local changes will be restored automatically
+```
+
+For GitLab Community Edition:
+
+```bash
+sudo -u git -H git checkout 8-8-stable
+```
+
+OR
+
+For GitLab Enterprise Edition:
+
+```bash
+sudo -u git -H git checkout 8-8-stable-ee
+```
+
+### 4. Update gitlab-shell
+
+```bash
+cd /home/git/gitlab-shell
+sudo -u git -H git fetch --all --tags
+sudo -u git -H git checkout v2.7.2
+```
+
+### 5. Update gitlab-workhorse
+
+Install and compile gitlab-workhorse. This requires
+[Go 1.5](https://golang.org/dl) which should already be on your system from
+GitLab 8.1.
+
+```bash
+cd /home/git/gitlab-workhorse
+sudo -u git -H git fetch --all
+sudo -u git -H git checkout v0.7.1
+sudo -u git -H make
+```
+
+### 6. Install libs, migrations, etc.
+
+```bash
+cd /home/git/gitlab
+
+# MySQL installations (note: the line below states '--without postgres')
+sudo -u git -H bundle install --without postgres development test --deployment
+
+# PostgreSQL installations (note: the line below states '--without mysql')
+sudo -u git -H bundle install --without mysql development test --deployment
+
+# Optional: clean up old gems
+sudo -u git -H bundle clean
+
+# Run database migrations
+sudo -u git -H bundle exec rake db:migrate RAILS_ENV=production
+
+# Clean up assets and cache
+sudo -u git -H bundle exec rake assets:clean assets:precompile cache:clear RAILS_ENV=production
+
+```
+
+### 7. Update configuration files
+
+#### Git configuration
+
+Disable `git gc --auto` because GitLab runs `git gc` for us already.
+
+```sh
+sudo -u git -H git config --global gc.auto 0
+```
+
+#### Nginx configuration
+
+Ensure you're still up-to-date with the latest NGINX configuration changes:
+
+```sh
+# For HTTPS configurations
+git diff origin/8-7-stable:lib/support/nginx/gitlab-ssl origin/8-8-stable:lib/support/nginx/gitlab-ssl
+
+# For HTTP configurations
+git diff origin/8-7-stable:lib/support/nginx/gitlab origin/8-8-stable:lib/support/nginx/gitlab
+```
+
+If you are using Apache instead of NGINX please see the updated [Apache templates].
+Also note that because Apache does not support upstreams behind Unix sockets you
+will need to let gitlab-workhorse listen on a TCP port. You can do this
+via [/etc/default/gitlab].
+
+[Apache templates]: https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/apache
+[/etc/default/gitlab]: https://gitlab.com/gitlab-org/gitlab-ce/blob/8-8-stable/lib/support/init.d/gitlab.default.example#L37
+
+#### Init script
+
+Ensure you're still up-to-date with the latest init script changes:
+
+    sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab
+
+### 8. Start application
+
+    sudo service gitlab start
+    sudo service nginx restart
+
+### 9. Check application status
+
+Check if GitLab and its environment are configured correctly:
+
+    sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
+
+To make sure you didn't miss anything run a more thorough check:
+
+    sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
+
+If all items are green, then congratulations, the upgrade is complete!
+
+## Things went south? Revert to previous version (8.6)
+
+### 1. Revert the code to the previous version
+
+Follow the [upgrade guide from 8.6 to 8.7](8.6-to-8.7.md), except for the
+database migration (the backup is already migrated to the previous version).
+
+### 2. Restore from the backup
+
+```bash
+cd /home/git/gitlab
+sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production
+```
+
+If you have more than one backup `*.tar` file(s) please add `BACKUP=timestamp_of_backup` to the command above.
diff --git a/doc/update/README.md b/doc/update/README.md
index a770633c9b8..975d72164b4 100644
--- a/doc/update/README.md
+++ b/doc/update/README.md
@@ -29,7 +29,7 @@ Based on your installation, choose a section below that fits your needs.
 
 ## Omnibus Packages
 
-- The [Omnibus update guide](http://doc.gitlab.com/omnibus/update/README.html)
+- The [Omnibus update guide](http://docs.gitlab.com/omnibus/update/README.html)
   contains the steps needed to update an Omnibus GitLab package.
 
 ## Installation from source
@@ -86,10 +86,10 @@ possible.
   information about configuring GitLab to work with a MySQL database.
 - [Restoring from backup after a failed upgrade](restore_after_failure.md)
 
-[omnidocker]: http://doc.gitlab.com/omnibus/docker/README.html
+[omnidocker]: http://docs.gitlab.com/omnibus/docker/README.html
 [source-ee]: https://gitlab.com/gitlab-org/gitlab-ee/tree/master/doc/update
 [source-ce]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/doc/update
 [ee-ce]: ../downgrade_ee_to_ce/README.md
 [ce]: https://about.gitlab.com/features/#community
 [ee]: https://about.gitlab.com/features/#enterprise
-[omni-ce-ee]: http://doc.gitlab.com/omnibus/update/README.html#from-community-edition-to-enterprise-edition
+[omni-ce-ee]: http://docs.gitlab.com/omnibus/update/README.html#from-community-edition-to-enterprise-edition
diff --git a/doc/update/patch_versions.md b/doc/update/patch_versions.md
index f446ed0a35b..60729316cde 100644
--- a/doc/update/patch_versions.md
+++ b/doc/update/patch_versions.md
@@ -47,7 +47,7 @@ sudo -u git -H git checkout v`cat /home/git/gitlab/GITLAB_SHELL_VERSION` -b v`ca
 ```bash
 cd /home/git/gitlab-workhorse
 sudo -u git -H git fetch
-sudo -u git -H git checkout `cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION` -b `cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION`
+sudo -u git -H git checkout v`cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION` -b v`cat /home/git/gitlab/GITLAB_WORKHORSE_VERSION`
 sudo -u git -H make
 ```
 
diff --git a/doc/web_hooks/web_hooks.md b/doc/web_hooks/web_hooks.md
index c1c51302e79..45506ac1d7c 100644
--- a/doc/web_hooks/web_hooks.md
+++ b/doc/web_hooks/web_hooks.md
@@ -13,6 +13,19 @@ You can configure webhooks to listen for specific events like pushes, issues or
 
 Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server.
 
+## Webhook endpoint tips
+
+If you are writing your own endpoint (web server) that will receive
+GitLab webhooks keep in mind the following things:
+
+-   Your endpoint should send its HTTP response as fast as possible. If
+    you wait too long, GitLab may decide the hook failed and retry it.
+-   Your endpoint should ALWAYS return a valid HTTP response. If you do
+    not do this then GitLab will think the hook failed and retry it.
+    Most HTTP libraries take care of this for you automatically but if
+    you are writing a low-level hook this is important to remember.
+-   GitLab ignores the HTTP status code returned by your endpoint.
+
 ## SSL Verification
 
 By default, the SSL certificate of the webhook endpoint is verified based on
diff --git a/doc/workflow/gitlab_flow.md b/doc/workflow/gitlab_flow.md
index 1b354bcc0f1..2b2f140f8bf 100644
--- a/doc/workflow/gitlab_flow.md
+++ b/doc/workflow/gitlab_flow.md
@@ -131,7 +131,7 @@ When you feel comfortable with it to be merged you assign it to the person that
 There is room for more feedback and after the assigned person feels comfortable with the result the branch is merged.
 If the assigned person does not feel comfortable they can close the merge request without merging.
 
-In GitLab it is common to protect the long-lived branches (e.g. the master branch) so that normal developers [can't modify these protected branches](http://doc.gitlab.com/ce/permissions/permissions.html).
+In GitLab it is common to protect the long-lived branches (e.g. the master branch) so that normal developers [can't modify these protected branches](http://docs.gitlab.com/ce/permissions/permissions.html).
 So if you want to merge it into a protected branch you assign it to someone with master authorizations.
 
 ## Issues with GitLab flow
@@ -187,7 +187,7 @@ If you have an issue that spans across multiple repositories, the best thing is
 ![Vim screen showing the rebase view](rebase.png)
 
 With git you can use an interactive rebase (`rebase -i`) to squash multiple commits into one and reorder them.
-In GitLab EE and .com you can also [rebase before merge](http://doc.gitlab.com/ee/workflow/rebase_before_merge.html) from the web interface.
+In GitLab EE and .com you can also [rebase before merge](http://docs.gitlab.com/ee/workflow/rebase_before_merge.html) from the web interface.
 This functionality is useful if you made a couple of commits for small changes during development and want to replace them with a single commit or if you want to make the order more logical.
 However you should never rebase commits you have pushed to a remote server.
 Somebody can have referred to the commits or cherry-picked them.
diff --git a/doc/workflow/groups.md b/doc/workflow/groups.md
index 52bf611dc5e..34ada1774d8 100644
--- a/doc/workflow/groups.md
+++ b/doc/workflow/groups.md
@@ -54,7 +54,7 @@ If necessary, you can increase the access level of an individual user for a spec
 ## Managing group memberships via LDAP
 
 In GitLab Enterprise Edition it is possible to manage GitLab group memberships using LDAP groups.
-See [the GitLab Enterprise Edition documentation](http://doc.gitlab.com/ee/integration/ldap.html) for more information.
+See [the GitLab Enterprise Edition documentation](http://docs.gitlab.com/ee/integration/ldap.html) for more information.
 
 ## Allowing only admins to create groups
 
diff --git a/doc/workflow/importing/import_projects_from_github.md b/doc/workflow/importing/import_projects_from_github.md
index e670e415c71..a7dfac2c120 100644
--- a/doc/workflow/importing/import_projects_from_github.md
+++ b/doc/workflow/importing/import_projects_from_github.md
@@ -44,5 +44,5 @@ case the namespace is taken, the project will be imported on the user's
 namespace.
 
 [gh-import]: ../../integration/github.md "GitHub integration"
-[ee-gh]: http://doc.gitlab.com/ee/integration/github.html "GitHub integration for GitLab EE"
+[ee-gh]: http://docs.gitlab.com/ee/integration/github.html "GitHub integration for GitLab EE"
 [new-project]: ../../gitlab-basics/create-project.md "How to create a new project in GitLab"
diff --git a/doc/workflow/importing/import_projects_from_gitlab_com.md b/doc/workflow/importing/import_projects_from_gitlab_com.md
index 1117db98e7e..dcc00074b75 100644
--- a/doc/workflow/importing/import_projects_from_gitlab_com.md
+++ b/doc/workflow/importing/import_projects_from_gitlab_com.md
@@ -2,7 +2,7 @@
 
 You can import your existing GitLab.com projects to your GitLab instance. But keep in mind that it is possible only if
 GitLab support is enabled on your GitLab instance. 
-You can read more about GitLab support [here](http://doc.gitlab.com/ce/integration/gitlab.html)
+You can read more about GitLab support [here](http://docs.gitlab.com/ce/integration/gitlab.html)
 To get to the importer page you need to go to "New project" page.
 
 ![New project page](gitlab_importer/new_project_page.png)
diff --git a/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md b/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
index 31620044b15..9fe065fa680 100644
--- a/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
+++ b/doc/workflow/lfs/manage_large_binaries_with_git_lfs.md
@@ -4,7 +4,7 @@ Managing large files such as audio, video and graphics files has always been one
 of the shortcomings of Git. The general recommendation is to not have Git repositories
 larger than 1GB to preserve performance.
 
-GitLab already supports [managing large files with git annex](http://doc.gitlab.com/ee/workflow/git_annex.html)
+GitLab already supports [managing large files with git annex](http://docs.gitlab.com/ee/workflow/git_annex.html)
 (EE only), however in certain environments it is not always convenient to use
 different commands to differentiate between the large files and regular ones.
 
@@ -127,7 +127,7 @@ To prevent this from happening, set the lfs url in project Git config:
 
 ```bash
 
-git config --add lfs.url "http://gitlab.example.com/group/project.git/info/lfs/objects/batch"
+git config --add lfs.url "http://gitlab.example.com/group/project.git/info/lfs"
 ```
 
 ### Credentials are always required when pushing an object
@@ -152,4 +152,4 @@ If you are using OS X you can use `osxkeychain` to store and encrypt your creden
 For Windows, you can use `wincred` or Microsoft's [Git Credential Manager for Windows](https://github.com/Microsoft/Git-Credential-Manager-for-Windows/releases).
 
 More details about various methods of storing the user credentials can be found
-on [Git Credential Storage documentation](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage).
\ No newline at end of file
+on [Git Credential Storage documentation](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage).
diff --git a/doc/workflow/merge_requests.md b/doc/workflow/merge_requests.md
index 6d57b5d98cd..1b5718c91c1 100644
--- a/doc/workflow/merge_requests.md
+++ b/doc/workflow/merge_requests.md
@@ -12,9 +12,9 @@ Locate the section for your GitLab remote in the `.git/config` file. It looks li
   fetch = +refs/heads/*:refs/remotes/origin/*
 ```
 
-Now add the line `fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*` to this section. 
+Now add the line `fetch = +refs/merge-requests/*/head:refs/remotes/origin/merge-requests/*` to this section.
 
-It should looks like this: 
+It should look like this:
 
 ```
 [remote "origin"]
@@ -43,7 +43,7 @@ $ git checkout origin/merge-requests/1
 
 ![MR diff](merge_requests/merge_request_diff.png)
 
-It you add `w=1` option to URL, you can see diff without whitespace changes.
+If you click the "Hide whitespace changes" button, you can see the diff without whitespace changes.
 
 ![MR diff without whitespace](merge_requests/merge_request_diff_without_whitespace.png)
 
diff --git a/doc/workflow/merge_requests/commit_compare.png b/doc/workflow/merge_requests/commit_compare.png
index 46b3a56a59b..dfd7ee220f0 100644
Binary files a/doc/workflow/merge_requests/commit_compare.png and b/doc/workflow/merge_requests/commit_compare.png differ
diff --git a/doc/workflow/merge_requests/merge_request_diff.png b/doc/workflow/merge_requests/merge_request_diff.png
index ed08ae91bec..f368423c746 100644
Binary files a/doc/workflow/merge_requests/merge_request_diff.png and b/doc/workflow/merge_requests/merge_request_diff.png differ
diff --git a/doc/workflow/merge_requests/merge_request_diff_without_whitespace.png b/doc/workflow/merge_requests/merge_request_diff_without_whitespace.png
index 67d67a64d12..b2d03bb66f9 100644
Binary files a/doc/workflow/merge_requests/merge_request_diff_without_whitespace.png and b/doc/workflow/merge_requests/merge_request_diff_without_whitespace.png differ
diff --git a/doc/workflow/shortcuts.png b/doc/workflow/shortcuts.png
index 83e562d6929..beb6c53ec77 100644
Binary files a/doc/workflow/shortcuts.png and b/doc/workflow/shortcuts.png differ
diff --git a/docker/README.md b/docker/README.md
index 7514d610aec..ee1f32adc26 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,7 +1,7 @@
 # GitLab Docker images
 
-* The official GitLab Community Edition Docker image is [available on Docker Hub](https://registry.hub.docker.com/u/gitlab/gitlab-ce/).
-* The official GitLab Enterprise Edition Docker image is [available on Docker Hub](https://registry.hub.docker.com/u/gitlab/gitlab-ee/).
+* The official GitLab Community Edition Docker image is [available on Docker Hub](https://hub.docker.com/r/gitlab/gitlab-ce/).
+* The official GitLab Enterprise Edition Docker image is [available on Docker Hub](https://hub.docker.com/r/gitlab/gitlab-ee/).
 * The complete usage guide can be found in [Using GitLab Docker images](http://doc.gitlab.com/omnibus/docker/)
 * The Dockerfile used for building public images is in [Omnibus Repository](https://gitlab.com/gitlab-org/omnibus-gitlab/tree/master/docker)
-* Check the guide for [creating Omnibus-based Docker Image](http://doc.gitlab.com/omnibus/build/README.html#Build-Docker-image)
+* Check the guide for [creating Omnibus-based Docker Image](http://doc.gitlab.com/omnibus/build/README.html#build-docker-image)
diff --git a/features/groups.feature b/features/groups.feature
index 419a5d3963d..49e939807b5 100644
--- a/features/groups.feature
+++ b/features/groups.feature
@@ -7,10 +7,6 @@ Feature: Groups
     When I visit group "NonExistentGroup" page
     Then page status code should be 404
 
-  Scenario: I should have back to group button
-    When I visit group "Owned" page
-    Then I should see back to dashboard button
-
   @javascript
   Scenario: I should see group "Owned" dashboard list
     When I visit group "Owned" page
diff --git a/features/project/commits/tags.feature b/features/project/commits/tags.feature
deleted file mode 100644
index a4be39b2d40..00000000000
--- a/features/project/commits/tags.feature
+++ /dev/null
@@ -1,46 +0,0 @@
-@project_commits
-Feature: Project Commits Tags
-  Background:
-    Given I sign in as a user
-    And I own project "Shop"
-    Given I visit project tags page
-
-  Scenario: I can see all git tags
-    Then I should see "Shop" all tags list
-
-  Scenario: I create a tag
-    And I click new tag link
-    And I submit new tag form
-    Then I should see new tag created
-
-  Scenario: I create a tag with release notes
-    Given I click new tag link
-    And I submit new tag form with release notes
-    Then I should see new tag created
-    And I should see tag release notes
-
-  Scenario: I create a tag with invalid name
-    And I click new tag link
-    And I submit new tag form with invalid name
-    Then I should see new an error that tag is invalid
-
-  Scenario: I create a tag with invalid reference
-    And I click new tag link
-    And I submit new tag form with invalid reference
-    Then I should see new an error that tag ref is invalid
-
-  Scenario: I create a tag that already exists
-    And I click new tag link
-    And I submit new tag form with tag that already exists
-    Then I should see new an error that tag already exists
-
-  Scenario: I delete a tag
-    Given I visit tag 'v1.1.0' page
-    Given I delete tag 'v1.1.0'
-    Then I should not see tag 'v1.1.0'
-
-  Scenario: I add release notes to the tag
-    Given I visit tag 'v1.1.0' page
-    When I click edit tag link
-    And I fill release notes and submit form
-    Then I should see tag release notes
diff --git a/features/project/create.feature b/features/project/create.feature
index 27136798e36..67336d73bf7 100644
--- a/features/project/create.feature
+++ b/features/project/create.feature
@@ -7,20 +7,8 @@ Feature: Project Create
   @javascript
   Scenario: User create a project
     Given I sign in as a user
-    When I visit new project page
     And I have an ssh key
+    When I visit new project page
     And fill project form with valid data
     Then I should see project page
-    And I should see empty project instuctions
-
-  @javascript
-  Scenario: Empty project instructions
-    Given I sign in as a user
-    And I have an ssh key
-    When I visit new project page
-    And fill project form with valid data
-    Then I see empty project instuctions
-    And I click on HTTP
-    Then Remote url should update to http link
-    And If I click on SSH
-    Then Remote url should update to ssh link
+    And I should see empty project instructions
diff --git a/features/project/deploy_keys.feature b/features/project/deploy_keys.feature
index 47cf774094f..960b4100ee5 100644
--- a/features/project/deploy_keys.feature
+++ b/features/project/deploy_keys.feature
@@ -21,7 +21,6 @@ Feature: Project Deploy Keys
 
   Scenario: I add new deploy key
     Given I visit project deploy keys page
-    When I click 'New Deploy Key'
     And I submit new deploy key
     Then I should be on deploy keys page
     And I should see newly created deploy key
diff --git a/features/search.feature b/features/search.feature
index 3cd52810e59..a946a836525 100644
--- a/features/search.feature
+++ b/features/search.feature
@@ -30,11 +30,13 @@ Feature: Search
     Then I should see "Foo" link in the search results
     And I should not see "Bar" link in the search results
 
+  @javascript
   Scenario: I should see project code I am looking for
     When I click project "Shop" link
     And I search for "rspec"
     Then I should see code results for project "Shop"
 
+  @javascript
   Scenario: I should see project issues
     And project has issues
     When I click project "Shop" link
@@ -43,6 +45,7 @@ Feature: Search
     Then I should see "Foo" link in the search results
     And I should not see "Bar" link in the search results
 
+  @javascript
   Scenario: I should see project merge requests
     And project has merge requests
     When I click project "Shop" link
@@ -51,6 +54,7 @@ Feature: Search
     Then I should see "Foo" link in the search results
     And I should not see "Bar" link in the search results
 
+  @javascript
   Scenario: I should see project milestones
     And project has milestones
     When I click project "Shop" link
@@ -59,6 +63,7 @@ Feature: Search
     Then I should see "Foo" link in the search results
     And I should not see "Bar" link in the search results
 
+  @javascript
   Scenario: I should see Wiki blobs
     And project has Wiki content
     When I click project "Shop" link
diff --git a/features/steps/dashboard/issues.rb b/features/steps/dashboard/issues.rb
index e21af72a777..8706f0e8e78 100644
--- a/features/steps/dashboard/issues.rb
+++ b/features/steps/dashboard/issues.rb
@@ -74,7 +74,7 @@ class Spinach::Features::DashboardIssues < Spinach::FeatureSteps
 
   def project
     @project ||= begin
-                   project =create :project
+                   project = create :project
                    project.team << [current_user, :master]
                    project
                  end
diff --git a/features/steps/dashboard/merge_requests.rb b/features/steps/dashboard/merge_requests.rb
index a2adc87f8ef..06db36c7014 100644
--- a/features/steps/dashboard/merge_requests.rb
+++ b/features/steps/dashboard/merge_requests.rb
@@ -100,7 +100,7 @@ class Spinach::Features::DashboardMergeRequests < Spinach::FeatureSteps
 
   def project
     @project ||= begin
-                   project =create :project
+                   project = create :project
                    project.team << [current_user, :master]
                    project
                  end
diff --git a/features/steps/group/milestones.rb b/features/steps/group/milestones.rb
index a167d259837..f5fddab357d 100644
--- a/features/steps/group/milestones.rb
+++ b/features/steps/group/milestones.rb
@@ -5,7 +5,9 @@ class Spinach::Features::GroupMilestones < Spinach::FeatureSteps
   include SharedUser
 
   step 'I click on group milestones' do
-    click_link 'Milestones'
+    page.within('.layout-nav') do
+      click_link 'Milestones'
+    end
   end
 
   step 'I should see group milestones index page has no milestones' do
@@ -84,7 +86,7 @@ class Spinach::Features::GroupMilestones < Spinach::FeatureSteps
   end
 
   step 'I click on the "Labels" tab' do
-    page.within('.nav-links') do
+    page.within('.content .nav-links') do
       page.find(:xpath, "//a[@href='#tab-labels']").click
     end
   end
diff --git a/features/steps/groups.rb b/features/steps/groups.rb
index e5b7db4c5e3..483370f41c6 100644
--- a/features/steps/groups.rb
+++ b/features/steps/groups.rb
@@ -4,10 +4,6 @@ class Spinach::Features::Groups < Spinach::FeatureSteps
   include SharedGroup
   include SharedUser
 
-  step 'I should see back to dashboard button' do
-    expect(page).to have_content 'Go to dashboard'
-  end
-
   step 'I should see group "Owned"' do
     expect(page).to have_content '@owned'
   end
diff --git a/features/steps/profile/profile.rb b/features/steps/profile/profile.rb
index 909de31a479..b1a87b96efd 100644
--- a/features/steps/profile/profile.rb
+++ b/features/steps/profile/profile.rb
@@ -166,7 +166,7 @@ class Spinach::Features::Profile < Spinach::FeatureSteps
   end
 
   step 'I have group with projects' do
-    @group   = create(:group)
+    @group = create(:group)
     @group.add_owner(current_user)
     @project = create(:project, namespace: @group)
     @event   = create(:closed_issue_event, project: @project)
diff --git a/features/steps/project/commits/tags.rb b/features/steps/project/commits/tags.rb
deleted file mode 100644
index eff4234a44a..00000000000
--- a/features/steps/project/commits/tags.rb
+++ /dev/null
@@ -1,90 +0,0 @@
-class Spinach::Features::ProjectCommitsTags < Spinach::FeatureSteps
-  include SharedAuthentication
-  include SharedProject
-  include SharedPaths
-
-  step 'I should see "Shop" all tags list' do
-    expect(page).to have_content "Tags"
-    expect(page).to have_content "v1.0.0"
-  end
-
-  step 'I click new tag link' do
-    click_link 'New tag'
-  end
-
-  step 'I submit new tag form' do
-    fill_in 'tag_name', with: 'v7.0'
-    fill_in 'ref', with: 'master'
-    click_button 'Create tag'
-  end
-
-  step 'I submit new tag form with release notes' do
-    fill_in 'tag_name', with: 'v7.0'
-    fill_in 'ref', with: 'master'
-    fill_in 'release_description', with: 'Awesome release notes'
-    click_button 'Create tag'
-  end
-
-  step 'I fill release notes and submit form' do
-    fill_in 'release_description', with: 'Awesome release notes'
-    click_button 'Save changes'
-  end
-
-  step 'I submit new tag form with invalid name' do
-    fill_in 'tag_name', with: 'v 1.0'
-    fill_in 'ref', with: 'master'
-    click_button 'Create tag'
-  end
-
-  step 'I submit new tag form with invalid reference' do
-    fill_in 'tag_name', with: 'foo'
-    fill_in 'ref', with: 'foo'
-    click_button 'Create tag'
-  end
-
-  step 'I submit new tag form with tag that already exists' do
-    fill_in 'tag_name', with: 'v1.0.0'
-    fill_in 'ref', with: 'master'
-    click_button 'Create tag'
-  end
-
-  step 'I should see new tag created' do
-    expect(page).to have_content 'v7.0'
-  end
-
-  step 'I should see new an error that tag is invalid' do
-    expect(page).to have_content 'Tag name invalid'
-  end
-
-  step 'I should see new an error that tag ref is invalid' do
-    expect(page).to have_content 'Invalid reference name'
-  end
-
-  step 'I should see new an error that tag already exists' do
-    expect(page).to have_content 'Tag already exists'
-  end
-
-  step "I visit tag 'v1.1.0' page" do
-    click_link 'v1.1.0'
-  end
-
-  step "I delete tag 'v1.1.0'" do
-    page.within('.content') do
-      first('.btn-remove').click
-    end
-  end
-
-  step "I should not see tag 'v1.1.0'" do
-    page.within '.tags' do
-      expect(page).not_to have_link 'v1.1.0'
-    end
-  end
-
-  step 'I click edit tag link' do
-    click_link 'Edit release notes'
-  end
-
-  step 'I should see tag release notes' do
-    expect(page).to have_content 'Awesome release notes'
-  end
-end
diff --git a/features/steps/project/create.rb b/features/steps/project/create.rb
index 422b151eaa2..5f5f806df36 100644
--- a/features/steps/project/create.rb
+++ b/features/steps/project/create.rb
@@ -13,33 +13,9 @@ class Spinach::Features::ProjectCreate < Spinach::FeatureSteps
     expect(current_path).to eq namespace_project_path(Project.last.namespace, Project.last)
   end
 
-  step 'I should see empty project instuctions' do
+  step 'I should see empty project instructions' do
     expect(page).to have_content "git init"
     expect(page).to have_content "git remote"
     expect(page).to have_content Project.last.url_to_repo
   end
-
-  step 'I see empty project instuctions' do
-    expect(page).to have_content "git init"
-    expect(page).to have_content "git remote"
-    expect(page).to have_content Project.last.url_to_repo
-  end
-
-  step 'I click on HTTP' do
-    find('#clone-dropdown').click
-    find('.http-selector').click
-  end
-
-  step 'Remote url should update to http link' do
-    expect(page).to have_content "git remote add origin #{Project.last.http_url_to_repo}"
-  end
-
-  step 'If I click on SSH' do
-    find('#clone-dropdown').click
-    find('.ssh-selector').click
-  end
-
-  step 'Remote url should update to ssh link' do
-    expect(page).to have_content "git remote add origin #{Project.last.url_to_repo}"
-  end
 end
diff --git a/features/steps/project/deploy_keys.rb b/features/steps/project/deploy_keys.rb
index a4d6c9a1b8e..83b9ef48392 100644
--- a/features/steps/project/deploy_keys.rb
+++ b/features/steps/project/deploy_keys.rb
@@ -8,19 +8,19 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
   end
 
   step 'I should see project deploy key' do
-    page.within '.enabled-keys' do
+    page.within '.deploy-keys' do
       expect(page).to have_content deploy_key.title
     end
   end
 
   step 'I should see other project deploy key' do
-    page.within '.available-keys' do
+    page.within '.deploy-keys' do
       expect(page).to have_content other_deploy_key.title
     end
   end
 
   step 'I should see public deploy key' do
-    page.within '.available-keys' do
+    page.within '.deploy-keys' do
       expect(page).to have_content public_deploy_key.title
     end
   end
@@ -32,7 +32,7 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
   step 'I submit new deploy key' do
     fill_in "deploy_key_title", with: "laptop"
     fill_in "deploy_key_key", with: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzrEJUIR6Y03TCE9rIJ+GqTBvgb8t1jI9h5UBzCLuK4VawOmkLornPqLDrGbm6tcwM/wBrrLvVOqi2HwmkKEIecVO0a64A4rIYScVsXIniHRS6w5twyn1MD3sIbN+socBDcaldECQa2u1dI3tnNVcs8wi77fiRe7RSxePsJceGoheRQgC8AZ510UdIlO+9rjIHUdVN7LLyz512auAfYsgx1OfablkQ/XJcdEwDNgi9imI6nAXhmoKUm1IPLT2yKajTIC64AjLOnE0YyCh6+7RFMpiMyu1qiOCpdjYwTgBRiciNRZCH8xIedyCoAmiUgkUT40XYHwLuwiPJICpkAzp7Q== user@laptop"
-    click_button "Create"
+    click_button "Add key"
   end
 
   step 'I should be on deploy keys page' do
@@ -40,7 +40,7 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
   end
 
   step 'I should see newly created deploy key' do
-    page.within '.enabled-keys' do
+    page.within '.deploy-keys' do
       expect(page).to have_content(deploy_key.title)
     end
   end
@@ -56,7 +56,7 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
   end
 
   step 'I should only see the same deploy key once' do
-    page.within '.available-keys' do
+    page.within '.deploy-keys' do
       expect(page).to have_selector('ul li', count: 1)
     end
   end
@@ -66,7 +66,7 @@ class Spinach::Features::ProjectDeployKeys < Spinach::FeatureSteps
   end
 
   step 'I click attach deploy key' do
-    page.within '.available-keys' do
+    page.within '.deploy-keys' do
       click_link 'Enable'
     end
   end
diff --git a/features/steps/project/hooks.rb b/features/steps/project/hooks.rb
index 4994df589a7..13c0713669a 100644
--- a/features/steps/project/hooks.rb
+++ b/features/steps/project/hooks.rb
@@ -48,18 +48,18 @@ class Spinach::Features::ProjectHooks < Spinach::FeatureSteps
 
   step 'I click test hook button' do
     stub_request(:post, @hook.url).to_return(status: 200)
-    click_link 'Test Hook'
+    click_link 'Test'
   end
 
   step 'I click test hook button with invalid URL' do
     stub_request(:post, @hook.url).to_raise(SocketError)
-    click_link 'Test Hook'
+    click_link 'Test'
   end
 
   step 'hook should be triggered' do
     expect(current_path).to eq namespace_project_hooks_path(current_project.namespace, current_project)
     expect(page).to have_selector '.flash-notice',
-                              text: 'Hook successfully executed.'
+                              text: 'Hook executed successfully: HTTP 200'
   end
 
   step 'I should see hook error message' do
diff --git a/features/steps/project/team_management.rb b/features/steps/project/team_management.rb
index 3fbcf770b62..c6ced747370 100644
--- a/features/steps/project/team_management.rb
+++ b/features/steps/project/team_management.rb
@@ -126,7 +126,7 @@ class Spinach::Features::ProjectTeamManagement < Spinach::FeatureSteps
 
   step 'I share project with group "OpenSource"' do
     project = Project.find_by(name: 'Shop')
-    os_group   = create(:group, name: 'OpenSource')
+    os_group = create(:group, name: 'OpenSource')
     create(:project, group: os_group)
     @os_user1 = create(:user)
     @os_user2 = create(:user)
diff --git a/features/steps/search.rb b/features/steps/search.rb
index 0ad837ebe1d..f885baf8453 100644
--- a/features/steps/search.rb
+++ b/features/steps/search.rb
@@ -35,6 +35,7 @@ class Spinach::Features::Search < Spinach::FeatureSteps
   end
 
   step 'I click project "Shop" link' do
+    click_button 'Project'
     page.within '.project-filter' do
       click_link project.name_with_namespace
     end
diff --git a/features/steps/shared/diff_note.rb b/features/steps/shared/diff_note.rb
index e846c52d474..e8b1e4b4879 100644
--- a/features/steps/shared/diff_note.rb
+++ b/features/steps/shared/diff_note.rb
@@ -23,7 +23,7 @@ module SharedDiffNote
     page.within(diff_file_selector) do
       click_diff_line(sample_commit.line_code)
 
-      page.within("form[id$='#{sample_commit.line_code}']") do
+      page.within("form[id$='#{sample_commit.line_code}-true']") do
         fill_in "note[note]", with: "Typo, please fix"
         find(".js-comment-button").trigger("click")
         sleep 0.05
@@ -33,7 +33,7 @@ module SharedDiffNote
 
   step 'I leave a diff comment in a parallel view on the left side like "Old comment"' do
     click_parallel_diff_line(sample_commit.line_code, 'old')
-    page.within("#{diff_file_selector} form[id$='#{sample_commit.line_code}']") do
+    page.within("#{diff_file_selector} form[id$='#{sample_commit.line_code}-true']") do
       fill_in "note[note]", with: "Old comment"
       find(".js-comment-button").trigger("click")
     end
@@ -41,7 +41,7 @@ module SharedDiffNote
 
   step 'I leave a diff comment in a parallel view on the right side like "New comment"' do
     click_parallel_diff_line(sample_commit.line_code, 'new')
-    page.within("#{diff_file_selector} form[id$='#{sample_commit.line_code}']") do
+    page.within("#{diff_file_selector} form[id$='#{sample_commit.line_code}-true']") do
       fill_in "note[note]", with: "New comment"
       find(".js-comment-button").trigger("click")
     end
@@ -51,7 +51,7 @@ module SharedDiffNote
     page.within(diff_file_selector) do
       click_diff_line(sample_commit.line_code)
 
-      page.within("form[id$='#{sample_commit.line_code}']") do
+      page.within("form[id$='#{sample_commit.line_code}-true']") do
         fill_in "note[note]", with: "Should fix it :smile:"
         find('.js-md-preview-button').click
       end
@@ -62,7 +62,7 @@ module SharedDiffNote
     page.within(diff_file_selector) do
       click_diff_line(sample_commit.del_line_code)
 
-      page.within("form[id$='#{sample_commit.del_line_code}']") do
+      page.within("form[id$='#{sample_commit.del_line_code}-true']") do
         fill_in "note[note]", with: "DRY this up"
         find('.js-md-preview-button').click
       end
@@ -91,7 +91,7 @@ module SharedDiffNote
     page.within(diff_file_selector) do
       click_diff_line(sample_commit.line_code)
 
-      page.within("form[id$='#{sample_commit.line_code}']") do
+      page.within("form[id$='#{sample_commit.line_code}-true']") do
         fill_in 'note[note]', with: ':smile:'
         click_button('Comment')
       end
diff --git a/features/steps/user.rb b/features/steps/user.rb
index 3230234cb6d..b1d088f07f9 100644
--- a/features/steps/user.rb
+++ b/features/steps/user.rb
@@ -12,7 +12,7 @@ class Spinach::Features::User < Spinach::FeatureSteps
     user = User.find_by(name: 'John Doe')
     project = contributed_project
 
-    # Issue controbution
+    # Issue contribution
     issue_params = { title: 'Bug in old browser' }
     Issues::CreateService.new(project, user, issue_params).execute
 
@@ -28,7 +28,7 @@ class Spinach::Features::User < Spinach::FeatureSteps
   end
 
   step 'I should see contributed projects' do
-    page.within '.contributed-projects' do
+    page.within '#contributed' do
       expect(page).to have_content(@contributed_project.name)
     end
   end
diff --git a/lib/api/api.rb b/lib/api/api.rb
index cc1004f8005..360fb41a721 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -1,5 +1,3 @@
-Dir["#{Rails.root}/lib/api/*.rb"].each {|file| require file}
-
 module API
   class API < Grape::API
     include APIGuard
@@ -25,38 +23,40 @@ module API
     format :json
     content_type :txt, "text/plain"
 
-    helpers Helpers
+    # Ensure the namespace is right, otherwise we might load Grape::API::Helpers
+    helpers ::API::Helpers
 
-    mount Groups
-    mount GroupMembers
-    mount Users
-    mount Projects
-    mount Repositories
-    mount Issues
-    mount Milestones
-    mount Session
-    mount MergeRequests
-    mount Notes
-    mount Internal
-    mount SystemHooks
-    mount ProjectSnippets
-    mount ProjectMembers
-    mount DeployKeys
-    mount ProjectHooks
-    mount Services
-    mount Files
-    mount Commits
-    mount CommitStatus
-    mount Namespaces
-    mount Branches
-    mount Labels
-    mount Settings
-    mount Keys
-    mount Tags
-    mount Triggers
-    mount Builds
-    mount Variables
-    mount Runners
-    mount Licenses
+    mount ::API::Groups
+    mount ::API::GroupMembers
+    mount ::API::Users
+    mount ::API::Projects
+    mount ::API::Repositories
+    mount ::API::Issues
+    mount ::API::Milestones
+    mount ::API::Session
+    mount ::API::MergeRequests
+    mount ::API::Notes
+    mount ::API::Internal
+    mount ::API::SystemHooks
+    mount ::API::ProjectSnippets
+    mount ::API::ProjectMembers
+    mount ::API::DeployKeys
+    mount ::API::ProjectHooks
+    mount ::API::Services
+    mount ::API::Files
+    mount ::API::Commits
+    mount ::API::CommitStatuses
+    mount ::API::Namespaces
+    mount ::API::Branches
+    mount ::API::Labels
+    mount ::API::Settings
+    mount ::API::Keys
+    mount ::API::Tags
+    mount ::API::Triggers
+    mount ::API::Builds
+    mount ::API::Variables
+    mount ::API::Runners
+    mount ::API::Licenses
+    mount ::API::Subscriptions
   end
 end
diff --git a/lib/api/api_guard.rb b/lib/api/api_guard.rb
index b9994fcefda..7e67edb203a 100644
--- a/lib/api/api_guard.rb
+++ b/lib/api/api_guard.rb
@@ -2,171 +2,175 @@
 
 require 'rack/oauth2'
 
-module APIGuard
-  extend ActiveSupport::Concern
+module API
+  module APIGuard
+    extend ActiveSupport::Concern
 
-  included do |base|
-    # OAuth2 Resource Server Authentication
-    use Rack::OAuth2::Server::Resource::Bearer, 'The API' do |request|
-      # The authenticator only fetches the raw token string
+    included do |base|
+      # OAuth2 Resource Server Authentication
+      use Rack::OAuth2::Server::Resource::Bearer, 'The API' do |request|
+        # The authenticator only fetches the raw token string
 
-      # Must yield access token to store it in the env
-      request.access_token
-    end
-
-    helpers HelperMethods
-
-    install_error_responders(base)
-  end
-
-  # Helper Methods for Grape Endpoint
-  module HelperMethods
-    # Invokes the doorkeeper guard.
-    #
-    # If token is presented and valid, then it sets @current_user.
-    #
-    # If the token does not have sufficient scopes to cover the requred scopes,
-    # then it raises InsufficientScopeError.
-    #
-    # If the token is expired, then it raises ExpiredError.
-    #
-    # If the token is revoked, then it raises RevokedError.
-    #
-    # If the token is not found (nil), then it raises TokenNotFoundError.
-    #
-    # Arguments:
-    #
-    #   scopes: (optional) scopes required for this guard.
-    #           Defaults to empty array.
-    #
-    def doorkeeper_guard!(scopes: [])
-      if (access_token = find_access_token).nil?
-        raise TokenNotFoundError
-
-      else
-        case validate_access_token(access_token, scopes)
-        when Oauth2::AccessTokenValidationService::INSUFFICIENT_SCOPE
-          raise InsufficientScopeError.new(scopes)
-        when Oauth2::AccessTokenValidationService::EXPIRED
-          raise ExpiredError
-        when Oauth2::AccessTokenValidationService::REVOKED
-          raise RevokedError
-        when Oauth2::AccessTokenValidationService::VALID
-          @current_user = User.find(access_token.resource_owner_id)
-        end
+        # Must yield access token to store it in the env
+        request.access_token
       end
+
+      helpers HelperMethods
+
+      install_error_responders(base)
     end
 
-    def doorkeeper_guard(scopes: [])
-      if access_token = find_access_token
-        case validate_access_token(access_token, scopes)
-        when Oauth2::AccessTokenValidationService::INSUFFICIENT_SCOPE
-          raise InsufficientScopeError.new(scopes)
+    # Helper Methods for Grape Endpoint
+    module HelperMethods
+      # Invokes the doorkeeper guard.
+      #
+      # If token is presented and valid, then it sets @current_user.
+      #
+      # If the token does not have sufficient scopes to cover the requred scopes,
+      # then it raises InsufficientScopeError.
+      #
+      # If the token is expired, then it raises ExpiredError.
+      #
+      # If the token is revoked, then it raises RevokedError.
+      #
+      # If the token is not found (nil), then it raises TokenNotFoundError.
+      #
+      # Arguments:
+      #
+      #   scopes: (optional) scopes required for this guard.
+      #           Defaults to empty array.
+      #
+      def doorkeeper_guard!(scopes: [])
+        if (access_token = find_access_token).nil?
+          raise TokenNotFoundError
 
-        when Oauth2::AccessTokenValidationService::EXPIRED
-          raise ExpiredError
-
-        when Oauth2::AccessTokenValidationService::REVOKED
-          raise RevokedError
-
-        when Oauth2::AccessTokenValidationService::VALID
-          @current_user = User.find(access_token.resource_owner_id)
-        end
-      end
-    end
-
-    def current_user
-      @current_user
-    end
-
-    private
-    def find_access_token
-      @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
-    end
-
-    def doorkeeper_request
-      @doorkeeper_request ||= ActionDispatch::Request.new(env)
-    end
-
-    def validate_access_token(access_token, scopes)
-      Oauth2::AccessTokenValidationService.validate(access_token, scopes: scopes)
-    end
-  end
-
-  module ClassMethods
-    # Installs the doorkeeper guard on the whole Grape API endpoint.
-    #
-    # Arguments:
-    #
-    #   scopes: (optional) scopes required for this guard.
-    #           Defaults to empty array.
-    #
-    def guard_all!(scopes: [])
-      before do
-        guard! scopes: scopes
-      end
-    end
-
-    private
-    def install_error_responders(base)
-      error_classes = [ MissingTokenError, TokenNotFoundError,
-                        ExpiredError, RevokedError, InsufficientScopeError]
-
-      base.send :rescue_from, *error_classes, oauth2_bearer_token_error_handler
-    end
-
-    def oauth2_bearer_token_error_handler
-      Proc.new do |e|
-        response =
-          case e
-          when MissingTokenError
-            Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
-
-          when TokenNotFoundError
-            Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
-              :invalid_token,
-              "Bad Access Token.")
-
-          when ExpiredError
-            Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
-              :invalid_token,
-              "Token is expired. You can either do re-authorization or token refresh.")
-
-          when RevokedError
-            Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
-              :invalid_token,
-              "Token was revoked. You have to re-authorize from the user.")
-
-          when InsufficientScopeError
-            # FIXME: ForbiddenError (inherited from Bearer::Forbidden of Rack::Oauth2)
-            # does not include WWW-Authenticate header, which breaks the standard.
-            Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(
-              :insufficient_scope,
-              Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION[:insufficient_scope],
-              { scope: e.scopes })
+        else
+          case validate_access_token(access_token, scopes)
+          when Oauth2::AccessTokenValidationService::INSUFFICIENT_SCOPE
+            raise InsufficientScopeError.new(scopes)
+          when Oauth2::AccessTokenValidationService::EXPIRED
+            raise ExpiredError
+          when Oauth2::AccessTokenValidationService::REVOKED
+            raise RevokedError
+          when Oauth2::AccessTokenValidationService::VALID
+            @current_user = User.find(access_token.resource_owner_id)
           end
+        end
+      end
 
-        response.finish
+      def doorkeeper_guard(scopes: [])
+        if access_token = find_access_token
+          case validate_access_token(access_token, scopes)
+          when Oauth2::AccessTokenValidationService::INSUFFICIENT_SCOPE
+            raise InsufficientScopeError.new(scopes)
+
+          when Oauth2::AccessTokenValidationService::EXPIRED
+            raise ExpiredError
+
+          when Oauth2::AccessTokenValidationService::REVOKED
+            raise RevokedError
+
+          when Oauth2::AccessTokenValidationService::VALID
+            @current_user = User.find(access_token.resource_owner_id)
+          end
+        end
+      end
+
+      def current_user
+        @current_user
+      end
+
+      private
+
+      def find_access_token
+        @access_token ||= Doorkeeper.authenticate(doorkeeper_request, Doorkeeper.configuration.access_token_methods)
+      end
+
+      def doorkeeper_request
+        @doorkeeper_request ||= ActionDispatch::Request.new(env)
+      end
+
+      def validate_access_token(access_token, scopes)
+        Oauth2::AccessTokenValidationService.validate(access_token, scopes: scopes)
       end
     end
-  end
 
-  #
-  # Exceptions
-  #
+    module ClassMethods
+      # Installs the doorkeeper guard on the whole Grape API endpoint.
+      #
+      # Arguments:
+      #
+      #   scopes: (optional) scopes required for this guard.
+      #           Defaults to empty array.
+      #
+      def guard_all!(scopes: [])
+        before do
+          guard! scopes: scopes
+        end
+      end
 
-  class MissingTokenError < StandardError; end
+      private
 
-  class TokenNotFoundError < StandardError; end
+      def install_error_responders(base)
+        error_classes = [ MissingTokenError, TokenNotFoundError,
+                          ExpiredError, RevokedError, InsufficientScopeError]
 
-  class ExpiredError < StandardError; end
+        base.send :rescue_from, *error_classes, oauth2_bearer_token_error_handler
+      end
 
-  class RevokedError < StandardError; end
+      def oauth2_bearer_token_error_handler
+        Proc.new do |e|
+          response =
+            case e
+            when MissingTokenError
+              Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new
 
-  class InsufficientScopeError < StandardError
-    attr_reader :scopes
-    def initialize(scopes)
-      @scopes = scopes
+            when TokenNotFoundError
+              Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
+                :invalid_token,
+                "Bad Access Token.")
+
+            when ExpiredError
+              Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
+                :invalid_token,
+                "Token is expired. You can either do re-authorization or token refresh.")
+
+            when RevokedError
+              Rack::OAuth2::Server::Resource::Bearer::Unauthorized.new(
+                :invalid_token,
+                "Token was revoked. You have to re-authorize from the user.")
+
+            when InsufficientScopeError
+              # FIXME: ForbiddenError (inherited from Bearer::Forbidden of Rack::Oauth2)
+              # does not include WWW-Authenticate header, which breaks the standard.
+              Rack::OAuth2::Server::Resource::Bearer::Forbidden.new(
+                :insufficient_scope,
+                Rack::OAuth2::Server::Resource::ErrorMethods::DEFAULT_DESCRIPTION[:insufficient_scope],
+                { scope: e.scopes })
+            end
+
+          response.finish
+        end
+      end
+    end
+
+    #
+    # Exceptions
+    #
+
+    class MissingTokenError < StandardError; end
+
+    class TokenNotFoundError < StandardError; end
+
+    class ExpiredError < StandardError; end
+
+    class RevokedError < StandardError; end
+
+    class InsufficientScopeError < StandardError
+      attr_reader :scopes
+      def initialize(scopes)
+        @scopes = scopes
+      end
     end
   end
 end
diff --git a/lib/api/commit_statuses.rb b/lib/api/commit_statuses.rb
index 7388ed2f4ea..9bcd33ff19e 100644
--- a/lib/api/commit_statuses.rb
+++ b/lib/api/commit_statuses.rb
@@ -2,7 +2,7 @@ require 'mime/types'
 
 module API
   # Project commit statuses API
-  class CommitStatus < Grape::API
+  class CommitStatuses < Grape::API
     resource :projects do
       before { authenticate! }
 
diff --git a/lib/api/commits.rb b/lib/api/commits.rb
index 4544a41b1e3..4a11c8e3620 100644
--- a/lib/api/commits.rb
+++ b/lib/api/commits.rb
@@ -12,14 +12,20 @@ module API
       # Parameters:
       #   id (required) - The ID of a project
       #   ref_name (optional) - The name of a repository branch or tag, if not given the default branch is used
+      #   since (optional) - Only commits after or in this date will be returned
+      #   until (optional) - Only commits before or in this date will be returned
       # Example Request:
       #   GET /projects/:id/repository/commits
       get ":id/repository/commits" do
+        datetime_attributes! :since, :until
+
         page = (params[:page] || 0).to_i
         per_page = (params[:per_page] || 20).to_i
         ref = params[:ref_name] || user_project.try(:default_branch) || 'master'
+        after = params[:since]
+        before = params[:until]
 
-        commits = user_project.repository.commits(ref, nil, per_page, page * per_page)
+        commits = user_project.repository.commits(ref, limit: per_page, offset: page * per_page, after: after, before: before)
         present commits, with: Entities::RepoCommit
       end
 
@@ -101,6 +107,8 @@ module API
 
             break if opts[:line_code]
           end
+
+          opts[:type] = LegacyDiffNote.name if opts[:line_code]
         end
 
         note = ::Notes::CreateService.new(user_project, current_user, opts).execute
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index 716ca6f7ed9..dbd03ea74fa 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -66,7 +66,8 @@ module API
       expose :owner, using: Entities::UserBasic, unless: ->(project, options) { project.group }
       expose :name, :name_with_namespace
       expose :path, :path_with_namespace
-      expose :issues_enabled, :merge_requests_enabled, :wiki_enabled, :builds_enabled, :snippets_enabled, :created_at, :last_activity_at
+      expose :issues_enabled, :merge_requests_enabled, :wiki_enabled, :builds_enabled, :snippets_enabled, :container_registry_enabled
+      expose :created_at, :last_activity_at
       expose :shared_runners_enabled
       expose :creator_id
       expose :namespace
@@ -170,10 +171,10 @@ module API
       expose :label_names, as: :labels
       expose :milestone, using: Entities::Milestone
       expose :assignee, :author, using: Entities::UserBasic
-
       expose :subscribed do |issue, options|
         issue.subscribed?(options[:current_user])
       end
+      expose :user_notes_count
     end
 
     class MergeRequest < ProjectEntity
@@ -187,10 +188,10 @@ module API
       expose :milestone, using: Entities::Milestone
       expose :merge_when_build_succeeds
       expose :merge_status
-
       expose :subscribed do |merge_request, options|
         merge_request.subscribed?(options[:current_user])
       end
+      expose :user_notes_count
     end
 
     class MergeRequestChanges < MergeRequest
@@ -227,9 +228,9 @@ module API
 
     class CommitNote < Grape::Entity
       expose :note
-      expose(:path) { |note| note.diff_file_name }
-      expose(:line) { |note| note.diff_new_line }
-      expose(:line_type) { |note| note.diff_line_type }
+      expose(:path) { |note| note.diff_file_path if note.legacy_diff_note? }
+      expose(:line) { |note| note.diff_new_line if note.legacy_diff_note? }
+      expose(:line_type) { |note| note.diff_line_type if note.legacy_diff_note? }
       expose :author, using: Entities::UserBasic
       expose :created_at
     end
@@ -307,6 +308,10 @@ module API
     class Label < Grape::Entity
       expose :name, :color, :description
       expose :open_issues_count, :closed_issues_count, :open_merge_requests_count
+
+      expose :subscribed do |label, options|
+        label.subscribed?(options[:current_user])
+      end
     end
 
     class Compare < Grape::Entity
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 5bbf721321d..cadf9f98fe3 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -2,7 +2,7 @@ module API
   module Helpers
     PRIVATE_TOKEN_HEADER = "HTTP_PRIVATE_TOKEN"
     PRIVATE_TOKEN_PARAM = :private_token
-    SUDO_HEADER ="HTTP_SUDO"
+    SUDO_HEADER = "HTTP_SUDO"
     SUDO_PARAM = :sudo
 
     def parse_boolean(value)
@@ -95,6 +95,17 @@ module API
       end
     end
 
+    def find_project_label(id)
+      label = user_project.labels.find_by_id(id) || user_project.labels.find_by_title(id)
+      label || not_found!('Label')
+    end
+
+    def find_project_issue(id)
+      issue = user_project.issues.find(id)
+      not_found! unless can?(current_user, :read_issue, issue)
+      issue
+    end
+
     def paginate(relation)
       relation.page(params[:page]).per(params[:per_page].to_i).tap do |data|
         add_pagination_headers(data)
@@ -183,6 +194,22 @@ module API
       Gitlab::Access.options_with_owner.values.include? level.to_i
     end
 
+    # Checks the occurrences of datetime attributes, each attribute if present in the params hash must be in ISO 8601
+    # format (YYYY-MM-DDTHH:MM:SSZ) or a Bad Request error is invoked.
+    #
+    # Parameters:
+    #   keys (required) - An array consisting of elements that must be parseable as dates from the params hash
+    def datetime_attributes!(*keys)
+      keys.each do |key|
+        begin
+          params[key] = Time.xmlschema(params[key]) if params[key].present?
+        rescue ArgumentError
+          message = "\"" + key.to_s + "\" must be a timestamp in ISO 8601 format: YYYY-MM-DDTHH:MM:SSZ"
+          render_api_error!(message, 400)
+        end
+      end
+    end
+
     def issuable_order_by
       if params["order_by"] == 'updated_at'
         'updated_at'
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 8aa08fd5acc..f59a4d6c012 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -24,8 +24,8 @@ module API
 
       def create_spam_log(project, current_user, attrs)
         params = attrs.merge({
-          source_ip: env['REMOTE_ADDR'],
-          user_agent: env['HTTP_USER_AGENT'],
+          source_ip: client_ip(env),
+          user_agent: user_agent(env),
           noteable_type: 'Issue',
           via_api: true
         })
@@ -103,8 +103,7 @@ module API
       # Example Request:
       #   GET /projects/:id/issues/:issue_id
       get ":id/issues/:issue_id" do
-        @issue = user_project.issues.find(params[:issue_id])
-        not_found! unless can?(current_user, :read_issue, @issue)
+        @issue = find_project_issue(params[:issue_id])
         present @issue, with: Entities::Issue, current_user: current_user
       end
 
@@ -234,42 +233,6 @@ module API
         authorize!(:destroy_issue, issue)
         issue.destroy
       end
-
-      # Subscribes to a project issue
-      #
-      # Parameters:
-      #  id (required)       - The ID of a project
-      #  issue_id (required) - The ID of a project issue
-      # Example Request:
-      #   POST /projects/:id/issues/:issue_id/subscription
-      post ':id/issues/:issue_id/subscription' do
-        issue = user_project.issues.find(params[:issue_id])
-
-        if issue.subscribed?(current_user)
-          not_modified!
-        else
-          issue.toggle_subscription(current_user)
-          present issue, with: Entities::Issue, current_user: current_user
-        end
-      end
-
-      # Unsubscribes from a project issue
-      #
-      # Parameters:
-      #  id (required)       - The ID of a project
-      #  issue_id (required) - The ID of a project issue
-      # Example Request:
-      #   DELETE /projects/:id/issues/:issue_id/subscription
-      delete ':id/issues/:issue_id/subscription' do
-        issue = user_project.issues.find(params[:issue_id])
-
-        if issue.subscribed?(current_user)
-          issue.unsubscribe(current_user)
-          present issue, with: Entities::Issue, current_user: current_user
-        else
-          not_modified!
-        end
-      end
     end
   end
 end
diff --git a/lib/api/labels.rb b/lib/api/labels.rb
index 4af6bef0fa7..c806829d69e 100644
--- a/lib/api/labels.rb
+++ b/lib/api/labels.rb
@@ -11,7 +11,7 @@ module API
       # Example Request:
       #   GET /projects/:id/labels
       get ':id/labels' do
-        present user_project.labels, with: Entities::Label
+        present user_project.labels, with: Entities::Label, current_user: current_user
       end
 
       # Creates a new label
@@ -36,7 +36,7 @@ module API
         label = user_project.labels.create(attrs)
 
         if label.valid?
-          present label, with: Entities::Label
+          present label, with: Entities::Label, current_user: current_user
         else
           render_validation_error!(label)
         end
@@ -90,7 +90,7 @@ module API
         attrs[:name] = attrs.delete(:new_name) if attrs.key?(:new_name)
 
         if label.update(attrs)
-          present label, with: Entities::Label
+          present label, with: Entities::Label, current_user: current_user
         else
           render_validation_error!(label)
         end
diff --git a/lib/api/merge_requests.rb b/lib/api/merge_requests.rb
index 7e78609ecb9..4e7de8867b4 100644
--- a/lib/api/merge_requests.rb
+++ b/lib/api/merge_requests.rb
@@ -327,42 +327,6 @@ module API
           issues = ::Kaminari.paginate_array(merge_request.closes_issues(current_user))
           present paginate(issues), with: Entities::Issue, current_user: current_user
         end
-
-        # Subscribes to a merge request
-        #
-        # Parameters:
-        #  id (required)               - The ID of a project
-        #  merge_request_id (required) - The ID of a merge request
-        # Example Request:
-        #   POST /projects/:id/issues/:merge_request_id/subscription
-        post "#{path}/subscription" do
-          merge_request = user_project.merge_requests.find(params[:merge_request_id])
-
-          if merge_request.subscribed?(current_user)
-            not_modified!
-          else
-            merge_request.toggle_subscription(current_user)
-            present merge_request, with: Entities::MergeRequest, current_user: current_user
-          end
-        end
-
-        # Unsubscribes from a merge request
-        #
-        # Parameters:
-        #  id (required)               - The ID of a project
-        #  merge_request_id (required) - The ID of a merge request
-        # Example Request:
-        #   DELETE /projects/:id/merge_requests/:merge_request_id/subscription
-        delete "#{path}/subscription" do
-          merge_request = user_project.merge_requests.find(params[:merge_request_id])
-
-          if merge_request.subscribed?(current_user)
-            merge_request.unsubscribe(current_user)
-            present merge_request, with: Entities::MergeRequest, current_user: current_user
-          else
-            not_modified!
-          end
-        end
       end
     end
   end
diff --git a/lib/api/milestones.rb b/lib/api/milestones.rb
index 84b4d4cdd6d..132043cf3f7 100644
--- a/lib/api/milestones.rb
+++ b/lib/api/milestones.rb
@@ -105,7 +105,15 @@ module API
         authorize! :read_milestone, user_project
 
         @milestone = user_project.milestones.find(params[:milestone_id])
-        present paginate(@milestone.issues), with: Entities::Issue, current_user: current_user
+
+        finder_params = {
+          project_id: user_project.id,
+          milestone_title: @milestone.title,
+          state: 'all'
+        }
+
+        issues = IssuesFinder.new(current_user, finder_params).execute
+        present paginate(issues), with: Entities::Issue, current_user: current_user
       end
 
     end
diff --git a/lib/api/notes.rb b/lib/api/notes.rb
index 71a53e6f0d6..d4fcfd3d4d3 100644
--- a/lib/api/notes.rb
+++ b/lib/api/notes.rb
@@ -19,20 +19,24 @@ module API
         #   GET /projects/:id/issues/:noteable_id/notes
         #   GET /projects/:id/snippets/:noteable_id/notes
         get ":id/#{noteables_str}/:#{noteable_id_str}/notes" do
-          @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"])
+          @noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym])
 
-          # We exclude notes that are cross-references and that cannot be viewed
-          # by the current user. By doing this exclusion at this level and not
-          # at the DB query level (which we cannot in that case), the current
-          # page can have less elements than :per_page even if
-          # there's more than one page.
-          notes =
-            # paginate() only works with a relation. This could lead to a
-            # mismatch between the pagination headers info and the actual notes
-            # array returned, but this is really a edge-case.
-            paginate(@noteable.notes).
-            reject { |n| n.cross_reference_not_visible_for?(current_user) }
-          present notes, with: Entities::Note
+          if can?(current_user, noteable_read_ability_name(@noteable), @noteable)
+            # We exclude notes that are cross-references and that cannot be viewed
+            # by the current user. By doing this exclusion at this level and not
+            # at the DB query level (which we cannot in that case), the current
+            # page can have less elements than :per_page even if
+            # there's more than one page.
+            notes =
+              # paginate() only works with a relation. This could lead to a
+              # mismatch between the pagination headers info and the actual notes
+              # array returned, but this is really a edge-case.
+              paginate(@noteable.notes).
+              reject { |n| n.cross_reference_not_visible_for?(current_user) }
+            present notes, with: Entities::Note
+          else
+            not_found!("Notes")
+          end
         end
 
         # Get a single +noteable+ note
@@ -45,13 +49,14 @@ module API
         #   GET /projects/:id/issues/:noteable_id/notes/:note_id
         #   GET /projects/:id/snippets/:noteable_id/notes/:note_id
         get ":id/#{noteables_str}/:#{noteable_id_str}/notes/:note_id" do
-          @noteable = user_project.send(:"#{noteables_str}").find(params[:"#{noteable_id_str}"])
+          @noteable = user_project.send(noteables_str.to_sym).find(params[noteable_id_str.to_sym])
           @note = @noteable.notes.find(params[:note_id])
+          can_read_note = can?(current_user, noteable_read_ability_name(@noteable), @noteable) && !@note.cross_reference_not_visible_for?(current_user)
 
-          if @note.cross_reference_not_visible_for?(current_user)
-            not_found!("Note")
-          else
+          if can_read_note
             present @note, with: Entities::Note
+          else
+            not_found!("Note")
           end
         end
 
@@ -136,5 +141,11 @@ module API
         end
       end
     end
+
+    helpers do
+      def noteable_read_ability_name(noteable)
+        "read_#{noteable.class.to_s.underscore.downcase}".to_sym
+      end
+    end
   end
 end
diff --git a/lib/api/project_hooks.rb b/lib/api/project_hooks.rb
index cf9938d25a7..ccca65cbe1c 100644
--- a/lib/api/project_hooks.rb
+++ b/lib/api/project_hooks.rb
@@ -103,10 +103,10 @@ module API
         required_attributes! [:hook_id]
 
         begin
-          @hook = ProjectHook.find(params[:hook_id])
-          @hook.destroy
+          @hook = user_project.hooks.destroy(params[:hook_id])
         rescue
           # ProjectHook can raise Error if hook_id not found
+          not_found!("Error deleting hook #{params[:hook_id]}")
         end
       end
     end
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index 22ce3c6a066..ce1bf0d26d2 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -11,6 +11,11 @@ module API
           end
           not_found!
         end
+
+        def snippets_for_current_user
+          finder_params = { filter: :by_project, project: user_project }
+          SnippetsFinder.new.execute(current_user, finder_params)
+        end
       end
 
       # Get a project snippets
@@ -20,7 +25,7 @@ module API
       # Example Request:
       #   GET /projects/:id/snippets
       get ":id/snippets" do
-        present paginate(user_project.snippets), with: Entities::ProjectSnippet
+        present paginate(snippets_for_current_user), with: Entities::ProjectSnippet
       end
 
       # Get a project snippet
@@ -31,7 +36,7 @@ module API
       # Example Request:
       #   GET /projects/:id/snippets/:snippet_id
       get ":id/snippets/:snippet_id" do
-        @snippet = user_project.snippets.find(params[:snippet_id])
+        @snippet = snippets_for_current_user.find(params[:snippet_id])
         present @snippet, with: Entities::ProjectSnippet
       end
 
@@ -73,7 +78,7 @@ module API
       # Example Request:
       #   PUT /projects/:id/snippets/:snippet_id
       put ":id/snippets/:snippet_id" do
-        @snippet = user_project.snippets.find(params[:snippet_id])
+        @snippet = snippets_for_current_user.find(params[:snippet_id])
         authorize! :update_project_snippet, @snippet
 
         attrs = attributes_for_keys [:title, :file_name, :visibility_level]
@@ -97,7 +102,7 @@ module API
       #   DELETE /projects/:id/snippets/:snippet_id
       delete ":id/snippets/:snippet_id" do
         begin
-          @snippet = user_project.snippets.find(params[:snippet_id])
+          @snippet = snippets_for_current_user.find(params[:snippet_id])
           authorize! :update_project_snippet, @snippet
           @snippet.destroy
         rescue
@@ -113,7 +118,7 @@ module API
       # Example Request:
       #   GET /projects/:id/snippets/:snippet_id/raw
       get ":id/snippets/:snippet_id/raw" do
-        @snippet = user_project.snippets.find(params[:snippet_id])
+        @snippet = snippets_for_current_user.find(params[:snippet_id])
 
         env['api.format'] = :txt
         content_type 'text/plain'
diff --git a/lib/api/projects.rb b/lib/api/projects.rb
index cc2c7a0c503..5a22d14988f 100644
--- a/lib/api/projects.rb
+++ b/lib/api/projects.rb
@@ -44,7 +44,7 @@ module API
       # Example Request:
       #   GET /projects/starred
       get '/starred' do
-        @projects = current_user.starred_projects
+        @projects = current_user.viewable_starred_projects
         @projects = filter_projects(@projects)
         @projects = paginate @projects
         present @projects, with: Entities::Project
@@ -94,6 +94,7 @@ module API
       #   builds_enabled (optional)
       #   wiki_enabled (optional)
       #   snippets_enabled (optional)
+      #   container_registry_enabled (optional)
       #   shared_runners_enabled (optional)
       #   namespace_id (optional) - defaults to user namespace
       #   public (optional) - if true same as setting visibility_level = 20
@@ -112,6 +113,7 @@ module API
                                      :builds_enabled,
                                      :wiki_enabled,
                                      :snippets_enabled,
+                                     :container_registry_enabled,
                                      :shared_runners_enabled,
                                      :namespace_id,
                                      :public,
@@ -143,6 +145,7 @@ module API
       #   builds_enabled (optional)
       #   wiki_enabled (optional)
       #   snippets_enabled (optional)
+      #   container_registry_enabled (optional)
       #   shared_runners_enabled (optional)
       #   public (optional) - if true same as setting visibility_level = 20
       #   visibility_level (optional)
@@ -206,6 +209,7 @@ module API
       #   builds_enabled (optional)
       #   wiki_enabled (optional)
       #   snippets_enabled (optional)
+      #   container_registry_enabled (optional)
       #   shared_runners_enabled (optional)
       #   public (optional) - if true same as setting visibility_level = 20
       #   visibility_level (optional) - visibility level of a project
@@ -222,6 +226,7 @@ module API
                                      :builds_enabled,
                                      :wiki_enabled,
                                      :snippets_enabled,
+                                     :container_registry_enabled,
                                      :shared_runners_enabled,
                                      :public,
                                      :visibility_level,
diff --git a/lib/api/subscriptions.rb b/lib/api/subscriptions.rb
new file mode 100644
index 00000000000..c49e2a21b82
--- /dev/null
+++ b/lib/api/subscriptions.rb
@@ -0,0 +1,60 @@
+module API
+  class Subscriptions < Grape::API
+    before { authenticate! }
+
+    subscribable_types = {
+      'merge_request' => proc { |id| user_project.merge_requests.find(id) },
+      'merge_requests' => proc { |id| user_project.merge_requests.find(id) },
+      'issues' => proc { |id| find_project_issue(id) },
+      'labels' => proc { |id| find_project_label(id) },
+    }
+
+    resource :projects do
+      subscribable_types.each do |type, finder|
+        type_singularized = type.singularize
+        type_id_str = :"#{type_singularized}_id"
+        entity_class = Entities.const_get(type_singularized.camelcase)
+
+        # Subscribe to a resource
+        #
+        # Parameters:
+        #   id (required) - The ID of a project
+        #   subscribable_id (required) - The ID of a resource
+        # Example Request:
+        #   POST /projects/:id/labels/:subscribable_id/subscription
+        #   POST /projects/:id/issues/:subscribable_id/subscription
+        #   POST /projects/:id/merge_requests/:subscribable_id/subscription
+        post ":id/#{type}/:#{type_id_str}/subscription" do
+          resource = instance_exec(params[type_id_str], &finder)
+
+          if resource.subscribed?(current_user)
+            not_modified!
+          else
+            resource.subscribe(current_user)
+            present resource, with: entity_class, current_user: current_user
+          end
+        end
+
+        # Unsubscribe from a resource
+        #
+        # Parameters:
+        #   id (required) - The ID of a project
+        #   subscribable_id (required) - The ID of a resource
+        # Example Request:
+        #   DELETE /projects/:id/labels/:subscribable_id/subscription
+        #   DELETE /projects/:id/issues/:subscribable_id/subscription
+        #   DELETE /projects/:id/merge_requests/:subscribable_id/subscription
+        delete ":id/#{type}/:#{type_id_str}/subscription" do
+          resource = instance_exec(params[type_id_str], &finder)
+
+          if !resource.subscribed?(current_user)
+            not_modified!
+          else
+            resource.unsubscribe(current_user)
+            present resource, with: entity_class, current_user: current_user
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/award_emoji.rb b/lib/award_emoji.rb
index 5f8ff01b0a9..b1aecc2e671 100644
--- a/lib/award_emoji.rb
+++ b/lib/award_emoji.rb
@@ -52,6 +52,10 @@ class AwardEmoji
     end
   end
 
+  def self.unicode
+    @unicode ||= emojis.map {|key, value| { key => emojis[key]["unicode"] } }.inject(:merge!)
+  end
+
   def self.aliases
     @aliases ||= begin
       json_path = File.join(Rails.root, 'fixtures', 'emojis', 'aliases.json' )
diff --git a/lib/backup/manager.rb b/lib/backup/manager.rb
index 4962f5e53ce..7d0608f09da 100644
--- a/lib/backup/manager.rb
+++ b/lib/backup/manager.rb
@@ -157,7 +157,7 @@ module Backup
     end
 
     def archives_to_backup
-      %w{uploads builds artifacts lfs}.map{ |name| (name + ".tar.gz") unless skipped?(name) }.compact
+      %w{uploads builds artifacts lfs registry}.map{ |name| (name + ".tar.gz") unless skipped?(name) }.compact
     end
 
     def folders_to_backup
diff --git a/lib/backup/registry.rb b/lib/backup/registry.rb
new file mode 100644
index 00000000000..67fe0231087
--- /dev/null
+++ b/lib/backup/registry.rb
@@ -0,0 +1,13 @@
+require 'backup/files'
+
+module Backup
+  class Registry < Files
+    def initialize
+      super('registry', Settings.registry.path)
+    end
+
+    def create_files_dir
+      Dir.mkdir(app_files_dir, 0700)
+    end
+  end
+end
diff --git a/lib/banzai/filter/issue_reference_filter.rb b/lib/banzai/filter/issue_reference_filter.rb
index 2732e0b5145..59c5e89c546 100644
--- a/lib/banzai/filter/issue_reference_filter.rb
+++ b/lib/banzai/filter/issue_reference_filter.rb
@@ -10,6 +10,9 @@ module Banzai
       end
 
       def self.user_can_see_reference?(user, node, context)
+        # It is not possible to check access rights for external issue trackers
+        return true if context[:project].try(:external_issue_tracker)
+ 
         issue = Issue.find(node.attr('data-issue')) rescue nil
         Ability.abilities.allowed?(user, :read_issue, issue)
       end
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
index 42dbab9d27e..ca80aac5a08 100644
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@@ -63,7 +63,7 @@ module Banzai
 
           begin
             uri = Addressable::URI.parse(node['href'])
-            uri.scheme.strip! if uri.scheme
+            uri.scheme = uri.scheme.strip.downcase if uri.scheme
 
             node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme)
           rescue Addressable::URI::InvalidURIError
diff --git a/lib/banzai/filter/upload_link_filter.rb b/lib/banzai/filter/upload_link_filter.rb
index 7edfe5ade2d..c0f503c9af3 100644
--- a/lib/banzai/filter/upload_link_filter.rb
+++ b/lib/banzai/filter/upload_link_filter.rb
@@ -8,6 +8,8 @@ module Banzai
     #
     class UploadLinkFilter < HTML::Pipeline::Filter
       def call
+        return doc unless project
+
         doc.search('a').each do |el|
           process_link_attr el.attribute('href')
         end
@@ -31,7 +33,11 @@ module Banzai
       end
 
       def build_url(uri)
-        File.join(Gitlab.config.gitlab.url, context[:project].path_with_namespace, uri)
+        File.join(Gitlab.config.gitlab.url, project.path_with_namespace, uri)
+      end
+
+      def project
+        context[:project]
       end
 
       # Ensure that a :project key exists in context
diff --git a/lib/banzai/filter/wiki_link_filter.rb b/lib/banzai/filter/wiki_link_filter.rb
index 06d10c98501..7dc771afd71 100644
--- a/lib/banzai/filter/wiki_link_filter.rb
+++ b/lib/banzai/filter/wiki_link_filter.rb
@@ -25,7 +25,7 @@ module Banzai
       end
 
       def process_link_attr(html_attr)
-        return if html_attr.blank? || file_reference?(html_attr)
+        return if html_attr.blank? || file_reference?(html_attr) || hierarchical_link?(html_attr)
 
         uri = URI(html_attr.value)
         if uri.relative? && uri.path.present?
@@ -40,12 +40,17 @@ module Banzai
         uri
       end
 
+      def project_wiki
+        context[:project_wiki]
+      end
+
       def file_reference?(html_attr)
         !File.extname(html_attr.value).blank?
       end
 
-      def project_wiki
-        context[:project_wiki]
+      # Of the form `./link`, `../link`, or similar
+      def hierarchical_link?(html_attr)
+        html_attr.value[0] == '.'
       end
 
       def project_wiki_base_path
diff --git a/lib/ci/ansi2html.rb b/lib/ci/ansi2html.rb
index ac6d667cf8d..5fed43aaebd 100644
--- a/lib/ci/ansi2html.rb
+++ b/lib/ci/ansi2html.rb
@@ -23,8 +23,8 @@ module Ci
       cross:      0x10,
     }
 
-    def self.convert(ansi)
-      Converter.new().convert(ansi)
+    def self.convert(ansi, state = nil)
+      Converter.new.convert(ansi, state)
     end
 
     class Converter
@@ -84,22 +84,36 @@ module Ci
       def on_107(s) set_bg_color(7, 'l') end
       def on_109(s) set_bg_color(9, 'l') end
 
-      def convert(ansi)
-        @out = ""
-        @n_open_tags = 0
-        reset()
+      attr_accessor :offset, :n_open_tags, :fg_color, :bg_color, :style_mask
 
-        s = StringScanner.new(ansi.gsub("<", "&lt;"))
+      STATE_PARAMS = [:offset, :n_open_tags, :fg_color, :bg_color, :style_mask]
+
+      def convert(raw, new_state)
+        reset_state
+        restore_state(raw, new_state) if new_state
+
+        start = @offset
+        ansi = raw[@offset..-1]
+
+        open_new_tag
+
+        s = StringScanner.new(ansi)
         while(!s.eos?)
           if s.scan(/\e([@-_])(.*?)([@-~])/)
             handle_sequence(s)
+          elsif s.scan(/\e(([@-_])(.*?)?)?$/)
+            break
+          elsif s.scan(/</)
+            @out << '&lt;'
           else
             @out << s.scan(/./m)
           end
+          @offset += s.matched_size
         end
 
         close_open_tags()
-        @out
+
+        { state: state, html: @out, text: ansi[0, @offset - start], append: start > 0 }
       end
 
       def handle_sequence(s)
@@ -121,6 +135,20 @@ module Ci
 
         evaluate_command_stack(commands)
 
+        open_new_tag
+      end
+
+      def evaluate_command_stack(stack)
+        return unless command = stack.shift()
+
+        if self.respond_to?("on_#{command}", true)
+          self.send("on_#{command}", stack)
+        end
+
+        evaluate_command_stack(stack)
+      end
+
+      def open_new_tag
         css_classes = []
 
         unless @fg_color.nil?
@@ -138,20 +166,8 @@ module Ci
           css_classes << "term-#{css_class}" if @style_mask & flag != 0
         end
 
-        open_new_tag(css_classes) if css_classes.length > 0
-      end
+        return if css_classes.empty?
 
-      def evaluate_command_stack(stack)
-        return unless command = stack.shift()
-
-        if self.respond_to?("on_#{command}", true)
-          self.send("on_#{command}", stack)
-        end
-
-        evaluate_command_stack(stack)
-      end
-
-      def open_new_tag(css_classes)
         @out << %{<span class="#{css_classes.join(' ')}">}
         @n_open_tags += 1
       end
@@ -163,6 +179,31 @@ module Ci
         end
       end
 
+      def reset_state
+        @offset = 0
+        @n_open_tags = 0
+        @out = ''
+        reset
+      end
+
+      def state
+        state = STATE_PARAMS.inject({}) do |h, param|
+          h[param] = send(param)
+          h
+        end
+        Base64.urlsafe_encode64(state.to_json)
+      end
+
+      def restore_state(raw, new_state)
+        state = Base64.urlsafe_decode64(new_state)
+        state = JSON.parse(state, symbolize_names: true)
+        return if state[:offset].to_i > raw.length
+
+        STATE_PARAMS.each do |param|
+          send("#{param}=".to_sym, state[param])
+        end
+      end
+
       def reset
         @fg_color = nil
         @bg_color = nil
diff --git a/lib/ci/api/api.rb b/lib/ci/api/api.rb
index 353c4ddebf8..17bb99a2ae5 100644
--- a/lib/ci/api/api.rb
+++ b/lib/ci/api/api.rb
@@ -1,9 +1,7 @@
-Dir["#{Rails.root}/lib/ci/api/*.rb"].each {|file| require file}
-
 module Ci
   module API
     class API < Grape::API
-      include APIGuard
+      include ::API::APIGuard
       version 'v1', using: :path
 
       rescue_from ActiveRecord::RecordNotFound do
@@ -31,9 +29,9 @@ module Ci
       helpers ::API::Helpers
       helpers Gitlab::CurrentSettings
 
-      mount Builds
-      mount Runners
-      mount Triggers
+      mount ::Ci::API::Builds
+      mount ::Ci::API::Runners
+      mount ::Ci::API::Triggers
     end
   end
 end
diff --git a/lib/ci/gitlab_ci_yaml_processor.rb b/lib/ci/gitlab_ci_yaml_processor.rb
index ff9887cba1e..504d3df9d34 100644
--- a/lib/ci/gitlab_ci_yaml_processor.rb
+++ b/lib/ci/gitlab_ci_yaml_processor.rb
@@ -61,23 +61,21 @@ module Ci
       @stages = @config[:stages] || @config[:types]
       @variables = @config[:variables] || {}
       @cache = @config[:cache]
-      @config.except!(*ALLOWED_YAML_KEYS)
-
-      # anything that doesn't have script is considered as unknown
-      @config.each do |name, param|
-        raise ValidationError, "Unknown parameter: #{name}" unless param.is_a?(Hash) && param.has_key?(:script)
-      end
-
-      unless @config.values.any?{|job| job.is_a?(Hash)}
-        raise ValidationError, "Please define at least one job"
-      end
-
       @jobs = {}
-      @config.each do |key, job|
-        next if key.to_s.start_with?('.')
-        stage = job[:stage] || job[:type] || DEFAULT_STAGE
-        @jobs[key] = { stage: stage }.merge(job)
-      end
+
+      @config.except!(*ALLOWED_YAML_KEYS)
+      @config.each { |name, param| add_job(name, param) }
+
+      raise ValidationError, "Please define at least one job" if @jobs.none?
+    end
+
+    def add_job(name, job)
+      return if name.to_s.start_with?('.')
+
+      raise ValidationError, "Unknown parameter: #{name}" unless job.is_a?(Hash) && job.has_key?(:script)
+
+      stage = job[:stage] || job[:type] || DEFAULT_STAGE
+      @jobs[name] = { stage: stage }.merge(job)
     end
 
     def build_job(name, job)
@@ -112,8 +110,6 @@ module Ci
       true
     end
 
-    private
-
     def validate_global!
       unless validate_array_of_strings(@before_script)
         raise ValidationError, "before_script should be an array of strings"
diff --git a/lib/container_registry/blob.rb b/lib/container_registry/blob.rb
new file mode 100644
index 00000000000..4e20dc4f875
--- /dev/null
+++ b/lib/container_registry/blob.rb
@@ -0,0 +1,48 @@
+module ContainerRegistry
+  class Blob
+    attr_reader :repository, :config
+
+    delegate :registry, :client, to: :repository
+
+    def initialize(repository, config)
+      @repository = repository
+      @config = config || {}
+    end
+
+    def valid?
+      digest.present?
+    end
+
+    def path
+      "#{repository.path}@#{digest}"
+    end
+
+    def digest
+      config['digest']
+    end
+
+    def type
+      config['mediaType']
+    end
+
+    def size
+      config['size']
+    end
+
+    def revision
+      digest.split(':')[1]
+    end
+
+    def short_revision
+      revision[0..8]
+    end
+
+    def delete
+      client.delete_blob(repository.name, digest)
+    end
+
+    def data
+      @data ||= client.blob(repository.name, digest, type)
+    end
+  end
+end
diff --git a/lib/container_registry/client.rb b/lib/container_registry/client.rb
new file mode 100644
index 00000000000..4d726692f45
--- /dev/null
+++ b/lib/container_registry/client.rb
@@ -0,0 +1,61 @@
+require 'faraday'
+require 'faraday_middleware'
+
+module ContainerRegistry
+  class Client
+    attr_accessor :uri
+
+    MANIFEST_VERSION = 'application/vnd.docker.distribution.manifest.v2+json'
+
+    def initialize(base_uri, options = {})
+      @base_uri = base_uri
+      @faraday = Faraday.new(@base_uri) do |conn|
+        initialize_connection(conn, options)
+      end
+    end
+
+    def repository_tags(name)
+      @faraday.get("/v2/#{name}/tags/list").body
+    end
+
+    def repository_manifest(name, reference)
+      @faraday.get("/v2/#{name}/manifests/#{reference}").body
+    end
+
+    def repository_tag_digest(name, reference)
+      response = @faraday.head("/v2/#{name}/manifests/#{reference}")
+      response.headers['docker-content-digest'] if response.success?
+    end
+
+    def delete_repository_tag(name, reference)
+      @faraday.delete("/v2/#{name}/manifests/#{reference}").success?
+    end
+
+    def blob(name, digest, type = nil)
+      headers = {}
+      headers['Accept'] = type if type
+      @faraday.get("/v2/#{name}/blobs/#{digest}", nil, headers).body
+    end
+
+    def delete_blob(name, digest)
+      @faraday.delete("/v2/#{name}/blobs/#{digest}").success?
+    end
+    
+    private
+    
+    def initialize_connection(conn, options)
+      conn.request :json
+      conn.headers['Accept'] = MANIFEST_VERSION
+
+      conn.response :json, content_type: /\bjson$/
+
+      if options[:user] && options[:password]
+        conn.request(:basic_auth, options[:user].to_s, options[:password].to_s)
+      elsif options[:token]
+        conn.request(:authorization, :bearer, options[:token].to_s)
+      end
+
+      conn.adapter :net_http
+    end
+  end
+end
diff --git a/lib/container_registry/config.rb b/lib/container_registry/config.rb
new file mode 100644
index 00000000000..589f9f4380a
--- /dev/null
+++ b/lib/container_registry/config.rb
@@ -0,0 +1,16 @@
+module ContainerRegistry
+  class Config
+    attr_reader :tag, :blob, :data
+
+    def initialize(tag, blob)
+      @tag, @blob = tag, blob
+      @data = JSON.parse(blob.data)
+    end
+
+    def [](key)
+      return unless data
+
+      data[key]
+    end
+  end
+end
diff --git a/lib/container_registry/registry.rb b/lib/container_registry/registry.rb
new file mode 100644
index 00000000000..0e634f6b6ef
--- /dev/null
+++ b/lib/container_registry/registry.rb
@@ -0,0 +1,21 @@
+module ContainerRegistry
+  class Registry
+    attr_reader :uri, :client, :path
+
+    def initialize(uri, options = {})
+      @uri = uri
+      @path = options[:path] || default_path
+      @client = ContainerRegistry::Client.new(uri, options)
+    end
+
+    def repository(name)
+      ContainerRegistry::Repository.new(self, name)
+    end
+
+    private
+
+    def default_path
+      @uri.sub(/^https?:\/\//, '')
+    end
+  end
+end
diff --git a/lib/container_registry/repository.rb b/lib/container_registry/repository.rb
new file mode 100644
index 00000000000..0e4a7cb3cc9
--- /dev/null
+++ b/lib/container_registry/repository.rb
@@ -0,0 +1,48 @@
+module ContainerRegistry
+  class Repository
+    attr_reader :registry, :name
+
+    delegate :client, to: :registry
+
+    def initialize(registry, name)
+      @registry, @name = registry, name
+    end
+
+    def path
+      [registry.path, name].compact.join('/')
+    end
+
+    def tag(tag)
+      ContainerRegistry::Tag.new(self, tag)
+    end
+
+    def manifest
+      return @manifest if defined?(@manifest)
+
+      @manifest = client.repository_tags(name)
+    end
+
+    def valid?
+      manifest.present?
+    end
+
+    def tags
+      return @tags if defined?(@tags)
+      return [] unless manifest && manifest['tags']
+
+      @tags = manifest['tags'].map do |tag|
+        ContainerRegistry::Tag.new(self, tag)
+      end
+    end
+
+    def blob(config)
+      ContainerRegistry::Blob.new(self, config)
+    end
+
+    def delete_tags
+      return unless tags
+
+      tags.all?(&:delete)
+    end
+  end
+end
diff --git a/lib/container_registry/tag.rb b/lib/container_registry/tag.rb
new file mode 100644
index 00000000000..43f8d6dc8c2
--- /dev/null
+++ b/lib/container_registry/tag.rb
@@ -0,0 +1,77 @@
+module ContainerRegistry
+  class Tag
+    attr_reader :repository, :name
+
+    delegate :registry, :client, to: :repository
+
+    def initialize(repository, name)
+      @repository, @name = repository, name
+    end
+
+    def valid?
+      manifest.present?
+    end
+
+    def manifest
+      return @manifest if defined?(@manifest)
+
+      @manifest = client.repository_manifest(repository.name, name)
+    end
+
+    def path
+      "#{repository.path}:#{name}"
+    end
+
+    def [](key)
+      return unless manifest
+
+      manifest[key]
+    end
+
+    def digest
+      return @digest if defined?(@digest)
+
+      @digest = client.repository_tag_digest(repository.name, name)
+    end
+
+    def config_blob
+      return @config_blob if defined?(@config_blob)
+      return unless manifest && manifest['config']
+
+      @config_blob = repository.blob(manifest['config'])
+    end
+
+    def config
+      return unless config_blob
+
+      @config ||= ContainerRegistry::Config.new(self, config_blob)
+    end
+
+    def created_at
+      return unless config
+
+      @created_at ||= DateTime.rfc3339(config['created'])
+    end
+
+    def layers
+      return @layers if defined?(@layers)
+      return unless manifest
+
+      @layers = manifest['layers'].map do |layer|
+        repository.blob(layer)
+      end
+    end
+
+    def total_size
+      return unless layers
+
+      layers.map(&:size).sum
+    end
+
+    def delete
+      return unless digest
+
+      client.delete_repository_tag(repository.name, digest)
+    end
+  end
+end
diff --git a/lib/gitlab.rb b/lib/gitlab.rb
index 7479e729db1..37f4c34054f 100644
--- a/lib/gitlab.rb
+++ b/lib/gitlab.rb
@@ -1,4 +1,4 @@
-require 'gitlab/git'
+require_dependency 'gitlab/git'
 
 module Gitlab
   def self.com?
diff --git a/lib/gitlab/akismet_helper.rb b/lib/gitlab/akismet_helper.rb
index b366c89889e..04676fdb748 100644
--- a/lib/gitlab/akismet_helper.rb
+++ b/lib/gitlab/akismet_helper.rb
@@ -9,14 +9,22 @@ module Gitlab
         Gitlab.config.gitlab.url)
     end
 
+    def client_ip(env)
+      env['action_dispatch.remote_ip'].to_s
+    end
+
+    def user_agent(env)
+      env['HTTP_USER_AGENT']
+    end
+
     def check_for_spam?(project, user)
       akismet_enabled? && !project.team.member?(user)
     end
 
     def is_spam?(environment, user, text)
       client = akismet_client
-      ip_address = environment['REMOTE_ADDR']
-      user_agent = environment['HTTP_USER_AGENT']
+      ip_address = client_ip(environment)
+      user_agent = user_agent(environment)
 
       params = {
         type: 'comment',
diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb
index 5e2fb863a8f..3e3986d6382 100644
--- a/lib/gitlab/backend/shell.rb
+++ b/lib/gitlab/backend/shell.rb
@@ -79,24 +79,6 @@ module Gitlab
                                    'rm-project', "#{name}.git"])
     end
 
-    # Add repository tag from passed ref
-    #
-    # path - project path with namespace
-    # tag_name - new tag name
-    # ref - HEAD for new tag
-    # message - optional message for tag (annotated tag)
-    #
-    # Ex.
-    #   add_tag("gitlab/gitlab-ci", "v4.0", "master")
-    #   add_tag("gitlab/gitlab-ci", "v4.0", "master", "message")
-    #
-    def add_tag(path, tag_name, ref, message = nil)
-      cmd = %W(#{gitlab_shell_path}/bin/gitlab-projects create-tag #{path}.git
-               #{tag_name} #{ref})
-      cmd << message unless message.nil? || message.empty?
-      Gitlab::Utils.system_silent(cmd)
-    end
-
     # Gc repository
     #
     # path - project path with namespace
@@ -198,7 +180,7 @@ module Gitlab
     #   exists?('gitlab/cookies.git')
     #
     def exists?(dir_name)
-      File.exists?(full_path(dir_name))
+      File.exist?(full_path(dir_name))
     end
 
     protected
diff --git a/lib/gitlab/bitbucket_import/client.rb b/lib/gitlab/bitbucket_import/client.rb
index 9bb507b5edd..9b83292ef33 100644
--- a/lib/gitlab/bitbucket_import/client.rb
+++ b/lib/gitlab/bitbucket_import/client.rb
@@ -12,7 +12,7 @@ module Gitlab
           token_secret = import_data_credentials[:bb_session][:bitbucket_access_token_secret]
           new(token, token_secret)
         else
-          raise Projects::ImportService::Error, "Unable to find project import data credentials for project ID: #{@project.id}"
+          raise Projects::ImportService::Error, "Unable to find project import data credentials for project ID: #{project.id}"
         end
       end
 
diff --git a/lib/gitlab/bitbucket_import/project_creator.rb b/lib/gitlab/bitbucket_import/project_creator.rb
index 941f818b847..b90ef0b0fba 100644
--- a/lib/gitlab/bitbucket_import/project_creator.rb
+++ b/lib/gitlab/bitbucket_import/project_creator.rb
@@ -11,7 +11,7 @@ module Gitlab
       end
 
       def execute
-        project = ::Projects::CreateService.new(
+        ::Projects::CreateService.new(
           current_user,
           name: repo["name"],
           path: repo["slug"],
@@ -21,11 +21,8 @@ module Gitlab
           import_type: "bitbucket",
           import_source: "#{repo["owner"]}/#{repo["slug"]}",
           import_url: "ssh://git@bitbucket.org/#{repo["owner"]}/#{repo["slug"]}.git",
+          import_data: { credentials: { bb_session: session_data } }
         ).execute
-
-        project.create_or_update_import_data(credentials: { bb_session: session_data })
-
-        project
       end
     end
   end
diff --git a/lib/gitlab/database.rb b/lib/gitlab/database.rb
index 6f9da69983a..42bec913a45 100644
--- a/lib/gitlab/database.rb
+++ b/lib/gitlab/database.rb
@@ -5,11 +5,11 @@ module Gitlab
     end
 
     def self.mysql?
-      adapter_name.downcase == 'mysql2'
+      adapter_name.casecmp('mysql2').zero?
     end
 
     def self.postgresql?
-      adapter_name.downcase == 'postgresql'
+      adapter_name.casecmp('postgresql').zero?
     end
 
     def self.version
diff --git a/lib/gitlab/diff/parser.rb b/lib/gitlab/diff/parser.rb
index d0815fc7eea..6fe7faa547a 100644
--- a/lib/gitlab/diff/parser.rb
+++ b/lib/gitlab/diff/parser.rb
@@ -18,7 +18,7 @@ module Gitlab
           @lines.each do |line|
             next if filename?(line)
   
-            full_line = line.gsub(/\n/, '')
+            full_line = line.delete("\n")
   
             if line.match(/^@@ -/)
               type = "match"
diff --git a/lib/gitlab/email/message/repository_push.rb b/lib/gitlab/email/message/repository_push.rb
index 8f9be6cd9a3..2c91a0487c3 100644
--- a/lib/gitlab/email/message/repository_push.rb
+++ b/lib/gitlab/email/message/repository_push.rb
@@ -2,7 +2,6 @@ module Gitlab
   module Email
     module Message
       class RepositoryPush
-        attr_accessor :recipient
         attr_reader :author_id, :ref, :action
 
         include Gitlab::Routing.url_helpers
@@ -11,13 +10,12 @@ module Gitlab
         delegate :name, to: :author, prefix: :author
         delegate :username, to: :author, prefix: :author
 
-        def initialize(notify, project_id, recipient, opts = {})
+        def initialize(notify, project_id, opts = {})
           raise ArgumentError, 'Missing options: author_id, ref, action' unless
             opts[:author_id] && opts[:ref] && opts[:action]
 
           @notify = notify
           @project_id = project_id
-          @recipient = recipient
           @opts = opts.dup
 
           @author_id = @opts.delete(:author_id)
diff --git a/lib/gitlab/email/reply_parser.rb b/lib/gitlab/email/reply_parser.rb
index 6ed36b51f12..3411eb1d9ce 100644
--- a/lib/gitlab/email/reply_parser.rb
+++ b/lib/gitlab/email/reply_parser.rb
@@ -65,7 +65,7 @@ module Gitlab
                    (l =~ /On \w+ \d+,? \d+,?.*wrote:/)
 
           # Headers on subsequent lines
-          break if (0..2).all? { |off| lines[idx+off] =~ REPLYING_HEADER_REGEX }
+          break if (0..2).all? { |off| lines[idx + off] =~ REPLYING_HEADER_REGEX }
           # Headers on the same line
           break if REPLYING_HEADER_LABELS.count { |label| l.include?(label) } >= 3
 
diff --git a/lib/gitlab/fogbugz_import/project_creator.rb b/lib/gitlab/fogbugz_import/project_creator.rb
index 3840765db87..1918d5b208d 100644
--- a/lib/gitlab/fogbugz_import/project_creator.rb
+++ b/lib/gitlab/fogbugz_import/project_creator.rb
@@ -12,7 +12,7 @@ module Gitlab
       end
 
       def execute
-        project = ::Projects::CreateService.new(
+        ::Projects::CreateService.new(
           current_user,
           name: repo.safe_name,
           path: repo.path,
@@ -21,12 +21,9 @@ module Gitlab
           visibility_level: Gitlab::VisibilityLevel::INTERNAL,
           import_type: 'fogbugz',
           import_source: repo.name,
-          import_url: Project::UNKNOWN_IMPORT_URL
+          import_url: Project::UNKNOWN_IMPORT_URL,
+          import_data: { data: { 'repo' => repo.raw_data, 'user_map' => user_map }, credentials: { fb_session: fb_session } }
         ).execute
-
-        project.create_or_update_import_data(data: { 'repo' => repo.raw_data, 'user_map' => user_map }, credentials: { fb_session: fb_session })
-
-        project
       end
     end
   end
diff --git a/lib/gitlab/git_access.rb b/lib/gitlab/git_access.rb
index 3ed1eec517c..d2a0e316cbe 100644
--- a/lib/gitlab/git_access.rb
+++ b/lib/gitlab/git_access.rb
@@ -122,20 +122,25 @@ module Gitlab
       build_status_object(true)
     end
 
+    def can_user_do_action?(action)
+      @permission_cache ||= {}
+      @permission_cache[action] ||= user.can?(action, project)
+    end
+
     def change_access_check(change)
       oldrev, newrev, ref = change.split(' ')
 
       action =
         if project.protected_branch?(branch_name(ref))
           protected_branch_action(oldrev, newrev, branch_name(ref))
-        elsif protected_tag?(tag_name(ref))
+        elsif (tag_ref = tag_name(ref)) && protected_tag?(tag_ref)
           # Prevent any changes to existing git tag unless user has permissions
           :admin_project
         else
           :push_code
         end
 
-      unless user.can?(action, project)
+      unless can_user_do_action?(action)
         status =
           case action
           when :force_push_code_to_protected_branches
@@ -176,7 +181,7 @@ module Gitlab
     end
 
     def protected_tag?(tag_name)
-      project.repository.tag_names.include?(tag_name)
+      project.repository.tag_exists?(tag_name)
     end
 
     def user_allowed?
diff --git a/lib/gitlab/github_import/branch_formatter.rb b/lib/gitlab/github_import/branch_formatter.rb
new file mode 100644
index 00000000000..a15fc84b418
--- /dev/null
+++ b/lib/gitlab/github_import/branch_formatter.rb
@@ -0,0 +1,29 @@
+module Gitlab
+  module GithubImport
+    class BranchFormatter < BaseFormatter
+      delegate :repo, :sha, :ref, to: :raw_data
+
+      def exists?
+        project.repository.branch_exists?(ref)
+      end
+
+      def name
+        @name ||= exists? ? ref : "#{ref}-#{short_id}"
+      end
+
+      def valid?
+        repo.present?
+      end
+
+      def valid?
+        repo.present?
+      end
+
+      private
+
+      def short_id
+        sha.to_s[0..7]
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/github_import/client.rb b/lib/gitlab/github_import/client.rb
index 74d1529e1ff..67988ea3460 100644
--- a/lib/gitlab/github_import/client.rb
+++ b/lib/gitlab/github_import/client.rb
@@ -7,12 +7,19 @@ module Gitlab
         @client = ::OAuth2::Client.new(
           config.app_id,
           config.app_secret,
-          github_options
+          github_options.merge(ssl: { verify: config['verify_ssl'] })
         )
 
         if access_token
           ::Octokit.auto_paginate = true
-          @api = ::Octokit::Client.new(access_token: access_token)
+
+          @api = ::Octokit::Client.new(
+            access_token: access_token,
+            api_endpoint: github_options[:site],
+            connection_options: {
+              ssl: { verify: config['verify_ssl'] }
+            }
+          )
         end
       end
 
@@ -42,11 +49,11 @@ module Gitlab
       private
 
       def config
-        Gitlab.config.omniauth.providers.find{|provider| provider.name == "github"}
+        Gitlab.config.omniauth.providers.find { |provider| provider.name == "github" }
       end
 
       def github_options
-        OmniAuth::Strategies::GitHub.default_options[:client_options].to_h.symbolize_keys
+        config["args"]["client_options"].deep_symbolize_keys
       end
     end
   end
diff --git a/lib/gitlab/github_import/comment_formatter.rb b/lib/gitlab/github_import/comment_formatter.rb
index 7d58e53991a..7d679eaec6a 100644
--- a/lib/gitlab/github_import/comment_formatter.rb
+++ b/lib/gitlab/github_import/comment_formatter.rb
@@ -28,13 +28,26 @@ module Gitlab
       end
 
       def line_code
-        if on_diff?
-          Gitlab::Diff::LineCode.generate(raw_data.path, raw_data.position, 0)
-        end
+        return unless on_diff?
+
+        parsed_lines = Gitlab::Diff::Parser.new.parse(diff_hunk.lines)
+        generate_line_code(parsed_lines.to_a.last)
+      end
+
+      def generate_line_code(line)
+        Gitlab::Diff::LineCode.generate(file_path, line.new_pos, line.old_pos)
       end
 
       def on_diff?
-        raw_data.path && raw_data.position
+        diff_hunk.present?
+      end
+
+      def diff_hunk
+        raw_data.diff_hunk
+      end
+
+      def file_path
+        raw_data.path
       end
 
       def note
diff --git a/lib/gitlab/github_import/importer.rb b/lib/gitlab/github_import/importer.rb
index 0f9e3ee14ee..408d9b79632 100644
--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -3,12 +3,15 @@ module Gitlab
     class Importer
       include Gitlab::ShellAdapter
 
-      attr_reader :project, :client
+      attr_reader :client, :project, :repo, :repo_url
 
       def initialize(project)
-        @project = project
-        if import_data_credentials
-          @client = Client.new(import_data_credentials[:user])
+        @project  = project
+        @repo     = project.import_source
+        @repo_url = project.import_url
+
+        if credentials
+          @client = Client.new(credentials[:user])
           @formatter = Gitlab::ImportFormatter.new
         else
           raise Projects::ImportService::Error, "Unable to find project import data credentials for project ID: #{@project.id}"
@@ -22,12 +25,12 @@ module Gitlab
 
       private
 
-      def import_data_credentials
-        @import_data_credentials ||= project.import_data.credentials if project.import_data
+      def credentials
+        @credentials ||= project.import_data.credentials if project.import_data
       end
 
       def import_labels
-        client.labels(project.import_source).each do |raw_data|
+        client.labels(repo).each do |raw_data|
           Label.create!(LabelFormatter.new(project, raw_data).attributes)
         end
 
@@ -37,7 +40,7 @@ module Gitlab
       end
 
       def import_milestones
-        client.list_milestones(project.import_source, state: :all).each do |raw_data|
+        client.list_milestones(repo, state: :all).each do |raw_data|
           Milestone.create!(MilestoneFormatter.new(project, raw_data).attributes)
         end
 
@@ -47,9 +50,7 @@ module Gitlab
       end
 
       def import_issues
-        client.list_issues(project.import_source, state: :all,
-                                                  sort: :created,
-                                                  direction: :asc).each do |raw_data|
+        client.list_issues(repo, state: :all, sort: :created, direction: :asc).each do |raw_data|
           gh_issue = IssueFormatter.new(project, raw_data)
 
           if gh_issue.valid?
@@ -68,29 +69,50 @@ module Gitlab
       end
 
       def import_pull_requests
-        client.pull_requests(project.import_source, state: :all,
-                                                    sort: :created,
-                                                    direction: :asc).each do |raw_data|
-          pull_request = PullRequestFormatter.new(project, raw_data)
+        pull_requests = client.pull_requests(repo, state: :all, sort: :created, direction: :asc)
+                              .map { |raw| PullRequestFormatter.new(project, raw) }
+                              .select(&:valid?)
 
-          if pull_request.valid?
-            merge_request = MergeRequest.new(pull_request.attributes)
+        source_branches_removed = pull_requests.reject(&:source_branch_exists?).map { |pr| [pr.source_branch_name, pr.source_branch_sha] }
+        target_branches_removed = pull_requests.reject(&:target_branch_exists?).map { |pr| [pr.target_branch_name, pr.target_branch_sha] }
+        branches_removed = source_branches_removed | target_branches_removed
 
-            if merge_request.save
-              apply_labels(pull_request.number, merge_request)
-              import_comments(pull_request.number, merge_request)
-              import_comments_on_diff(pull_request.number, merge_request)
-            end
+        create_refs(branches_removed)
+
+        pull_requests.each do |pull_request|
+          merge_request = MergeRequest.new(pull_request.attributes)
+
+          if merge_request.save
+            apply_labels(pull_request.number, merge_request)
+            import_comments(pull_request.number, merge_request)
+            import_comments_on_diff(pull_request.number, merge_request)
           end
         end
 
+        delete_refs(branches_removed)
+
         true
       rescue ActiveRecord::RecordInvalid => e
         raise Projects::ImportService::Error, e.message
       end
 
+      def create_refs(branches)
+        branches.each do |name, sha|
+          client.create_ref(repo, "refs/heads/#{name}", sha)
+        end
+
+        project.repository.fetch_ref(repo_url, '+refs/heads/*', 'refs/heads/*')
+      end
+
+      def delete_refs(branches)
+        branches.each do |name, _|
+          client.delete_ref(repo, "heads/#{name}")
+          project.repository.rm_branch(project.creator, name)
+        end
+      end
+
       def apply_labels(number, issuable)
-        issue = client.issue(project.import_source, number)
+        issue = client.issue(repo, number)
 
         if issue.labels.count > 0
           label_ids = issue.labels.map do |raw|
@@ -102,12 +124,12 @@ module Gitlab
       end
 
       def import_comments(issue_number, noteable)
-        comments = client.issue_comments(project.import_source, issue_number)
+        comments = client.issue_comments(repo, issue_number)
         create_comments(comments, noteable)
       end
 
       def import_comments_on_diff(pull_request_number, merge_request)
-        comments = client.pull_request_comments(project.import_source, pull_request_number)
+        comments = client.pull_request_comments(repo, pull_request_number)
         create_comments(comments, merge_request)
       end
 
diff --git a/lib/gitlab/github_import/pull_request_formatter.rb b/lib/gitlab/github_import/pull_request_formatter.rb
index d21b942ad4b..574737b31c1 100644
--- a/lib/gitlab/github_import/pull_request_formatter.rb
+++ b/lib/gitlab/github_import/pull_request_formatter.rb
@@ -1,15 +1,20 @@
 module Gitlab
   module GithubImport
     class PullRequestFormatter < BaseFormatter
+      delegate :exists?, :name, :project, :repo, :sha, to: :source_branch, prefix: true
+      delegate :exists?, :name, :project, :repo, :sha, to: :target_branch, prefix: true
+
       def attributes
         {
           iid: number,
           title: raw_data.title,
           description: description,
-          source_project: source_project,
-          source_branch: source_branch.name,
-          target_project: target_project,
-          target_branch: target_branch.name,
+          source_project: source_branch_project,
+          source_branch: source_branch_name,
+          head_source_sha: source_branch_sha,
+          target_project: target_branch_project,
+          target_branch: target_branch_name,
+          base_target_sha: target_branch_sha,
           state: state,
           milestone: milestone,
           author_id: author_id,
@@ -24,7 +29,15 @@ module Gitlab
       end
 
       def valid?
-        !cross_project? && source_branch.present? && target_branch.present?
+        source_branch.valid? && target_branch.valid? && !cross_project?
+      end
+
+      def source_branch
+        @source_branch ||= BranchFormatter.new(project, raw_data.head)
+      end
+
+      def target_branch
+        @target_branch ||= BranchFormatter.new(project, raw_data.base)
       end
 
       private
@@ -52,7 +65,7 @@ module Gitlab
       end
 
       def cross_project?
-        source_repo.present? && target_repo.present? && source_repo.id != target_repo.id
+        source_branch_repo.id != target_branch_repo.id
       end
 
       def description
@@ -65,30 +78,6 @@ module Gitlab
         end
       end
 
-      def source_project
-        project
-      end
-
-      def source_repo
-        raw_data.head.repo
-      end
-
-      def source_branch
-        source_project.repository.find_branch(raw_data.head.ref)
-      end
-
-      def target_project
-        project
-      end
-
-      def target_repo
-        raw_data.base.repo
-      end
-
-      def target_branch
-        target_project.repository.find_branch(raw_data.base.ref)
-      end
-
       def state
         @state ||= case true
                    when raw_data.state == 'closed' && raw_data.merged_at.present?
diff --git a/lib/gitlab/gitlab_import/importer.rb b/lib/gitlab/gitlab_import/importer.rb
index 96717b42bae..3e51c06877e 100644
--- a/lib/gitlab/gitlab_import/importer.rb
+++ b/lib/gitlab/gitlab_import/importer.rb
@@ -5,7 +5,7 @@ module Gitlab
 
       def initialize(project)
         @project = project
-        credentials = import_data
+        credentials = project.import_data
         if credentials && credentials[:password]
           @client = Client.new(credentials[:password])
           @formatter = Gitlab::ImportFormatter.new
diff --git a/lib/gitlab/gon_helper.rb b/lib/gitlab/gon_helper.rb
index 5ebaad6ca6e..ab900b641c4 100644
--- a/lib/gitlab/gon_helper.rb
+++ b/lib/gitlab/gon_helper.rb
@@ -6,6 +6,7 @@ module Gitlab
       gon.default_issues_tracker = Project.new.default_issue_tracker.to_param
       gon.max_file_size          = current_application_settings.max_attachment_size
       gon.relative_url_root      = Gitlab.config.gitlab.relative_url_root
+      gon.shortcuts_path         = help_shortcuts_path
       gon.user_color_scheme      = Gitlab::ColorSchemes.for_user(current_user).css_class
 
       if current_user
diff --git a/lib/gitlab/google_code_import/project_creator.rb b/lib/gitlab/google_code_import/project_creator.rb
index 0abb7a64c17..326cfcaa8af 100644
--- a/lib/gitlab/google_code_import/project_creator.rb
+++ b/lib/gitlab/google_code_import/project_creator.rb
@@ -11,7 +11,7 @@ module Gitlab
       end
 
       def execute
-        project = ::Projects::CreateService.new(
+        ::Projects::CreateService.new(
           current_user,
           name: repo.name,
           path: repo.name,
@@ -21,12 +21,9 @@ module Gitlab
           visibility_level: Gitlab::VisibilityLevel::PUBLIC,
           import_type: "google_code",
           import_source: repo.name,
-          import_url: repo.import_url
+          import_url: repo.import_url,
+          import_data: { data: { 'repo' => repo.raw_data, 'user_map' => user_map } }
         ).execute
-
-        project.create_or_update_import_data(data: { 'repo' => repo.raw_data, 'user_map' => user_map })
-
-        project
       end
     end
   end
diff --git a/lib/gitlab/highlight.rb b/lib/gitlab/highlight.rb
index cac76442321..280120b0f9e 100644
--- a/lib/gitlab/highlight.rb
+++ b/lib/gitlab/highlight.rb
@@ -1,7 +1,8 @@
 module Gitlab
   class Highlight
-    def self.highlight(blob_name, blob_content, nowrap: true)
-      new(blob_name, blob_content, nowrap: nowrap).highlight(blob_content, continue: false)
+    def self.highlight(blob_name, blob_content, nowrap: true, plain: false)
+      new(blob_name, blob_content, nowrap: nowrap).
+        highlight(blob_content, continue: false, plain: plain)
     end
 
     def self.highlight_lines(repository, ref, file_name)
@@ -17,8 +18,12 @@ module Gitlab
       @lexer = Rouge::Lexer.guess(filename: blob_name, source: blob_content).new rescue Rouge::Lexers::PlainText
     end
 
-    def highlight(text, continue: true)
-      @formatter.format(@lexer.lex(text, continue: continue)).html_safe
+    def highlight(text, continue: true, plain: false)
+      if plain
+        @formatter.format(Rouge::Lexers::PlainText.lex(text)).html_safe
+      else
+        @formatter.format(@lexer.lex(text, continue: continue)).html_safe
+      end
     rescue
       @formatter.format(Rouge::Lexers::PlainText.lex(text)).html_safe
     end
diff --git a/lib/gitlab/markup_helper.rb b/lib/gitlab/markup_helper.rb
index a5f767b134d..dda371e6554 100644
--- a/lib/gitlab/markup_helper.rb
+++ b/lib/gitlab/markup_helper.rb
@@ -40,7 +40,7 @@ module Gitlab
     # Returns boolean
     def plain?(filename)
       filename.downcase.end_with?('.txt') ||
-        filename.downcase == 'readme'
+        filename.casecmp('readme').zero?
     end
 
     def previewable?(filename)
diff --git a/lib/gitlab/metrics/instrumentation.rb b/lib/gitlab/metrics/instrumentation.rb
index 708ef79f304..0f115893a15 100644
--- a/lib/gitlab/metrics/instrumentation.rb
+++ b/lib/gitlab/metrics/instrumentation.rb
@@ -154,8 +154,6 @@ module Gitlab
               duration = (Time.now - start) * 1000.0
 
               if duration >= Gitlab::Metrics.method_call_threshold
-                trans.increment(:method_duration, duration)
-
                 trans.add_metric(Gitlab::Metrics::Instrumentation::SERIES,
                                  { duration: duration },
                                  method: #{label.inspect})
diff --git a/lib/gitlab/metrics/subscribers/rails_cache.rb b/lib/gitlab/metrics/subscribers/rails_cache.rb
index 49e5f86e6e6..8e345e8ae4a 100644
--- a/lib/gitlab/metrics/subscribers/rails_cache.rb
+++ b/lib/gitlab/metrics/subscribers/rails_cache.rb
@@ -6,26 +6,28 @@ module Gitlab
         attach_to :active_support
 
         def cache_read(event)
-          increment(:cache_read_duration, event.duration)
+          increment(:cache_read, event.duration)
         end
 
         def cache_write(event)
-          increment(:cache_write_duration, event.duration)
+          increment(:cache_write, event.duration)
         end
 
         def cache_delete(event)
-          increment(:cache_delete_duration, event.duration)
+          increment(:cache_delete, event.duration)
         end
 
         def cache_exist?(event)
-          increment(:cache_exists_duration, event.duration)
+          increment(:cache_exists, event.duration)
         end
 
         def increment(key, duration)
           return unless current_transaction
 
           current_transaction.increment(:cache_duration, duration)
-          current_transaction.increment(key, duration)
+          current_transaction.increment(:cache_count, 1)
+          current_transaction.increment("#{key}_duration".to_sym, duration)
+          current_transaction.increment("#{key}_count".to_sym, 1)
         end
 
         private
diff --git a/lib/gitlab/push_data_builder.rb b/lib/gitlab/push_data_builder.rb
index 67622f321a6..c8f12577112 100644
--- a/lib/gitlab/push_data_builder.rb
+++ b/lib/gitlab/push_data_builder.rb
@@ -66,7 +66,7 @@ module Gitlab
       # This method provide a sample data generated with
       # existing project and commits to test webhooks
       def build_sample(project, user)
-        commits = project.repository.commits(project.default_branch, nil, 3)
+        commits = project.repository.commits(project.default_branch, limit: 3)
         ref = "#{Gitlab::Git::BRANCH_REF_PREFIX}#{project.default_branch}"
         build(project, user, commits.last.id, commits.first.id, ref, commits)
       end
diff --git a/lib/gitlab/redis.rb b/lib/gitlab/redis.rb
index 5c352c96de5..40766f35f77 100644
--- a/lib/gitlab/redis.rb
+++ b/lib/gitlab/redis.rb
@@ -25,7 +25,7 @@ module Gitlab
       end
       @pool.with { |redis| yield redis }
     end
-    
+
     def self.redis_store_options
       url = new.url
       redis_config_hash = ::Redis::Store::Factory.extract_host_options_from_uri(url)
@@ -40,10 +40,10 @@ module Gitlab
     def initialize(rails_env=nil)
       rails_env ||= Rails.env
       config_file = File.expand_path('../../../config/resque.yml', __FILE__)
-  
+
       @url = "redis://localhost:6379"
-      if File.exists?(config_file)
-        @url =YAML.load_file(config_file)[rails_env]
+      if File.exist?(config_file)
+        @url = YAML.load_file(config_file)[rails_env]
       end
     end
   end
diff --git a/lib/gitlab/regex.rb b/lib/gitlab/regex.rb
index ace906a6f59..1cbd6d945a0 100644
--- a/lib/gitlab/regex.rb
+++ b/lib/gitlab/regex.rb
@@ -96,5 +96,9 @@ module Gitlab
         (?<![\/.])                (?# rule #6-7)
       }x.freeze
     end
+
+    def container_registry_reference_regex
+      git_reference_regex
+    end
   end
 end
diff --git a/lib/gitlab/sanitizers/svg.rb b/lib/gitlab/sanitizers/svg.rb
new file mode 100644
index 00000000000..b98589dff89
--- /dev/null
+++ b/lib/gitlab/sanitizers/svg.rb
@@ -0,0 +1,37 @@
+require_relative "svg/whitelist"
+
+module Gitlab
+  module Sanitizers
+    module SVG
+      def self.clean(data)
+        Loofah.xml_document(data).scrub!(Scrubber.new).to_s
+      end
+
+      class Scrubber < Loofah::Scrubber
+        # http://www.whatwg.org/specs/web-apps/current-work/multipage/elements.html#embedding-custom-non-visible-data-with-the-data-*-attributes
+        DATA_ATTR_PATTERN = /\Adata-(?!xml)[a-z_][\w.\u00E0-\u00F6\u00F8-\u017F\u01DD-\u02AF-]*\z/u
+
+        def scrub(node)
+          unless ALLOWED_ELEMENTS.include?(node.name)
+            node.unlink
+          else
+            node.attributes.each do |attr_name, attr|
+              valid_attributes = ALLOWED_ATTRIBUTES[node.name]
+
+              unless valid_attributes && valid_attributes.include?(attr_name)
+                if ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS.include?(node.name) &&
+                    attr_name.start_with?('data-')
+                  # Arbitrary data attributes are allowed. Verify that the attribute
+                  # is a valid data attribute.
+                  attr.unlink unless attr_name =~ DATA_ATTR_PATTERN
+                else
+                  attr.unlink
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/sanitizers/svg/whitelist.rb b/lib/gitlab/sanitizers/svg/whitelist.rb
new file mode 100644
index 00000000000..917e795b29e
--- /dev/null
+++ b/lib/gitlab/sanitizers/svg/whitelist.rb
@@ -0,0 +1,107 @@
+# Generated from:
+# SVG element list: https://www.w3.org/TR/SVG/eltindex.html
+# SVG Attribute list: https://www.w3.org/TR/SVG/attindex.html
+module Gitlab
+  module Sanitizers
+    module SVG
+      ALLOWED_ELEMENTS = %w[
+        a altGlyph altGlyphDef altGlyphItem animate
+        animateColor animateMotion animateTransform circle clipPath color-profile
+        cursor defs desc ellipse feBlend feColorMatrix feComponentTransfer
+        feComposite feConvolveMatrix feDiffuseLighting feDisplacementMap
+        feDistantLight feFlood feFuncA feFuncB feFuncG feFuncR feGaussianBlur
+        feImage feMerge feMergeNode feMorphology feOffset fePointLight
+        feSpecularLighting feSpotLight feTile feTurbulence filter font font-face
+        font-face-format font-face-name font-face-src font-face-uri foreignObject
+        g glyph glyphRef hkern image line linearGradient marker mask metadata
+        missing-glyph mpath path pattern polygon polyline radialGradient rect
+        script set stop style svg switch symbol text textPath title tref tspan use
+        view vkern].freeze
+
+      ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS = %w[svg].freeze
+
+      ALLOWED_ATTRIBUTES = {
+        'a' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage target text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'altGlyph' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight format glyph-orientation-horizontal glyph-orientation-vertical glyphRef id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rotate shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering unicode-bidi visibility word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'altGlyphDef' => %w[id xml:base xml:lang xml:space],
+        'altGlyphItem' => %w[id xml:base xml:lang xml:space],
+        'animate' => %w[accumulate additive alignment-baseline attributeName attributeType baseline-shift begin by calcMode clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dur enable-background end externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight from glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning keySplines keyTimes letter-spacing lighting-color marker-end marker-mid marker-start mask max min onbegin onend onload onrepeat opacity overflow pointer-events repeatCount repeatDur requiredExtensions requiredFeatures restart shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width systemLanguage text-anchor text-decoration text-rendering to unicode-bidi values visibility word-spacing writing-mode xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'animateColor' => %w[accumulate additive alignment-baseline attributeName attributeType baseline-shift begin by calcMode clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dur enable-background end externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight from glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning keySplines keyTimes letter-spacing lighting-color marker-end marker-mid marker-start mask max min onbegin onend onload onrepeat opacity overflow pointer-events repeatCount repeatDur requiredExtensions requiredFeatures restart shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width systemLanguage text-anchor text-decoration text-rendering to unicode-bidi values visibility word-spacing writing-mode xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'animateMotion' => %w[accumulate additive begin by calcMode dur end externalResourcesRequired fill from id keyPoints keySplines keyTimes max min onbegin onend onload onrepeat origin path repeatCount repeatDur requiredExtensions requiredFeatures restart rotate systemLanguage to values xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'animateTransform' => %w[accumulate additive attributeName attributeType begin by calcMode dur end externalResourcesRequired fill from id keySplines keyTimes max min onbegin onend onload onrepeat repeatCount repeatDur requiredExtensions requiredFeatures restart systemLanguage to type values xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'circle' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor cx cy direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events r requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'clipPath' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule clipPathUnits color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'color-profile' => %w[id local name rendering-intent xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'cursor' => %w[externalResourcesRequired id requiredExtensions requiredFeatures systemLanguage x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'defs' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'desc' => %w[class id style xml:base xml:lang xml:space],
+        'ellipse' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor cx cy direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rx ry shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'feBlend' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in in2 kerning letter-spacing lighting-color marker-end marker-mid marker-start mask mode opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feColorMatrix' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering type unicode-bidi values visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feComponentTransfer' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feComposite' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in in2 k1 k2 k3 k4 kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity operator overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feConvolveMatrix' => %w[alignment-baseline baseline-shift bias class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display divisor dominant-baseline edgeMode enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kernelMatrix kernelUnitLength kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity order overflow pointer-events preserveAlpha result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style targetX targetY text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feDiffuseLighting' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor diffuseConstant direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kernelUnitLength kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style surfaceScale text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feDisplacementMap' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in in2 kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result scale shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xChannelSelector xml:base xml:lang xml:space y yChannelSelector],
+        'feDistantLight' => %w[azimuth elevation id xml:base xml:lang xml:space],
+        'feFlood' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feFuncA' => %w[amplitude exponent id intercept offset slope tableValues type xml:base xml:lang xml:space],
+        'feFuncB' => %w[amplitude exponent id intercept offset slope tableValues type xml:base xml:lang xml:space],
+        'feFuncG' => %w[amplitude exponent id intercept offset slope tableValues type xml:base xml:lang xml:space],
+        'feFuncR' => %w[amplitude exponent id intercept offset slope tableValues type xml:base xml:lang xml:space],
+        'feGaussianBlur' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stdDeviation stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feImage' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events preserveAspectRatio result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'feMerge' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feMergeNode' => %w[id xml:base xml:lang xml:space],
+        'feMorphology' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity operator overflow pointer-events radius result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feOffset' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'fePointLight' => %w[id x xml:base xml:lang xml:space y z],
+        'feSpecularLighting' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kernelUnitLength kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering specularConstant specularExponent stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style surfaceScale text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feSpotLight' => %w[id limitingConeAngle pointsAtX pointsAtY pointsAtZ specularExponent x xml:base xml:lang xml:space y z],
+        'feTile' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering in kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events result shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'feTurbulence' => %w[alignment-baseline baseFrequency baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask numOctaves opacity overflow pointer-events result seed shape-rendering stitchTiles stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering type unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'filter' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter filterRes filterUnits flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events primitiveUnits shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'font' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x horiz-origin-x horiz-origin-y id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi vert-adv-y vert-origin-x vert-origin-y visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'font-face' => %w[accent-height alphabetic ascent bbox cap-height descent font-family font-size font-stretch font-style font-variant font-weight hanging id ideographic mathematical overline-position overline-thickness panose-1 slope stemh stemv strikethrough-position strikethrough-thickness underline-position underline-thickness unicode-range units-per-em v-alphabetic v-hanging v-ideographic v-mathematical widths x-height xml:base xml:lang xml:space],
+        'font-face-format' => %w[id string xml:base xml:lang xml:space],
+        'font-face-name' => %w[id name xml:base xml:lang xml:space],
+        'font-face-src' => %w[id xml:base xml:lang xml:space],
+        'font-face-uri' => %w[id xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'foreignObject' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'g' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'glyph' => %w[alignment-baseline arabic-form baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor d direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-name glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x id image-rendering kerning lang letter-spacing lighting-color marker-end marker-mid marker-start mask opacity orientation overflow pointer-events shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode unicode-bidi vert-adv-y vert-origin-x vert-origin-y visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'glyphRef' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight format glyph-orientation-horizontal glyph-orientation-vertical glyphRef id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'hkern' => %w[g1 g2 id k u1 u2 xml:base xml:lang xml:space],
+        'image' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events preserveAspectRatio requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility width word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'line' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode x1 x2 xml:base xml:lang xml:space y1 y2],
+        'linearGradient' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical gradientTransform gradientUnits id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events shape-rendering spreadMethod stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility word-spacing writing-mode x1 x2 xlink:arcrole xlink:href xlink:role xlink:title xlink:type xml:base xml:lang xml:space y1 y2],
+        'marker' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start markerHeight markerUnits markerWidth mask opacity orient overflow pointer-events preserveAspectRatio refX refY shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi viewBox visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'mask' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask maskContentUnits maskUnits opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'metadata' => %w[id xml:base xml:lang xml:space],
+        'missing-glyph' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor d direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical horiz-adv-x id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi vert-adv-y vert-origin-x vert-origin-y visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'mpath' => %w[externalResourcesRequired id xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'path' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor d direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pathLength pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'pattern' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow patternContentUnits patternTransform patternUnits pointer-events preserveAspectRatio requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering unicode-bidi viewBox visibility width word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'polygon' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events points requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'polyline' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events points requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'radialGradient' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor cx cy direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight fx fy glyph-orientation-horizontal glyph-orientation-vertical gradientTransform gradientUnits id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask opacity overflow pointer-events r shape-rendering spreadMethod stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility word-spacing writing-mode xlink:arcrole xlink:href xlink:role xlink:title xlink:type xml:base xml:lang xml:space],
+        'rect' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rx ry shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility width word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'script' => %w[externalResourcesRequired id type xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'set' => %w[attributeName attributeType begin dur end externalResourcesRequired fill id max min onbegin onend onload onrepeat repeatCount repeatDur requiredExtensions requiredFeatures restart systemLanguage to xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space],
+        'stop' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask offset opacity overflow pointer-events shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'style' => %w[id media title type xml:base xml:lang xml:space],
+        'svg' => %w[alignment-baseline baseProfile baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering contentScriptType contentStyleType cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onabort onactivate onclick onerror onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup onresize onscroll onunload onzoom opacity overflow pointer-events preserveAspectRatio requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering unicode-bidi version viewBox visibility width word-spacing writing-mode x xml:base xml:lang xml:space xmlns y zoomAndPan],
+        'switch' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'symbol' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events preserveAspectRatio shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style text-anchor text-decoration text-rendering unicode-bidi viewBox visibility word-spacing writing-mode xml:base xml:lang xml:space],
+        'text' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning lengthAdjust letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rotate shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering textLength transform unicode-bidi visibility word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'textPath' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning lengthAdjust letter-spacing lighting-color marker-end marker-mid marker-start mask method onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering spacing startOffset stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering textLength unicode-bidi visibility word-spacing writing-mode xlink:arcrole xlink:href xlink:role xlink:title xlink:type xml:base xml:lang xml:space],
+        'title' => %w[class id style xml:base xml:lang xml:space],
+        'tref' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning lengthAdjust letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rotate shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering textLength unicode-bidi visibility word-spacing writing-mode x xlink:arcrole xlink:href xlink:role xlink:title xlink:type xml:base xml:lang xml:space y],
+        'tspan' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline dx dy enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical id image-rendering kerning lengthAdjust letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures rotate shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering textLength unicode-bidi visibility word-spacing writing-mode x xml:base xml:lang xml:space y],
+        'use' => %w[alignment-baseline baseline-shift class clip clip-path clip-rule color color-interpolation color-interpolation-filters color-profile color-rendering cursor direction display dominant-baseline enable-background externalResourcesRequired fill fill-opacity fill-rule filter flood-color flood-opacity font-family font-size font-size-adjust font-stretch font-style font-variant font-weight glyph-orientation-horizontal glyph-orientation-vertical height id image-rendering kerning letter-spacing lighting-color marker-end marker-mid marker-start mask onactivate onclick onfocusin onfocusout onload onmousedown onmousemove onmouseout onmouseover onmouseup opacity overflow pointer-events requiredExtensions requiredFeatures shape-rendering stop-color stop-opacity stroke stroke-dasharray stroke-dashoffset stroke-linecap stroke-linejoin stroke-miterlimit stroke-opacity stroke-width style systemLanguage text-anchor text-decoration text-rendering transform unicode-bidi visibility width word-spacing writing-mode x xlink:actuate xlink:arcrole xlink:href xlink:role xlink:show xlink:title xlink:type xml:base xml:lang xml:space y],
+        'view' => %w[externalResourcesRequired id preserveAspectRatio viewBox viewTarget xml:base xml:lang xml:space zoomAndPan],
+        'vkern' => %w[g1 g2 id k u1 u2 xml:base xml:lang xml:space]
+      }.freeze
+    end
+  end
+end
diff --git a/lib/gitlab/url_builder.rb b/lib/gitlab/url_builder.rb
index 2bbbd3074e8..fe65c246101 100644
--- a/lib/gitlab/url_builder.rb
+++ b/lib/gitlab/url_builder.rb
@@ -62,7 +62,7 @@ module Gitlab
     end
 
     def wiki_page_url
-      "#{Gitlab.config.gitlab.url}#{object.wiki.wiki_base_path}/#{object.slug}"
+      namespace_project_wiki_url(object.wiki.project.namespace, object.wiki.project, object.slug)
     end
   end
 end
diff --git a/lib/gitlab/import_url.rb b/lib/gitlab/url_sanitizer.rb
similarity index 65%
rename from lib/gitlab/import_url.rb
rename to lib/gitlab/url_sanitizer.rb
index d23b013c1f5..c59d53b941a 100644
--- a/lib/gitlab/import_url.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -1,7 +1,13 @@
 module Gitlab
-  class ImportUrl
+  class UrlSanitizer
+    def self.sanitize(content)
+      regexp = URI::Parser.new.make_regexp(['http', 'https', 'ssh', 'git'])
+
+      content.gsub(regexp) { |url| new(url).masked_url }
+    end
+
     def initialize(url, credentials: nil)
-      @url = URI.parse(URI.encode(url))
+      @url = Addressable::URI.parse(URI.encode(url))
       @credentials = credentials
     end
 
@@ -9,6 +15,13 @@ module Gitlab
       @sanitized_url ||= safe_url.to_s
     end
 
+    def masked_url
+      url = @url.dup
+      url.password = "*****" unless url.password.nil?
+      url.user = "*****" unless url.user.nil?
+      url.to_s
+    end
+
     def credentials
       @credentials ||= { user: @url.user, password: @url.password }
     end
diff --git a/lib/json_web_token/rsa_token.rb b/lib/json_web_token/rsa_token.rb
new file mode 100644
index 00000000000..d6d6af7089c
--- /dev/null
+++ b/lib/json_web_token/rsa_token.rb
@@ -0,0 +1,42 @@
+module JSONWebToken
+  class RSAToken < Token
+    attr_reader :key_file
+
+    def initialize(key_file)
+      super()
+      @key_file = key_file
+    end
+
+    def encoded
+      headers = {
+        kid: kid
+      }
+      JWT.encode(payload, key, 'RS256', headers)
+    end
+
+    private
+
+    def key_data
+      @key_data ||= File.read(key_file)
+    end
+
+    def key
+      @key ||= OpenSSL::PKey::RSA.new(key_data)
+    end
+
+    def public_key
+      key.public_key
+    end
+
+    def kid
+      # calculate sha256 from DER encoded ASN1
+      kid = Digest::SHA256.digest(public_key.to_der)
+
+      # we encode only 30 bytes with base32
+      kid = Base32.encode(kid[0..29])
+
+      # insert colon every 4 characters
+      kid.scan(/.{4}/).join(':')
+    end
+  end
+end
diff --git a/lib/json_web_token/token.rb b/lib/json_web_token/token.rb
new file mode 100644
index 00000000000..5b67715b0b2
--- /dev/null
+++ b/lib/json_web_token/token.rb
@@ -0,0 +1,46 @@
+module JSONWebToken
+  class Token
+    attr_accessor :issuer, :subject, :audience, :id
+    attr_accessor :issued_at, :not_before, :expire_time
+
+    def initialize
+      @id = SecureRandom.uuid
+      @issued_at = Time.now
+      # we give a few seconds for time shift
+      @not_before = issued_at - 5.seconds
+      # default 60 seconds should be more than enough for this authentication token
+      @expire_time = issued_at + 1.minute
+      @custom_payload = {}
+    end
+
+    def [](key)
+      @custom_payload[key]
+    end
+
+    def []=(key, value)
+      @custom_payload[key] = value
+    end
+
+    def encoded
+      raise NotImplementedError
+    end
+
+    def payload
+      @custom_payload.merge(default_payload)
+    end
+
+    private
+
+    def default_payload
+      {
+        jti: id,
+        aud: audience,
+        sub: subject,
+        iss: issuer,
+        iat: issued_at.to_i,
+        nbf: not_before.to_i,
+        exp: expire_time.to_i
+      }.compact
+    end
+  end
+end
diff --git a/lib/support/init.d/gitlab b/lib/support/init.d/gitlab
index d95e7023d2e..31b00ff128a 100755
--- a/lib/support/init.d/gitlab
+++ b/lib/support/init.d/gitlab
@@ -173,7 +173,7 @@ check_stale_pids(){
     fi
   fi
   if [ "$hpid" != "0" ] && [ "$gitlab_workhorse_status" != "0" ]; then
-    echo "Removing stale gitlab-workhorse pid. This is most likely caused by gitlab-workhorse crashing the last time it ran."
+    echo "Removing stale GitLab Workhorse pid. This is most likely caused by GitLab Workhorse crashing the last time it ran."
     if ! rm "$gitlab_workhorse_pid_path"; then
       echo "Unable to remove stale pid, exiting"
       exit 1
@@ -208,7 +208,7 @@ start_gitlab() {
     echo "Starting GitLab Sidekiq"
   fi
   if [ "$gitlab_workhorse_status" != "0" ]; then
-    echo "Starting gitlab-workhorse"
+    echo "Starting GitLab Workhorse"
   fi
   if [ "$mail_room_enabled" = true ] && [ "$mail_room_status" != "0" ]; then
     echo "Starting GitLab MailRoom"
@@ -232,7 +232,7 @@ start_gitlab() {
   fi
 
   if [ "$gitlab_workhorse_status" = "0" ]; then
-    echo "The gitlab-workhorse is already running with pid $spid, not restarting"
+    echo "The GitLab Workhorse is already running with pid $spid, not restarting"
   else
     # No need to remove a socket, gitlab-workhorse does this itself.
     # Because gitlab-workhorse has multiple executables we need to fix
@@ -271,7 +271,7 @@ stop_gitlab() {
     RAILS_ENV=$RAILS_ENV bin/background_jobs stop
   fi
   if [ "$gitlab_workhorse_status" = "0" ]; then
-    echo "Shutting down gitlab-workhorse"
+    echo "Shutting down GitLab Workhorse"
     kill -- $(cat $gitlab_workhorse_pid_path)
   fi
   if [ "$mail_room_enabled" = true ] && [ "$mail_room_status" = "0" ]; then
@@ -320,9 +320,9 @@ print_status() {
       printf "The GitLab Sidekiq job dispatcher is \033[31mnot running\033[0m.\n"
   fi
   if [ "$gitlab_workhorse_status" = "0" ]; then
-      echo "The gitlab-workhorse with pid $hpid is running."
+      echo "The GitLab Workhorse with pid $hpid is running."
   else
-      printf "The gitlab-workhorse is \033[31mnot running\033[0m.\n"
+      printf "The GitLab Workhorse is \033[31mnot running\033[0m.\n"
   fi
   if [ "$mail_room_enabled" = true ]; then
     if [ "$mail_room_status" = "0" ]; then
diff --git a/lib/support/nginx/gitlab b/lib/support/nginx/gitlab
index 1324e4cd267..d521de28e8a 100644
--- a/lib/support/nginx/gitlab
+++ b/lib/support/nginx/gitlab
@@ -61,7 +61,8 @@ server {
   error_page 422 /422.html;
   error_page 500 /500.html;
   error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
+  error_page 503 /503.html;
+  location ~ ^/(404|422|500|502|503)\.html$ {
     root /home/git/gitlab/public;
     internal;
   }
diff --git a/lib/support/nginx/gitlab-ssl b/lib/support/nginx/gitlab-ssl
index af6ea9ed706..bf014b56cf6 100644
--- a/lib/support/nginx/gitlab-ssl
+++ b/lib/support/nginx/gitlab-ssl
@@ -105,7 +105,8 @@ server {
   error_page 422 /422.html;
   error_page 500 /500.html;
   error_page 502 /502.html;
-  location ~ ^/(404|422|500|502)\.html$ {
+  error_page 503 /503.html;
+  location ~ ^/(404|422|500|502|503)\.html$ {
     root /home/git/gitlab/public;
     internal;
   }
diff --git a/lib/tasks/gitlab/backup.rake b/lib/tasks/gitlab/backup.rake
index 402bb338f27..d97d974ec20 100644
--- a/lib/tasks/gitlab/backup.rake
+++ b/lib/tasks/gitlab/backup.rake
@@ -14,6 +14,7 @@ namespace :gitlab do
       Rake::Task["gitlab:backup:builds:create"].invoke
       Rake::Task["gitlab:backup:artifacts:create"].invoke
       Rake::Task["gitlab:backup:lfs:create"].invoke
+      Rake::Task["gitlab:backup:registry:create"].invoke
 
       backup = Backup::Manager.new
       backup.pack
@@ -54,6 +55,7 @@ namespace :gitlab do
       Rake::Task['gitlab:backup:builds:restore'].invoke unless backup.skipped?('builds')
       Rake::Task['gitlab:backup:artifacts:restore'].invoke unless backup.skipped?('artifacts')
       Rake::Task['gitlab:backup:lfs:restore'].invoke unless backup.skipped?('lfs')
+      Rake::Task['gitlab:backup:registry:restore'].invoke unless backup.skipped?('registry')
       Rake::Task['gitlab:shell:setup'].invoke
 
       backup.cleanup
@@ -173,6 +175,25 @@ namespace :gitlab do
       end
     end
 
+    namespace :registry do
+      task create: :environment do
+        $progress.puts "Dumping container registry images ... ".blue
+
+        if ENV["SKIP"] && ENV["SKIP"].include?("registry")
+          $progress.puts "[SKIPPED]".cyan
+        else
+          Backup::Registry.new.dump
+          $progress.puts "done".green
+        end
+      end
+
+      task restore: :environment do
+        $progress.puts "Restoring container registry images ... ".blue
+        Backup::Registry.new.restore
+        $progress.puts "done".green
+      end
+    end
+
     def configure_cron_mode
       if ENV['CRON']
         # We need an object we can say 'puts' and 'print' to; let's use a
diff --git a/lib/tasks/gitlab/db.rake b/lib/tasks/gitlab/db.rake
index 4921c6e0bcf..e473b756023 100644
--- a/lib/tasks/gitlab/db.rake
+++ b/lib/tasks/gitlab/db.rake
@@ -29,7 +29,12 @@ namespace :gitlab do
       tables.delete 'schema_migrations'
       # Truncate schema_migrations to ensure migrations re-run
       connection.execute('TRUNCATE schema_migrations')
-      tables.each { |t| connection.execute("DROP TABLE #{t}") }
+
+      # Drop tables with cascade to avoid dependent table errors
+      # PG: http://www.postgresql.org/docs/current/static/ddl-depend.html
+      # MySQL: http://dev.mysql.com/doc/refman/5.7/en/drop-table.html
+      # Add `IF EXISTS` because cascade could have already deleted a table.
+      tables.each { |t| connection.execute("DROP TABLE IF EXISTS #{t} CASCADE") }
     end
   end
 end
diff --git a/public/503.html b/public/503.html
new file mode 100644
index 00000000000..6ab1185658d
--- /dev/null
+++ b/public/503.html
@@ -0,0 +1,54 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>GitLab is not responding (503)</title>
+  <style>
+    body {
+      color: #666;
+      text-align: center;
+      font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
+      margin: 0;
+      width: 800px;
+      margin: auto;
+      font-size: 14px;
+    }
+
+    h1 {
+      font-size: 56px;
+      line-height: 100px;
+      font-weight: normal;
+      color: #456;
+    }
+
+    h2 {
+      font-size: 24px;
+      color: #666;
+      line-height: 1.5em;
+    }
+
+    h3 {
+      color: #456;
+      font-size: 20px;
+      font-weight: normal;
+      line-height: 28px;
+    }
+
+    hr {
+      margin: 18px 0;
+      border: 0;
+      border-top: 1px solid #EEE;
+      border-bottom: 1px solid white;
+    }
+  </style>
+</head>
+<body>
+  <h1>
+    <img src="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjEwIiBoZWlnaHQ9IjIxMCIgdmlld0JveD0iMCAwIDIxMCAyMTAiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CiAgPHBhdGggZD0iTTEwNS4wNjE0IDIwMy42NTVsMzguNjQtMTE4LjkyMWgtNzcuMjhsMzguNjQgMTE4LjkyMXoiIGZpbGw9IiNlMjQzMjkiLz4KICA8cGF0aCBkPSJNMTA1LjA2MTQgMjAzLjY1NDhsLTM4LjY0LTExOC45MjFoLTU0LjE1M2w5Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYiLz4KICA8cGF0aCBkPSJNMTIuMjY4NSA4NC43MzQxbC0xMS43NDIgMzYuMTM5Yy0xLjA3MSAzLjI5Ni4xMDIgNi45MDcgMi45MDYgOC45NDRsMTAxLjYyOSA3My44MzgtOTIuNzkzLTExOC45MjF6IiBmaWxsPSIjZmNhMzI2Ii8+CiAgPHBhdGggZD0iTTEyLjI2ODUgODQuNzM0Mmg1NC4xNTNsLTIzLjI3My03MS42MjVjLTEuMTk3LTMuNjg2LTYuNDExLTMuNjg1LTcuNjA4IDBsLTIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+CiAgPHBhdGggZD0iTTEwNS4wNjE0IDIwMy42NTQ4bDM4LjY0LTExOC45MjFoNTQuMTUzbC05Mi43OTMgMTE4LjkyMXoiIGZpbGw9IiNmYzZkMjYiLz4KICA8cGF0aCBkPSJNMTk3Ljg1NDQgODQuNzM0MWwxMS43NDIgMzYuMTM5YzEuMDcxIDMuMjk2LS4xMDIgNi45MDctMi45MDYgOC45NDRsLTEwMS42MjkgNzMuODM4IDkyLjc5My0xMTguOTIxeiIgZmlsbD0iI2ZjYTMyNiIvPgogIDxwYXRoIGQ9Ik0xOTcuODU0NCA4NC43MzQyaC01NC4xNTNsMjMuMjczLTcxLjYyNWMxLjE5Ny0zLjY4NiA2LjQxMS0zLjY4NSA3LjYwOCAwbDIzLjI3MiA3MS42MjV6IiBmaWxsPSIjZTI0MzI5Ii8+Cjwvc3ZnPgo=" alt="GitLab Logo"/><br />
+    503
+  </h1>
+  <h3>Whoops, GitLab is currently unavailable.</h3>
+  <hr/>
+  <p>Try refreshing the page, or going back and attempting the action again.</p>
+  <p>Please contact your GitLab administrator if this problem persists.</p>
+</body>
+</html>
diff --git a/public/robots.txt b/public/robots.txt
index 4f616c7f4c1..334f4c03533 100644
--- a/public/robots.txt
+++ b/public/robots.txt
@@ -65,3 +65,4 @@ Disallow: /*/*/deploy_keys
 Disallow: /*/*/hooks
 Disallow: /*/*/services
 Disallow: /*/*/protected_branches
+Disallow: /*/*/uploads/
diff --git a/app/views/projects/notes/_commit_discussion.html.haml b/shared/registry/.gitkeep
similarity index 100%
rename from app/views/projects/notes/_commit_discussion.html.haml
rename to shared/registry/.gitkeep
diff --git a/spec/config/mail_room_spec.rb b/spec/config/mail_room_spec.rb
index 462afb24f08..6fad7e2b9e7 100644
--- a/spec/config/mail_room_spec.rb
+++ b/spec/config/mail_room_spec.rb
@@ -43,7 +43,7 @@ describe "mail_room.yml" do
       redis_config_file = Rails.root.join('config', 'resque.yml')
 
       redis_url =
-        if File.exists?(redis_config_file)
+        if File.exist?(redis_config_file)
           YAML.load_file(redis_config_file)[Rails.env]
         else
           "redis://localhost:6379"
diff --git a/spec/controllers/admin/impersonation_controller_spec.rb b/spec/controllers/admin/impersonation_controller_spec.rb
deleted file mode 100644
index d7a7ba1c5b6..00000000000
--- a/spec/controllers/admin/impersonation_controller_spec.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-require 'spec_helper'
-
-describe Admin::ImpersonationController do
-  let(:admin) { create(:admin) }
-
-  before do
-    sign_in(admin)
-  end
-
-  describe 'CREATE #impersonation when blocked' do
-    let(:blocked_user) { create(:user, state: :blocked) }
-
-    it 'does not allow impersonation' do
-      post :create, id: blocked_user.username
-
-      expect(flash[:alert]).to eq 'You cannot impersonate a blocked user'
-    end
-  end
-end
diff --git a/spec/controllers/admin/impersonations_controller_spec.rb b/spec/controllers/admin/impersonations_controller_spec.rb
new file mode 100644
index 00000000000..eb82476b179
--- /dev/null
+++ b/spec/controllers/admin/impersonations_controller_spec.rb
@@ -0,0 +1,95 @@
+require 'spec_helper'
+
+describe Admin::ImpersonationsController do
+  let(:impersonator) { create(:admin) }
+  let(:user) { create(:user) }
+
+  describe "DELETE destroy" do
+    context "when not signed in" do
+      it "redirects to the sign in page" do
+        delete :destroy
+
+        expect(response).to redirect_to(new_user_session_path)
+      end
+    end
+
+    context "when signed in" do
+      before do
+        sign_in(user)
+      end
+
+      context "when not impersonating" do
+        it "responds with status 404" do
+          delete :destroy
+
+          expect(response.status).to eq(404)
+        end
+
+        it "doesn't sign us in" do
+          delete :destroy
+
+          expect(warden.user).to eq(user)
+        end
+      end
+
+      context "when impersonating" do
+        before do
+          session[:impersonator_id] = impersonator.id
+        end
+
+        context "when the impersonator is not admin (anymore)" do
+          before do
+            impersonator.admin = false
+            impersonator.save
+          end
+
+          it "responds with status 404" do
+            delete :destroy
+
+            expect(response.status).to eq(404)
+          end
+
+          it "doesn't sign us in as the impersonator" do
+            delete :destroy
+
+            expect(warden.user).to eq(user)
+          end
+        end
+
+        context "when the impersonator is admin" do
+          context "when the impersonator is blocked" do
+            before do
+              impersonator.block!
+            end
+
+            it "responds with status 404" do
+              delete :destroy
+
+              expect(response.status).to eq(404)
+            end
+
+            it "doesn't sign us in as the impersonator" do
+              delete :destroy
+
+              expect(warden.user).to eq(user)
+            end
+          end
+
+          context "when the impersonator is not blocked" do
+            it "redirects to the impersonated user's page" do
+              delete :destroy
+
+              expect(response).to redirect_to(admin_user_path(user))
+            end
+
+            it "signs us in as the impersonator" do
+              delete :destroy
+
+              expect(warden.user).to eq(impersonator)
+            end
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/spec/controllers/admin/users_controller_spec.rb b/spec/controllers/admin/users_controller_spec.rb
index 9ef8ba1b097..6caf37ddc2c 100644
--- a/spec/controllers/admin/users_controller_spec.rb
+++ b/spec/controllers/admin/users_controller_spec.rb
@@ -2,9 +2,10 @@ require 'spec_helper'
 
 describe Admin::UsersController do
   let(:user) { create(:user) }
+  let(:admin) { create(:admin) }
 
   before do
-    sign_in(create(:admin))
+    sign_in(admin)
   end
 
   describe 'DELETE #user with projects' do
@@ -112,4 +113,126 @@ describe Admin::UsersController do
       patch :disable_two_factor, id: user.to_param
     end
   end
+
+  describe 'POST update' do
+    context 'when the password has changed' do
+      def update_password(user, password, password_confirmation = nil)
+        params = {
+          id: user.to_param,
+          user: {
+            password: password,
+            password_confirmation: password_confirmation || password
+          }
+        }
+
+        post :update, params
+      end
+
+      context 'when the new password is valid' do
+        it 'redirects to the user' do
+          update_password(user, 'AValidPassword1')
+
+          expect(response).to redirect_to(admin_user_path(user))
+        end
+
+        it 'updates the password' do
+          update_password(user, 'AValidPassword1')
+
+          expect { user.reload }.to change { user.encrypted_password }
+        end
+
+        it 'sets the new password to expire immediately' do
+          update_password(user, 'AValidPassword1')
+
+          expect { user.reload }.to change { user.password_expires_at }.to(a_value <= Time.now)
+        end
+      end
+
+      context 'when the new password is invalid' do
+        it 'shows the edit page again' do
+          update_password(user, 'invalid')
+
+          expect(response).to render_template(:edit)
+        end
+
+        it 'returns the error message' do
+          update_password(user, 'invalid')
+
+          expect(assigns[:user].errors).to contain_exactly(a_string_matching(/too short/))
+        end
+
+        it 'does not update the password' do
+          update_password(user, 'invalid')
+
+          expect { user.reload }.not_to change { user.encrypted_password }
+        end
+      end
+
+      context 'when the new password does not match the password confirmation' do
+        it 'shows the edit page again' do
+          update_password(user, 'AValidPassword1', 'AValidPassword2')
+
+          expect(response).to render_template(:edit)
+        end
+
+        it 'returns the error message' do
+          update_password(user, 'AValidPassword1', 'AValidPassword2')
+
+          expect(assigns[:user].errors).to contain_exactly(a_string_matching(/doesn't match/))
+        end
+
+        it 'does not update the password' do
+          update_password(user, 'AValidPassword1', 'AValidPassword2')
+
+          expect { user.reload }.not_to change { user.encrypted_password }
+        end
+      end
+    end
+  end
+
+  describe "POST impersonate" do
+    context "when the user is blocked" do
+      before do
+        user.block!
+      end
+
+      it "shows a notice" do
+        post :impersonate, id: user.username
+
+        expect(flash[:alert]).to eq("You cannot impersonate a blocked user")
+      end
+
+      it "doesn't sign us in as the user" do
+        post :impersonate, id: user.username
+
+        expect(warden.user).to eq(admin)
+      end
+    end
+
+    context "when the user is not blocked" do
+      it "stores the impersonator in the session" do
+        post :impersonate, id: user.username
+
+        expect(session[:impersonator_id]).to eq(admin.id)
+      end
+
+      it "signs us in as the user" do
+        post :impersonate, id: user.username
+
+        expect(warden.user).to eq(user)
+      end
+
+      it "redirects to root" do
+        post :impersonate, id: user.username
+
+        expect(response).to redirect_to(root_path)
+      end
+
+      it "shows a notice" do
+        post :impersonate, id: user.username
+
+        expect(flash[:alert]).to eq("You are now impersonating #{user.username}")
+      end
+    end
+  end
 end
diff --git a/spec/controllers/health_check_controller_spec.rb b/spec/controllers/health_check_controller_spec.rb
new file mode 100644
index 00000000000..0d8a68bb51a
--- /dev/null
+++ b/spec/controllers/health_check_controller_spec.rb
@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe HealthCheckController do
+  let(:token) { current_application_settings.health_check_access_token }
+  let(:json_response) { JSON.parse(response.body) }
+  let(:xml_response) { Hash.from_xml(response.body)['hash'] }
+
+  describe 'GET #index' do
+    context 'when services are up but NO access token' do
+      it 'returns a not found page' do
+        get :index
+        expect(response).to be_not_found
+      end
+    end
+
+    context 'when services are up and an access token is provided' do
+      it 'supports passing the token in the header' do
+        request.headers['TOKEN'] = token
+        get :index
+        expect(response).to be_success
+        expect(response.content_type).to eq 'text/plain'
+      end
+
+      it 'supports successful plaintest response' do
+        get :index, token: token
+        expect(response).to be_success
+        expect(response.content_type).to eq 'text/plain'
+      end
+
+      it 'supports successful json response' do
+        get :index, token: token, format: :json
+        expect(response).to be_success
+        expect(response.content_type).to eq 'application/json'
+        expect(json_response['healthy']).to be true
+      end
+
+      it 'supports successful xml response' do
+        get :index, token: token, format: :xml
+        expect(response).to be_success
+        expect(response.content_type).to eq 'application/xml'
+        expect(xml_response['healthy']).to be true
+      end
+
+      it 'supports successful responses for specific checks' do
+        get :index, token: token, checks: 'email', format: :json
+        expect(response).to be_success
+        expect(response.content_type).to eq 'application/json'
+        expect(json_response['healthy']).to be true
+      end
+    end
+
+    context 'when a service is down but NO access token' do
+      it 'returns a not found page' do
+        get :index
+        expect(response).to be_not_found
+      end
+    end
+
+    context 'when a service is down and an access token is provided' do
+      before do
+        allow(HealthCheck::Utils).to receive(:process_checks).with('standard').and_return('The server is on fire')
+        allow(HealthCheck::Utils).to receive(:process_checks).with('email').and_return('Email is on fire')
+      end
+
+      it 'supports passing the token in the header' do
+        request.headers['TOKEN'] = token
+        get :index
+        expect(response.status).to eq(500)
+        expect(response.content_type).to eq 'text/plain'
+        expect(response.body).to include('The server is on fire')
+      end
+
+      it 'supports failure plaintest response' do
+        get :index, token: token
+        expect(response.status).to eq(500)
+        expect(response.content_type).to eq 'text/plain'
+        expect(response.body).to include('The server is on fire')
+      end
+
+      it 'supports failure json response' do
+        get :index, token: token, format: :json
+        expect(response.status).to eq(500)
+        expect(response.content_type).to eq 'application/json'
+        expect(json_response['healthy']).to be false
+        expect(json_response['message']).to include('The server is on fire')
+      end
+
+      it 'supports failure xml response' do
+        get :index, token: token, format: :xml
+        expect(response.status).to eq(500)
+        expect(response.content_type).to eq 'application/xml'
+        expect(xml_response['healthy']).to be false
+        expect(xml_response['message']).to include('The server is on fire')
+      end
+
+      it 'supports failure responses for specific checks' do
+        get :index, token: token, checks: 'email', format: :json
+        expect(response.status).to eq(500)
+        expect(response.content_type).to eq 'application/json'
+        expect(json_response['healthy']).to be false
+        expect(json_response['message']).to include('Email is on fire')
+      end
+    end
+  end
+end
diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb
index bbf8adef534..bcc713dce2a 100644
--- a/spec/controllers/import/github_controller_spec.rb
+++ b/spec/controllers/import/github_controller_spec.rb
@@ -22,6 +22,8 @@ describe Import::GithubController do
       token = "asdasd12345"
       allow_any_instance_of(Gitlab::GithubImport::Client).
         to receive(:get_token).and_return(token)
+      allow_any_instance_of(Gitlab::GithubImport::Client).
+        to receive(:github_options).and_return({})
       stub_omniauth_provider('github')
 
       get :callback
diff --git a/spec/controllers/projects/issues_controller_spec.rb b/spec/controllers/projects/issues_controller_spec.rb
index d6e4cd71ce6..2b2ad3b9412 100644
--- a/spec/controllers/projects/issues_controller_spec.rb
+++ b/spec/controllers/projects/issues_controller_spec.rb
@@ -40,6 +40,45 @@ describe Projects::IssuesController do
     end
   end
 
+  describe 'PUT #update' do
+    context 'when moving issue to another private project' do
+      let(:another_project) { create(:project, :private) }
+
+      before do
+        sign_in(user)
+        project.team << [user, :developer]
+      end
+
+      context 'when user has access to move issue' do
+        before { another_project.team << [user, :reporter] }
+
+        it 'moves issue to another project' do
+          move_issue
+
+          expect(response).to have_http_status :found
+          expect(another_project.issues).to_not be_empty
+        end
+      end
+
+      context 'when user does not have access to move issue' do
+        it 'responds with 404' do
+          move_issue
+
+          expect(response).to have_http_status :not_found
+        end
+      end
+
+      def move_issue
+        put :update,
+          namespace_id: project.namespace.to_param,
+          project_id: project.to_param,
+          id: issue.iid,
+          issue: { title: 'New title' },
+          move_to_project_id: another_project.id
+      end
+    end
+  end
+
   describe 'Confidential Issues' do
     let(:project) { create(:project_empty_repo, :public) }
     let(:assignee) { create(:assignee) }
diff --git a/spec/controllers/projects/raw_controller_spec.rb b/spec/controllers/projects/raw_controller_spec.rb
index 1caa476d37d..fb29274c687 100644
--- a/spec/controllers/projects/raw_controller_spec.rb
+++ b/spec/controllers/projects/raw_controller_spec.rb
@@ -42,7 +42,7 @@ describe Projects::RawController do
         before do
           public_project.lfs_objects << lfs_object
           allow_any_instance_of(LfsObjectUploader).to receive(:exists?).and_return(true)
-          allow(controller).to receive(:send_file) { controller.render nothing: true }
+          allow(controller).to receive(:send_file) { controller.head :ok }
         end
 
         it 'serves the file' do
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb
new file mode 100644
index 00000000000..df70a589a89
--- /dev/null
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+
+describe RegistrationsController do
+  describe '#create' do
+    around(:each) do |example|
+      perform_enqueued_jobs do
+        example.run
+      end
+    end
+
+    let(:user_params) { { user: { name: "new_user", username: "new_username", email: "new@user.com", password: "Any_password" } } }
+
+    context 'when sending email confirmation' do
+      before { allow(current_application_settings).to receive(:send_user_confirmation_email).and_return(false) }
+
+      it 'logs user in directly' do
+        post(:create, user_params)
+        expect(ActionMailer::Base.deliveries.last).to be_nil
+        expect(subject.current_user).to_not be_nil
+      end
+    end
+
+    context 'when not sending email confirmation' do
+      before { allow(current_application_settings).to receive(:send_user_confirmation_email).and_return(true) }
+
+      it 'does not authenticate user and sends confirmation email' do
+        post(:create, user_params)
+        expect(ActionMailer::Base.deliveries.last.to.first).to eq(user_params[:user][:email])
+        expect(subject.current_user).to be_nil
+      end
+    end
+  end
+end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 8045c8b940d..c61ec174665 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -112,4 +112,26 @@ describe UsersController do
       expect(response).to render_template('calendar_activities')
     end
   end
+
+  describe 'GET #snippets' do
+    before do
+      sign_in(user)
+    end
+
+    context 'format html' do
+      it 'renders snippets page' do
+        get :snippets, username: user.username
+        expect(response.status).to eq(200)
+        expect(response).to render_template('show')
+      end
+    end
+
+    context 'format json' do
+      it 'response with snippets json data' do
+        get :snippets, username: user.username, format: :json
+        expect(response.status).to eq(200)
+        expect(JSON.parse(response.body)).to have_key('html')
+      end
+    end
+  end
 end
diff --git a/spec/factories/abuse_reports.rb b/spec/factories/abuse_reports.rb
index d0e8c778518..8f6422a7825 100644
--- a/spec/factories/abuse_reports.rb
+++ b/spec/factories/abuse_reports.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: abuse_reports
-#
-#  id          :integer          not null, primary key
-#  reporter_id :integer
-#  user_id     :integer
-#  message     :text
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 FactoryGirl.define do
   factory :abuse_report do
     reporter factory: :user
diff --git a/spec/factories/broadcast_messages.rb b/spec/factories/broadcast_messages.rb
index c80e7366551..efe9803b1a7 100644
--- a/spec/factories/broadcast_messages.rb
+++ b/spec/factories/broadcast_messages.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: broadcast_messages
-#
-#  id         :integer          not null, primary key
-#  message    :text             not null
-#  starts_at  :datetime
-#  ends_at    :datetime
-#  created_at :datetime
-#  updated_at :datetime
-#  color      :string(255)
-#  font       :string(255)
-#
-
 FactoryGirl.define do
   factory :broadcast_message do
     message "MyText"
diff --git a/spec/factories/forked_project_links.rb b/spec/factories/forked_project_links.rb
index 19a54946fe0..b16c1272e68 100644
--- a/spec/factories/forked_project_links.rb
+++ b/spec/factories/forked_project_links.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: forked_project_links
-#
-#  id                     :integer          not null, primary key
-#  forked_to_project_id   :integer          not null
-#  forked_from_project_id :integer          not null
-#  created_at             :datetime
-#  updated_at             :datetime
-#
-
 FactoryGirl.define do
   factory :forked_project_link do
     association :forked_to_project, factory: :project
diff --git a/spec/factories/label_links.rb b/spec/factories/label_links.rb
index 2939d4307c5..3580174e873 100644
--- a/spec/factories/label_links.rb
+++ b/spec/factories/label_links.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: label_links
-#
-#  id          :integer          not null, primary key
-#  label_id    :integer
-#  target_id   :integer
-#  target_type :string(255)
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 FactoryGirl.define do
   factory :label_link do
     label
diff --git a/spec/factories/labels.rb b/spec/factories/labels.rb
index ea2be8928d5..eb489099854 100644
--- a/spec/factories/labels.rb
+++ b/spec/factories/labels.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: labels
-#
-#  id         :integer          not null, primary key
-#  title      :string(255)
-#  color      :string(255)
-#  project_id :integer
-#  created_at :datetime
-#  updated_at :datetime
-#  template   :boolean          default(FALSE)
-#
-
 FactoryGirl.define do
   factory :label do
     sequence(:title) { |n| "label#{n}" }
diff --git a/spec/factories/lfs_objects.rb b/spec/factories/lfs_objects.rb
index 327858ce435..a81645acd2b 100644
--- a/spec/factories/lfs_objects.rb
+++ b/spec/factories/lfs_objects.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: lfs_objects
-#
-#  id         :integer          not null, primary key
-#  oid        :string(255)      not null
-#  size       :integer          not null
-#  created_at :datetime
-#  updated_at :datetime
-#  file       :string(255)
-#
-
 include ActionDispatch::TestProcess
 
 FactoryGirl.define do
diff --git a/spec/factories/lfs_objects_projects.rb b/spec/factories/lfs_objects_projects.rb
index 50b45843c99..1ed0355c8e4 100644
--- a/spec/factories/lfs_objects_projects.rb
+++ b/spec/factories/lfs_objects_projects.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: lfs_objects_projects
-#
-#  id            :integer          not null, primary key
-#  lfs_object_id :integer          not null
-#  project_id    :integer          not null
-#  created_at    :datetime
-#  updated_at    :datetime
-#
-
 FactoryGirl.define do
   factory :lfs_objects_project do
     lfs_object
diff --git a/spec/factories/merge_requests.rb b/spec/factories/merge_requests.rb
index e281e2f227b..c6a08d78b78 100644
--- a/spec/factories/merge_requests.rb
+++ b/spec/factories/merge_requests.rb
@@ -1,32 +1,3 @@
-# == Schema Information
-#
-# Table name: merge_requests
-#
-#  id                        :integer          not null, primary key
-#  target_branch             :string(255)      not null
-#  source_branch             :string(255)      not null
-#  source_project_id         :integer          not null
-#  author_id                 :integer
-#  assignee_id               :integer
-#  title                     :string(255)
-#  created_at                :datetime
-#  updated_at                :datetime
-#  milestone_id              :integer
-#  state                     :string(255)
-#  merge_status              :string(255)
-#  target_project_id         :integer          not null
-#  iid                       :integer
-#  description               :text
-#  position                  :integer          default(0)
-#  locked_at                 :datetime
-#  updated_by_id             :integer
-#  merge_error               :string(255)
-#  merge_params              :text
-#  merge_when_build_succeeds :boolean          default(FALSE), not null
-#  merge_user_id             :integer
-#  merge_commit_sha          :string
-#
-
 FactoryGirl.define do
   factory :merge_request do
     title
diff --git a/spec/factories/notes.rb b/spec/factories/notes.rb
index e5dcb159014..26719f2652c 100644
--- a/spec/factories/notes.rb
+++ b/spec/factories/notes.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: notes
-#
-#  id            :integer          not null, primary key
-#  note          :text
-#  noteable_type :string(255)
-#  author_id     :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  project_id    :integer
-#  attachment    :string(255)
-#  line_code     :string(255)
-#  commit_id     :string(255)
-#  noteable_id   :integer
-#  system        :boolean          default(FALSE), not null
-#  st_diff       :text
-#  updated_by_id :integer
-#  is_award      :boolean          default(FALSE), not null
-#
-
 require_relative '../support/repo_helpers'
 
 include ActionDispatch::TestProcess
@@ -30,10 +9,10 @@ FactoryGirl.define do
     author
 
     factory :note_on_commit,             traits: [:on_commit]
-    factory :note_on_commit_diff,        traits: [:on_commit, :on_diff]
+    factory :note_on_commit_diff,        traits: [:on_commit, :on_diff], class: LegacyDiffNote
     factory :note_on_issue,              traits: [:on_issue], aliases: [:votable_note]
     factory :note_on_merge_request,      traits: [:on_merge_request]
-    factory :note_on_merge_request_diff, traits: [:on_merge_request, :on_diff]
+    factory :note_on_merge_request_diff, traits: [:on_merge_request, :on_diff], class: LegacyDiffNote
     factory :note_on_project_snippet,    traits: [:on_project_snippet]
     factory :system_note,                traits: [:system]
     factory :downvote_note,              traits: [:award, :downvote]
diff --git a/spec/factories/oauth_access_tokens.rb b/spec/factories/oauth_access_tokens.rb
index 7700b15d538..ccf02d0719b 100644
--- a/spec/factories/oauth_access_tokens.rb
+++ b/spec/factories/oauth_access_tokens.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: oauth_access_tokens
-#
-#  id                :integer          not null, primary key
-#  resource_owner_id :integer
-#  application_id    :integer
-#  token             :string           not null
-#  refresh_token     :string
-#  expires_in        :integer
-#  revoked_at        :datetime
-#  created_at        :datetime         not null
-#  scopes            :string
-#
-
 FactoryGirl.define do
   factory :oauth_access_token do
     resource_owner
diff --git a/spec/factories/project_hooks.rb b/spec/factories/project_hooks.rb
index 94dd935a039..3195fb3ddcc 100644
--- a/spec/factories/project_hooks.rb
+++ b/spec/factories/project_hooks.rb
@@ -1,5 +1,9 @@
 FactoryGirl.define do
   factory :project_hook do
     url { FFaker::Internet.uri('http') }
+
+    trait :token do
+      token { SecureRandom.hex(10) }
+    end
   end
 end
diff --git a/spec/factories/projects.rb b/spec/factories/projects.rb
index c14b99606ba..da8d97c9f82 100644
--- a/spec/factories/projects.rb
+++ b/spec/factories/projects.rb
@@ -1,43 +1,3 @@
-# == Schema Information
-#
-# Table name: projects
-#
-#  id                     :integer          not null, primary key
-#  name                   :string(255)
-#  path                   :string(255)
-#  description            :text
-#  created_at             :datetime
-#  updated_at             :datetime
-#  creator_id             :integer
-#  issues_enabled         :boolean          default(TRUE), not null
-#  wall_enabled           :boolean          default(TRUE), not null
-#  merge_requests_enabled :boolean          default(TRUE), not null
-#  wiki_enabled           :boolean          default(TRUE), not null
-#  namespace_id           :integer
-#  issues_tracker         :string(255)      default("gitlab"), not null
-#  issues_tracker_id      :string(255)
-#  snippets_enabled       :boolean          default(TRUE), not null
-#  last_activity_at       :datetime
-#  import_url             :string(255)
-#  visibility_level       :integer          default(0), not null
-#  archived               :boolean          default(FALSE), not null
-#  avatar                 :string(255)
-#  import_status          :string(255)
-#  repository_size        :float            default(0.0)
-#  star_count             :integer          default(0), not null
-#  import_type            :string(255)
-#  import_source          :string(255)
-#  commit_count           :integer          default(0)
-#  import_error           :text
-#  ci_id                  :integer
-#  builds_enabled         :boolean          default(TRUE), not null
-#  shared_runners_enabled :boolean          default(TRUE), not null
-#  runners_token          :string
-#  build_coverage_regex   :string
-#  build_allow_git_fetch  :boolean          default(TRUE), not null
-#  build_timeout          :integer          default(3600), not null
-#
-
 FactoryGirl.define do
   # Project without repository
   #
@@ -61,6 +21,12 @@ FactoryGirl.define do
     trait :private do
       visibility_level Gitlab::VisibilityLevel::PRIVATE
     end
+
+    trait :empty_repo do
+      after(:create) do |project|
+        project.create_repository
+      end
+    end
   end
 
   # Project with empty repository
@@ -68,9 +34,7 @@ FactoryGirl.define do
   # This is a case when you just created a project
   # but not pushed any code there yet
   factory :project_empty_repo, parent: :empty_project do
-    after :create do |project|
-      project.create_repository
-    end
+    empty_repo
   end
 
   # Project with test repository
diff --git a/spec/factories/releases.rb b/spec/factories/releases.rb
index 7f331c37256..74497dc82c0 100644
--- a/spec/factories/releases.rb
+++ b/spec/factories/releases.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: releases
-#
-#  id          :integer          not null, primary key
-#  tag         :string(255)
-#  description :text
-#  project_id  :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 FactoryGirl.define do
   factory :release do
     tag "v1.1.0"
diff --git a/spec/factories/todos.rb b/spec/factories/todos.rb
index 7ae06c27840..e3681ae93a5 100644
--- a/spec/factories/todos.rb
+++ b/spec/factories/todos.rb
@@ -1,21 +1,3 @@
-# == Schema Information
-#
-# Table name: todos
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer          not null
-#  project_id  :integer          not null
-#  target_id   :integer
-#  target_type :string           not null
-#  author_id   :integer
-#  action      :integer          not null
-#  state       :string           not null
-#  created_at  :datetime
-#  updated_at  :datetime
-#  note_id     :integer
-#  commit_id   :string
-#
-
 FactoryGirl.define do
   factory :todo do
     project
diff --git a/spec/features/admin/admin_builds_spec.rb b/spec/features/admin/admin_builds_spec.rb
index 2e9851fb442..7bbe20fec43 100644
--- a/spec/features/admin/admin_builds_spec.rb
+++ b/spec/features/admin/admin_builds_spec.rb
@@ -19,6 +19,7 @@ describe 'Admin Builds' do
           visit admin_builds_path
 
           expect(page).to have_selector('.nav-links li.active', text: 'All')
+          expect(page).to have_selector('.row-content-block', text: 'All builds')
           expect(page.all('.build-link').size).to eq(4)
           expect(page).to have_link 'Cancel all'
         end
diff --git a/spec/features/admin/admin_health_check_spec.rb b/spec/features/admin/admin_health_check_spec.rb
new file mode 100644
index 00000000000..dec2dedf2b5
--- /dev/null
+++ b/spec/features/admin/admin_health_check_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+feature "Admin Health Check", feature: true do
+  include WaitForAjax
+
+  before do
+    login_as :admin
+  end
+
+  describe '#show' do
+    before do
+      visit admin_health_check_path
+    end
+
+    it { page.has_text? 'Health Check' }
+    it { page.has_text? 'Health information can be retrieved' }
+
+    it 'has a health check access token' do
+      token = current_application_settings.health_check_access_token
+      expect(page).to have_content("Access token is #{token}")
+      expect(page).to have_selector('#health-check-token', text: token)
+    end
+
+    describe 'reload access token', js: true do
+      it 'changes the access token' do
+        orig_token = current_application_settings.health_check_access_token
+        click_button 'Reset health check access token'
+        wait_for_ajax
+        expect(find('#health-check-token').text).not_to eq orig_token
+      end
+    end
+  end
+
+  context 'when services are up' do
+    before do
+      visit admin_health_check_path
+    end
+
+    it 'shows healthy status' do
+      expect(page).to have_content('Current Status: Healthy')
+    end
+  end
+
+  context 'when a service is down' do
+    before do
+      allow(HealthCheck::Utils).to receive(:process_checks).and_return('The server is on fire')
+      visit admin_health_check_path
+    end
+
+    it 'shows unhealthy status' do
+      expect(page).to have_content('Current Status: Unhealthy')
+      expect(page).to have_content('The server is on fire')
+    end
+  end
+end
diff --git a/spec/features/admin/admin_users_spec.rb b/spec/features/admin/admin_users_spec.rb
index 4570e409128..6dee0cd8d47 100644
--- a/spec/features/admin/admin_users_spec.rb
+++ b/spec/features/admin/admin_users_spec.rb
@@ -210,6 +210,8 @@ describe "Admin::Users", feature: true  do
       before do
         fill_in "user_name", with: "Big Bang"
         fill_in "user_email", with: "bigbang@mail.com"
+        fill_in "user_password", with: "AValidPassword1"
+        fill_in "user_password_confirmation", with: "AValidPassword1"
         check "user_admin"
         click_button "Save changes"
       end
@@ -223,6 +225,7 @@ describe "Admin::Users", feature: true  do
         @simple_user.reload
         expect(@simple_user.name).to eq('Big Bang')
         expect(@simple_user.is_admin?).to be_truthy
+        expect(@simple_user.password_expires_at).to be <= Time.now
       end
     end
   end
diff --git a/spec/features/builds_spec.rb b/spec/features/builds_spec.rb
index 090a941958f..f83a78308e3 100644
--- a/spec/features/builds_spec.rb
+++ b/spec/features/builds_spec.rb
@@ -43,6 +43,7 @@ describe "Builds" do
       end
 
       it { expect(page).to have_selector('.nav-links li.active', text: 'All') }
+      it { expect(page).to have_selector('.row-content-block', text: 'All builds from this project') }
       it { expect(page).to have_content @build.short_sha }
       it { expect(page).to have_content @build.ref }
       it { expect(page).to have_content @build.name }
diff --git a/spec/features/container_registry_spec.rb b/spec/features/container_registry_spec.rb
new file mode 100644
index 00000000000..53b4f027117
--- /dev/null
+++ b/spec/features/container_registry_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+describe "Container Registry" do
+  let(:project) { create(:empty_project) }
+  let(:repository) { project.container_registry_repository }
+  let(:tag_name) { 'latest' }
+  let(:tags) { [tag_name] }
+
+  before do
+    login_as(:user)
+    project.team << [@user, :developer]
+    stub_container_registry_tags(*tags)
+    stub_container_registry_config(enabled: true)
+    allow(Auth::ContainerRegistryAuthenticationService).to receive(:full_access_token).and_return('token')
+  end
+
+  describe 'GET /:project/container_registry' do
+    before do
+      visit namespace_project_container_registry_index_path(project.namespace, project)
+    end
+
+    context 'when no tags' do
+      let(:tags) { [] }
+
+      it { expect(page).to have_content('No images in Container Registry for this project') }
+    end
+
+    context 'when there are tags' do
+      it { expect(page).to have_content(tag_name)}
+    end
+  end
+
+  describe 'DELETE /:project/container_registry/tag' do
+    before do
+      visit namespace_project_container_registry_index_path(project.namespace, project)
+    end
+
+    it do
+      expect_any_instance_of(::ContainerRegistry::Tag).to receive(:delete).and_return(true)
+
+      click_on 'Remove'
+    end
+  end
+end
diff --git a/spec/features/dashboard/label_filter_spec.rb b/spec/features/dashboard/label_filter_spec.rb
new file mode 100644
index 00000000000..24e83d44010
--- /dev/null
+++ b/spec/features/dashboard/label_filter_spec.rb
@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe 'Dashboard > label filter', feature: true, js: true do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, name: 'test', namespace: user.namespace) }
+  let(:project2) { create(:project, name: 'test2', path: 'test2', namespace: user.namespace) }
+  let(:label) { create(:label, title: 'bug', color: '#ff0000') }
+  let(:label2) { create(:label, title: 'bug') }
+
+  before do
+    project.labels << label
+    project2.labels << label2
+
+    login_as(user)
+    visit issues_dashboard_path
+  end
+
+  context 'duplicate labels' do
+    it 'should remove duplicate labels' do
+      page.within('.labels-filter') do
+        click_button 'Label'
+      end
+
+      page.within('.dropdown-menu-labels') do
+        expect(page).to have_selector('.dropdown-content a', text: 'bug', count: 1)
+      end
+    end
+  end
+end
diff --git a/spec/features/issues/new_branch_button_spec.rb b/spec/features/issues/new_branch_button_spec.rb
index 9219b767547..16e188d2a8a 100644
--- a/spec/features/issues/new_branch_button_spec.rb
+++ b/spec/features/issues/new_branch_button_spec.rb
@@ -11,10 +11,10 @@ feature 'Start new branch from an issue', feature: true do
       login_as(user)
     end
 
-    it 'shown the new branch button', js: false do
+    it 'shows the new branch button', js: true do
       visit namespace_project_issue_path(project.namespace, project, issue)
 
-      expect(page).to have_link "New Branch"
+      expect(page).to have_css('#new-branch .available')
     end
 
     context "when there is a referenced merge request" do
@@ -34,16 +34,17 @@ feature 'Start new branch from an issue', feature: true do
       end
 
       it "hides the new branch button", js: true do
-        expect(page).not_to have_link "New Branch"
+        expect(page).not_to have_css('#new-branch .available')
         expect(page).to have_content /1 Related Merge Request/
       end
     end
   end
 
   context "for visiters" do
-    it 'no button is shown', js: false do
+    it 'no button is shown', js: true do
       visit namespace_project_issue_path(project.namespace, project, issue)
-      expect(page).not_to have_link "New Branch"
+
+      expect(page).not_to have_css('#new-branch')
     end
   end
 end
diff --git a/spec/features/issues_spec.rb b/spec/features/issues_spec.rb
index b57131f68d5..d5755c293c5 100644
--- a/spec/features/issues_spec.rb
+++ b/spec/features/issues_spec.rb
@@ -264,12 +264,14 @@ describe 'Issues', feature: true do
         visit namespace_project_issues_path(project.namespace, project, sort: sort_value_milestone_soon)
 
         expect(first_issue).to include('foo')
+        expect(last_issue).to include('baz')
       end
 
       it 'sorts by least recently due milestone' do
         visit namespace_project_issues_path(project.namespace, project, sort: sort_value_milestone_later)
 
         expect(first_issue).to include('bar')
+        expect(last_issue).to include('baz')
       end
     end
 
diff --git a/spec/features/login_spec.rb b/spec/features/login_spec.rb
index 4433ef2d6f1..8c38dd5b122 100644
--- a/spec/features/login_spec.rb
+++ b/spec/features/login_spec.rb
@@ -37,7 +37,7 @@ feature 'Login', feature: true do
       end
 
       def enter_code(code)
-        fill_in 'Two-factor authentication code', with: code
+        fill_in 'Two-factor Authentication code', with: code
         click_button 'Verify code'
       end
 
diff --git a/spec/features/merge_requests/create_new_mr_spec.rb b/spec/features/merge_requests/create_new_mr_spec.rb
index 00b60bd0e75..e296078bad8 100644
--- a/spec/features/merge_requests/create_new_mr_spec.rb
+++ b/spec/features/merge_requests/create_new_mr_spec.rb
@@ -30,4 +30,14 @@ feature 'Create New Merge Request', feature: true, js: true do
 
     expect(page).to have_content 'git checkout -b orphaned-branch origin/orphaned-branch'
   end
+
+  context 'when target project cannot be viewed by the current user' do
+    it 'does not leak the private project name & namespace' do
+      private_project = create(:project, :private)
+
+      visit new_namespace_project_merge_request_path(project.namespace, project, merge_request: { target_project_id: private_project.id })
+
+      expect(page).not_to have_content private_project.to_reference
+    end
+  end
 end
diff --git a/spec/features/merge_requests/toggle_whitespace_changes.rb b/spec/features/merge_requests/toggle_whitespace_changes.rb
new file mode 100644
index 00000000000..0f98737b700
--- /dev/null
+++ b/spec/features/merge_requests/toggle_whitespace_changes.rb
@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+feature 'Toggle Whitespace Changes', js: true, feature: true do
+  before do
+    login_as :admin
+    merge_request = create(:merge_request)
+    project = merge_request.source_project
+    visit diffs_namespace_project_merge_request_path(project.namespace, project, merge_request)
+  end
+
+  it 'has a button to toggle whitespace changes' do
+    expect(page).to have_content 'Hide whitespace changes'
+  end
+
+  describe 'clicking "Hide whitespace changes" button' do
+    it 'toggles the "Hide whitespace changes" button' do
+      click_link 'Hide whitespace changes'
+
+      expect(page).to have_content 'Show whitespace changes'
+    end
+  end
+end
diff --git a/spec/features/merge_requests/user_lists_merge_requests_spec.rb b/spec/features/merge_requests/user_lists_merge_requests_spec.rb
new file mode 100644
index 00000000000..2c7e1c748ad
--- /dev/null
+++ b/spec/features/merge_requests/user_lists_merge_requests_spec.rb
@@ -0,0 +1,152 @@
+require 'spec_helper'
+
+describe 'Projects > Merge requests > User lists merge requests', feature: true do
+  include SortingHelper
+
+  let(:project) { create(:project, :public) }
+  let(:user) { create(:user) }
+
+  before do
+    @fix = create(:merge_request,
+                  title: 'fix',
+                  source_project: project,
+                  source_branch: 'fix',
+                  assignee: user,
+                  milestone: create(:milestone, due_date: '2013-12-11'),
+                  created_at: 1.minute.ago,
+                  updated_at: 1.minute.ago)
+    create(:merge_request,
+           title: 'markdown',
+           source_project: project,
+           source_branch: 'markdown',
+           assignee: user,
+           milestone: create(:milestone, due_date: '2013-12-12'),
+           created_at: 2.minutes.ago,
+           updated_at: 2.minutes.ago)
+    create(:merge_request,
+           title: 'lfs',
+           source_project: project,
+           source_branch: 'lfs',
+           created_at: 3.minutes.ago,
+           updated_at: 10.seconds.ago)
+  end
+
+  it 'filters on no assignee' do
+    visit_merge_requests(project, assignee_id: IssuableFinder::NONE)
+
+    expect(current_path).to eq(namespace_project_merge_requests_path(project.namespace, project))
+    expect(page).to have_content 'lfs'
+    expect(page).not_to have_content 'fix'
+    expect(page).not_to have_content 'markdown'
+    expect(count_merge_requests).to eq(1)
+  end
+
+  it 'filters on a specific assignee' do
+    visit_merge_requests(project, assignee_id: user.id)
+
+    expect(page).not_to have_content 'lfs'
+    expect(page).to have_content 'fix'
+    expect(page).to have_content 'markdown'
+    expect(count_merge_requests).to eq(2)
+  end
+
+  it 'sorts by newest' do
+    visit_merge_requests(project, sort: sort_value_recently_created)
+
+    expect(first_merge_request).to include('lfs')
+    expect(last_merge_request).to include('fix')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'sorts by oldest' do
+    visit_merge_requests(project, sort: sort_value_oldest_created)
+
+    expect(first_merge_request).to include('fix')
+    expect(last_merge_request).to include('lfs')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'sorts by last updated' do
+    visit_merge_requests(project, sort: sort_value_recently_updated)
+
+    expect(first_merge_request).to include('lfs')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'sorts by oldest updated' do
+    visit_merge_requests(project, sort: sort_value_oldest_updated)
+
+    expect(first_merge_request).to include('markdown')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'sorts by milestone due soon' do
+    visit_merge_requests(project, sort: sort_value_milestone_soon)
+
+    expect(first_merge_request).to include('fix')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'sorts by milestone due later' do
+    visit_merge_requests(project, sort: sort_value_milestone_later)
+
+    expect(first_merge_request).to include('markdown')
+    expect(count_merge_requests).to eq(3)
+  end
+
+  it 'filters on one label and sorts by due soon' do
+    label = create(:label, project: project)
+    create(:label_link, label: label, target: @fix)
+
+    visit_merge_requests(project, label_name: [label.name],
+                                  sort: sort_value_due_date_soon)
+
+    expect(first_merge_request).to include('fix')
+    expect(count_merge_requests).to eq(1)
+  end
+
+  context 'while filtering on two labels' do
+    let(:label) { create(:label, project: project) }
+    let(:label2) { create(:label, project: project) }
+
+    before do
+      create(:label_link, label: label, target: @fix)
+      create(:label_link, label: label2, target: @fix)
+    end
+
+    it 'sorts by due soon' do
+      visit_merge_requests(project, label_name: [label.name, label2.name],
+                                    sort: sort_value_due_date_soon)
+
+      expect(first_merge_request).to include('fix')
+      expect(count_merge_requests).to eq(1)
+    end
+
+    context 'filter on assignee and' do
+      it 'sorts by due soon' do
+        visit_merge_requests(project, label_name: [label.name, label2.name],
+                                      assignee_id: user.id,
+                                      sort: sort_value_due_date_soon)
+
+        expect(first_merge_request).to include('fix')
+        expect(count_merge_requests).to eq(1)
+      end
+    end
+  end
+
+  def visit_merge_requests(project, opts = {})
+    visit namespace_project_merge_requests_path(project.namespace, project, opts)
+  end
+
+  def first_merge_request
+    page.all('ul.mr-list > li').first.text
+  end
+
+  def last_merge_request
+    page.all('ul.mr-list > li').last.text
+  end
+
+  def count_merge_requests
+    page.all('ul.mr-list > li').count
+  end
+end
diff --git a/spec/features/milestone_spec.rb b/spec/features/milestone_spec.rb
new file mode 100644
index 00000000000..c2c7acff3e8
--- /dev/null
+++ b/spec/features/milestone_spec.rb
@@ -0,0 +1,35 @@
+require 'rails_helper'
+
+feature 'Milestone', feature: true do
+  include WaitForAjax
+
+  let(:project) { create(:project, :public) }
+  let(:user)   { create(:user) }
+  let(:milestone) { create(:milestone, project: project, title: 8.7) }
+
+  before do
+    project.team << [user, :master]
+    login_as(user)
+  end
+
+  feature 'Create a milestone' do
+    scenario 'should show an informative message for a new issue' do
+      visit new_namespace_project_milestone_path(project.namespace, project)
+      page.within '.milestone-form' do
+        fill_in "milestone_title", with: '8.7'
+      end
+      find('input[name="commit"]').click
+
+      expect(find('.alert-success')).to have_content('Assign some issues to this milestone.')
+    end
+  end
+
+  feature 'Open a milestone with closed issues' do
+    scenario 'should show an informative message' do
+      create(:issue, title: "Bugfix1", project: project, milestone: milestone, state: "closed")
+      visit namespace_project_milestone_path(project.namespace, project, milestone)
+
+      expect(find('.alert-success')).to have_content('All issues for this milestone are closed. You may close this milestone now.')
+    end
+  end
+end
diff --git a/spec/features/notes_on_merge_requests_spec.rb b/spec/features/notes_on_merge_requests_spec.rb
index 389812ff7e1..9e9fec01943 100644
--- a/spec/features/notes_on_merge_requests_spec.rb
+++ b/spec/features/notes_on_merge_requests_spec.rb
@@ -192,7 +192,7 @@ describe 'Comments', feature: true do
         end
 
         it 'should be removed when canceled' do
-          page.within(".diff-file form[id$='#{line_code}']") do
+          page.within(".diff-file form[id$='#{line_code}-true']") do
             find('.js-close-discussion-note-form').trigger('click')
           end
 
diff --git a/spec/features/project/shortcuts_spec.rb b/spec/features/project/shortcuts_spec.rb
new file mode 100644
index 00000000000..2595c4181e5
--- /dev/null
+++ b/spec/features/project/shortcuts_spec.rb
@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'Project shortcuts', feature: true do
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+
+  describe 'On a project', js: true do
+    before do
+      project.team << [user, :master]
+      login_as user
+      visit namespace_project_path(project.namespace, project)
+    end
+
+    describe 'pressing "i"' do
+      it 'redirects to new issue page' do
+        find('body').native.send_key('i')
+        expect(page).to have_content('New Issue')
+      end
+    end
+  end
+end
diff --git a/spec/features/projects/commit/builds_spec.rb b/spec/features/projects/commit/builds_spec.rb
new file mode 100644
index 00000000000..40ba0bdc115
--- /dev/null
+++ b/spec/features/projects/commit/builds_spec.rb
@@ -0,0 +1,27 @@
+require 'spec_helper'
+
+feature 'project commit builds' do
+  given(:project) { create(:project) }
+
+  background do
+    user = create(:user)
+    project.team << [user, :master]
+    login_as(user)
+  end
+
+  context 'when no builds triggered yet' do
+    background do
+      create(:ci_commit, project: project,
+                         sha: project.commit.sha,
+                         ref: 'master')
+    end
+
+    scenario 'user views commit builds page' do
+      visit builds_namespace_project_commit_path(project.namespace,
+                                                 project, project.commit.sha)
+
+
+      expect(page).to have_content('Builds')
+    end
+  end
+end
diff --git a/spec/features/projects/developer_views_empty_project_instructions_spec.rb b/spec/features/projects/developer_views_empty_project_instructions_spec.rb
new file mode 100644
index 00000000000..0c51fe72ca4
--- /dev/null
+++ b/spec/features/projects/developer_views_empty_project_instructions_spec.rb
@@ -0,0 +1,63 @@
+require 'rails_helper'
+
+feature 'Developer views empty project instructions', feature: true do
+  let(:project) { create(:empty_project, :empty_repo) }
+  let(:developer) { create(:user) }
+
+  background do
+    project.team << [developer, :developer]
+
+    login_as(developer)
+  end
+
+  context 'without an SSH key' do
+    scenario 'defaults to HTTP' do
+      visit_project
+
+      expect_instructions_for('http')
+    end
+
+    scenario 'switches to SSH', js: true do
+      visit_project
+
+      select_protocol('SSH')
+
+      expect_instructions_for('ssh')
+    end
+  end
+
+  context 'with an SSH key' do
+    background do
+      create(:personal_key, user: developer)
+    end
+
+    scenario 'defaults to SSH' do
+      visit_project
+
+      expect_instructions_for('ssh')
+    end
+
+    scenario 'switches to HTTP', js: true do
+      visit_project
+
+      select_protocol('HTTP')
+
+      expect_instructions_for('http')
+    end
+  end
+
+  def visit_project
+    visit namespace_project_path(project.namespace, project)
+  end
+
+  def select_protocol(protocol)
+    find('#clone-dropdown').click
+    find(".#{protocol.downcase}-selector").click
+  end
+
+  def expect_instructions_for(protocol)
+    msg = :"#{protocol.downcase}_url_to_repo"
+
+    expect(page).to have_content("git clone #{project.send(msg)}")
+  end
+end
diff --git a/spec/features/projects/wiki/user_creates_wiki_page_spec.rb b/spec/features/projects/wiki/user_creates_wiki_page_spec.rb
new file mode 100644
index 00000000000..7e6eef65873
--- /dev/null
+++ b/spec/features/projects/wiki/user_creates_wiki_page_spec.rb
@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+feature 'Projects > Wiki > User creates wiki page', feature: true do
+  let(:user) { create(:user) }
+
+  background do
+    project.team << [user, :master]
+    login_as(user)
+
+    visit namespace_project_path(project.namespace, project)
+    click_link 'Wiki'
+  end
+
+  context 'in the user namespace' do
+    let(:project) { create(:project, namespace: user.namespace) }
+
+    context 'when wiki is empty' do
+      scenario 'directly from the wiki home page' do
+        fill_in :wiki_content, with: 'My awesome wiki!'
+        click_button 'Create page'
+
+        expect(page).to have_content('Home')
+        expect(page).to have_content("last edited by #{user.name}")
+        expect(page).to have_content('My awesome wiki!')
+      end
+    end
+
+    context 'when wiki is not empty' do
+      before do
+        WikiPages::CreateService.new(project, user, title: 'home', content: 'Home page').execute
+      end
+
+      scenario 'via the "new wiki page" page', js: true do
+        click_link 'New Page'
+
+        fill_in :new_wiki_path, with: 'foo'
+        click_button 'Create Page'
+
+        fill_in :wiki_content, with: 'My awesome wiki!'
+        click_button 'Create page'
+
+        expect(page).to have_content('Foo')
+        expect(page).to have_content("last edited by #{user.name}")
+        expect(page).to have_content('My awesome wiki!')
+      end
+    end
+  end
+
+  context 'in a group namespace' do
+    let(:project) { create(:project, namespace: create(:group, :public)) }
+
+    context 'when wiki is empty' do
+      scenario 'directly from the wiki home page' do
+        fill_in :wiki_content, with: 'My awesome wiki!'
+        click_button 'Create page'
+
+        expect(page).to have_content('Home')
+        expect(page).to have_content("last edited by #{user.name}")
+        expect(page).to have_content('My awesome wiki!')
+      end
+    end
+
+    context 'when wiki is not empty' do
+      before do
+        WikiPages::CreateService.new(project, user, title: 'home', content: 'Home page').execute
+      end
+
+      scenario 'via the "new wiki page" page', js: true do
+        click_link 'New Page'
+
+        fill_in :new_wiki_path, with: 'foo'
+        click_button 'Create Page'
+
+        fill_in :wiki_content, with: 'My awesome wiki!'
+        click_button 'Create page'
+
+        expect(page).to have_content('Foo')
+        expect(page).to have_content("last edited by #{user.name}")
+        expect(page).to have_content('My awesome wiki!')
+      end
+    end
+  end
+end
diff --git a/spec/features/projects/wiki/user_updates_wiki_page_spec.rb b/spec/features/projects/wiki/user_updates_wiki_page_spec.rb
new file mode 100644
index 00000000000..ef82d2375dd
--- /dev/null
+++ b/spec/features/projects/wiki/user_updates_wiki_page_spec.rb
@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+feature 'Projects > Wiki > User updates wiki page', feature: true do
+  let(:user) { create(:user) }
+
+  background do
+    project.team << [user, :master]
+    login_as(user)
+
+    visit namespace_project_path(project.namespace, project)
+    WikiPages::CreateService.new(project, user, title: 'home', content: 'Home page').execute
+    click_link 'Wiki'
+  end
+
+  context 'in the user namespace' do
+    let(:project) { create(:project, namespace: user.namespace) }
+
+    scenario 'the home page' do
+      click_link 'Edit'
+
+      fill_in :wiki_content, with: 'My awesome wiki!'
+      click_button 'Save changes'
+
+      expect(page).to have_content('Home')
+      expect(page).to have_content("last edited by #{user.name}")
+      expect(page).to have_content('My awesome wiki!')
+    end
+  end
+
+  context 'in a group namespace' do
+    let(:project) { create(:project, namespace: create(:group, :public)) }
+
+    scenario 'the home page' do
+      click_link 'Edit'
+
+      fill_in :wiki_content, with: 'My awesome wiki!'
+      click_button 'Save changes'
+
+      expect(page).to have_content('Home')
+      expect(page).to have_content("last edited by #{user.name}")
+      expect(page).to have_content('My awesome wiki!')
+    end
+  end
+end
diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb
index 782c0bfe666..9dd0378d165 100644
--- a/spec/features/projects_spec.rb
+++ b/spec/features/projects_spec.rb
@@ -104,6 +104,33 @@ feature 'Project', feature: true do
     end
   end
 
+  describe 'project title' do
+    let(:user)    { create(:user) }
+    let(:project) { create(:project, namespace: user.namespace) }
+    let(:project2) { create(:project, namespace: user.namespace, path: 'test') }
+    let(:issue) { create(:issue, project: project) }
+
+    context 'on issues page', js: true do
+      before do
+        login_with(user)
+        project.team.add_user(user, Gitlab::Access::MASTER)
+        project2.team.add_user(user, Gitlab::Access::MASTER)
+        visit namespace_project_issue_path(project.namespace, project, issue)
+      end
+
+      it 'click toggle and show dropdown' do
+        find('.js-projects-dropdown-toggle').click
+        expect(page).to have_css('.dropdown-menu-projects .dropdown-content li', count: 2)
+
+        page.within '.dropdown-menu-projects' do
+          click_link project.name_with_namespace
+        end
+
+        expect(page).to have_content project.name
+      end
+    end
+  end
+
   def remove_with_confirm(button_text, confirm_with)
     click_button button_text
     fill_in 'confirm_name_input', with: confirm_with
diff --git a/spec/features/signup_spec.rb b/spec/features/signup_spec.rb
index 51b754ff85c..4229e82b443 100644
--- a/spec/features/signup_spec.rb
+++ b/spec/features/signup_spec.rb
@@ -2,20 +2,45 @@ require 'spec_helper'
 
 feature 'Signup', feature: true do
   describe 'signup with no errors' do
-    it 'creates the user account and sends a confirmation email' do
-      user = build(:user)
 
-      visit root_path
+    context "when sending confirmation email" do
+      before { allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(true) }
 
-      fill_in 'user_name',                with: user.name
-      fill_in 'user_username',            with: user.username
-      fill_in 'user_email',               with: user.email
-      fill_in 'user_password_sign_up',    with: user.password
-      click_button "Sign up"
+      it 'creates the user account and sends a confirmation email' do
+        user = build(:user)
 
-      expect(current_path).to eq users_almost_there_path
-      expect(page).to have_content("Please check your email to confirm your account")
+        visit root_path
+
+        fill_in 'new_user_name',     with: user.name
+        fill_in 'new_user_username', with: user.username
+        fill_in 'new_user_email',    with: user.email
+        fill_in 'new_user_password', with: user.password
+        click_button "Sign up"
+
+        expect(current_path).to eq users_almost_there_path
+        expect(page).to have_content("Please check your email to confirm your account")
+      end
     end
+
+    context "when not sending confirmation email" do
+      before { allow_any_instance_of(ApplicationSetting).to receive(:send_user_confirmation_email).and_return(false) }
+
+      it 'creates the user account and goes to dashboard' do
+        user = build(:user)
+
+        visit root_path
+
+        fill_in 'new_user_name',     with: user.name
+        fill_in 'new_user_username', with: user.username
+        fill_in 'new_user_email',    with: user.email
+        fill_in 'new_user_password', with: user.password
+        click_button "Sign up"
+
+        expect(current_path).to eq dashboard_projects_path
+        expect(page).to have_content("Welcome! You have signed up successfully.")
+      end
+    end
+
   end
 
   describe 'signup with errors' do
@@ -25,10 +50,10 @@ feature 'Signup', feature: true do
 
       visit root_path
 
-      fill_in 'user_name',                with: user.name
-      fill_in 'user_username',            with: user.username
-      fill_in 'user_email',               with: existing_user.email
-      fill_in 'user_password_sign_up',    with: user.password
+      fill_in 'new_user_name',     with: user.name
+      fill_in 'new_user_username', with: user.username
+      fill_in 'new_user_email',    with: existing_user.email
+      fill_in 'new_user_password', with: user.password
       click_button "Sign up"
 
       expect(current_path).to eq user_registration_path
@@ -42,10 +67,10 @@ feature 'Signup', feature: true do
 
       visit root_path
 
-      fill_in 'user_name',                with: user.name
-      fill_in 'user_username',            with: user.username
-      fill_in 'user_email',               with: existing_user.email
-      fill_in 'user_password_sign_up',    with: user.password
+      fill_in 'new_user_name',     with: user.name
+      fill_in 'new_user_username', with: user.username
+      fill_in 'new_user_email',    with: existing_user.email
+      fill_in 'new_user_password', with: user.password
       click_button "Sign up"
 
       expect(current_path).to eq user_registration_path
diff --git a/spec/features/tags/master_creates_tag_spec.rb b/spec/features/tags/master_creates_tag_spec.rb
new file mode 100644
index 00000000000..08a97085a9c
--- /dev/null
+++ b/spec/features/tags/master_creates_tag_spec.rb
@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+feature 'Master creates tag', feature: true do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, namespace: user.namespace) }
+
+  before do
+    project.team << [user, :master]
+    login_with(user)
+    visit namespace_project_tags_path(project.namespace, project)
+  end
+
+  scenario 'with an invalid name displays an error' do
+    create_tag_in_form(tag: 'v 1.0', ref: 'master')
+
+    expect(page).to have_content 'Tag name invalid'
+  end
+
+  scenario 'with an invalid reference displays an error' do
+    create_tag_in_form(tag: 'v2.0', ref: 'foo')
+
+    expect(page).to have_content 'Target foo is invalid'
+  end
+
+  scenario 'that already exists displays an error' do
+    create_tag_in_form(tag: 'v1.1.0', ref: 'master')
+
+    expect(page).to have_content 'Tag v1.1.0 already exists'
+  end
+
+  scenario 'with multiline message displays the message in a <pre> block' do
+    create_tag_in_form(tag: 'v3.0', ref: 'master', message: "Awesome tag message\n\n- hello\n- world")
+
+    expect(current_path).to eq(
+      namespace_project_tag_path(project.namespace, project, 'v3.0'))
+    expect(page).to have_content 'v3.0'
+    page.within 'pre.body' do
+      expect(page).to have_content "Awesome tag message\n\n- hello\n- world"
+    end
+  end
+
+  scenario 'with multiline release notes parses the release note as Markdown' do
+    create_tag_in_form(tag: 'v4.0', ref: 'master', desc: "Awesome release notes\n\n- hello\n- world")
+
+    expect(current_path).to eq(
+      namespace_project_tag_path(project.namespace, project, 'v4.0'))
+    expect(page).to have_content 'v4.0'
+    page.within '.description' do
+      expect(page).to have_content 'Awesome release notes'
+      expect(page).to have_selector('ul li', count: 2)
+    end
+  end
+
+  def create_tag_in_form(tag:, ref:, message: nil, desc: nil)
+    click_link 'New tag'
+    fill_in 'tag_name', with: tag
+    fill_in 'ref', with: ref
+    fill_in 'message', with: message unless message.nil?
+    fill_in 'release_description', with: desc unless desc.nil?
+    click_button 'Create tag'
+  end
+end
diff --git a/spec/features/tags/master_deletes_tag_spec.rb b/spec/features/tags/master_deletes_tag_spec.rb
new file mode 100644
index 00000000000..f0990118e3c
--- /dev/null
+++ b/spec/features/tags/master_deletes_tag_spec.rb
@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+feature 'Master deletes tag', feature: true do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, namespace: user.namespace) }
+
+  before do
+    project.team << [user, :master]
+    login_with(user)
+    visit namespace_project_tags_path(project.namespace, project)
+  end
+
+  context 'from the tags list page' do
+    scenario 'deletes the tag' do
+      expect(page).to have_content 'v1.1.0'
+
+      page.within('.content') do
+        first('.btn-remove').click
+      end
+
+      expect(current_path).to eq(
+        namespace_project_tags_path(project.namespace, project))
+      expect(page).not_to have_content 'v1.1.0'
+    end
+
+  end
+
+  context 'from a specific tag page' do
+    scenario 'deletes the tag' do
+      click_on 'v1.0.0'
+      expect(current_path).to eq(
+        namespace_project_tag_path(project.namespace, project, 'v1.0.0'))
+
+      click_on 'Delete tag'
+
+      expect(current_path).to eq(
+        namespace_project_tags_path(project.namespace, project))
+      expect(page).not_to have_content 'v1.0.0'
+    end
+  end
+end
diff --git a/spec/features/tags/master_updates_tag_spec.rb b/spec/features/tags/master_updates_tag_spec.rb
new file mode 100644
index 00000000000..c926e9841f3
--- /dev/null
+++ b/spec/features/tags/master_updates_tag_spec.rb
@@ -0,0 +1,42 @@
+require 'spec_helper'
+
+feature 'Master updates tag', feature: true do
+  let(:user) { create(:user) }
+  let(:project) { create(:project, namespace: user.namespace) }
+
+  before do
+    project.team << [user, :master]
+    login_with(user)
+    visit namespace_project_tags_path(project.namespace, project)
+  end
+
+  context 'from the tags list page' do
+    scenario 'updates the release notes' do
+      page.within(first('.controls')) do
+        click_link 'Edit release notes'
+      end
+
+      fill_in 'release_description', with: 'Awesome release notes'
+      click_button 'Save changes'
+
+      expect(current_path).to eq(
+        namespace_project_tag_path(project.namespace, project, 'v1.1.0'))
+      expect(page).to have_content 'v1.1.0'
+      expect(page).to have_content 'Awesome release notes'
+    end
+  end
+
+  context 'from a specific tag page' do
+    scenario 'updates the release notes' do
+      click_on 'v1.1.0'
+      click_link 'Edit release notes'
+      fill_in 'release_description', with: 'Awesome release notes'
+      click_button 'Save changes'
+
+      expect(current_path).to eq(
+        namespace_project_tag_path(project.namespace, project, 'v1.1.0'))
+      expect(page).to have_content 'v1.1.0'
+      expect(page).to have_content 'Awesome release notes'
+    end
+  end
+end
diff --git a/spec/features/tags/master_views_tags_spec.rb b/spec/features/tags/master_views_tags_spec.rb
new file mode 100644
index 00000000000..29d2c244720
--- /dev/null
+++ b/spec/features/tags/master_views_tags_spec.rb
@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+feature 'Master views tags', feature: true do
+  let(:user) { create(:user) }
+
+  before do
+    project.team << [user, :master]
+    login_with(user)
+  end
+
+  context 'when project has no tags' do
+    let(:project) { create(:project_empty_repo) }
+    before do
+      visit namespace_project_path(project.namespace, project)
+      click_on 'README'
+      fill_in :commit_message, with: 'Add a README file', visible: true
+      # Remove pre-receive hook so we can push without auth
+      FileUtils.rm_f(File.join(project.repository.path, 'hooks', 'pre-receive'))
+      click_button 'Commit Changes'
+      visit namespace_project_tags_path(project.namespace, project)
+    end
+
+    scenario 'displays a specific message' do
+      expect(page).to have_content 'Repository has no tags yet.'
+    end
+  end
+
+  context 'when project has tags' do
+    let(:project) { create(:project, namespace: user.namespace) }
+    before do
+      visit namespace_project_tags_path(project.namespace, project)
+    end
+
+    scenario 'views the tags list page' do
+      expect(page).to have_content 'v1.0.0'
+    end
+
+    scenario 'views a specific tag page' do
+      click_on 'v1.0.0'
+
+      expect(current_path).to eq(
+        namespace_project_tag_path(project.namespace, project, 'v1.0.0'))
+      expect(page).to have_content 'v1.0.0'
+      expect(page).to have_content 'This tag has no release notes.'
+    end
+
+    describe 'links on the tag page' do
+      scenario 'has a button to browse files' do
+        click_on 'v1.0.0'
+
+        expect(current_path).to eq(
+          namespace_project_tag_path(project.namespace, project, 'v1.0.0'))
+
+        click_on 'Browse files'
+
+        expect(current_path).to eq(
+          namespace_project_tree_path(project.namespace, project, 'v1.0.0'))
+      end
+
+      scenario 'has a button to browse commits' do
+        click_on 'v1.0.0'
+
+        expect(current_path).to eq(
+          namespace_project_tag_path(project.namespace, project, 'v1.0.0'))
+
+        click_on 'Browse commits'
+
+        expect(current_path).to eq(
+          namespace_project_commits_path(project.namespace, project, 'v1.0.0'))
+      end
+    end
+  end
+end
diff --git a/spec/features/todos/todos_spec.rb b/spec/features/todos/todos_spec.rb
index 248e004ba6e..3354f529295 100644
--- a/spec/features/todos/todos_spec.rb
+++ b/spec/features/todos/todos_spec.rb
@@ -68,12 +68,12 @@ describe 'Dashboard Todos', feature: true do
       describe 'completing last todo from last page', js: true do
         it 'redirects to the previous page' do
           visit dashboard_todos_path(page: 2)
-          expect(page).to have_content(Todo.first.body)
+          expect(page).to have_css("#todo_#{Todo.last.id}")
 
           click_link('Done')
 
           expect(current_path).to eq dashboard_todos_path
-          expect(page).to have_content(Todo.last.body)
+          expect(page).to have_css("#todo_#{Todo.first.id}")
         end
       end
     end
diff --git a/spec/features/users_spec.rb b/spec/features/users_spec.rb
index c1248162031..cf116040394 100644
--- a/spec/features/users_spec.rb
+++ b/spec/features/users_spec.rb
@@ -5,10 +5,10 @@ feature 'Users', feature: true do
 
   scenario 'GET /users/sign_in creates a new user account' do
     visit new_user_session_path
-    fill_in 'user_name', with: 'Name Surname'
-    fill_in 'user_username', with: 'Great'
-    fill_in 'user_email', with: 'name@mail.com'
-    fill_in 'user_password_sign_up', with: 'password1234'
+    fill_in 'new_user_name',     with: 'Name Surname'
+    fill_in 'new_user_username', with: 'Great'
+    fill_in 'new_user_email',    with: 'name@mail.com'
+    fill_in 'new_user_password', with: 'password1234'
     expect { click_button 'Sign up' }.to change { User.count }.by(1)
   end
 
@@ -31,10 +31,10 @@ feature 'Users', feature: true do
 
   scenario 'Should show one error if email is already taken' do
     visit new_user_session_path
-    fill_in 'user_name', with: 'Another user name'
-    fill_in 'user_username', with: 'anotheruser'
-    fill_in 'user_email', with: user.email
-    fill_in 'user_password_sign_up', with: '12341234'
+    fill_in 'new_user_name',     with: 'Another user name'
+    fill_in 'new_user_username', with: 'anotheruser'
+    fill_in 'new_user_email',    with: user.email
+    fill_in 'new_user_password', with: '12341234'
     expect { click_button 'Sign up' }.to change { User.count }.by(0)
     expect(page).to have_text('Email has already been taken')
     expect(number_of_errors_on_page(page)).to be(1), 'errors on page:\n #{errors_on_page page}'
diff --git a/spec/finders/issues_finder_spec.rb b/spec/finders/issues_finder_spec.rb
index bc607a29751..ec8809e6926 100644
--- a/spec/finders/issues_finder_spec.rb
+++ b/spec/finders/issues_finder_spec.rb
@@ -1,10 +1,10 @@
 require 'spec_helper'
 
 describe IssuesFinder do
-  let(:user) { create :user }
-  let(:user2) { create :user }
-  let(:project1) { create(:project) }
-  let(:project2) { create(:project) }
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:project1) { create(:empty_project) }
+  let(:project2) { create(:empty_project) }
   let(:milestone) { create(:milestone, project: project1) }
   let(:label) { create(:label, project: project2) }
   let(:issue1) { create(:issue, author: user, assignee: user, project: project1, milestone: milestone) }
@@ -16,101 +16,147 @@ describe IssuesFinder do
     project1.team << [user, :master]
     project2.team << [user, :developer]
     project2.team << [user2, :developer]
+
+    issue1
+    issue2
+    issue3
   end
 
-  describe :execute do
-    before :each do
-      issue1
-      issue2
-      issue3
-    end
+  describe '#execute' do
+    let(:search_user) { user }
+    let(:params) { {} }
+    let(:issues) { IssuesFinder.new(search_user, params.merge(scope: scope, state: 'opened')).execute }
 
     context 'scope: all' do
-      it 'should filter by all' do
-        params = { scope: "all", state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues.size).to eq(3)
+      let(:scope) { 'all' }
+
+      it 'returns all issues' do
+        expect(issues).to contain_exactly(issue1, issue2, issue3)
       end
 
-      it 'should filter by assignee id' do
-        params = { scope: "all", assignee_id: user.id, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues.size).to eq(2)
+      context 'filtering by assignee ID' do
+        let(:params) { { assignee_id: user.id } }
+
+        it 'returns issues assigned to that user' do
+          expect(issues).to contain_exactly(issue1, issue2)
+        end
       end
 
-      it 'should filter by author id' do
-        params = { scope: "all", author_id: user2.id, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues).to eq([issue3])
+      context 'filtering by author ID' do
+        let(:params) { { author_id: user2.id } }
+
+        it 'returns issues created by that user' do
+          expect(issues).to contain_exactly(issue3)
+        end
       end
 
-      it 'should filter by milestone id' do
-        params = { scope: "all", milestone_title: milestone.title, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues).to eq([issue1])
+      context 'filtering by milestone' do
+        let(:params) { { milestone_title: milestone.title } }
+
+        it 'returns issues assigned to that milestone' do
+          expect(issues).to contain_exactly(issue1)
+        end
       end
 
-      it 'should filter by no milestone id' do
-        params = { scope: "all", milestone_title: Milestone::None.title, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues).to match_array([issue2, issue3])
+      context 'filtering by no milestone' do
+        let(:params) { { milestone_title: Milestone::None.title } }
+
+        it 'returns issues with no milestone' do
+          expect(issues).to contain_exactly(issue2, issue3)
+        end
       end
 
-      it 'should filter by label name' do
-        params = { scope: "all", label_name: label.title, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues).to eq([issue2])
+      context 'filtering by upcoming milestone' do
+        let(:params) { { milestone_title: Milestone::Upcoming.name } }
+
+        let(:project_no_upcoming_milestones) { create(:empty_project, :public) }
+        let(:project_next_1_1) { create(:empty_project, :public) }
+        let(:project_next_8_8) { create(:empty_project, :public) }
+
+        let(:yesterday) { Date.today - 1.day }
+        let(:tomorrow) { Date.today + 1.day }
+        let(:two_days_from_now) { Date.today + 2.days }
+        let(:ten_days_from_now) { Date.today + 10.days }
+
+        let(:milestones) do
+          [
+            create(:milestone, :closed, project: project_no_upcoming_milestones),
+            create(:milestone, project: project_next_1_1, title: '1.1', due_date: two_days_from_now),
+            create(:milestone, project: project_next_1_1, title: '8.8', due_date: ten_days_from_now),
+            create(:milestone, project: project_next_8_8, title: '1.1', due_date: yesterday),
+            create(:milestone, project: project_next_8_8, title: '8.8', due_date: tomorrow)
+          ]
+        end
+
+        before do
+          milestones.each do |milestone|
+            create(:issue, project: milestone.project, milestone: milestone, author: user, assignee: user)
+          end
+        end
+
+        it 'returns issues in the upcoming milestone for each project' do
+          expect(issues.map { |issue| issue.milestone.title }).to contain_exactly('1.1', '8.8')
+          expect(issues.map { |issue| issue.milestone.due_date }).to contain_exactly(tomorrow, two_days_from_now)
+        end
       end
 
-      it 'returns unique issues when filtering by multiple labels' do
-        label2 = create(:label, project: project2)
+      context 'filtering by label' do
+        let(:params) { { label_name: label.title } }
 
-        create(:label_link, label: label2, target: issue2)
-
-        params = {
-          scope:      'all',
-          label_name: [label.title, label2.title].join(','),
-          state:      'opened'
-        }
-
-        issues = IssuesFinder.new(user, params).execute
-
-        expect(issues).to eq([issue2])
+        it 'returns issues with that label' do
+          expect(issues).to contain_exactly(issue2)
+        end
       end
 
-      it 'should filter by no label name' do
-        params = { scope: "all", label_name: Label::None.title, state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues).to match_array([issue1, issue3])
+      context 'filtering by multiple labels' do
+        let(:params) { { label_name: [label.title, label2.title].join(',') } }
+        let(:label2) { create(:label, project: project2) }
+
+        before { create(:label_link, label: label2, target: issue2) }
+
+        it 'returns the unique issues with any of those labels' do
+          expect(issues).to contain_exactly(issue2)
+        end
       end
 
-      it 'should be empty for unauthorized user' do
-        params = { scope: "all", state: 'opened' }
-        issues = IssuesFinder.new(nil, params).execute
-        expect(issues.size).to be_zero
+      context 'filtering by no label' do
+        let(:params) { { label_name: Label::None.title } }
+
+        it 'returns issues with no labels' do
+          expect(issues).to contain_exactly(issue1, issue3)
+        end
       end
 
-      it 'should not include unauthorized issues' do
-        params = { scope: "all", state: 'opened' }
-        issues = IssuesFinder.new(user2, params).execute
-        expect(issues.size).to eq(2)
-        expect(issues).not_to include(issue1)
-        expect(issues).to include(issue2)
-        expect(issues).to include(issue3)
+      context 'when the user is unauthorized' do
+        let(:search_user) { nil }
+
+        it 'returns no results' do
+          expect(issues).to be_empty
+        end
+      end
+
+      context 'when the user can see some, but not all, issues' do
+        let(:search_user) { user2 }
+
+        it 'returns only issues they can see' do
+          expect(issues).to contain_exactly(issue2, issue3)
+        end
       end
     end
 
     context 'personal scope' do
-      it 'should filter by assignee' do
-        params = { scope: "assigned-to-me", state: 'opened' }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues.size).to eq(2)
+      let(:scope) { 'assigned-to-me' }
+
+      it 'returns issue assigned to the user' do
+        expect(issues).to contain_exactly(issue1, issue2)
       end
 
-      it 'should filter by project' do
-        params = { scope: "assigned-to-me", state: 'opened', project_id: project1.id }
-        issues = IssuesFinder.new(user, params).execute
-        expect(issues.size).to eq(1)
+      context 'filtering by project' do
+        let(:params) { { project_id: project1.id } }
+
+        it 'returns issues assigned to the user in that project' do
+          expect(issues).to contain_exactly(issue1)
+        end
       end
     end
   end
diff --git a/spec/fixtures/container_registry/config_blob.json b/spec/fixtures/container_registry/config_blob.json
new file mode 100644
index 00000000000..1028c994a24
--- /dev/null
+++ b/spec/fixtures/container_registry/config_blob.json
@@ -0,0 +1 @@
+{"architecture":"amd64","config":{"Hostname":"b14cd8298755","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":null,"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"container":"b14cd82987550b01af9a666a2f4c996280a6152e66873134fae5a0f223dc5976","container_config":{"Hostname":"b14cd8298755","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) ADD file:033ab063740d9ff4dcfb1c69eccf25f91d88729f57cd5a73050e014e3e094aa0 in /"],"Image":"","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"created":"2016-04-01T20:53:00.160300546Z","docker_version":"1.9.1","history":[{"created":"2016-04-01T20:53:00.160300546Z","created_by":"/bin/sh -c #(nop) ADD file:033ab063740d9ff4dcfb1c69eccf25f91d88729f57cd5a73050e014e3e094aa0 in /"}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:c56b7dabbc7aa730eeab07668bdcbd7e3d40855047ca9a0cc1bfed23a2486111"]}}
diff --git a/spec/fixtures/container_registry/tag_manifest.json b/spec/fixtures/container_registry/tag_manifest.json
new file mode 100644
index 00000000000..1b6008e2872
--- /dev/null
+++ b/spec/fixtures/container_registry/tag_manifest.json
@@ -0,0 +1 @@
+{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/octet-stream","size":1145,"digest":"sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac"},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","size":2319870,"digest":"sha256:420890c9e918b6668faaedd9000e220190f2493b0693ee563ebd7b4cc754a57d"}]}
diff --git a/spec/fixtures/sanitized.svg b/spec/fixtures/sanitized.svg
new file mode 100644
index 00000000000..8f84b8f5e20
--- /dev/null
+++ b/spec/fixtures/sanitized.svg
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" data-name="Layer 1" viewBox="0 0 622 682">
+  
+  <defs>
+    <style>.cls-1{fill:#30353e;}.cls-2{fill:#8c929d;}.cls-3{fill:#fc6d26;}.cls-4{fill:#e24329;}.cls-5{fill:#fca326;}</style>
+  </defs>
+  <title>stacked_wm</title>
+  <path id="bg" class="cls-1" d="M622,681H0V-1H622V681h0Z"/>
+  <g id="g12">
+    <path id="path14" class="cls-2" d="M316.89,497.72h-19l0.06,141.74H375V621.93h-58l-0.06-124.22h0Z"/>
+  </g>
+  <g id="g24">
+    <path id="path26" class="cls-2" d="M448.32,614.57a32.46,32.46,0,0,1-23.59,10c-14.5,0-20.35-7.14-20.35-16.45,0-14.07,9.74-20.77,30.52-20.77a86.46,86.46,0,0,1,13.42,1.08v26.19h0Zm-19.7-85.91a63.45,63.45,0,0,0-40.5,14.53l6.73,11.66c7.79-4.54,17.32-9.09,31-9.09,15.58,0,22.51,8,22.51,21.42v6.93a81.48,81.48,0,0,0-13.2-1.08c-33.33,0-50.22,11.69-50.22,36.14,0,21.86,13.42,32.89,33.76,32.89,13.71,0,26.84-6.28,31.38-16.45l3.46,13.85h13.42V567c0-22.94-10-38.3-38.31-38.3h0Z"/>
+  </g>
+  <g id="g28">
+    <path id="path30" class="cls-2" d="M528.4,625.18c-7.14,0-13.42-.87-18.18-3V556.58c6.49-5.41,14.5-9.31,24.68-9.31,18.4,0,25.54,13,25.54,34,0,29.86-11.47,43.93-32,43.93m8-96.52a34.88,34.88,0,0,0-26.19,11.58V522l-0.06-24.24H491.54L491.6,636c9.31,3.9,22.08,6.06,35.93,6.06,35.5,0,52.6-22.72,52.6-61.89,0-30.95-15.8-51.51-43.73-51.51"/>
+  </g>
+  <g id="g32">
+    <path id="path34" class="cls-2" d="M109.84,513.08c16.88,0,27.7,5.63,34.85,11.25l8.19-14.18c-11.16-9.78-26.16-15-42.17-15-40.47,0-68.83,24.67-68.83,74.44,0,52.15,30.59,72.5,65.58,72.5a111,111,0,0,0,42.21-8.22l-0.4-55.72V560.58H97.32v17.53h33.12l0.4,42.31c-4.33,2.16-11.9,3.9-22.08,3.9-28.14,0-47-17.7-47-55,0-37.87,19.48-56.26,48.05-56.26"/>
+  </g>
+  <g id="g36">
+    <path id="path38" class="cls-2" d="M243.79,497.72H225.17l0.06,23.8v82.23c0,22.94,10,38.3,38.31,38.3A64.16,64.16,0,0,0,275,641V624.31a57,57,0,0,1-8.66.65c-15.58,0-22.51-8-22.51-21.42v-56.7H275V531.26H243.85l-0.06-33.54h0Z"/>
+  </g>
+  <path id="path40" class="cls-2" d="M177.94,639.46h18.61V531.26H177.94v108.2h0Z"/>
+  <path id="path42" class="cls-2" d="M177.94,516.33h18.61V497.72H177.94v18.61h0Z"/>
+  <g id="g44">
+    <path id="path46" class="cls-3" d="M525.05,266.23l-24-74L453.36,45.6a8.19,8.19,0,0,0-15.58,0L390.12,192.24H231.88L184.22,45.6a8.19,8.19,0,0,0-15.58,0L121,192.24l-24,74a16.38,16.38,0,0,0,6,18.31L311,435.71,519.1,284.54a16.38,16.38,0,0,0,6-18.31"/>
+  </g>
+  <g id="g48">
+    <path id="path50" class="cls-4" d="M311,435.71h0l79.12-243.47H231.88L311,435.71h0Z"/>
+  </g>
+  <g id="g56">
+    <path id="path58" class="cls-3" d="M311,435.71L231.88,192.24H121L311,435.71h0Z"/>
+  </g>
+  <g id="g64">
+    <path id="path66" class="cls-5" d="M121,192.24h0l-24,74a16.37,16.37,0,0,0,6,18.31L311,435.7,121,192.24h0Z"/>
+  </g>
+  <g id="g72">
+    <path id="path74" class="cls-4" d="M121,192.24H231.88L184.22,45.6a8.19,8.19,0,0,0-15.58,0L121,192.24h0Z"/>
+  </g>
+  <g id="g76">
+    <path id="path78" class="cls-3" d="M311,435.71l79.12-243.47H501L311,435.71h0Z"/>
+  </g>
+  <g id="g80">
+    <path id="path82" class="cls-5" d="M501,192.24h0l24,74a16.37,16.37,0,0,1-6,18.31L311,435.7,501,192.24h0Z"/>
+  </g>
+  <g id="g84">
+    <path id="path86" class="cls-4" d="M501,192.24H390.12L437.78,45.6a8.19,8.19,0,0,1,15.58,0L501,192.24h0Z"/>
+  </g>
+</svg>
diff --git a/spec/fixtures/unsanitized.svg b/spec/fixtures/unsanitized.svg
new file mode 100644
index 00000000000..3957557334b
--- /dev/null
+++ b/spec/fixtures/unsanitized.svg
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+<svg xmlns="http://www.w3.org/2000/svg" id="Layer_1" data-name="Layer 1" viewBox="0 0 622 682" filterMe="test">
+  <iframe src="http://www.google.com"></iframe>
+  <defs>
+    <style>.cls-1{fill:#30353e;}.cls-2{fill:#8c929d;}.cls-3{fill:#fc6d26;}.cls-4{fill:#e24329;}.cls-5{fill:#fca326;}</style>
+  </defs>
+  <title>stacked_wm</title>
+  <path id="bg" class="cls-1" d="M622,681H0V-1H622V681h0Z"/>
+  <g id="g12">
+    <path id="path14" class="cls-2" d="M316.89,497.72h-19l0.06,141.74H375V621.93h-58l-0.06-124.22h0Z"/>
+  </g>
+  <g id="g24">
+    <path id="path26" class="cls-2" d="M448.32,614.57a32.46,32.46,0,0,1-23.59,10c-14.5,0-20.35-7.14-20.35-16.45,0-14.07,9.74-20.77,30.52-20.77a86.46,86.46,0,0,1,13.42,1.08v26.19h0Zm-19.7-85.91a63.45,63.45,0,0,0-40.5,14.53l6.73,11.66c7.79-4.54,17.32-9.09,31-9.09,15.58,0,22.51,8,22.51,21.42v6.93a81.48,81.48,0,0,0-13.2-1.08c-33.33,0-50.22,11.69-50.22,36.14,0,21.86,13.42,32.89,33.76,32.89,13.71,0,26.84-6.28,31.38-16.45l3.46,13.85h13.42V567c0-22.94-10-38.3-38.31-38.3h0Z"/>
+  </g>
+  <g id="g28">
+    <path id="path30" class="cls-2" d="M528.4,625.18c-7.14,0-13.42-.87-18.18-3V556.58c6.49-5.41,14.5-9.31,24.68-9.31,18.4,0,25.54,13,25.54,34,0,29.86-11.47,43.93-32,43.93m8-96.52a34.88,34.88,0,0,0-26.19,11.58V522l-0.06-24.24H491.54L491.6,636c9.31,3.9,22.08,6.06,35.93,6.06,35.5,0,52.6-22.72,52.6-61.89,0-30.95-15.8-51.51-43.73-51.51"/>
+  </g>
+  <g id="g32">
+    <path id="path34" class="cls-2" d="M109.84,513.08c16.88,0,27.7,5.63,34.85,11.25l8.19-14.18c-11.16-9.78-26.16-15-42.17-15-40.47,0-68.83,24.67-68.83,74.44,0,52.15,30.59,72.5,65.58,72.5a111,111,0,0,0,42.21-8.22l-0.4-55.72V560.58H97.32v17.53h33.12l0.4,42.31c-4.33,2.16-11.9,3.9-22.08,3.9-28.14,0-47-17.7-47-55,0-37.87,19.48-56.26,48.05-56.26"/>
+  </g>
+  <g id="g36">
+    <path id="path38" class="cls-2" d="M243.79,497.72H225.17l0.06,23.8v82.23c0,22.94,10,38.3,38.31,38.3A64.16,64.16,0,0,0,275,641V624.31a57,57,0,0,1-8.66.65c-15.58,0-22.51-8-22.51-21.42v-56.7H275V531.26H243.85l-0.06-33.54h0Z"/>
+  </g>
+  <path id="path40" class="cls-2" d="M177.94,639.46h18.61V531.26H177.94v108.2h0Z"/>
+  <path id="path42" class="cls-2" d="M177.94,516.33h18.61V497.72H177.94v18.61h0Z"/>
+  <g id="g44">
+    <path id="path46" class="cls-3" d="M525.05,266.23l-24-74L453.36,45.6a8.19,8.19,0,0,0-15.58,0L390.12,192.24H231.88L184.22,45.6a8.19,8.19,0,0,0-15.58,0L121,192.24l-24,74a16.38,16.38,0,0,0,6,18.31L311,435.71,519.1,284.54a16.38,16.38,0,0,0,6-18.31"/>
+  </g>
+  <g id="g48">
+    <path id="path50" class="cls-4" d="M311,435.71h0l79.12-243.47H231.88L311,435.71h0Z"/>
+  </g>
+  <g id="g56">
+    <path id="path58" class="cls-3" d="M311,435.71L231.88,192.24H121L311,435.71h0Z"/>
+  </g>
+  <g id="g64">
+    <path id="path66" class="cls-5" d="M121,192.24h0l-24,74a16.37,16.37,0,0,0,6,18.31L311,435.7,121,192.24h0Z"/>
+  </g>
+  <g id="g72">
+    <path id="path74" class="cls-4" d="M121,192.24H231.88L184.22,45.6a8.19,8.19,0,0,0-15.58,0L121,192.24h0Z"/>
+  </g>
+  <g id="g76">
+    <path id="path78" class="cls-3" d="M311,435.71l79.12-243.47H501L311,435.71h0Z"/>
+  </g>
+  <g id="g80">
+    <path id="path82" class="cls-5" d="M501,192.24h0l24,74a16.37,16.37,0,0,1-6,18.31L311,435.7,501,192.24h0Z"/>
+  </g>
+  <g id="g84">
+    <path id="path86" class="cls-4" d="M501,192.24H390.12L437.78,45.6a8.19,8.19,0,0,1,15.58,0L501,192.24h0Z"/>
+  </g>
+</svg>
diff --git a/spec/helpers/auth_helper_spec.rb b/spec/helpers/auth_helper_spec.rb
index e47a54fdac5..16fbb5dcecb 100644
--- a/spec/helpers/auth_helper_spec.rb
+++ b/spec/helpers/auth_helper_spec.rb
@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe AuthHelper do
   describe "button_based_providers" do
-    it 'returns all enabled providers' do
+    it 'returns all enabled providers from devise' do
       allow(helper).to receive(:auth_providers) { [:twitter, :github] }
       expect(helper.button_based_providers).to include(*[:twitter, :github])
     end
@@ -17,4 +17,49 @@ describe AuthHelper do
       expect(helper.button_based_providers).to eq([])
     end
   end
+
+  describe 'enabled_button_based_providers' do
+    before do
+      allow(helper).to receive(:auth_providers) { [:twitter, :github] }
+    end
+
+    context 'all providers are enabled to sign in' do
+      it 'returns all the enabled providers from settings' do
+        expect(helper.enabled_button_based_providers).to include('twitter', 'github')
+      end
+    end
+
+    context 'GitHub OAuth sign in is disabled from application setting' do
+      it "doesn't return github as provider" do
+        stub_application_setting(
+          disabled_oauth_sign_in_sources: ['github']
+        )
+
+        expect(helper.enabled_button_based_providers).to include('twitter')
+        expect(helper.enabled_button_based_providers).to_not include('github')
+      end
+    end
+  end
+
+  describe 'button_based_providers_enabled?' do
+    before do
+      allow(helper).to receive(:auth_providers) { [:twitter, :github] }
+    end
+
+    context 'button based providers enabled' do
+      it 'returns true' do
+        expect(helper.button_based_providers_enabled?).to be true
+      end
+    end
+
+    context 'all the button based providers are disabled via application_setting' do
+      it 'returns false' do
+        stub_application_setting(
+          disabled_oauth_sign_in_sources: ['github', 'twitter']
+        )
+
+        expect(helper.button_based_providers_enabled?).to be false
+      end
+    end
+  end
 end
diff --git a/spec/helpers/blob_helper_spec.rb b/spec/helpers/blob_helper_spec.rb
index 87849230dbe..6d1c02db297 100644
--- a/spec/helpers/blob_helper_spec.rb
+++ b/spec/helpers/blob_helper_spec.rb
@@ -67,4 +67,16 @@ describe BlobHelper do
       expect(result).to eq(expected)
     end
   end
+
+  describe "#sanitize_svg" do
+    let(:input_svg_path) { File.join(Rails.root, 'spec', 'fixtures', 'unsanitized.svg') }
+    let(:data) { open(input_svg_path).read }
+    let(:expected_svg_path) { File.join(Rails.root, 'spec', 'fixtures', 'sanitized.svg') }
+    let(:expected) { open(expected_svg_path).read }
+
+    it 'should retain essential elements' do
+      blob = OpenStruct.new(data: data)
+      expect(sanitize_svg(blob).data).to eq(expected)
+    end
+  end
 end
diff --git a/spec/helpers/events_helper_spec.rb b/spec/helpers/events_helper_spec.rb
index e68a5ec29ab..c0d2be98e85 100644
--- a/spec/helpers/events_helper_spec.rb
+++ b/spec/helpers/events_helper_spec.rb
@@ -1,64 +1,65 @@
 require 'spec_helper'
 
 describe EventsHelper do
-  include ApplicationHelper
-  include GitlabMarkdownHelper
+  describe '#event_note' do
+    before do
+      allow(helper).to receive(:current_user).and_return(double)
+    end
 
-  let(:current_user) { create(:user, email: "current@email.com") }
+    it 'should display one line of plain text without alteration' do
+      input = 'A short, plain note'
+      expect(helper.event_note(input)).to match(input)
+      expect(helper.event_note(input)).not_to match(/\.\.\.\z/)
+    end
 
-  it 'should display one line of plain text without alteration' do
-    input = 'A short, plain note'
-    expect(event_note(input)).to match(input)
-    expect(event_note(input)).not_to match(/\.\.\.\z/)
-  end
+    it 'should display inline code' do
+      input = 'A note with `inline code`'
+      expected = 'A note with <code>inline code</code>'
 
-  it 'should display inline code' do
-    input = 'A note with `inline code`'
-    expected = 'A note with <code>inline code</code>'
+      expect(helper.event_note(input)).to match(expected)
+    end
 
-    expect(event_note(input)).to match(expected)
-  end
+    it 'should truncate a note with multiple paragraphs' do
+      input = "Paragraph 1\n\nParagraph 2"
+      expected = 'Paragraph 1...'
 
-  it 'should truncate a note with multiple paragraphs' do
-    input = "Paragraph 1\n\nParagraph 2"
-    expected = 'Paragraph 1...'
+      expect(helper.event_note(input)).to match(expected)
+    end
 
-    expect(event_note(input)).to match(expected)
-  end
+    it 'should display the first line of a code block' do
+      input = "```\nCode block\nwith two lines\n```"
+      expected = %r{<pre.+><code>Code block\.\.\.</code></pre>}
 
-  it 'should display the first line of a code block' do
-    input = "```\nCode block\nwith two lines\n```"
-    expected = %r{<pre.+><code>Code block\.\.\.</code></pre>}
+      expect(helper.event_note(input)).to match(expected)
+    end
 
-    expect(event_note(input)).to match(expected)
-  end
+    it 'should truncate a single long line of text' do
+      text = 'The quick brown fox jumped over the lazy dog twice' # 50 chars
+      input = text * 4
+      expected = (text * 2).sub(/.{3}/, '...')
 
-  it 'should truncate a single long line of text' do
-    text = 'The quick brown fox jumped over the lazy dog twice' # 50 chars
-    input = "#{text}#{text}#{text}#{text}" # 200 chars
-    expected = "#{text}#{text}".sub(/.{3}/, '...')
+      expect(helper.event_note(input)).to match(expected)
+    end
 
-    expect(event_note(input)).to match(expected)
-  end
+    it 'should preserve a link href when link text is truncated' do
+      text = 'The quick brown fox jumped over the lazy dog' # 44 chars
+      input = "#{text}#{text}#{text} " # 133 chars
+      link_url = 'http://example.com/foo/bar/baz' # 30 chars
+      input << link_url
+      expected_link_text = 'http://example...</a>'
 
-  it 'should preserve a link href when link text is truncated' do
-    text = 'The quick brown fox jumped over the lazy dog' # 44 chars
-    input = "#{text}#{text}#{text} " # 133 chars
-    link_url = 'http://example.com/foo/bar/baz' # 30 chars
-    input << link_url
-    expected_link_text = 'http://example...</a>'
+      expect(helper.event_note(input)).to match(link_url)
+      expect(helper.event_note(input)).to match(expected_link_text)
+    end
 
-    expect(event_note(input)).to match(link_url)
-    expect(event_note(input)).to match(expected_link_text)
-  end
-
-  it 'should preserve code color scheme' do
-    input = "```ruby\ndef test\n  'hello world'\nend\n```"
-    expected = '<pre class="code highlight js-syntax-highlight ruby">' \
-      "<code><span class=\"k\">def</span> <span class=\"nf\">test</span>\n" \
-      "  <span class=\"s1\">\'hello world\'</span>\n" \
-      "<span class=\"k\">end</span>" \
-      '</code></pre>'
-    expect(event_note(input)).to eq(expected)
+    it 'should preserve code color scheme' do
+      input = "```ruby\ndef test\n  'hello world'\nend\n```"
+      expected = '<pre class="code highlight js-syntax-highlight ruby">' \
+        "<code><span class=\"k\">def</span> <span class=\"nf\">test</span>\n" \
+        "  <span class=\"s1\">\'hello world\'</span>\n" \
+        "<span class=\"k\">end</span>" \
+        '</code></pre>'
+      expect(helper.event_note(input)).to eq(expected)
+    end
   end
 end
diff --git a/spec/helpers/issues_helper_spec.rb b/spec/helpers/issues_helper_spec.rb
index 543593cf389..bffe2c18b6f 100644
--- a/spec/helpers/issues_helper_spec.rb
+++ b/spec/helpers/issues_helper_spec.rb
@@ -30,6 +30,18 @@ describe IssuesHelper do
       expect(url_for_project_issues).to eq ""
     end
 
+    it 'returns an empty string if project_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.project_url') { 'javascript:alert("foo");' }
+
+      expect(url_for_project_issues(project)).to eq ''
+    end
+
+    it 'returns an empty string if project_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.project_path') { 'javascript:alert("foo");' }
+
+      expect(url_for_project_issues(project, only_path: true)).to eq ''
+    end
+
     describe "when external tracker was enabled and then config removed" do
       before do
         @project = ext_project
@@ -68,6 +80,18 @@ describe IssuesHelper do
       expect(url_for_issue(issue.iid)).to eq ""
     end
 
+    it 'returns an empty string if issue_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.issue_url') { 'javascript:alert("foo");' }
+
+      expect(url_for_issue(issue.iid, project)).to eq ''
+    end
+
+    it 'returns an empty string if issue_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.issue_path') { 'javascript:alert("foo");' }
+
+      expect(url_for_issue(issue.iid, project, only_path: true)).to eq ''
+    end
+
     describe "when external tracker was enabled and then config removed" do
       before do
         @project = ext_project
@@ -105,6 +129,18 @@ describe IssuesHelper do
       expect(url_for_new_issue).to eq ""
     end
 
+    it 'returns an empty string if issue_url is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.new_issue_url') { 'javascript:alert("foo");' }
+
+      expect(url_for_new_issue(project)).to eq ''
+    end
+
+    it 'returns an empty string if issue_path is invalid' do
+      expect(project).to receive_message_chain('issues_tracker.new_issue_path') { 'javascript:alert("foo");' }
+
+      expect(url_for_new_issue(project, only_path: true)).to eq ''
+    end
+
     describe "when external tracker was enabled and then config removed" do
       before do
         @project = ext_project
diff --git a/spec/helpers/labels_helper_spec.rb b/spec/helpers/labels_helper_spec.rb
index 39042ff7e91..501f150cfda 100644
--- a/spec/helpers/labels_helper_spec.rb
+++ b/spec/helpers/labels_helper_spec.rb
@@ -11,13 +11,13 @@ describe LabelsHelper do
       end
 
       it 'uses the instance variable' do
-        expect(link_to_label(label)).to match %r{<a href="/#{@project.to_reference}/issues\?label_name=#{label.name}"><span class="[\w\s\-]*has-tooltip".*</span></a>}
+        expect(link_to_label(label)).to match %r{<a href="/#{@project.to_reference}/issues\?label_name%5B%5D=#{label.name}"><span class="[\w\s\-]*has-tooltip".*</span></a>}
       end
     end
 
     context 'without @project set' do
       it "uses the label's project" do
-        expect(link_to_label(label)).to match %r{<a href="/#{label.project.to_reference}/issues\?label_name=#{label.name}">.*</a>}
+        expect(link_to_label(label)).to match %r{<a href="/#{label.project.to_reference}/issues\?label_name%5B%5D=#{label.name}">.*</a>}
       end
     end
 
@@ -25,7 +25,7 @@ describe LabelsHelper do
       let(:another_project) { double('project', namespace: 'foo3', to_param: 'bar3') }
 
       it 'links to merge requests page' do
-        expect(link_to_label(label, project: another_project)).to match %r{<a href="/foo3/bar3/issues\?label_name=#{label.name}">.*</a>}
+        expect(link_to_label(label, project: another_project)).to match %r{<a href="/foo3/bar3/issues\?label_name%5B%5D=#{label.name}">.*</a>}
       end
     end
 
@@ -33,7 +33,7 @@ describe LabelsHelper do
       ['issue', :issue, 'merge_request', :merge_request].each do |type|
         context "set to #{type}" do
           it 'links to correct page' do
-            expect(link_to_label(label, type: type)).to match %r{<a href="/#{label.project.to_reference}/#{type.to_s.pluralize}\?label_name=#{label.name}">.*</a>}
+            expect(link_to_label(label, type: type)).to match %r{<a href="/#{label.project.to_reference}/#{type.to_s.pluralize}\?label_name%5B%5D=#{label.name}">.*</a>}
           end
         end
       end
diff --git a/spec/helpers/projects_helper_spec.rb b/spec/helpers/projects_helper_spec.rb
index c258cfebd73..ac5af8740dc 100644
--- a/spec/helpers/projects_helper_spec.rb
+++ b/spec/helpers/projects_helper_spec.rb
@@ -88,21 +88,56 @@ describe ProjectsHelper do
   end
 
   describe 'default_clone_protocol' do
-    describe 'using HTTP' do
+    context 'when user is not logged in and gitlab protocol is HTTP' do
       it 'returns HTTP' do
-        expect(helper).to receive(:current_user).and_return(nil)
+        allow(helper).to receive(:current_user).and_return(nil)
 
         expect(helper.send(:default_clone_protocol)).to eq('http')
       end
     end
 
-    describe 'using HTTPS' do
+    context 'when user is not logged in and gitlab protocol is HTTPS' do
       it 'returns HTTPS' do
-        allow(Gitlab.config.gitlab).to receive(:protocol).and_return('https')
-        expect(helper).to receive(:current_user).and_return(nil)
+        stub_config_setting(protocol: 'https')
+        allow(helper).to receive(:current_user).and_return(nil)
 
         expect(helper.send(:default_clone_protocol)).to eq('https')
       end
     end
   end
+
+  describe '#license_short_name' do
+    let(:project) { create(:project) }
+
+    context 'when project.repository has a license_key' do
+      it 'returns the nickname of the license if present' do
+        allow(project.repository).to receive(:license_key).and_return('agpl-3.0')
+
+        expect(helper.license_short_name(project)).to eq('GNU AGPLv3')
+      end
+
+      it 'returns the name of the license if nickname is not present' do
+        allow(project.repository).to receive(:license_key).and_return('mit')
+
+        expect(helper.license_short_name(project)).to eq('MIT License')
+      end
+    end
+
+    context 'when project.repository has no license_key but a license_blob' do
+      it 'returns LICENSE' do
+        allow(project.repository).to receive(:license_key).and_return(nil)
+
+        expect(helper.license_short_name(project)).to eq('LICENSE')
+      end
+    end
+  end
+
+  describe '#sanitized_import_error' do
+    it 'removes the repo path' do
+      repo = File.join(Gitlab.config.gitlab_shell.repos_path, '/namespace/test.git')
+      import_error = "Could not clone #{repo}\n"
+
+      expect(sanitize_repo_path(import_error)).to eq('Could not clone [REPOS PATH]/namespace/test.git')
+    end
+  end
 end
diff --git a/spec/initializers/trusted_proxies_spec.rb b/spec/initializers/trusted_proxies_spec.rb
new file mode 100644
index 00000000000..4bb149f25ff
--- /dev/null
+++ b/spec/initializers/trusted_proxies_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe 'trusted_proxies', lib: true do
+  context 'with default config' do
+    before do
+      set_trusted_proxies([])
+    end
+
+    it 'preserves private IPs as remote_ip' do
+      request = stub_request('HTTP_X_FORWARDED_FOR' => '10.1.5.89')
+      expect(request.remote_ip).to eq('10.1.5.89')
+    end
+
+    it 'filters out localhost from remote_ip' do
+      request = stub_request('HTTP_X_FORWARDED_FOR' => '1.1.1.1, 10.1.5.89, 127.0.0.1')
+      expect(request.remote_ip).to eq('10.1.5.89')
+    end
+  end
+
+  context 'with private IP ranges added' do
+    before do
+      set_trusted_proxies([ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ])
+    end
+
+    it 'filters out private and local IPs from remote_ip' do
+      request = stub_request('HTTP_X_FORWARDED_FOR' => '1.2.3.6, 1.1.1.1, 10.1.5.89, 127.0.0.1')
+      expect(request.remote_ip).to eq('1.1.1.1')
+    end
+  end
+
+  context 'with proxy IP added' do
+    before do
+      set_trusted_proxies([ "60.98.25.47" ])
+    end
+
+    it 'filters out proxy IP from remote_ip' do
+      request = stub_request('HTTP_X_FORWARDED_FOR' => '1.2.3.6, 1.1.1.1, 60.98.25.47, 127.0.0.1')
+      expect(request.remote_ip).to eq('1.1.1.1')
+    end
+  end
+
+  def stub_request(headers = {})
+    ActionDispatch::RemoteIp.new(Proc.new { }, false, Rails.application.config.action_dispatch.trusted_proxies).call(headers)
+    ActionDispatch::Request.new(headers)
+  end
+
+  def set_trusted_proxies(proxies = [])
+    stub_config_setting('trusted_proxies' => proxies)
+    load File.join(__dir__, '../../config/initializers/trusted_proxies.rb')
+  end
+end
diff --git a/spec/javascripts/merge_request_widget_spec.js.coffee b/spec/javascripts/merge_request_widget_spec.js.coffee
new file mode 100644
index 00000000000..92b7eeb1116
--- /dev/null
+++ b/spec/javascripts/merge_request_widget_spec.js.coffee
@@ -0,0 +1,55 @@
+#= require merge_request_widget
+
+describe 'MergeRequestWidget', ->
+
+  beforeEach ->
+    window.notifyPermissions = () ->
+    window.notify = () ->
+    @opts = {
+      ci_status_url:"http://sampledomain.local/ci/getstatus",
+      ci_status:"",
+      ci_message: {
+        normal: "Build {{status}} for \"{{title}}\"",
+        preparing: "{{status}} build for \"{{title}}\""
+      },
+      ci_title: {
+        preparing: "{{status}} build",
+        normal: "Build {{status}}"
+      },
+      gitlab_icon:"gitlab_logo.png",
+      builds_path:"http://sampledomain.local/sampleBuildsPath"
+    }
+    @class = new MergeRequestWidget(@opts)
+    @ciStatusData = {"title":"Sample MR title","sha":"12a34bc5","status":"success","coverage":98}
+
+  describe 'getCIStatus', ->
+    beforeEach ->
+      spyOn(jQuery, 'getJSON').and.callFake (req, cb) =>
+        cb(@ciStatusData)
+
+    it 'should call showCIStatus even if a notification should not be displayed', ->
+      spy = spyOn(@class, 'showCIStatus').and.stub()
+      @class.getCIStatus(false)
+      expect(spy).toHaveBeenCalledWith(@ciStatusData.status)
+
+    it 'should call showCIStatus when a notification should be displayed', ->
+      spy = spyOn(@class, 'showCIStatus').and.stub()
+      @class.getCIStatus(true)
+      expect(spy).toHaveBeenCalledWith(@ciStatusData.status)
+
+    it 'should call showCICoverage when the coverage rate is set', ->
+      spy = spyOn(@class, 'showCICoverage').and.stub()
+      @class.getCIStatus(false)
+      expect(spy).toHaveBeenCalledWith(@ciStatusData.coverage)
+
+    it 'should not call showCICoverage when the coverage rate is not set', ->
+      @ciStatusData.coverage = null
+      spy = spyOn(@class, 'showCICoverage').and.stub()
+      @class.getCIStatus(false)
+      expect(spy).not.toHaveBeenCalled()
+
+    it 'should not display a notification on the first check after the widget has been created', ->
+      spy = spyOn(window, 'notify')
+      @class = new MergeRequestWidget(@opts)
+      @class.getCIStatus(true)
+      expect(spy).not.toHaveBeenCalled()
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index 27ce312b11c..b38e3b17e64 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -22,6 +22,12 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
       expect(filter(act).to_html).to eq exp
     end
 
+    it 'sanitizes mixed-cased javascript in attributes' do
+      act = %q(<a href="javaScript:alert('foo')">Text</a>)
+      exp = '<a>Text</a>'
+      expect(filter(act).to_html).to eq exp
+    end
+
     it 'allows whitelisted HTML tags from the user' do
       exp = act = "<dl>\n<dt>Term</dt>\n<dd>Definition</dd>\n</dl>"
       expect(filter(act).to_html).to eq exp
diff --git a/spec/lib/banzai/filter/upload_link_filter_spec.rb b/spec/lib/banzai/filter/upload_link_filter_spec.rb
index 3b073a90a95..b83be54746c 100644
--- a/spec/lib/banzai/filter/upload_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/upload_link_filter_spec.rb
@@ -8,6 +8,10 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
       project: project
     })
 
+    raw_filter(doc, contexts)
+  end
+
+  def raw_filter(doc, contexts = {})
     described_class.call(doc, contexts)
   end
 
@@ -70,4 +74,18 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
       expect(doc.at_css('img')['src']).to match "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/%ED%95%9C%EA%B8%80.png"
     end
   end
+
+  context 'when project context does not exist' do
+    let(:upload_link) { link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg') }
+
+    it 'does not raise error' do
+      expect { raw_filter(upload_link, project: nil) }.not_to raise_error
+    end
+
+    it 'does not rewrite link' do
+      doc = raw_filter(upload_link, project: nil)
+
+      expect(doc.to_html).to eq upload_link
+    end
+  end
 end
diff --git a/spec/lib/banzai/filter/wiki_link_filter_spec.rb b/spec/lib/banzai/filter/wiki_link_filter_spec.rb
new file mode 100644
index 00000000000..185abbb2108
--- /dev/null
+++ b/spec/lib/banzai/filter/wiki_link_filter_spec.rb
@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+describe Banzai::Filter::WikiLinkFilter, lib: true do
+  include FilterSpecHelper
+
+  let(:namespace) { build_stubbed(:namespace, name: "wiki_link_ns") }
+  let(:project)   { build_stubbed(:empty_project, :public, name: "wiki_link_project", namespace: namespace) }
+  let(:user) { double }
+  let(:project_wiki) { ProjectWiki.new(project, user) }
+
+  describe "links within the wiki (relative)" do
+    describe "hierarchical links to the current directory" do
+      it "doesn't rewrite non-file links" do
+        link = "<a href='./page'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('./page')
+      end
+
+      it "doesn't rewrite file links" do
+        link = "<a href='./page.md'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('./page.md')
+      end
+    end
+
+    describe "hierarchical links to the parent directory" do
+      it "doesn't rewrite non-file links" do
+        link = "<a href='../page'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('../page')
+      end
+
+      it "doesn't rewrite file links" do
+        link = "<a href='../page.md'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('../page.md')
+      end
+    end
+
+    describe "hierarchical links to a sub-directory" do
+      it "doesn't rewrite non-file links" do
+        link = "<a href='./subdirectory/page'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('./subdirectory/page')
+      end
+
+      it "doesn't rewrite file links" do
+        link = "<a href='./subdirectory/page.md'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('./subdirectory/page.md')
+      end
+    end
+
+    describe "non-hierarchical links" do
+      it 'rewrites non-file links to be at the scope of the wiki root' do
+        link = "<a href='page'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to match('/wiki_link_ns/wiki_link_project/wikis/page')
+      end
+
+      it "doesn't rewrite file links" do
+        link = "<a href='page.md'>Link to Page</a>"
+        filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+        expect(filtered_link.attribute('href').value).to eq('page.md')
+      end
+    end
+  end
+
+  describe "links outside the wiki (absolute)" do
+    it "doesn't rewrite links" do
+      link = "<a href='http://example.com/page'>Link to Page</a>"
+      filtered_link = filter(link, project_wiki: project_wiki).children[0]
+
+      expect(filtered_link.attribute('href').value).to eq('http://example.com/page')
+    end
+  end
+end
diff --git a/spec/lib/ci/ansi2html_spec.rb b/spec/lib/ci/ansi2html_spec.rb
index 3a2b568f4c7..04afbd06929 100644
--- a/spec/lib/ci/ansi2html_spec.rb
+++ b/spec/lib/ci/ansi2html_spec.rb
@@ -4,131 +4,176 @@ describe Ci::Ansi2html, lib: true do
   subject { Ci::Ansi2html }
 
   it "prints non-ansi as-is" do
-    expect(subject.convert("Hello")).to eq('Hello')
+    expect(subject.convert("Hello")[:html]).to eq('Hello')
   end
 
   it "strips non-color-changing controll sequences" do
-    expect(subject.convert("Hello \e[2Kworld")).to eq('Hello world')
+    expect(subject.convert("Hello \e[2Kworld")[:html]).to eq('Hello world')
   end
 
   it "prints simply red" do
-    expect(subject.convert("\e[31mHello\e[0m")).to eq('<span class="term-fg-red">Hello</span>')
+    expect(subject.convert("\e[31mHello\e[0m")[:html]).to eq('<span class="term-fg-red">Hello</span>')
   end
 
   it "prints simply red without trailing reset" do
-    expect(subject.convert("\e[31mHello")).to eq('<span class="term-fg-red">Hello</span>')
+    expect(subject.convert("\e[31mHello")[:html]).to eq('<span class="term-fg-red">Hello</span>')
   end
 
   it "prints simply yellow" do
-    expect(subject.convert("\e[33mHello\e[0m")).to eq('<span class="term-fg-yellow">Hello</span>')
+    expect(subject.convert("\e[33mHello\e[0m")[:html]).to eq('<span class="term-fg-yellow">Hello</span>')
   end
 
   it "prints default on blue" do
-    expect(subject.convert("\e[39;44mHello")).to eq('<span class="term-bg-blue">Hello</span>')
+    expect(subject.convert("\e[39;44mHello")[:html]).to eq('<span class="term-bg-blue">Hello</span>')
   end
 
   it "prints red on blue" do
-    expect(subject.convert("\e[31;44mHello")).to eq('<span class="term-fg-red term-bg-blue">Hello</span>')
+    expect(subject.convert("\e[31;44mHello")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello</span>')
   end
 
   it "resets colors after red on blue" do
-    expect(subject.convert("\e[31;44mHello\e[0m world")).to eq('<span class="term-fg-red term-bg-blue">Hello</span> world')
+    expect(subject.convert("\e[31;44mHello\e[0m world")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello</span> world')
   end
 
   it "performs color change from red/blue to yellow/blue" do
-    expect(subject.convert("\e[31;44mHello \e[33mworld")).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-fg-yellow term-bg-blue">world</span>')
+    expect(subject.convert("\e[31;44mHello \e[33mworld")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-fg-yellow term-bg-blue">world</span>')
   end
 
   it "performs color change from red/blue to yellow/green" do
-    expect(subject.convert("\e[31;44mHello \e[33;42mworld")).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-fg-yellow term-bg-green">world</span>')
+    expect(subject.convert("\e[31;44mHello \e[33;42mworld")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-fg-yellow term-bg-green">world</span>')
   end
 
   it "performs color change from red/blue to reset to yellow/green" do
-    expect(subject.convert("\e[31;44mHello\e[0m \e[33;42mworld")).to eq('<span class="term-fg-red term-bg-blue">Hello</span> <span class="term-fg-yellow term-bg-green">world</span>')
+    expect(subject.convert("\e[31;44mHello\e[0m \e[33;42mworld")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello</span> <span class="term-fg-yellow term-bg-green">world</span>')
   end
 
   it "ignores unsupported codes" do
-    expect(subject.convert("\e[51mHello\e[0m")).to eq('Hello')
+    expect(subject.convert("\e[51mHello\e[0m")[:html]).to eq('Hello')
   end
 
   it "prints light red" do
-    expect(subject.convert("\e[91mHello\e[0m")).to eq('<span class="term-fg-l-red">Hello</span>')
+    expect(subject.convert("\e[91mHello\e[0m")[:html]).to eq('<span class="term-fg-l-red">Hello</span>')
   end
 
   it "prints default on light red" do
-    expect(subject.convert("\e[101mHello\e[0m")).to eq('<span class="term-bg-l-red">Hello</span>')
+    expect(subject.convert("\e[101mHello\e[0m")[:html]).to eq('<span class="term-bg-l-red">Hello</span>')
   end
 
   it "performs color change from red/blue to default/blue" do
-    expect(subject.convert("\e[31;44mHello \e[39mworld")).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-bg-blue">world</span>')
+    expect(subject.convert("\e[31;44mHello \e[39mworld")[:html]).to eq('<span class="term-fg-red term-bg-blue">Hello </span><span class="term-bg-blue">world</span>')
   end
 
   it "performs color change from light red/blue to default/blue" do
-    expect(subject.convert("\e[91;44mHello \e[39mworld")).to eq('<span class="term-fg-l-red term-bg-blue">Hello </span><span class="term-bg-blue">world</span>')
+    expect(subject.convert("\e[91;44mHello \e[39mworld")[:html]).to eq('<span class="term-fg-l-red term-bg-blue">Hello </span><span class="term-bg-blue">world</span>')
   end
 
   it "prints bold text" do
-    expect(subject.convert("\e[1mHello")).to eq('<span class="term-bold">Hello</span>')
+    expect(subject.convert("\e[1mHello")[:html]).to eq('<span class="term-bold">Hello</span>')
   end
 
   it "resets bold text" do
-    expect(subject.convert("\e[1mHello\e[21m world")).to eq('<span class="term-bold">Hello</span> world')
-    expect(subject.convert("\e[1mHello\e[22m world")).to eq('<span class="term-bold">Hello</span> world')
+    expect(subject.convert("\e[1mHello\e[21m world")[:html]).to eq('<span class="term-bold">Hello</span> world')
+    expect(subject.convert("\e[1mHello\e[22m world")[:html]).to eq('<span class="term-bold">Hello</span> world')
   end
 
   it "prints italic text" do
-    expect(subject.convert("\e[3mHello")).to eq('<span class="term-italic">Hello</span>')
+    expect(subject.convert("\e[3mHello")[:html]).to eq('<span class="term-italic">Hello</span>')
   end
 
   it "resets italic text" do
-    expect(subject.convert("\e[3mHello\e[23m world")).to eq('<span class="term-italic">Hello</span> world')
+    expect(subject.convert("\e[3mHello\e[23m world")[:html]).to eq('<span class="term-italic">Hello</span> world')
   end
 
   it "prints underlined text" do
-    expect(subject.convert("\e[4mHello")).to eq('<span class="term-underline">Hello</span>')
+    expect(subject.convert("\e[4mHello")[:html]).to eq('<span class="term-underline">Hello</span>')
   end
 
   it "resets underlined text" do
-    expect(subject.convert("\e[4mHello\e[24m world")).to eq('<span class="term-underline">Hello</span> world')
+    expect(subject.convert("\e[4mHello\e[24m world")[:html]).to eq('<span class="term-underline">Hello</span> world')
   end
 
   it "prints concealed text" do
-    expect(subject.convert("\e[8mHello")).to eq('<span class="term-conceal">Hello</span>')
+    expect(subject.convert("\e[8mHello")[:html]).to eq('<span class="term-conceal">Hello</span>')
   end
 
   it "resets concealed text" do
-    expect(subject.convert("\e[8mHello\e[28m world")).to eq('<span class="term-conceal">Hello</span> world')
+    expect(subject.convert("\e[8mHello\e[28m world")[:html]).to eq('<span class="term-conceal">Hello</span> world')
   end
 
   it "prints crossed-out text" do
-    expect(subject.convert("\e[9mHello")).to eq('<span class="term-cross">Hello</span>')
+    expect(subject.convert("\e[9mHello")[:html]).to eq('<span class="term-cross">Hello</span>')
   end
 
   it "resets crossed-out text" do
-    expect(subject.convert("\e[9mHello\e[29m world")).to eq('<span class="term-cross">Hello</span> world')
+    expect(subject.convert("\e[9mHello\e[29m world")[:html]).to eq('<span class="term-cross">Hello</span> world')
   end
 
   it "can print 256 xterm fg colors" do
-    expect(subject.convert("\e[38;5;16mHello")).to eq('<span class="xterm-fg-16">Hello</span>')
+    expect(subject.convert("\e[38;5;16mHello")[:html]).to eq('<span class="xterm-fg-16">Hello</span>')
   end
 
   it "can print 256 xterm fg colors on normal magenta background" do
-    expect(subject.convert("\e[38;5;16;45mHello")).to eq('<span class="xterm-fg-16 term-bg-magenta">Hello</span>')
+    expect(subject.convert("\e[38;5;16;45mHello")[:html]).to eq('<span class="xterm-fg-16 term-bg-magenta">Hello</span>')
   end
 
   it "can print 256 xterm bg colors" do
-    expect(subject.convert("\e[48;5;240mHello")).to eq('<span class="xterm-bg-240">Hello</span>')
+    expect(subject.convert("\e[48;5;240mHello")[:html]).to eq('<span class="xterm-bg-240">Hello</span>')
   end
 
   it "can print 256 xterm bg colors on normal magenta foreground" do
-    expect(subject.convert("\e[48;5;16;35mHello")).to eq('<span class="term-fg-magenta xterm-bg-16">Hello</span>')
+    expect(subject.convert("\e[48;5;16;35mHello")[:html]).to eq('<span class="term-fg-magenta xterm-bg-16">Hello</span>')
   end
 
   it "prints bold colored text vividly" do
-    expect(subject.convert("\e[1;31mHello\e[0m")).to eq('<span class="term-fg-l-red term-bold">Hello</span>')
+    expect(subject.convert("\e[1;31mHello\e[0m")[:html]).to eq('<span class="term-fg-l-red term-bold">Hello</span>')
   end
 
   it "prints bold light colored text correctly" do
-    expect(subject.convert("\e[1;91mHello\e[0m")).to eq('<span class="term-fg-l-red term-bold">Hello</span>')
+    expect(subject.convert("\e[1;91mHello\e[0m")[:html]).to eq('<span class="term-fg-l-red term-bold">Hello</span>')
+  end
+
+  it "prints &lt;" do
+    expect(subject.convert("<")[:html]).to eq('&lt;')
+  end
+
+  describe "incremental update" do
+    shared_examples 'stateable converter' do
+      let(:pass1) { subject.convert(pre_text) }
+      let(:pass2) { subject.convert(pre_text + text, pass1[:state]) }
+
+      it "to returns html to append" do
+        expect(pass2[:append]).to be_truthy
+        expect(pass2[:html]).to eq(html)
+        expect(pass1[:text] + pass2[:text]).to eq(pre_text + text)
+        expect(pass1[:html] + pass2[:html]).to eq(pre_html + html)
+      end
+    end
+
+    context "with split word" do
+      let(:pre_text) { "\e[1mHello" }
+      let(:pre_html) { "<span class=\"term-bold\">Hello</span>" }
+      let(:text) { "\e[1mWorld" }
+      let(:html) { "<span class=\"term-bold\"></span><span class=\"term-bold\">World</span>" }
+
+      it_behaves_like 'stateable converter'
+    end
+
+    context "with split sequence" do
+      let(:pre_text) { "\e[1m" }
+      let(:pre_html) { "<span class=\"term-bold\"></span>" }
+      let(:text) { "Hello" }
+      let(:html) { "<span class=\"term-bold\">Hello</span>" }
+
+      it_behaves_like 'stateable converter'
+    end
+
+    context "with partial sequence" do
+      let(:pre_text) { "Hello\e" }
+      let(:pre_html) { "Hello" }
+      let(:text) { "[1m World" }
+      let(:html) { "<span class=\"term-bold\"> World</span>" }
+
+      it_behaves_like 'stateable converter'
+    end
   end
 end
diff --git a/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb b/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
index 643acf0303c..9eef8ea0976 100644
--- a/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
+++ b/spec/lib/ci/gitlab_ci_yaml_processor_spec.rb
@@ -443,12 +443,12 @@ module Ci
       context 'when job variables are defined' do
         context 'when syntax is correct' do
           it 'returns job variables' do
-            variables =  {
+            variables = {
               KEY1: 'value1',
               SOME_KEY_2: 'value2'
             }
 
-            config =  YAML.dump(
+            config = YAML.dump(
               { before_script: ['pwd'],
                 rspec: {
                   variables: variables,
@@ -648,70 +648,131 @@ module Ci
     end
 
     describe "Hidden jobs" do
-      let(:config) do
-        YAML.dump({
-                    '.hidden_job' => { script: 'test' },
-                    'normal_job' => { script: 'test' }
-                  })
-      end
-
       let(:config_processor) { GitlabCiYamlProcessor.new(config) }
-
       subject { config_processor.builds_for_stage_and_ref("test", "master") }
 
-      it "doesn't create jobs that starts with dot" do
-        expect(subject.size).to eq(1)
-        expect(subject.first).to eq({
-          except: nil,
-          stage: "test",
-          stage_idx: 1,
-          name: :normal_job,
-          only: nil,
-          commands: "test",
-          tag_list: [],
-          options: {},
-          when: "on_success",
-          allow_failure: false
-        })
+      shared_examples 'hidden_job_handling' do
+        it "doesn't create jobs that start with dot" do
+          expect(subject.size).to eq(1)
+          expect(subject.first).to eq({
+            except: nil,
+            stage: "test",
+            stage_idx: 1,
+            name: :normal_job,
+            only: nil,
+            commands: "test",
+            tag_list: [],
+            options: {},
+            when: "on_success",
+            allow_failure: false
+          })
+        end
+      end
+
+      context 'when hidden job have a script definition' do
+        let(:config) do
+          YAML.dump({
+                      '.hidden_job' => { image: 'ruby:2.1', script: 'test' },
+                      'normal_job' => { script: 'test' }
+                    })
+        end
+
+        it_behaves_like 'hidden_job_handling'
+      end
+
+      context "when hidden job doesn't have a script definition" do
+        let(:config) do
+          YAML.dump({
+                      '.hidden_job' => { image: 'ruby:2.1' },
+                      'normal_job' => { script: 'test' }
+                    })
+        end
+
+        it_behaves_like 'hidden_job_handling'
       end
     end
 
     describe "YAML Alias/Anchor" do
-      it "is correctly supported for jobs" do
-        config = <<EOT
+      let(:config_processor) { GitlabCiYamlProcessor.new(config) }
+      subject { config_processor.builds_for_stage_and_ref("build", "master") }
+
+      shared_examples 'job_templates_handling' do
+        it "is correctly supported for jobs" do
+          expect(subject.size).to eq(2)
+          expect(subject.first).to eq({
+            except: nil,
+            stage: "build",
+            stage_idx: 0,
+            name: :job1,
+            only: nil,
+            commands: "execute-script-for-job",
+            tag_list: [],
+            options: {},
+            when: "on_success",
+            allow_failure: false
+          })
+          expect(subject.second).to eq({
+            except: nil,
+            stage: "build",
+            stage_idx: 0,
+            name: :job2,
+            only: nil,
+            commands: "execute-script-for-job",
+            tag_list: [],
+            options: {},
+            when: "on_success",
+            allow_failure: false
+          })
+        end
+      end
+
+      context 'when template is a job' do
+        let(:config) do
+          <<EOT
 job1: &JOBTMPL
+  stage: build
   script: execute-script-for-job
 
 job2: *JOBTMPL
 EOT
+        end
 
-        config_processor = GitlabCiYamlProcessor.new(config)
+        it_behaves_like 'job_templates_handling'
+      end
 
-        expect(config_processor.builds_for_stage_and_ref("test", "master").size).to eq(2)
-        expect(config_processor.builds_for_stage_and_ref("test", "master").first).to eq({
-          except: nil,
-          stage: "test",
-          stage_idx: 1,
-          name: :job1,
-          only: nil,
-          commands: "execute-script-for-job",
-          tag_list: [],
-          options: {},
-          when: "on_success",
-          allow_failure: false
-        })
-        expect(config_processor.builds_for_stage_and_ref("test", "master").second).to eq({
-          except: nil,
-          stage: "test",
-          stage_idx: 1,
-          name: :job2,
-          only: nil,
-          commands: "execute-script-for-job",
-          tag_list: [],
-          options: {},
-          when: "on_success",
-          allow_failure: false
-        })
+      context 'when template is a hidden job' do
+        let(:config) do
+          <<EOT
+.template: &JOBTMPL
+  stage: build
+  script: execute-script-for-job
+
+job1: *JOBTMPL
+
+job2: *JOBTMPL
+EOT
+        end
+
+        it_behaves_like 'job_templates_handling'
+      end
+
+      context 'when job adds its own keys to a template definition' do
+        let(:config) do
+          <<EOT
+.template: &JOBTMPL
+  stage: build
+
+job1:
+  <<: *JOBTMPL
+  script: execute-script-for-job
+
+job2:
+  <<: *JOBTMPL
+  script: execute-script-for-job
+EOT
+        end
+
+        it_behaves_like 'job_templates_handling'
       end
     end
 
diff --git a/spec/lib/container_registry/blob_spec.rb b/spec/lib/container_registry/blob_spec.rb
new file mode 100644
index 00000000000..4d8cb787dde
--- /dev/null
+++ b/spec/lib/container_registry/blob_spec.rb
@@ -0,0 +1,61 @@
+require 'spec_helper'
+
+describe ContainerRegistry::Blob do
+  let(:digest) { 'sha256:0123456789012345' }
+  let(:config) do
+    {
+      'digest' => digest,
+      'mediaType' => 'binary',
+      'size' => 1000
+    }
+  end
+  
+  let(:registry) { ContainerRegistry::Registry.new('http://example.com') }
+  let(:repository) { registry.repository('group/test') }
+  let(:blob) { repository.blob(config) }
+
+  it { expect(blob).to respond_to(:repository) }
+  it { expect(blob).to delegate_method(:registry).to(:repository) }
+  it { expect(blob).to delegate_method(:client).to(:repository) }
+
+  context '#path' do
+    subject { blob.path }
+
+    it { is_expected.to eq('example.com/group/test@sha256:0123456789012345') }
+  end
+
+  context '#digest' do
+    subject { blob.digest }
+
+    it { is_expected.to eq(digest) }
+  end
+
+  context '#type' do
+    subject { blob.type }
+
+    it { is_expected.to eq('binary') }
+  end
+
+  context '#revision' do
+    subject { blob.revision }
+
+    it { is_expected.to eq('0123456789012345') }
+  end
+
+  context '#short_revision' do
+    subject { blob.short_revision }
+
+    it { is_expected.to eq('012345678') }
+  end
+
+  context '#delete' do
+    before do
+      stub_request(:delete, 'http://example.com/v2/group/test/blobs/sha256:0123456789012345').
+        to_return(status: 200)
+    end
+
+    subject { blob.delete }
+
+    it { is_expected.to be_truthy }
+  end
+end
diff --git a/spec/lib/container_registry/registry_spec.rb b/spec/lib/container_registry/registry_spec.rb
new file mode 100644
index 00000000000..2638401ae6e
--- /dev/null
+++ b/spec/lib/container_registry/registry_spec.rb
@@ -0,0 +1,28 @@
+require 'spec_helper'
+
+describe ContainerRegistry::Registry do
+  let(:path) { nil }
+  let(:registry) { described_class.new('http://example.com', path: path) }
+
+  subject { registry }
+
+  it { is_expected.to respond_to(:client) }
+  it { is_expected.to respond_to(:uri) }
+  it { is_expected.to respond_to(:path) }
+
+  it { expect(subject.repository('test')).to_not be_nil }
+
+  context '#path' do
+    subject { registry.path }
+
+    context 'path from URL' do
+      it { is_expected.to eq('example.com') }
+    end
+
+    context 'custom path' do
+      let(:path) { 'registry.example.com' }
+
+      it { is_expected.to eq(path) }
+    end
+  end
+end
diff --git a/spec/lib/container_registry/repository_spec.rb b/spec/lib/container_registry/repository_spec.rb
new file mode 100644
index 00000000000..e6d66b11e4e
--- /dev/null
+++ b/spec/lib/container_registry/repository_spec.rb
@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe ContainerRegistry::Repository do
+  let(:registry) { ContainerRegistry::Registry.new('http://example.com') }
+  let(:repository) { registry.repository('group/test') }
+
+  it { expect(repository).to respond_to(:registry) }
+  it { expect(repository).to delegate_method(:client).to(:registry) }
+  it { expect(repository.tag('test')).to_not be_nil }
+
+  context '#path' do
+    subject { repository.path }
+
+    it { is_expected.to eq('example.com/group/test') }
+  end
+
+  context 'manifest processing' do
+    before do
+      stub_request(:get, 'http://example.com/v2/group/test/tags/list').
+        with(headers: { 'Accept' => 'application/vnd.docker.distribution.manifest.v2+json' }).
+        to_return(
+          status: 200,
+          body: JSON.dump(tags: ['test']),
+          headers: { 'Content-Type' => 'application/vnd.docker.distribution.manifest.v2+json' })
+    end
+
+    context '#manifest' do
+      subject { repository.manifest }
+
+      it { is_expected.to_not be_nil }
+    end
+
+    context '#valid?' do
+      subject { repository.valid? }
+
+      it { is_expected.to be_truthy }
+    end
+
+    context '#tags' do
+      subject { repository.tags }
+
+      it { is_expected.to_not be_empty }
+    end
+  end
+
+  context '#delete_tags' do
+    let(:tag) { ContainerRegistry::Tag.new(repository, 'tag') }
+
+    before { expect(repository).to receive(:tags).twice.and_return([tag]) }
+
+    subject { repository.delete_tags }
+
+    context 'succeeds' do
+      before { expect(tag).to receive(:delete).and_return(true) }
+
+      it { is_expected.to be_truthy }
+    end
+
+    context 'any fails' do
+      before { expect(tag).to receive(:delete).and_return(false) }
+
+      it { is_expected.to be_falsey }
+    end
+  end
+end
diff --git a/spec/lib/container_registry/tag_spec.rb b/spec/lib/container_registry/tag_spec.rb
new file mode 100644
index 00000000000..12cf91127ed
--- /dev/null
+++ b/spec/lib/container_registry/tag_spec.rb
@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe ContainerRegistry::Tag do
+  let(:registry) { ContainerRegistry::Registry.new('http://example.com') }
+  let(:repository) { registry.repository('group/test') }
+  let(:tag) { repository.tag('tag') }
+  let(:headers) { { 'Accept' => 'application/vnd.docker.distribution.manifest.v2+json' } }
+
+  it { expect(tag).to respond_to(:repository) }
+  it { expect(tag).to delegate_method(:registry).to(:repository) }
+  it { expect(tag).to delegate_method(:client).to(:repository) }
+
+  context '#path' do
+    subject { tag.path }
+
+    it { is_expected.to eq('example.com/group/test:tag') }
+  end
+
+  context 'manifest processing' do
+    before do
+      stub_request(:get, 'http://example.com/v2/group/test/manifests/tag').
+        with(headers: headers).
+        to_return(
+          status: 200,
+          body: File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'),
+          headers: { 'Content-Type' => 'application/vnd.docker.distribution.manifest.v2+json' })
+    end
+
+    context '#layers' do
+      subject { tag.layers }
+
+      it { expect(subject.length).to eq(1) }
+    end
+
+    context '#total_size' do
+      subject { tag.total_size }
+
+      it { is_expected.to eq(2319870) }
+    end
+
+    context 'config processing' do
+      before do
+        stub_request(:get, 'http://example.com/v2/group/test/blobs/sha256:d7a513a663c1a6dcdba9ed832ca53c02ac2af0c333322cd6ca92936d1d9917ac').
+          with(headers: { 'Accept' => 'application/octet-stream' }).
+          to_return(
+            status: 200,
+            body: File.read(Rails.root + 'spec/fixtures/container_registry/config_blob.json'))
+      end
+
+      context '#config' do
+        subject { tag.config }
+
+        it { is_expected.to_not be_nil }
+      end
+
+      context '#created_at' do
+        subject { tag.created_at }
+
+        it { is_expected.to_not be_nil }
+      end
+    end
+  end
+
+  context 'manifest digest' do
+    before do
+      stub_request(:head, 'http://example.com/v2/group/test/manifests/tag').
+        with(headers: headers).
+        to_return(status: 200, headers: { 'Docker-Content-Digest' => 'sha256:digest' })
+    end
+
+    context '#digest' do
+      subject { tag.digest }
+
+      it { is_expected.to eq('sha256:digest') }
+    end
+
+    context '#delete' do
+      before do
+        stub_request(:delete, 'http://example.com/v2/group/test/manifests/sha256:digest').
+          with(headers: headers).
+          to_return(status: 200)
+      end
+
+      subject { tag.delete }
+
+      it { is_expected.to be_truthy }
+    end
+  end
+end
diff --git a/spec/lib/gitlab/akismet_helper_spec.rb b/spec/lib/gitlab/akismet_helper_spec.rb
index 9858935180a..53f5d6c5c80 100644
--- a/spec/lib/gitlab/akismet_helper_spec.rb
+++ b/spec/lib/gitlab/akismet_helper_spec.rb
@@ -24,7 +24,7 @@ describe Gitlab::AkismetHelper, type: :helper do
   describe '#is_spam?' do
     it 'returns true for spam' do
       environment = {
-        'REMOTE_ADDR' => '127.0.0.1',
+        'action_dispatch.remote_ip' => '127.0.0.1',
         'HTTP_USER_AGENT' => 'Test User Agent'
       }
 
diff --git a/spec/lib/gitlab/bitbucket_import/client_spec.rb b/spec/lib/gitlab/bitbucket_import/client_spec.rb
index aa0699f2ebf..af839f42421 100644
--- a/spec/lib/gitlab/bitbucket_import/client_spec.rb
+++ b/spec/lib/gitlab/bitbucket_import/client_spec.rb
@@ -34,18 +34,32 @@ describe Gitlab::BitbucketImport::Client, lib: true do
     it 'retrieves issues over a number of pages' do
       stub_request(:get,
                    "https://bitbucket.org/api/1.0/repositories/#{project_id}/issues?limit=50&sort=utc_created_on&start=0").
-          to_return(status: 200,
-                    body: first_sample_data.to_json,
-                    headers: {})
+        to_return(status: 200,
+                  body: first_sample_data.to_json,
+                  headers: {})
 
       stub_request(:get,
                    "https://bitbucket.org/api/1.0/repositories/#{project_id}/issues?limit=50&sort=utc_created_on&start=50").
-          to_return(status: 200,
-                    body: second_sample_data.to_json,
-                    headers: {})
+        to_return(status: 200,
+                  body: second_sample_data.to_json,
+                  headers: {})
 
       issues = client.issues(project_id)
       expect(issues.count).to eq(95)
     end
   end
+
+  context 'project import' do
+    it 'calls .from_project with no errors' do
+      project = create(:empty_project)
+      project.create_or_update_import_data(credentials:
+                                             { user: "git",
+                                               password: nil,
+                                               bb_session: { bitbucket_access_token: "test",
+                                                             bitbucket_access_token_secret: "test" } })
+      project.import_url = "ssh://git@bitbucket.org/test/test.git"
+
+      expect { described_class.from_project(project) }.to_not raise_error
+    end
+  end
 end
diff --git a/spec/lib/gitlab/ci/build/artifacts/metadata/entry_spec.rb b/spec/lib/gitlab/ci/build/artifacts/metadata/entry_spec.rb
index acca0b08bab..46a5b7fce65 100644
--- a/spec/lib/gitlab/ci/build/artifacts/metadata/entry_spec.rb
+++ b/spec/lib/gitlab/ci/build/artifacts/metadata/entry_spec.rb
@@ -10,8 +10,8 @@ describe Gitlab::Ci::Build::Artifacts::Metadata::Entry do
       'path/dir_1/subdir/subfile' => { size: 10 },
       'path/second_dir' => {},
       'path/second_dir/dir_3/file_2' => { size: 10 },
-      'path/second_dir/dir_3/file_3'=> { size: 10 },
-      'another_directory/'=> {},
+      'path/second_dir/dir_3/file_3' => { size: 10 },
+      'another_directory/' => {},
       'another_file' => {},
       '/file/with/absolute_path' => {} }
   end
diff --git a/spec/lib/gitlab/email/message/repository_push_spec.rb b/spec/lib/gitlab/email/message/repository_push_spec.rb
index b2d7a799810..7d6cce6daec 100644
--- a/spec/lib/gitlab/email/message/repository_push_spec.rb
+++ b/spec/lib/gitlab/email/message/repository_push_spec.rb
@@ -8,7 +8,7 @@ describe Gitlab::Email::Message::RepositoryPush do
   let!(:author) { create(:author, name: 'Author') }
 
   let(:message) do
-    described_class.new(Notify, project.id, 'recipient@example.com', opts)
+    described_class.new(Notify, project.id, opts)
   end
 
   context 'new commits have been pushed to repository' do
diff --git a/spec/lib/gitlab/github_import/branch_formatter_spec.rb b/spec/lib/gitlab/github_import/branch_formatter_spec.rb
new file mode 100644
index 00000000000..3cb634ba010
--- /dev/null
+++ b/spec/lib/gitlab/github_import/branch_formatter_spec.rb
@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe Gitlab::GithubImport::BranchFormatter, lib: true do
+  let(:project) { create(:project) }
+  let(:repo) { double }
+  let(:raw) do
+    {
+      ref: 'feature',
+      repo: repo,
+      sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b'
+    }
+  end
+
+  describe '#exists?' do
+    it 'returns true when branch exists' do
+      branch = described_class.new(project, double(raw))
+
+      expect(branch.exists?).to eq true
+    end
+
+    it 'returns false when branch does not exist' do
+      branch = described_class.new(project, double(raw.merge(ref: 'removed-branch')))
+
+      expect(branch.exists?).to eq false
+    end
+  end
+
+  describe '#name' do
+    it 'returns raw ref when branch exists' do
+      branch = described_class.new(project, double(raw))
+
+      expect(branch.name).to eq 'feature'
+    end
+
+    it 'returns formatted ref when branch does not exist' do
+      branch = described_class.new(project, double(raw.merge(ref: 'removed-branch')))
+
+      expect(branch.name).to eq 'removed-branch-2e5d3239'
+    end
+  end
+
+  describe '#repo' do
+    it 'returns raw repo' do
+      branch = described_class.new(project, double(raw))
+
+      expect(branch.repo).to eq repo
+    end
+  end
+
+  describe '#sha' do
+    it 'returns raw sha' do
+      branch = described_class.new(project, double(raw))
+
+      expect(branch.sha).to eq '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b'
+    end
+  end
+
+  describe '#valid?' do
+    it 'returns true when repository exists' do
+      branch = described_class.new(project, double(raw))
+
+      expect(branch.valid?).to eq true
+    end
+
+    it 'returns false when repository does not exist' do
+      branch = described_class.new(project, double(raw.merge(repo: nil)))
+
+      expect(branch.valid?).to eq false
+    end
+  end
+end
diff --git a/spec/lib/gitlab/github_import/client_spec.rb b/spec/lib/gitlab/github_import/client_spec.rb
index 49d8cdf4314..7c21cbe96d9 100644
--- a/spec/lib/gitlab/github_import/client_spec.rb
+++ b/spec/lib/gitlab/github_import/client_spec.rb
@@ -2,15 +2,49 @@ require 'spec_helper'
 
 describe Gitlab::GithubImport::Client, lib: true do
   let(:token) { '123456' }
-  let(:client) { Gitlab::GithubImport::Client.new(token) }
+  let(:github_provider) { Settingslogic.new('app_id' => 'asd123', 'app_secret' => 'asd123', 'name' => 'github', 'args' => { 'client_options' => {} }) }
+
+  subject(:client) { described_class.new(token) }
 
   before do
-    Gitlab.config.omniauth.providers << OpenStruct.new(app_id: "asd123", app_secret: "asd123", name: "github")
+    allow(Gitlab.config.omniauth).to receive(:providers).and_return([github_provider])
   end
 
-  it 'all OAuth2 client options are symbols' do
+  it 'convert OAuth2 client options to symbols' do
     client.client.options.keys.each do |key|
       expect(key).to be_kind_of(Symbol)
     end
   end
+
+  it 'does not crash (e.g. Settingslogic::MissingSetting) when verify_ssl config is not present' do
+    expect { client.api }.not_to raise_error
+  end
+
+  context 'allow SSL verification to be configurable on API' do
+    before do
+      github_provider['verify_ssl'] = false
+    end
+
+    it 'uses supplied value' do
+      expect(client.client.options[:connection_opts][:ssl]).to eq({ verify: false })
+      expect(client.api.connection_options[:ssl]).to eq({ verify: false })
+    end
+  end
+
+  context 'when provider does not specity an API endpoint' do
+    it 'uses GitHub root API endpoint' do
+      expect(client.api.api_endpoint).to eq 'https://api.github.com/'
+    end
+  end
+
+  context 'when provider specify a custom API endpoint' do
+    before do
+      github_provider['args']['client_options']['site'] = 'https://github.company.com/'
+    end
+
+    it 'uses the custom API endpoint' do
+      expect(OmniAuth::Strategies::GitHub).not_to receive(:default_options)
+      expect(client.api.api_endpoint).to eq 'https://github.company.com/'
+    end
+  end
 end
diff --git a/spec/lib/gitlab/github_import/comment_formatter_spec.rb b/spec/lib/gitlab/github_import/comment_formatter_spec.rb
index a324a82e69f..55e86d4ceac 100644
--- a/spec/lib/gitlab/github_import/comment_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/comment_formatter_spec.rb
@@ -2,23 +2,25 @@ require 'spec_helper'
 
 describe Gitlab::GithubImport::CommentFormatter, lib: true do
   let(:project) { create(:project) }
-  let(:octocat) { OpenStruct.new(id: 123456, login: 'octocat') }
+  let(:octocat) { double(id: 123456, login: 'octocat') }
   let(:created_at) { DateTime.strptime('2013-04-10T20:09:31Z') }
   let(:updated_at) { DateTime.strptime('2014-03-03T18:58:10Z') }
-  let(:base_data) do
+  let(:base) do
     {
       body: "I'm having a problem with this.",
       user: octocat,
+      commit_id: nil,
+      diff_hunk: nil,
       created_at: created_at,
       updated_at: updated_at
     }
   end
 
-  subject(:comment) { described_class.new(project, raw_data)}
+  subject(:comment) { described_class.new(project, raw)}
 
   describe '#attributes' do
     context 'when do not reference a portion of the diff' do
-      let(:raw_data) { OpenStruct.new(base_data) }
+      let(:raw) { double(base) }
 
       it 'returns formatted attributes' do
         expected = {
@@ -36,24 +38,23 @@ describe Gitlab::GithubImport::CommentFormatter, lib: true do
     end
 
     context 'when on a portion of the diff' do
-      let(:diff_data) do
+      let(:diff) do
         {
           body: 'Great stuff',
           commit_id: '6dcb09b5b57875f334f61aebed695e2e4193db5e',
-          diff_hunk: '@@ -16,33 +16,40 @@ public class Connection : IConnection...',
-          path: 'file1.txt',
-          position: 1
+          diff_hunk: "@@ -1,5 +1,9 @@\n class User\n   def name\n-    'John Doe'\n+    'Jane Doe'",
+          path: 'file1.txt'
         }
       end
 
-      let(:raw_data) { OpenStruct.new(base_data.merge(diff_data)) }
+      let(:raw) { double(base.merge(diff)) }
 
       it 'returns formatted attributes' do
         expected = {
           project: project,
           note: "*Created by: octocat*\n\nGreat stuff",
           commit_id: '6dcb09b5b57875f334f61aebed695e2e4193db5e',
-          line_code: 'ce1be0ff4065a6e9415095c95f25f47a633cef2b_0_1',
+          line_code: 'ce1be0ff4065a6e9415095c95f25f47a633cef2b_4_3',
           author_id: project.creator_id,
           created_at: created_at,
           updated_at: updated_at
@@ -64,15 +65,10 @@ describe Gitlab::GithubImport::CommentFormatter, lib: true do
     end
 
     context 'when author is a GitLab user' do
-      let(:raw_data) { OpenStruct.new(base_data.merge(user: octocat)) }
+      let(:raw) { double(base.merge(user: octocat)) }
 
-      it 'returns project#creator_id as author_id when is not a GitLab user' do
-        expect(comment.attributes.fetch(:author_id)).to eq project.creator_id
-      end
-
-      it 'returns GitLab user id as author_id when is a GitLab user' do
+      it 'returns GitLab user id as author_id' do
         gl_user = create(:omniauth_user, extern_uid: octocat.id, provider: 'github')
-
         expect(comment.attributes.fetch(:author_id)).to eq gl_user.id
       end
     end
diff --git a/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb b/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
index e59c0ca110e..120f59e6e71 100644
--- a/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
+++ b/spec/lib/gitlab/github_import/pull_request_formatter_spec.rb
@@ -4,9 +4,9 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
   let(:project) { create(:project) }
   let(:repository) { double(id: 1, fork: false) }
   let(:source_repo) { repository }
-  let(:source_branch) { double(ref: 'feature', repo: source_repo) }
+  let(:source_branch) { double(ref: 'feature', repo: source_repo, sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b') }
   let(:target_repo) { repository }
-  let(:target_branch) { double(ref: 'master', repo: target_repo) }
+  let(:target_branch) { double(ref: 'master', repo: target_repo, sha: '8ffb3c15a5475e59ae909384297fede4badcb4c7') }
   let(:octocat) { double(id: 123456, login: 'octocat') }
   let(:created_at) { DateTime.strptime('2011-01-26T19:01:12Z') }
   let(:updated_at) { DateTime.strptime('2011-01-27T19:01:12Z') }
@@ -41,8 +41,10 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
           description: "*Created by: octocat*\n\nPlease pull these awesome changes",
           source_project: project,
           source_branch: 'feature',
+          head_source_sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b',
           target_project: project,
           target_branch: 'master',
+          base_target_sha: '8ffb3c15a5475e59ae909384297fede4badcb4c7',
           state: 'opened',
           milestone: nil,
           author_id: project.creator_id,
@@ -66,8 +68,10 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
           description: "*Created by: octocat*\n\nPlease pull these awesome changes",
           source_project: project,
           source_branch: 'feature',
+          head_source_sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b',
           target_project: project,
           target_branch: 'master',
+          base_target_sha: '8ffb3c15a5475e59ae909384297fede4badcb4c7',
           state: 'closed',
           milestone: nil,
           author_id: project.creator_id,
@@ -91,8 +95,10 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
           description: "*Created by: octocat*\n\nPlease pull these awesome changes",
           source_project: project,
           source_branch: 'feature',
+          head_source_sha: '2e5d3239642f9161dcbbc4b70a211a68e5e45e2b',
           target_project: project,
           target_branch: 'master',
+          base_target_sha: '8ffb3c15a5475e59ae909384297fede4badcb4c7',
           state: 'merged',
           milestone: nil,
           author_id: project.creator_id,
@@ -137,11 +143,11 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
       let(:milestone) { double(number: 45) }
       let(:raw_data) { double(base_data.merge(milestone: milestone)) }
 
-      it 'returns nil when milestone does not exists' do
+      it 'returns nil when milestone does not exist' do
         expect(pull_request.attributes.fetch(:milestone)).to be_nil
       end
 
-      it 'returns milestone when is exists' do
+      it 'returns milestone when it exists' do
         milestone = create(:milestone, project: project, iid: 45)
 
         expect(pull_request.attributes.fetch(:milestone)).to eq milestone
@@ -158,36 +164,16 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
   end
 
   describe '#valid?' do
-    let(:invalid_branch) { double(ref: 'invalid-branch').as_null_object }
+    context 'when source, and target repos are not a fork' do
+      let(:raw_data) { double(base_data) }
 
-    context 'when source, and target repositories are the same' do
-      context 'and source and target branches exists' do
-        let(:raw_data) { double(base_data.merge(head: source_branch, base: target_branch)) }
-
-        it 'returns true' do
-          expect(pull_request.valid?).to eq true
-        end
-      end
-
-      context 'and source branch doesn not exists' do
-        let(:raw_data) { double(base_data.merge(head: invalid_branch, base: target_branch)) }
-
-        it 'returns false' do
-          expect(pull_request.valid?).to eq false
-        end
-      end
-
-      context 'and target branch doesn not exists' do
-        let(:raw_data) { double(base_data.merge(head: source_branch, base: invalid_branch)) }
-
-        it 'returns false' do
-          expect(pull_request.valid?).to eq false
-        end
+      it 'returns true' do
+        expect(pull_request.valid?).to eq true
       end
     end
 
     context 'when source repo is a fork' do
-      let(:source_repo) { double(id: 2, fork: true) }
+      let(:source_repo) { double(id: 2) }
       let(:raw_data) { double(base_data) }
 
       it 'returns false' do
@@ -196,7 +182,7 @@ describe Gitlab::GithubImport::PullRequestFormatter, lib: true do
     end
 
     context 'when target repo is a fork' do
-      let(:target_repo) { double(id: 2, fork: true) }
+      let(:target_repo) { double(id: 2) }
       let(:raw_data) { double(base_data) }
 
       it 'returns false' do
diff --git a/spec/lib/gitlab/import_url_spec.rb b/spec/lib/gitlab/import_url_spec.rb
deleted file mode 100644
index f758cb8693c..00000000000
--- a/spec/lib/gitlab/import_url_spec.rb
+++ /dev/null
@@ -1,21 +0,0 @@
-require 'spec_helper'
-
-describe Gitlab::ImportUrl do
-
-  let(:credentials) { { user: 'blah', password: 'password' } }
-  let(:import_url) do
-    Gitlab::ImportUrl.new("https://github.com/me/project.git", credentials: credentials)
-  end
-
-  describe :full_url do
-    it { expect(import_url.full_url).to eq("https://blah:password@github.com/me/project.git") }
-  end
-
-  describe :sanitized_url do
-    it { expect(import_url.sanitized_url).to eq("https://github.com/me/project.git") }
-  end
-
-  describe :credentials do
-    it { expect(import_url.credentials).to eq(credentials) }
-  end
-end
diff --git a/spec/lib/gitlab/lfs/lfs_router_spec.rb b/spec/lib/gitlab/lfs/lfs_router_spec.rb
index 5852b31ab3a..3325190789b 100644
--- a/spec/lib/gitlab/lfs/lfs_router_spec.rb
+++ b/spec/lib/gitlab/lfs/lfs_router_spec.rb
@@ -26,8 +26,8 @@ describe Gitlab::Lfs::Router, lib: true do
 
   let(:sample_oid) { "b68143e6463773b1b6c6fd009a76c32aeec041faff32ba2ed42fd7f708a17f80" }
   let(:sample_size) { 499013 }
-  let(:respond_with_deprecated) {[ 501, { "Content-Type"=>"application/json; charset=utf-8" }, ["{\"message\":\"Server supports batch API only, please update your Git LFS client to version 1.0.1 and up.\",\"documentation_url\":\"#{Gitlab.config.gitlab.url}/help\"}"]]}
-  let(:respond_with_disabled) {[ 501, { "Content-Type"=>"application/json; charset=utf-8" }, ["{\"message\":\"Git LFS is not enabled on this GitLab server, contact your admin.\",\"documentation_url\":\"#{Gitlab.config.gitlab.url}/help\"}"]]}
+  let(:respond_with_deprecated) {[ 501, { "Content-Type" => "application/json; charset=utf-8" }, ["{\"message\":\"Server supports batch API only, please update your Git LFS client to version 1.0.1 and up.\",\"documentation_url\":\"#{Gitlab.config.gitlab.url}/help\"}"]]}
+  let(:respond_with_disabled) {[ 501, { "Content-Type" => "application/json; charset=utf-8" }, ["{\"message\":\"Git LFS is not enabled on this GitLab server, contact your admin.\",\"documentation_url\":\"#{Gitlab.config.gitlab.url}/help\"}"]]}
 
   describe 'when lfs is disabled' do
     before do
diff --git a/spec/lib/gitlab/metrics/instrumentation_spec.rb b/spec/lib/gitlab/metrics/instrumentation_spec.rb
index 5c885a7a982..7b86450a223 100644
--- a/spec/lib/gitlab/metrics/instrumentation_spec.rb
+++ b/spec/lib/gitlab/metrics/instrumentation_spec.rb
@@ -56,9 +56,6 @@ describe Gitlab::Metrics::Instrumentation do
         allow(described_class).to receive(:transaction).
           and_return(transaction)
 
-        expect(transaction).to receive(:increment).
-          with(:method_duration, a_kind_of(Numeric))
-
         expect(transaction).to receive(:add_metric).
           with(described_class::SERIES, an_instance_of(Hash),
                method: 'Dummy.foo')
@@ -139,9 +136,6 @@ describe Gitlab::Metrics::Instrumentation do
         allow(described_class).to receive(:transaction).
           and_return(transaction)
 
-        expect(transaction).to receive(:increment).
-          with(:method_duration, a_kind_of(Numeric))
-
         expect(transaction).to receive(:add_metric).
           with(described_class::SERIES, an_instance_of(Hash),
                method: 'Dummy#bar')
diff --git a/spec/lib/gitlab/metrics/subscribers/rails_cache_spec.rb b/spec/lib/gitlab/metrics/subscribers/rails_cache_spec.rb
index e01b0b4bd21..d824dc54438 100644
--- a/spec/lib/gitlab/metrics/subscribers/rails_cache_spec.rb
+++ b/spec/lib/gitlab/metrics/subscribers/rails_cache_spec.rb
@@ -9,7 +9,7 @@ describe Gitlab::Metrics::Subscribers::RailsCache do
   describe '#cache_read' do
     it 'increments the cache_read duration' do
       expect(subscriber).to receive(:increment).
-        with(:cache_read_duration, event.duration)
+        with(:cache_read, event.duration)
 
       subscriber.cache_read(event)
     end
@@ -18,7 +18,7 @@ describe Gitlab::Metrics::Subscribers::RailsCache do
   describe '#cache_write' do
     it 'increments the cache_write duration' do
       expect(subscriber).to receive(:increment).
-        with(:cache_write_duration, event.duration)
+        with(:cache_write, event.duration)
 
       subscriber.cache_write(event)
     end
@@ -27,7 +27,7 @@ describe Gitlab::Metrics::Subscribers::RailsCache do
   describe '#cache_delete' do
     it 'increments the cache_delete duration' do
       expect(subscriber).to receive(:increment).
-        with(:cache_delete_duration, event.duration)
+        with(:cache_delete, event.duration)
 
       subscriber.cache_delete(event)
     end
@@ -36,7 +36,7 @@ describe Gitlab::Metrics::Subscribers::RailsCache do
   describe '#cache_exist?' do
     it 'increments the cache_exists duration' do
       expect(subscriber).to receive(:increment).
-        with(:cache_exists_duration, event.duration)
+        with(:cache_exists, event.duration)
 
       subscriber.cache_exist?(event)
     end
@@ -61,10 +61,16 @@ describe Gitlab::Metrics::Subscribers::RailsCache do
         expect(transaction).to receive(:increment).
           with(:cache_duration, event.duration)
 
+        expect(transaction).to receive(:increment).
+          with(:cache_count, 1)
+
         expect(transaction).to receive(:increment).
           with(:cache_delete_duration, event.duration)
 
-        subscriber.increment(:cache_delete_duration, event.duration)
+        expect(transaction).to receive(:increment).
+          with(:cache_delete_count, 1)
+
+        subscriber.increment(:cache_delete, event.duration)
       end
     end
   end
diff --git a/spec/lib/gitlab/url_sanitizer_spec.rb b/spec/lib/gitlab/url_sanitizer_spec.rb
new file mode 100644
index 00000000000..de55334118f
--- /dev/null
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe Gitlab::UrlSanitizer, lib: true do
+  let(:credentials) { { user: 'blah', password: 'password' } }
+  let(:url_sanitizer) do
+    described_class.new("https://github.com/me/project.git", credentials: credentials)
+  end
+
+  describe '.sanitize' do
+    def sanitize_url(url)
+      # We want to try with multi-line content because is how error messages are formatted
+      described_class.sanitize(%Q{
+         remote: Not Found
+         fatal: repository '#{url}' not found
+      })
+    end
+
+    it 'mask the credentials from HTTP URLs' do
+      filtered_content = sanitize_url('http://user:pass@test.com/root/repoC.git/')
+
+      expect(filtered_content).to include("http://*****:*****@test.com/root/repoC.git/")
+    end
+
+    it 'mask the credentials from HTTPS URLs' do
+      filtered_content = sanitize_url('https://user:pass@test.com/root/repoA.git/')
+
+      expect(filtered_content).to include("https://*****:*****@test.com/root/repoA.git/")
+    end
+
+    it 'mask credentials from SSH URLs' do
+      filtered_content = sanitize_url('ssh://user@host.test/path/to/repo.git')
+
+      expect(filtered_content).to include("ssh://*****@host.test/path/to/repo.git")
+    end
+
+    it 'does not modify Git URLs' do
+      # git protocol does not support authentication
+      filtered_content = sanitize_url('git://host.test/path/to/repo.git')
+
+      expect(filtered_content).to include("git://host.test/path/to/repo.git")
+    end
+
+    it 'does not modify scp-like URLs' do
+      filtered_content = sanitize_url('user@server:project.git')
+
+      expect(filtered_content).to include("user@server:project.git")
+    end
+  end
+
+  describe '#sanitized_url' do
+    it { expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git") }
+  end
+
+  describe '#credentials' do
+    it { expect(url_sanitizer.credentials).to eq(credentials) }
+  end
+
+  describe '#full_url' do
+    it { expect(url_sanitizer.full_url).to eq("https://blah:password@github.com/me/project.git") }
+
+    it 'supports scp-like URLs' do
+      sanitizer = described_class.new('user@server:project.git')
+
+      expect(sanitizer.full_url).to eq('user@server:project.git')
+    end
+  end
+
+end
diff --git a/spec/lib/json_web_token/rsa_token_spec.rb b/spec/lib/json_web_token/rsa_token_spec.rb
new file mode 100644
index 00000000000..0c3d3ea7019
--- /dev/null
+++ b/spec/lib/json_web_token/rsa_token_spec.rb
@@ -0,0 +1,43 @@
+describe JSONWebToken::RSAToken do
+  let(:rsa_key) do
+    OpenSSL::PKey::RSA.new <<-eos.strip_heredoc
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIBOgIBAAJBAMA5sXIBE0HwgIB40iNidN4PGWzOyLQK0bsdOBNgpEXkDlZBvnak
+      OUgAPF+rME4PB0Yl415DabUI40T5UNmlwxcCAwEAAQJAZtY2pSwIFm3JAXIh0cZZ
+      iXcAfiJ+YzuqinUOS+eW2sBCAEzjcARlU/o6sFQgtsOi4FOMczAd1Yx8UDMXMmrw
+      2QIhAPBgVhJiTF09pdmeFWutCvTJDlFFAQNbrbo2X2x/9WF9AiEAzLgqMKeStSRu
+      H9N16TuDrUoO8R+DPqriCwkKrSHaWyMCIFzMhE4inuKcSywBaLmiG4m3GQzs++Al
+      A6PRG/PSTpQtAiBxtBg6zdf+JC3GH3zt/dA0/10tL4OF2wORfYQghRzyYQIhAL2l
+      0ZQW+yLIZAGrdBFWYEAa52GZosncmzBNlsoTgwE4
+      -----END RSA PRIVATE KEY-----
+    eos
+  end
+  let(:rsa_token) { described_class.new(nil) }
+  let(:rsa_encoded) { rsa_token.encoded }
+
+  before { allow_any_instance_of(described_class).to receive(:key).and_return(rsa_key) }
+
+  context 'token' do
+    context 'for valid key to be validated' do
+      before { rsa_token['key'] = 'value' }
+
+      subject { JWT.decode(rsa_encoded, rsa_key) }
+
+      it { expect{subject}.to_not raise_error }
+      it { expect(subject.first).to include('key' => 'value') }
+      it do
+        expect(subject.second).to eq(
+          "typ" => "JWT",
+          "alg" => "RS256",
+          "kid" => "OGXY:4TR7:FAVO:WEM2:XXEW:E4FP:TKL7:7ACK:TZAF:D54P:SUIA:P3B2")
+      end
+    end
+
+    context 'for invalid key to raise an exception' do
+      let(:new_key) { OpenSSL::PKey::RSA.generate(512) }
+      subject { JWT.decode(rsa_encoded, new_key) }
+
+      it { expect{subject}.to raise_error(JWT::DecodeError) }
+    end
+  end
+end
diff --git a/spec/lib/json_web_token/token_spec.rb b/spec/lib/json_web_token/token_spec.rb
new file mode 100644
index 00000000000..3d955e4d774
--- /dev/null
+++ b/spec/lib/json_web_token/token_spec.rb
@@ -0,0 +1,18 @@
+describe JSONWebToken::Token do
+  let(:token) { described_class.new }
+
+  context 'custom parameters' do
+    let(:value) { 'value' }
+    before { token[:key] = value }
+
+    it { expect(token[:key]).to eq(value) }
+    it { expect(token.payload).to include(key: value) }
+  end
+
+  context 'embeds default payload' do
+    subject { token.payload }
+    let(:default) { token.send(:default_payload) }
+
+    it { is_expected.to include(default) }
+  end
+end
diff --git a/spec/mailers/notify_spec.rb b/spec/mailers/notify_spec.rb
index 495c5cbac00..5f7e4a526e6 100644
--- a/spec/mailers/notify_spec.rb
+++ b/spec/mailers/notify_spec.rb
@@ -593,7 +593,7 @@ describe Notify do
     let(:user) { create(:user) }
     let(:tree_path) { namespace_project_tree_path(project.namespace, project, "master") }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/heads/master', action: :create) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/heads/master', action: :create) }
 
     it_behaves_like 'it should not have Gmail Actions links'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -606,10 +606,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /Pushed new branch master/
     end
@@ -624,7 +620,7 @@ describe Notify do
     let(:user) { create(:user) }
     let(:tree_path) { namespace_project_tree_path(project.namespace, project, "v1.0") }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/tags/v1.0', action: :create) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/tags/v1.0', action: :create) }
 
     it_behaves_like 'it should not have Gmail Actions links'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -637,10 +633,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /Pushed new tag v1\.0/
     end
@@ -654,7 +646,7 @@ describe Notify do
     let(:example_site_path) { root_path }
     let(:user) { create(:user) }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/heads/master', action: :delete) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/heads/master', action: :delete) }
 
     it_behaves_like 'it should not have Gmail Actions links'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -667,10 +659,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /Deleted branch master/
     end
@@ -680,7 +668,7 @@ describe Notify do
     let(:example_site_path) { root_path }
     let(:user) { create(:user) }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/tags/v1.0', action: :delete) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/tags/v1.0', action: :delete) }
 
     it_behaves_like 'it should not have Gmail Actions links'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -693,10 +681,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /Deleted tag v1\.0/
     end
@@ -710,7 +694,7 @@ describe Notify do
     let(:diff_path) { namespace_project_compare_path(project.namespace, project, from: Commit.new(compare.base, project), to: Commit.new(compare.head, project)) }
     let(:send_from_committer_email) { false }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/heads/master', action: :push, compare: compare, reverse_compare: false, send_from_committer_email: send_from_committer_email) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/heads/master', action: :push, compare: compare, reverse_compare: false, send_from_committer_email: send_from_committer_email) }
 
     it_behaves_like 'it should not have Gmail Actions links'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -723,10 +707,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /\[#{project.path_with_namespace}\]\[master\] #{commits.length} commits:/
     end
@@ -818,7 +798,7 @@ describe Notify do
     let(:commits) { Commit.decorate(compare.commits, nil) }
     let(:diff_path) { namespace_project_commit_path(project.namespace, project, commits.first) }
 
-    subject { Notify.repository_push_email(project.id, 'devs@company.name', author_id: user.id, ref: 'refs/heads/master', action: :push, compare: compare) }
+    subject { Notify.repository_push_email(project.id, author_id: user.id, ref: 'refs/heads/master', action: :push, compare: compare) }
 
     it_behaves_like 'it should show Gmail Actions View Commit link'
     it_behaves_like "a user cannot unsubscribe through footer link"
@@ -831,10 +811,6 @@ describe Notify do
       expect(sender.address).to eq(gitlab_sender)
     end
 
-    it 'is sent to recipient' do
-      is_expected.to deliver_to 'devs@company.name'
-    end
-
     it 'has the correct subject' do
       is_expected.to have_subject /#{commits.first.title}/
     end
diff --git a/spec/models/abuse_report_spec.rb b/spec/models/abuse_report_spec.rb
index ac12ab6c757..305f8bc88cc 100644
--- a/spec/models/abuse_report_spec.rb
+++ b/spec/models/abuse_report_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: abuse_reports
-#
-#  id          :integer          not null, primary key
-#  reporter_id :integer
-#  user_id     :integer
-#  message     :text
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 require 'rails_helper'
 
 RSpec.describe AbuseReport, type: :model do
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 520cf1b75de..d84f3e998f5 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -1,49 +1,3 @@
-# == Schema Information
-#
-# Table name: application_settings
-#
-#  id                                :integer          not null, primary key
-#  default_projects_limit            :integer
-#  signup_enabled                    :boolean
-#  signin_enabled                    :boolean
-#  gravatar_enabled                  :boolean
-#  sign_in_text                      :text
-#  created_at                        :datetime
-#  updated_at                        :datetime
-#  home_page_url                     :string(255)
-#  default_branch_protection         :integer          default(2)
-#  restricted_visibility_levels      :text
-#  version_check_enabled             :boolean          default(TRUE)
-#  max_attachment_size               :integer          default(10), not null
-#  default_project_visibility        :integer
-#  default_snippet_visibility        :integer
-#  restricted_signup_domains         :text
-#  user_oauth_applications           :boolean          default(TRUE)
-#  after_sign_out_path               :string(255)
-#  session_expire_delay              :integer          default(10080), not null
-#  import_sources                    :text
-#  help_page_text                    :text
-#  admin_notification_email          :string(255)
-#  shared_runners_enabled            :boolean          default(TRUE), not null
-#  max_artifacts_size                :integer          default(100), not null
-#  runners_registration_token        :string
-#  require_two_factor_authentication :boolean          default(FALSE)
-#  two_factor_grace_period           :integer          default(48)
-#  metrics_enabled                   :boolean          default(FALSE)
-#  metrics_host                      :string           default("localhost")
-#  metrics_username                  :string
-#  metrics_password                  :string
-#  metrics_pool_size                 :integer          default(16)
-#  metrics_timeout                   :integer          default(10)
-#  metrics_method_call_threshold     :integer          default(10)
-#  recaptcha_enabled                 :boolean          default(FALSE)
-#  recaptcha_site_key                :string
-#  recaptcha_private_key             :string
-#  metrics_port                      :integer          default(8089)
-#  sentry_enabled                    :boolean          default(FALSE)
-#  sentry_dsn                        :string
-#
-
 require 'spec_helper'
 
 describe ApplicationSetting, models: true do
@@ -66,6 +20,15 @@ describe ApplicationSetting, models: true do
     it { is_expected.to allow_value(https).for(:after_sign_out_path) }
     it { is_expected.not_to allow_value(ftp).for(:after_sign_out_path) }
 
+    describe 'disabled_oauth_sign_in_sources validations' do
+      before do
+        allow(Devise).to receive(:omniauth_providers).and_return([:github])
+      end
+
+      it { is_expected.to allow_value(['github']).for(:disabled_oauth_sign_in_sources) }
+      it { is_expected.not_to allow_value(['test']).for(:disabled_oauth_sign_in_sources) }
+    end
+
     it { is_expected.to validate_presence_of(:max_attachment_size) }
 
     it do
diff --git a/spec/models/broadcast_message_spec.rb b/spec/models/broadcast_message_spec.rb
index f6f84db57e6..6ad8bfef4f2 100644
--- a/spec/models/broadcast_message_spec.rb
+++ b/spec/models/broadcast_message_spec.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: broadcast_messages
-#
-#  id         :integer          not null, primary key
-#  message    :text             not null
-#  starts_at  :datetime
-#  ends_at    :datetime
-#  created_at :datetime
-#  updated_at :datetime
-#  color      :string(255)
-#  font       :string(255)
-#
-
 require 'spec_helper'
 
 describe BroadcastMessage, models: true do
diff --git a/spec/models/ci/commit_spec.rb b/spec/models/ci/commit_spec.rb
index 82c18aaa01a..dc071ad1c90 100644
--- a/spec/models/ci/commit_spec.rb
+++ b/spec/models/ci/commit_spec.rb
@@ -1,21 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_commits
-#
-#  id            :integer          not null, primary key
-#  project_id    :integer
-#  ref           :string(255)
-#  sha           :string(255)
-#  before_sha    :string(255)
-#  push_data     :text
-#  created_at    :datetime
-#  updated_at    :datetime
-#  tag           :boolean          default(FALSE)
-#  yaml_errors   :text
-#  committed_at  :datetime
-#  gl_project_id :integer
-#
-
 require 'spec_helper'
 
 describe Ci::Commit, models: true do
@@ -158,97 +140,123 @@ describe Ci::Commit, models: true do
         stub_ci_commit_yaml_file(YAML.dump(yaml))
       end
 
-      it 'properly creates builds' do
-        expect(create_builds).to be_truthy
-        expect(commit.builds.pluck(:name)).to contain_exactly('build')
-        expect(commit.builds.pluck(:status)).to contain_exactly('pending')
-        commit.builds.running_or_pending.each(&:success)
+      context 'when builds are successful' do
+        it 'properly creates builds' do
+          expect(create_builds).to be_truthy
+          expect(commit.builds.pluck(:name)).to contain_exactly('build')
+          expect(commit.builds.pluck(:status)).to contain_exactly('pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'pending')
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy', 'cleanup')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'success', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy', 'cleanup')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'success', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'success', 'success')
-        commit.reload
-        expect(commit.status).to eq('success')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'success', 'success')
+          commit.reload
+          expect(commit.status).to eq('success')
+        end
       end
 
-      it 'properly creates builds when test fails' do
-        expect(create_builds).to be_truthy
-        expect(commit.builds.pluck(:name)).to contain_exactly('build')
-        expect(commit.builds.pluck(:status)).to contain_exactly('pending')
-        commit.builds.running_or_pending.each(&:success)
+      context 'when test job fails' do
+        it 'properly creates builds' do
+          expect(create_builds).to be_truthy
+          expect(commit.builds.pluck(:name)).to contain_exactly('build')
+          expect(commit.builds.pluck(:status)).to contain_exactly('pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
-        commit.builds.running_or_pending.each(&:drop)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
+          commit.builds.running_or_pending.each(&:drop)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'success', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'success', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'success', 'success')
-        commit.reload
-        expect(commit.status).to eq('failed')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'success', 'success')
+          commit.reload
+          expect(commit.status).to eq('failed')
+        end
       end
 
-      it 'properly creates builds when test and test_failure fails' do
-        expect(create_builds).to be_truthy
-        expect(commit.builds.pluck(:name)).to contain_exactly('build')
-        expect(commit.builds.pluck(:status)).to contain_exactly('pending')
-        commit.builds.running_or_pending.each(&:success)
+      context 'when test and test_failure jobs fail' do
+        it 'properly creates builds' do
+          expect(create_builds).to be_truthy
+          expect(commit.builds.pluck(:name)).to contain_exactly('build')
+          expect(commit.builds.pluck(:status)).to contain_exactly('pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
-        commit.builds.running_or_pending.each(&:drop)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
+          commit.builds.running_or_pending.each(&:drop)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'pending')
-        commit.builds.running_or_pending.each(&:drop)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'pending')
+          commit.builds.running_or_pending.each(&:drop)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'failed', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'failed', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'failed', 'success')
-        commit.reload
-        expect(commit.status).to eq('failed')
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'test_failure', 'cleanup')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'failed', 'failed', 'success')
+          commit.reload
+          expect(commit.status).to eq('failed')
+        end
       end
 
-      it 'properly creates builds when deploy fails' do
-        expect(create_builds).to be_truthy
-        expect(commit.builds.pluck(:name)).to contain_exactly('build')
-        expect(commit.builds.pluck(:status)).to contain_exactly('pending')
-        commit.builds.running_or_pending.each(&:success)
+      context 'when deploy job fails' do
+        it 'properly creates builds' do
+          expect(create_builds).to be_truthy
+          expect(commit.builds.pluck(:name)).to contain_exactly('build')
+          expect(commit.builds.pluck(:status)).to contain_exactly('pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'pending')
-        commit.builds.running_or_pending.each(&:drop)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'pending')
+          commit.builds.running_or_pending.each(&:drop)
 
-        expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy', 'cleanup')
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'failed', 'pending')
-        commit.builds.running_or_pending.each(&:success)
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test', 'deploy', 'cleanup')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'failed', 'pending')
+          commit.builds.running_or_pending.each(&:success)
 
-        expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'failed', 'success')
-        commit.reload
-        expect(commit.status).to eq('failed')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'success', 'failed', 'success')
+          commit.reload
+          expect(commit.status).to eq('failed')
+        end
+      end
+
+      context 'when build is canceled in the second stage' do
+        it 'does not schedule builds after build has been canceled' do
+          expect(create_builds).to be_truthy
+          expect(commit.builds.pluck(:name)).to contain_exactly('build')
+          expect(commit.builds.pluck(:status)).to contain_exactly('pending')
+          commit.builds.running_or_pending.each(&:success)
+
+          expect(commit.builds.running_or_pending).to_not be_empty
+
+          expect(commit.builds.pluck(:name)).to contain_exactly('build', 'test')
+          expect(commit.builds.pluck(:status)).to contain_exactly('success', 'pending')
+          commit.builds.running_or_pending.each(&:cancel)
+
+          expect(commit.builds.running_or_pending).to be_empty
+          expect(commit.reload.status).to eq('canceled')
+        end
       end
     end
   end
diff --git a/spec/models/ci/runner_project_spec.rb b/spec/models/ci/runner_project_spec.rb
index 000a732db77..95fc160b238 100644
--- a/spec/models/ci/runner_project_spec.rb
+++ b/spec/models/ci/runner_project_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_runner_projects
-#
-#  id            :integer          not null, primary key
-#  runner_id     :integer          not null
-#  project_id    :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  gl_project_id :integer
-#
-
 require 'spec_helper'
 
 describe Ci::RunnerProject, models: true do
diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb
index 25e9e5eca48..eaa94228922 100644
--- a/spec/models/ci/runner_spec.rb
+++ b/spec/models/ci/runner_spec.rb
@@ -1,22 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_runners
-#
-#  id           :integer          not null, primary key
-#  token        :string(255)
-#  created_at   :datetime
-#  updated_at   :datetime
-#  description  :string(255)
-#  contacted_at :datetime
-#  active       :boolean          default(TRUE), not null
-#  is_shared    :boolean          default(FALSE)
-#  name         :string(255)
-#  version      :string(255)
-#  revision     :string(255)
-#  platform     :string(255)
-#  architecture :string(255)
-#
-
 require 'spec_helper'
 
 describe Ci::Runner, models: true do
diff --git a/spec/models/ci/trigger_spec.rb b/spec/models/ci/trigger_spec.rb
index 159be939300..474b0b1621d 100644
--- a/spec/models/ci/trigger_spec.rb
+++ b/spec/models/ci/trigger_spec.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_triggers
-#
-#  id            :integer          not null, primary key
-#  token         :string(255)
-#  project_id    :integer
-#  deleted_at    :datetime
-#  created_at    :datetime
-#  updated_at    :datetime
-#  gl_project_id :integer
-#
-
 require 'spec_helper'
 
 describe Ci::Trigger, models: true do
diff --git a/spec/models/ci/variable_spec.rb b/spec/models/ci/variable_spec.rb
index 71e84091cb7..c712d211b0f 100644
--- a/spec/models/ci/variable_spec.rb
+++ b/spec/models/ci/variable_spec.rb
@@ -1,17 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_variables
-#
-#  id                   :integer          not null, primary key
-#  project_id           :integer
-#  key                  :string(255)
-#  value                :text
-#  encrypted_value      :text
-#  encrypted_value_salt :string(255)
-#  encrypted_value_iv   :string(255)
-#  gl_project_id        :integer
-#
-
 require 'spec_helper'
 
 describe Ci::Variable, models: true do
diff --git a/spec/models/commit_spec.rb b/spec/models/commit_spec.rb
index ad47e338a33..ccb100cd96f 100644
--- a/spec/models/commit_spec.rb
+++ b/spec/models/commit_spec.rb
@@ -56,7 +56,7 @@ describe Commit, models: true do
     end
 
     it "does not truncates a message with a newline after 80 but less 100 characters" do
-      message =<<eos
+      message = <<eos
 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec sodales id felis id blandit.
 Vivamus egestas lacinia lacus, sed rutrum mauris.
 eos
diff --git a/spec/models/commit_status_spec.rb b/spec/models/commit_status_spec.rb
index 971e6750375..434e58cfd06 100644
--- a/spec/models/commit_status_spec.rb
+++ b/spec/models/commit_status_spec.rb
@@ -1,37 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_builds
-#
-#  id                 :integer          not null, primary key
-#  project_id         :integer
-#  status             :string(255)
-#  finished_at        :datetime
-#  trace              :text
-#  created_at         :datetime
-#  updated_at         :datetime
-#  started_at         :datetime
-#  runner_id          :integer
-#  coverage           :float
-#  commit_id          :integer
-#  commands           :text
-#  job_id             :integer
-#  name               :string(255)
-#  deploy             :boolean          default(FALSE)
-#  options            :text
-#  allow_failure      :boolean          default(FALSE), not null
-#  stage              :string(255)
-#  trigger_request_id :integer
-#  stage_idx          :integer
-#  tag                :boolean
-#  ref                :string(255)
-#  user_id            :integer
-#  type               :string(255)
-#  target_url         :string(255)
-#  description        :string(255)
-#  artifacts_file     :text
-#  gl_project_id      :integer
-#
-
 require 'spec_helper'
 
 describe CommitStatus, models: true do
diff --git a/spec/models/concerns/statuseable_spec.rb b/spec/models/concerns/statuseable_spec.rb
index dacbd3034c0..8e0a2a2cbde 100644
--- a/spec/models/concerns/statuseable_spec.rb
+++ b/spec/models/concerns/statuseable_spec.rb
@@ -61,9 +61,35 @@ describe Statuseable do
         let(:statuses) do
           [create(type, status: :success), create(type, status: :canceled)]
         end
+
+        it { is_expected.to eq 'canceled' }
+      end
+
+      context 'one failed and one canceled' do
+        let(:statuses) do
+          [create(type, status: :failed), create(type, status: :canceled)]
+        end
+
         it { is_expected.to eq 'failed' }
       end
 
+      context 'one failed but allowed to fail and one canceled' do
+        let(:statuses) do
+          [create(type, status: :failed, allow_failure: true),
+           create(type, status: :canceled)]
+        end
+
+        it { is_expected.to eq 'canceled' }
+      end
+
+      context 'one running one canceled' do
+        let(:statuses) do
+          [create(type, status: :running), create(type, status: :canceled)]
+        end
+
+        it { is_expected.to eq 'running' }
+      end
+
       context 'all canceled' do
         let(:statuses) do
           [create(type, status: :canceled), create(type, status: :canceled)]
diff --git a/spec/models/concerns/subscribable_spec.rb b/spec/models/concerns/subscribable_spec.rb
index e31fdb0bffb..b7fc5a92497 100644
--- a/spec/models/concerns/subscribable_spec.rb
+++ b/spec/models/concerns/subscribable_spec.rb
@@ -44,6 +44,16 @@ describe Subscribable, 'Subscribable' do
     end
   end
 
+  describe '#subscribe' do
+    it 'subscribes the given user' do
+      expect(resource.subscribed?(user)).to be_falsey
+
+      resource.subscribe(user)
+
+      expect(resource.subscribed?(user)).to be_truthy
+    end
+  end
+
   describe '#unsubscribe' do
     it 'unsubscribes the given current user' do
       resource.subscriptions.create(user: user, subscribed: true)
diff --git a/spec/models/deploy_key_spec.rb b/spec/models/deploy_key_spec.rb
index 64ba778afea..6a90598a629 100644
--- a/spec/models/deploy_key_spec.rb
+++ b/spec/models/deploy_key_spec.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: keys
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  key         :text
-#  title       :string(255)
-#  type        :string(255)
-#  fingerprint :string(255)
-#  public      :boolean          default(FALSE), not null
-#
-
 require 'spec_helper'
 
 describe DeployKey, models: true do
diff --git a/spec/models/deploy_keys_project_spec.rb b/spec/models/deploy_keys_project_spec.rb
index 8aedbfb8636..8a1e337c1a3 100644
--- a/spec/models/deploy_keys_project_spec.rb
+++ b/spec/models/deploy_keys_project_spec.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: deploy_keys_projects
-#
-#  id            :integer          not null, primary key
-#  deploy_key_id :integer          not null
-#  project_id    :integer          not null
-#  created_at    :datetime
-#  updated_at    :datetime
-#
-
 require 'spec_helper'
 
 describe DeployKeysProject, models: true do
diff --git a/spec/models/email_spec.rb b/spec/models/email_spec.rb
index a20a6149649..5d0bd31db5a 100644
--- a/spec/models/email_spec.rb
+++ b/spec/models/email_spec.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: emails
-#
-#  id         :integer          not null, primary key
-#  user_id    :integer          not null
-#  email      :string(255)      not null
-#  created_at :datetime
-#  updated_at :datetime
-#
-
 require 'spec_helper'
 
 describe Email, models: true do
diff --git a/spec/models/event_spec.rb b/spec/models/event_spec.rb
index 89909c2bcd7..b0e76fec693 100644
--- a/spec/models/event_spec.rb
+++ b/spec/models/event_spec.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: events
-#
-#  id          :integer          not null, primary key
-#  target_type :string(255)
-#  target_id   :integer
-#  title       :string(255)
-#  data        :text
-#  project_id  :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  action      :integer
-#  author_id   :integer
-#
-
 require 'spec_helper'
 
 describe Event, models: true do
@@ -30,32 +14,29 @@ describe Event, models: true do
     it { is_expected.to respond_to(:commits) }
   end
 
+  describe 'Callbacks' do
+    describe 'after_create :reset_project_activity' do
+      let(:project) { create(:project) }
+
+      context "project's last activity was less than 5 minutes ago" do
+        it 'does not update project.last_activity_at if it has been touched less than 5 minutes ago' do
+          create_event(project, project.owner)
+          project.update_column(:last_activity_at, 5.minutes.ago)
+          project_last_activity_at = project.last_activity_at
+
+          create_event(project, project.owner)
+
+          expect(project.last_activity_at).to eq(project_last_activity_at)
+        end
+      end
+    end
+  end
+
   describe "Push event" do
     before do
       project = create(:project)
       @user = project.owner
-
-      data = {
-        before: Gitlab::Git::BLANK_SHA,
-        after: "0220c11b9a3e6c69dc8fd35321254ca9a7b98f7e",
-        ref: "refs/heads/master",
-        user_id: @user.id,
-        user_name: @user.name,
-        repository: {
-          name: project.name,
-          url: "localhost/rubinius",
-          description: "",
-          homepage: "localhost/rubinius",
-          private: true
-        }
-      }
-
-      @event = Event.create(
-        project: project,
-        action: Event::PUSHED,
-        data: data,
-        author_id: @user.id
-      )
+      @event = create_event(project, @user)
     end
 
     it { expect(@event.push?).to be_truthy }
@@ -143,4 +124,28 @@ describe Event, models: true do
       it { is_expected.to eq([event2]) }
     end
   end
+
+  def create_event(project, user, attrs = {})
+    data = {
+      before: Gitlab::Git::BLANK_SHA,
+      after: "0220c11b9a3e6c69dc8fd35321254ca9a7b98f7e",
+      ref: "refs/heads/master",
+      user_id: user.id,
+      user_name: user.name,
+      repository: {
+        name: project.name,
+        url: "localhost/rubinius",
+        description: "",
+        homepage: "localhost/rubinius",
+        private: true
+      }
+    }
+
+    Event.create({
+      project: project,
+      action: Event::PUSHED,
+      data: data,
+      author_id: user.id
+    }.merge(attrs))
+  end
 end
diff --git a/spec/models/forked_project_link_spec.rb b/spec/models/forked_project_link_spec.rb
index d90fbfe1ea5..3b817608ce0 100644
--- a/spec/models/forked_project_link_spec.rb
+++ b/spec/models/forked_project_link_spec.rb
@@ -1,14 +1,3 @@
-# == Schema Information
-#
-# Table name: forked_project_links
-#
-#  id                     :integer          not null, primary key
-#  forked_to_project_id   :integer          not null
-#  forked_from_project_id :integer          not null
-#  created_at             :datetime
-#  updated_at             :datetime
-#
-
 require 'spec_helper'
 
 describe ForkedProjectLink, "add link on fork" do
diff --git a/spec/models/generic_commit_status_spec.rb b/spec/models/generic_commit_status_spec.rb
index 5b0883d8702..0caf5869c24 100644
--- a/spec/models/generic_commit_status_spec.rb
+++ b/spec/models/generic_commit_status_spec.rb
@@ -1,37 +1,3 @@
-# == Schema Information
-#
-# Table name: ci_builds
-#
-#  id                 :integer          not null, primary key
-#  project_id         :integer
-#  status             :string(255)
-#  finished_at        :datetime
-#  trace              :text
-#  created_at         :datetime
-#  updated_at         :datetime
-#  started_at         :datetime
-#  runner_id          :integer
-#  coverage           :float
-#  commit_id          :integer
-#  commands           :text
-#  job_id             :integer
-#  name               :string(255)
-#  deploy             :boolean          default(FALSE)
-#  options            :text
-#  allow_failure      :boolean          default(FALSE), not null
-#  stage              :string(255)
-#  trigger_request_id :integer
-#  stage_idx          :integer
-#  tag                :boolean
-#  ref                :string(255)
-#  user_id            :integer
-#  type               :string(255)
-#  target_url         :string(255)
-#  description        :string(255)
-#  artifacts_file     :text
-#  gl_project_id      :integer
-#
-
 require 'spec_helper'
 
 describe GenericCommitStatus, models: true do
diff --git a/spec/models/group_spec.rb b/spec/models/group_spec.rb
index 7bfca1e72c3..6fa16be7f04 100644
--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: namespaces
-#
-#  id          :integer          not null, primary key
-#  name        :string(255)      not null
-#  path        :string(255)      not null
-#  owner_id    :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  type        :string(255)
-#  description :string(255)      default(""), not null
-#  avatar      :string(255)
-#
-
 require 'spec_helper'
 
 describe Group, models: true do
diff --git a/spec/models/hooks/service_hook_spec.rb b/spec/models/hooks/service_hook_spec.rb
index f800f415bd2..534e1b4f128 100644
--- a/spec/models/hooks/service_hook_spec.rb
+++ b/spec/models/hooks/service_hook_spec.rb
@@ -34,14 +34,14 @@ describe ServiceHook, models: true do
     it "POSTs to the webhook URL" do
       @service_hook.execute(@data)
       expect(WebMock).to have_requested(:post, @service_hook.url).with(
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Service Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'Service Hook' }
       ).once
     end
 
     it "POSTs the data as JSON" do
       @service_hook.execute(@data)
       expect(WebMock).to have_requested(:post, @service_hook.url).with(
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Service Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'Service Hook' }
       ).once
     end
 
diff --git a/spec/models/hooks/system_hook_spec.rb b/spec/models/hooks/system_hook_spec.rb
index 56a9fbe9720..4078b9e4ff5 100644
--- a/spec/models/hooks/system_hook_spec.rb
+++ b/spec/models/hooks/system_hook_spec.rb
@@ -33,7 +33,7 @@ describe SystemHook, models: true do
       Projects::CreateService.new(user, name: 'empty').execute
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /project_create/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -42,7 +42,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /project_destroy/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -51,7 +51,7 @@ describe SystemHook, models: true do
       
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_create/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -60,7 +60,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_destroy/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -69,7 +69,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_add_to_team/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -79,7 +79,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_remove_from_team/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -88,7 +88,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /group_create/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -97,7 +97,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /group_destroy/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -106,7 +106,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_add_to_group/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
 
@@ -116,7 +116,7 @@ describe SystemHook, models: true do
 
       expect(WebMock).to have_requested(:post, system_hook.url).with(
         body: /user_remove_from_group/,
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'System Hook' }
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'System Hook' }
       ).once
     end
   end
diff --git a/spec/models/hooks/web_hook_spec.rb b/spec/models/hooks/web_hook_spec.rb
index 04bc2dcfb16..f9bab487b96 100644
--- a/spec/models/hooks/web_hook_spec.rb
+++ b/spec/models/hooks/web_hook_spec.rb
@@ -43,51 +43,65 @@ describe WebHook, models: true do
   end
 
   describe "execute" do
+    let(:project) { create(:project) }
+    let(:project_hook) { create(:project_hook) }
+
     before(:each) do
-      @project_hook = create(:project_hook)
-      @project = create(:project)
-      @project.hooks << [@project_hook]
+      project.hooks << [project_hook]
       @data = { before: 'oldrev', after: 'newrev', ref: 'ref' }
 
-      WebMock.stub_request(:post, @project_hook.url)
+      WebMock.stub_request(:post, project_hook.url)
+    end
+
+    context 'when token is defined' do
+      let(:project_hook) { create(:project_hook, :token) }
+
+      it 'POSTs to the webhook URL' do
+        project_hook.execute(@data, 'push_hooks')
+        expect(WebMock).to have_requested(:post, project_hook.url).with(
+          headers: { 'Content-Type' => 'application/json',
+                     'X-Gitlab-Event' => 'Push Hook',
+                     'X-Gitlab-Token' => project_hook.token }
+        ).once
+      end
     end
 
     it "POSTs to the webhook URL" do
-      @project_hook.execute(@data, 'push_hooks')
-      expect(WebMock).to have_requested(:post, @project_hook.url).with(
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Push Hook' }
+      project_hook.execute(@data, 'push_hooks')
+      expect(WebMock).to have_requested(:post, project_hook.url).with(
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'Push Hook' }
       ).once
     end
 
     it "POSTs the data as JSON" do
-      @project_hook.execute(@data, 'push_hooks')
-      expect(WebMock).to have_requested(:post, @project_hook.url).with(
-        headers: { 'Content-Type'=>'application/json', 'X-Gitlab-Event'=>'Push Hook' }
+      project_hook.execute(@data, 'push_hooks')
+      expect(WebMock).to have_requested(:post, project_hook.url).with(
+        headers: { 'Content-Type' => 'application/json', 'X-Gitlab-Event' => 'Push Hook' }
       ).once
     end
 
     it "catches exceptions" do
       expect(WebHook).to receive(:post).and_raise("Some HTTP Post error")
 
-      expect { @project_hook.execute(@data, 'push_hooks') }.to raise_error(RuntimeError)
+      expect { project_hook.execute(@data, 'push_hooks') }.to raise_error(RuntimeError)
     end
 
     it "handles SSL exceptions" do
       expect(WebHook).to receive(:post).and_raise(OpenSSL::SSL::SSLError.new('SSL error'))
 
-      expect(@project_hook.execute(@data, 'push_hooks')).to eq([false, 'SSL error'])
+      expect(project_hook.execute(@data, 'push_hooks')).to eq([false, 'SSL error'])
     end
 
     it "handles 200 status code" do
-      WebMock.stub_request(:post, @project_hook.url).to_return(status: 200, body: "Success")
+      WebMock.stub_request(:post, project_hook.url).to_return(status: 200, body: "Success")
 
-      expect(@project_hook.execute(@data, 'push_hooks')).to eq([true, 'Success'])
+      expect(project_hook.execute(@data, 'push_hooks')).to eq([200, 'Success'])
     end
 
     it "handles 2xx status codes" do
-      WebMock.stub_request(:post, @project_hook.url).to_return(status: 201, body: "Success")
+      WebMock.stub_request(:post, project_hook.url).to_return(status: 201, body: "Success")
 
-      expect(@project_hook.execute(@data, 'push_hooks')).to eq([true, 'Success'])
+      expect(project_hook.execute(@data, 'push_hooks')).to eq([201, 'Success'])
     end
   end
 end
diff --git a/spec/models/identity_spec.rb b/spec/models/identity_spec.rb
index 5afe042e154..1b987588f59 100644
--- a/spec/models/identity_spec.rb
+++ b/spec/models/identity_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: identities
-#
-#  id         :integer          not null, primary key
-#  extern_uid :string(255)
-#  provider   :string(255)
-#  user_id    :integer
-#  created_at :datetime
-#  updated_at :datetime
-#
-
 require 'spec_helper'
 
 RSpec.describe Identity, models: true do
diff --git a/spec/models/issue_spec.rb b/spec/models/issue_spec.rb
index 060e6599104..8ab00c70f9d 100644
--- a/spec/models/issue_spec.rb
+++ b/spec/models/issue_spec.rb
@@ -1,23 +1,3 @@
-# == Schema Information
-#
-# Table name: issues
-#
-#  id            :integer          not null, primary key
-#  title         :string(255)
-#  assignee_id   :integer
-#  author_id     :integer
-#  project_id    :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  position      :integer          default(0)
-#  branch_name   :string(255)
-#  description   :text
-#  milestone_id  :integer
-#  state         :string(255)
-#  iid           :integer
-#  updated_by_id :integer
-#
-
 require 'spec_helper'
 
 describe Issue, models: true do
diff --git a/spec/models/key_spec.rb b/spec/models/key_spec.rb
index c962b83644a..26fbedbef2f 100644
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: keys
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  key         :text
-#  title       :string(255)
-#  type        :string(255)
-#  fingerprint :string(255)
-#  public      :boolean          default(FALSE), not null
-#
-
 require 'spec_helper'
 
 describe Key, models: true do
diff --git a/spec/models/label_link_spec.rb b/spec/models/label_link_spec.rb
index dc7510b1de3..5e6f8ca1528 100644
--- a/spec/models/label_link_spec.rb
+++ b/spec/models/label_link_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: label_links
-#
-#  id          :integer          not null, primary key
-#  label_id    :integer
-#  target_id   :integer
-#  target_type :string(255)
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 require 'spec_helper'
 
 describe LabelLink, models: true do
diff --git a/spec/models/label_spec.rb b/spec/models/label_spec.rb
index 0614ca1e7c9..dad2628651b 100644
--- a/spec/models/label_spec.rb
+++ b/spec/models/label_spec.rb
@@ -1,16 +1,3 @@
-# == Schema Information
-#
-# Table name: labels
-#
-#  id         :integer          not null, primary key
-#  title      :string(255)
-#  color      :string(255)
-#  project_id :integer
-#  created_at :datetime
-#  updated_at :datetime
-#  template   :boolean          default(FALSE)
-#
-
 require 'spec_helper'
 
 describe Label, models: true do
@@ -55,6 +42,14 @@ describe Label, models: true do
     end
   end
 
+  describe "#title" do
+    let(:label) { create(:label, title: "<b>test</b>") }
+
+    it "sanitizes title" do
+      expect(label.title).to eq("test")
+    end
+  end
+
   describe '#to_reference' do
     context 'using id' do
       it 'returns a String reference to the object' do
diff --git a/spec/models/legacy_diff_note_spec.rb b/spec/models/legacy_diff_note_spec.rb
new file mode 100644
index 00000000000..7c29bef54e4
--- /dev/null
+++ b/spec/models/legacy_diff_note_spec.rb
@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe LegacyDiffNote, models: true do
+  describe "Commit diff line notes" do
+    let!(:note) { create(:note_on_commit_diff, note: "+1 from me") }
+    let!(:commit) { note.noteable }
+
+    it "should save a valid note" do
+      expect(note.commit_id).to eq(commit.id)
+      expect(note.noteable.id).to eq(commit.id)
+    end
+
+    it "should be recognized by #legacy_diff_note?" do
+      expect(note).to be_legacy_diff_note
+    end
+  end
+
+  describe '#active?' do
+    it 'is always true when the note has no associated diff' do
+      note = build(:note_on_merge_request_diff)
+
+      expect(note).to receive(:diff).and_return(nil)
+
+      expect(note).to be_active
+    end
+
+    it 'is never true when the note has no noteable associated' do
+      note = build(:note_on_merge_request_diff)
+
+      expect(note).to receive(:diff).and_return(double)
+      expect(note).to receive(:noteable).and_return(nil)
+
+      expect(note).not_to be_active
+    end
+
+    it 'returns the memoized value if defined' do
+      note = build(:note_on_merge_request_diff)
+
+      note.instance_variable_set(:@active, 'foo')
+      expect(note).not_to receive(:find_noteable_diff)
+
+      expect(note.active?).to eq 'foo'
+    end
+
+    context 'for a merge request noteable' do
+      it 'is false when noteable has no matching diff' do
+        merge = build_stubbed(:merge_request, :simple)
+        note = build(:note_on_merge_request_diff, noteable: merge)
+
+        allow(note).to receive(:diff).and_return(double)
+        expect(note).to receive(:find_noteable_diff).and_return(nil)
+
+        expect(note).not_to be_active
+      end
+
+      it 'is true when noteable has a matching diff' do
+        merge = create(:merge_request, :simple)
+
+        # Generate a real line_code value so we know it will match. We use a
+        # random line from a random diff just for funsies.
+        diff = merge.diffs.to_a.sample
+        line = Gitlab::Diff::Parser.new.parse(diff.diff.each_line).to_a.sample
+        code = Gitlab::Diff::LineCode.generate(diff.new_path, line.new_pos, line.old_pos)
+
+        # We're persisting in order to trigger the set_diff callback
+        note = create(:note_on_merge_request_diff, noteable: merge, line_code: code)
+
+        # Make sure we don't get a false positive from a guard clause
+        expect(note).to receive(:find_noteable_diff).and_call_original
+        expect(note).to be_active
+      end
+    end
+  end
+end
diff --git a/spec/models/member_spec.rb b/spec/models/member_spec.rb
index 2d8f1cc1ad3..6e51730eecd 100644
--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@@ -1,22 +1,3 @@
-# == Schema Information
-#
-# Table name: members
-#
-#  id                 :integer          not null, primary key
-#  access_level       :integer          not null
-#  source_id          :integer          not null
-#  source_type        :string(255)      not null
-#  user_id            :integer
-#  notification_level :integer          not null
-#  type               :string(255)
-#  created_at         :datetime
-#  updated_at         :datetime
-#  created_by_id      :integer
-#  invite_email       :string(255)
-#  invite_token       :string(255)
-#  invite_accepted_at :datetime
-#
-
 require 'spec_helper'
 
 describe Member, models: true do
diff --git a/spec/models/merge_request_spec.rb b/spec/models/merge_request_spec.rb
index d7884cea336..9eef08c6d00 100644
--- a/spec/models/merge_request_spec.rb
+++ b/spec/models/merge_request_spec.rb
@@ -1,32 +1,3 @@
-# == Schema Information
-#
-# Table name: merge_requests
-#
-#  id                        :integer          not null, primary key
-#  target_branch             :string(255)      not null
-#  source_branch             :string(255)      not null
-#  source_project_id         :integer          not null
-#  author_id                 :integer
-#  assignee_id               :integer
-#  title                     :string(255)
-#  created_at                :datetime
-#  updated_at                :datetime
-#  milestone_id              :integer
-#  state                     :string(255)
-#  merge_status              :string(255)
-#  target_project_id         :integer          not null
-#  iid                       :integer
-#  description               :text
-#  position                  :integer          default(0)
-#  locked_at                 :datetime
-#  updated_by_id             :integer
-#  merge_error               :string(255)
-#  merge_params              :text
-#  merge_when_build_succeeds :boolean          default(FALSE), not null
-#  merge_user_id             :integer
-#  merge_commit_sha          :string
-#
-
 require 'spec_helper'
 
 describe MergeRequest, models: true do
@@ -93,7 +64,13 @@ describe MergeRequest, models: true do
 
   describe '#target_sha' do
     context 'when the target branch does not exist anymore' do
-      subject { create(:merge_request).tap { |mr| mr.update_attribute(:target_branch, 'deleted') } }
+      let(:project) { create(:project) }
+
+      subject { create(:merge_request, source_project: project, target_project: project) }
+
+      before do
+        project.repository.raw_repository.delete_branch(subject.target_branch)
+      end
 
       it 'returns nil' do
         expect(subject.target_sha).to be_nil
@@ -318,7 +295,12 @@ describe MergeRequest, models: true do
     let(:fork_project) { create(:project, forked_from_project: project) }
 
     context 'when the target branch does not exist anymore' do
-      subject { create(:merge_request).tap { |mr| mr.update_attribute(:target_branch, 'deleted') } }
+      subject { create(:merge_request, source_project: project, target_project: project) }
+
+      before do
+        project.repository.raw_repository.delete_branch(subject.target_branch)
+        subject.reload
+      end
 
       it 'does not crash' do
         expect{ subject.diverged_commits_count }.not_to raise_error
diff --git a/spec/models/milestone_spec.rb b/spec/models/milestone_spec.rb
index 72a4ea70228..1e18c788b50 100644
--- a/spec/models/milestone_spec.rb
+++ b/spec/models/milestone_spec.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: milestones
-#
-#  id          :integer          not null, primary key
-#  title       :string(255)      not null
-#  project_id  :integer          not null
-#  description :text
-#  due_date    :date
-#  created_at  :datetime
-#  updated_at  :datetime
-#  state       :string(255)
-#  iid         :integer
-#
-
 require 'spec_helper'
 
 describe Milestone, models: true do
@@ -34,6 +19,14 @@ describe Milestone, models: true do
   let(:issue) { create(:issue) }
   let(:user) { create(:user) }
 
+  describe "#title" do
+    let(:milestone) { create(:milestone, title: "<b>test</b>") }
+
+    it "sanitizes title" do
+      expect(milestone.title).to eq("test")
+    end
+  end
+
   describe "unique milestone title per project" do
     it "shouldn't accept the same title in a project twice" do
       new_milestone = Milestone.new(project: milestone.project, title: milestone.title)
@@ -211,4 +204,37 @@ describe Milestone, models: true do
         to eq([milestone])
     end
   end
+
+  describe '.upcoming_ids_by_projects' do
+    let(:project_1) { create(:empty_project) }
+    let(:project_2) { create(:empty_project) }
+    let(:project_3) { create(:empty_project) }
+    let(:projects) { [project_1, project_2, project_3] }
+
+    let!(:past_milestone_project_1) { create(:milestone, project: project_1, due_date: Time.now - 1.day) }
+    let!(:current_milestone_project_1) { create(:milestone, project: project_1, due_date: Time.now + 1.day) }
+    let!(:future_milestone_project_1) { create(:milestone, project: project_1, due_date: Time.now + 2.days) }
+
+    let!(:past_milestone_project_2) { create(:milestone, project: project_2, due_date: Time.now - 1.day) }
+    let!(:closed_milestone_project_2) { create(:milestone, :closed, project: project_2, due_date: Time.now + 1.day) }
+    let!(:current_milestone_project_2) { create(:milestone, project: project_2, due_date: Time.now + 2.days) }
+
+    let!(:past_milestone_project_3) { create(:milestone, project: project_3, due_date: Time.now - 1.day) }
+
+    # The call to `#try` is because this returns a relation with a Postgres DB,
+    # and an array of IDs with a MySQL DB.
+    let(:milestone_ids) { Milestone.upcoming_ids_by_projects(projects).map { |id| id.try(:id) || id } }
+
+    it 'returns the next upcoming open milestone ID for each project' do
+      expect(milestone_ids).to contain_exactly(current_milestone_project_1.id, current_milestone_project_2.id)
+    end
+
+    context 'when the projects have no open upcoming milestones' do
+      let(:projects) { [project_3] }
+
+      it 'returns no results' do
+        expect(milestone_ids).to be_empty
+      end
+    end
+  end
 end
diff --git a/spec/models/namespace_spec.rb b/spec/models/namespace_spec.rb
index 3c3a580942a..4e68ac5e63a 100644
--- a/spec/models/namespace_spec.rb
+++ b/spec/models/namespace_spec.rb
@@ -1,18 +1,3 @@
-# == Schema Information
-#
-# Table name: namespaces
-#
-#  id          :integer          not null, primary key
-#  name        :string(255)      not null
-#  path        :string(255)      not null
-#  owner_id    :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#  type        :string(255)
-#  description :string(255)      default(""), not null
-#  avatar      :string(255)
-#
-
 require 'spec_helper'
 
 describe Namespace, models: true do
@@ -85,6 +70,20 @@ describe Namespace, models: true do
       allow(@namespace).to receive(:path).and_return(new_path)
       expect(@namespace.move_dir).to be_truthy
     end
+
+    context "when any project has container tags" do
+      before do
+        stub_container_registry_config(enabled: true)
+        stub_container_registry_tags('tag')
+
+        create(:empty_project, namespace: @namespace)
+
+        allow(@namespace).to receive(:path_was).and_return(@namespace.path)
+        allow(@namespace).to receive(:path).and_return('new_path')
+      end
+
+      it { expect { @namespace.move_dir }.to raise_error('Namespace cannot be moved, because at least one project has tags in container registry') }
+    end
   end
 
   describe :rm_dir do
diff --git a/spec/models/note_spec.rb b/spec/models/note_spec.rb
index 6b18936edb1..5d916f0e6a6 100644
--- a/spec/models/note_spec.rb
+++ b/spec/models/note_spec.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: notes
-#
-#  id            :integer          not null, primary key
-#  note          :text
-#  noteable_type :string(255)
-#  author_id     :integer
-#  created_at    :datetime
-#  updated_at    :datetime
-#  project_id    :integer
-#  attachment    :string(255)
-#  line_code     :string(255)
-#  commit_id     :string(255)
-#  noteable_id   :integer
-#  system        :boolean          default(FALSE), not null
-#  st_diff       :text
-#  updated_by_id :integer
-#  is_award      :boolean          default(FALSE), not null
-#
-
 require 'spec_helper'
 
 describe Note, models: true do
@@ -55,24 +34,6 @@ describe Note, models: true do
     end
   end
 
-  describe "Commit diff line notes" do
-    let!(:note) { create(:note_on_commit_diff, note: "+1 from me") }
-    let!(:commit) { note.noteable }
-
-    it "should save a valid note" do
-      expect(note.commit_id).to eq(commit.id)
-      expect(note.noteable.id).to eq(commit.id)
-    end
-
-    it "should be recognized by #for_diff_line?" do
-      expect(note).to be_for_diff_line
-    end
-
-    it "should be recognized by #for_commit_diff_line?" do
-      expect(note).to be_for_commit_diff_line
-    end
-  end
-
   describe 'authorization' do
     before do
       @p1 = create(:project)
@@ -169,66 +130,6 @@ describe Note, models: true do
     end
   end
 
-  describe '#active?' do
-    it 'is always true when the note has no associated diff' do
-      note = build(:note)
-
-      expect(note).to receive(:diff).and_return(nil)
-
-      expect(note).to be_active
-    end
-
-    it 'is never true when the note has no noteable associated' do
-      note = build(:note)
-
-      expect(note).to receive(:diff).and_return(double)
-      expect(note).to receive(:noteable).and_return(nil)
-
-      expect(note).not_to be_active
-    end
-
-    it 'returns the memoized value if defined' do
-      note = build(:note)
-
-      expect(note).to receive(:diff).and_return(double)
-      expect(note).to receive(:noteable).and_return(double)
-
-      note.instance_variable_set(:@active, 'foo')
-      expect(note).not_to receive(:find_noteable_diff)
-
-      expect(note.active?).to eq 'foo'
-    end
-
-    context 'for a merge request noteable' do
-      it 'is false when noteable has no matching diff' do
-        merge = build_stubbed(:merge_request, :simple)
-        note = build(:note, noteable: merge)
-
-        allow(note).to receive(:diff).and_return(double)
-        expect(note).to receive(:find_noteable_diff).and_return(nil)
-
-        expect(note).not_to be_active
-      end
-
-      it 'is true when noteable has a matching diff' do
-        merge = create(:merge_request, :simple)
-
-        # Generate a real line_code value so we know it will match. We use a
-        # random line from a random diff just for funsies.
-        diff = merge.diffs.to_a.sample
-        line = Gitlab::Diff::Parser.new.parse(diff.diff.each_line).to_a.sample
-        code = Gitlab::Diff::LineCode.generate(diff.new_path, line.new_pos, line.old_pos)
-
-        # We're persisting in order to trigger the set_diff callback
-        note = create(:note, noteable: merge, line_code: code)
-
-        # Make sure we don't get a false positive from a guard clause
-        expect(note).to receive(:find_noteable_diff).and_call_original
-        expect(note).to be_active
-      end
-    end
-  end
-
   describe "editable?" do
     it "returns true" do
       note = build(:note)
@@ -279,7 +180,7 @@ describe Note, models: true do
     end
 
     it "is not an award emoji when comment is on a diff" do
-      note = create(:note, note: ":blowfish:", noteable: merge_request, line_code: "11d5d2e667e9da4f7f610f81d86c974b146b13bd_0_2")
+      note = create(:note_on_merge_request_diff, note: ":blowfish:", noteable: merge_request, line_code: "11d5d2e667e9da4f7f610f81d86c974b146b13bd_0_2")
       note = note.reload
 
       expect(note.note).to eq(":blowfish:")
diff --git a/spec/models/project_services/bamboo_service_spec.rb b/spec/models/project_services/bamboo_service_spec.rb
index 31b2c90122d..e771f35811e 100644
--- a/spec/models/project_services/bamboo_service_spec.rb
+++ b/spec/models/project_services/bamboo_service_spec.rb
@@ -27,86 +27,51 @@ describe BambooService, models: true do
   end
 
   describe 'Validations' do
-    describe '#bamboo_url' do
-      it 'does not validate the presence of bamboo_url if service is not active' do
-        bamboo_service = service
-        bamboo_service.active = false
+    subject { service }
 
-        expect(bamboo_service).not_to validate_presence_of(:bamboo_url)
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:build_key) }
+      it { is_expected.to validate_presence_of(:bamboo_url) }
+      it_behaves_like 'issue tracker service URL attribute', :bamboo_url
+
+      describe '#username' do
+        it 'does not validate the presence of username if password is nil' do
+          subject.password = nil
+
+          expect(subject).not_to validate_presence_of(:username)
+        end
+
+        it 'validates the presence of username if password is present' do
+          subject.password = 'secret'
+
+          expect(subject).to validate_presence_of(:username)
+        end
       end
 
-      it 'validates the presence of bamboo_url if service is active' do
-        bamboo_service = service
-        bamboo_service.active = true
+      describe '#password' do
+        it 'does not validate the presence of password if username is nil' do
+          subject.username = nil
 
-        expect(bamboo_service).to validate_presence_of(:bamboo_url)
+          expect(subject).not_to validate_presence_of(:password)
+        end
+
+        it 'validates the presence of password if username is present' do
+          subject.username = 'john'
+
+          expect(subject).to validate_presence_of(:password)
+        end
       end
     end
 
-    describe '#build_key' do
-      it 'does not validate the presence of build_key if service is not active' do
-        bamboo_service = service
-        bamboo_service.active = false
+    context 'when service is inactive' do
+      before { subject.active = false }
 
-        expect(bamboo_service).not_to validate_presence_of(:build_key)
-      end
-
-      it 'validates the presence of build_key if service is active' do
-        bamboo_service = service
-        bamboo_service.active = true
-
-        expect(bamboo_service).to validate_presence_of(:build_key)
-      end
-    end
-
-    describe '#username' do
-      it 'does not validate the presence of username if service is not active' do
-        bamboo_service = service
-        bamboo_service.active = false
-
-        expect(bamboo_service).not_to validate_presence_of(:username)
-      end
-
-      it 'does not validate the presence of username if username is nil' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.password = nil
-
-        expect(bamboo_service).not_to validate_presence_of(:username)
-      end
-
-      it 'validates the presence of username if service is active and username is present' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.password = 'secret'
-
-        expect(bamboo_service).to validate_presence_of(:username)
-      end
-    end
-
-    describe '#password' do
-      it 'does not validate the presence of password if service is not active' do
-        bamboo_service = service
-        bamboo_service.active = false
-
-        expect(bamboo_service).not_to validate_presence_of(:password)
-      end
-
-      it 'does not validate the presence of password if username is nil' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.username = nil
-
-        expect(bamboo_service).not_to validate_presence_of(:password)
-      end
-
-      it 'validates the presence of password if service is active and username is present' do
-        bamboo_service = service
-        bamboo_service.active = true
-        bamboo_service.username = 'john'
-
-        expect(bamboo_service).to validate_presence_of(:password)
-      end
+      it { is_expected.not_to validate_presence_of(:build_key) }
+      it { is_expected.not_to validate_presence_of(:bamboo_url) }
+      it { is_expected.not_to validate_presence_of(:username) }
+      it { is_expected.not_to validate_presence_of(:password) }
     end
   end
 
diff --git a/spec/models/project_services/buildkite_service_spec.rb b/spec/models/project_services/buildkite_service_spec.rb
index 88cd624877a..60364df2015 100644
--- a/spec/models/project_services/buildkite_service_spec.rb
+++ b/spec/models/project_services/buildkite_service_spec.rb
@@ -26,6 +26,23 @@ describe BuildkiteService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:token) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+
   describe 'commits methods' do
     before do
       @project = Project.new
diff --git a/spec/models/project_services/builds_email_service_spec.rb b/spec/models/project_services/builds_email_service_spec.rb
index 7c23c2efccd..236df8f047d 100644
--- a/spec/models/project_services/builds_email_service_spec.rb
+++ b/spec/models/project_services/builds_email_service_spec.rb
@@ -1,76 +1,71 @@
 require 'spec_helper'
 
 describe BuildsEmailService do
-  let(:build) { create(:ci_build) }
-  let(:data) { Gitlab::BuildDataBuilder.build(build) }
-  let!(:project) { create(:project, :public, ci_id: 1) }
-  let(:service) { described_class.new(project: project, active: true) }
+  let(:data) { Gitlab::BuildDataBuilder.build(create(:ci_build)) }
+
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:recipients) }
+
+      context 'when pusher is added' do
+        before { subject.add_pusher = true }
+
+        it { is_expected.not_to validate_presence_of(:recipients) }
+      end
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:recipients) }
+    end
+  end
 
   describe '#execute' do
     it 'sends email' do
-      service.recipients = 'test@gitlab.com'
+      subject.recipients = 'test@gitlab.com'
       data[:build_status] = 'failed'
+
       expect(BuildEmailWorker).to receive(:perform_async)
-      service.execute(data)
+
+      subject.execute(data)
     end
 
     it 'does not send email with succeeded build and notify_only_broken_builds on' do
-      expect(service).to receive(:notify_only_broken_builds).and_return(true)
+      expect(subject).to receive(:notify_only_broken_builds).and_return(true)
       data[:build_status] = 'success'
+
       expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
+
+      subject.execute(data)
     end
 
     it 'does not send email with failed build and build_allow_failure is true' do
       data[:build_status] = 'failed'
       data[:build_allow_failure] = true
+
       expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
+
+      subject.execute(data)
     end
 
     it 'does not send email with unknown build status' do
       data[:build_status] = 'foo'
+
       expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
+
+      subject.execute(data)
     end
 
     it 'does not send email when recipients list is empty' do
-      service.recipients = ' ,, '
+      subject.recipients = ' ,, '
       data[:build_status] = 'failed'
+
       expect(BuildEmailWorker).not_to receive(:perform_async)
-      service.execute(data)
-    end
-  end
 
-  describe 'validations' do
-
-    context 'when pusher is not added' do
-      before { service.add_pusher = false }
-
-      it 'does not allow empty recipient input' do
-        service.recipients = ''
-        expect(service.valid?).to be false
-      end
-
-      it 'does allow non-empty recipient input' do
-        service.recipients = 'test@example.com'
-        expect(service.valid?).to be true
-      end
-
-    end
-
-    context 'when pusher is added' do
-      before { service.add_pusher = true }
-
-      it 'does allow empty recipient input' do
-        service.recipients = ''
-        expect(service.valid?).to be true
-      end
-
-      it 'does allow non-empty recipient input' do
-        service.recipients = 'test@example.com'
-        expect(service.valid?).to be true
-      end
+      subject.execute(data)
     end
   end
 end
diff --git a/spec/models/project_services/campfire_service_spec.rb b/spec/models/project_services/campfire_service_spec.rb
new file mode 100644
index 00000000000..3e6da42803b
--- /dev/null
+++ b/spec/models/project_services/campfire_service_spec.rb
@@ -0,0 +1,42 @@
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+
+require 'spec_helper'
+
+describe CampfireService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:token) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+end
diff --git a/spec/models/project_services/custom_issue_tracker_service_spec.rb b/spec/models/project_services/custom_issue_tracker_service_spec.rb
new file mode 100644
index 00000000000..ff976f8ec59
--- /dev/null
+++ b/spec/models/project_services/custom_issue_tracker_service_spec.rb
@@ -0,0 +1,49 @@
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+
+require 'spec_helper'
+
+describe CustomIssueTrackerService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
+end
diff --git a/spec/models/project_services/drone_ci_service_spec.rb b/spec/models/project_services/drone_ci_service_spec.rb
index a2cf68a9e38..3a8e67438fc 100644
--- a/spec/models/project_services/drone_ci_service_spec.rb
+++ b/spec/models/project_services/drone_ci_service_spec.rb
@@ -28,25 +28,18 @@ describe DroneCiService, models: true do
 
   describe 'validations' do
     context 'active' do
-      before { allow(subject).to receive(:activated?).and_return(true) }
+      before { subject.active = true }
 
       it { is_expected.to validate_presence_of(:token) }
       it { is_expected.to validate_presence_of(:drone_url) }
-      it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) }
-      it { is_expected.to allow_value('http://ci.example.com').for(:drone_url) }
-      it { is_expected.not_to allow_value('this is not url').for(:drone_url) }
-      it { is_expected.not_to allow_value('http//noturl').for(:drone_url) }
-      it { is_expected.not_to allow_value('ftp://ci.example.com').for(:drone_url) }
+      it_behaves_like 'issue tracker service URL attribute', :drone_url
     end
 
     context 'inactive' do
-      before { allow(subject).to receive(:activated?).and_return(false) }
+      before { subject.active = false }
 
       it { is_expected.not_to validate_presence_of(:token) }
       it { is_expected.not_to validate_presence_of(:drone_url) }
-      it { is_expected.to allow_value('ewf9843kdnfdfs89234n').for(:token) }
-      it { is_expected.to allow_value('http://drone.example.com').for(:drone_url) }
-      it { is_expected.to allow_value('ftp://drone.example.com').for(:drone_url) }
     end
   end
 
diff --git a/spec/models/project_services/emails_on_push_service_spec.rb b/spec/models/project_services/emails_on_push_service_spec.rb
new file mode 100644
index 00000000000..e6f78898c82
--- /dev/null
+++ b/spec/models/project_services/emails_on_push_service_spec.rb
@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe EmailsOnPushService do
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:recipients) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:recipients) }
+    end
+  end
+end
diff --git a/spec/models/external_wiki_service_spec.rb b/spec/models/project_services/external_wiki_service_spec.rb
similarity index 78%
rename from spec/models/external_wiki_service_spec.rb
rename to spec/models/project_services/external_wiki_service_spec.rb
index d37978720bf..5fe5ea7d2df 100644
--- a/spec/models/external_wiki_service_spec.rb
+++ b/spec/models/project_services/external_wiki_service_spec.rb
@@ -28,13 +28,18 @@ describe ExternalWikiService, models: true do
     it { should have_one :service_hook }
   end
 
-  describe "Validations" do
-    context "active" do
-      before do
-        subject.active = true
-      end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
 
-      it { should validate_presence_of :external_wiki_url }
+      it { is_expected.to validate_presence_of(:external_wiki_url) }
+      it_behaves_like 'issue tracker service URL attribute', :external_wiki_url
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:external_wiki_url) }
     end
   end
 
diff --git a/spec/models/project_services/flowdock_service_spec.rb b/spec/models/project_services/flowdock_service_spec.rb
index ff7fbcaa004..b7e627e6518 100644
--- a/spec/models/project_services/flowdock_service_spec.rb
+++ b/spec/models/project_services/flowdock_service_spec.rb
@@ -26,6 +26,20 @@ describe FlowdockService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:token) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+
   describe "Execute" do
     let(:user)    { create(:user) }
     let(:project) { create(:project) }
diff --git a/spec/models/project_services/gemnasium_service_spec.rb b/spec/models/project_services/gemnasium_service_spec.rb
index ecb3ccb1673..a08f1ac229f 100644
--- a/spec/models/project_services/gemnasium_service_spec.rb
+++ b/spec/models/project_services/gemnasium_service_spec.rb
@@ -26,6 +26,22 @@ describe GemnasiumService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:token) }
+      it { is_expected.to validate_presence_of(:api_key) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:token) }
+      it { is_expected.not_to validate_presence_of(:api_key) }
+    end
+  end
+
   describe "Execute" do
     let(:user)    { create(:user) }
     let(:project) { create(:project) }
diff --git a/spec/models/project_services/gitlab_issue_tracker_service_spec.rb b/spec/models/project_services/gitlab_issue_tracker_service_spec.rb
index 3518dbd1728..7a1f106d6e3 100644
--- a/spec/models/project_services/gitlab_issue_tracker_service_spec.rb
+++ b/spec/models/project_services/gitlab_issue_tracker_service_spec.rb
@@ -26,6 +26,20 @@ describe GitlabIssueTrackerService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      subject { described_class.new(project: create(:project), active: true) }
+
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+    end
+
+    context 'when service is inactive' do
+      subject { described_class.new(project: create(:project), active: false) }
+
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+    end
+  end
 
   describe 'project and issue urls' do
     let(:project) { create(:project) }
diff --git a/spec/models/project_services/hipchat_service_spec.rb b/spec/models/project_services/hipchat_service_spec.rb
index d878162a220..6fb5cad5011 100644
--- a/spec/models/project_services/hipchat_service_spec.rb
+++ b/spec/models/project_services/hipchat_service_spec.rb
@@ -26,6 +26,20 @@ describe HipchatService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:token) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+
   describe "Execute" do
     let(:hipchat) { HipchatService.new }
     let(:user)    { create(:user, username: 'username') }
diff --git a/spec/models/project_services/irker_service_spec.rb b/spec/models/project_services/irker_service_spec.rb
index b783b1a576e..4ee022a5171 100644
--- a/spec/models/project_services/irker_service_spec.rb
+++ b/spec/models/project_services/irker_service_spec.rb
@@ -29,14 +29,16 @@ describe IrkerService, models: true do
   end
 
   describe 'Validations' do
-    before do
-      subject.active = true
-      subject.properties['recipients'] = _recipients
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:recipients) }
     end
 
-    context 'active' do
-      let(:_recipients) { nil }
-      it { should validate_presence_of :recipients }
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:recipients) }
     end
   end
 
diff --git a/spec/models/project_services/jira_service_spec.rb b/spec/models/project_services/jira_service_spec.rb
index 2f8193170ae..5309cfb99ff 100644
--- a/spec/models/project_services/jira_service_spec.rb
+++ b/spec/models/project_services/jira_service_spec.rb
@@ -26,6 +26,30 @@ describe JiraService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:api_url) }
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :api_url
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:api_url) }
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
+
   describe "Execute" do
     let(:user)    { create(:user) }
     let(:project) { create(:project) }
@@ -72,7 +96,7 @@ describe JiraService, models: true do
 
     context "when a password was previously set" do
       before do
-        @jira_service = JiraService.create(
+        @jira_service = JiraService.create!(
           project: create(:project),
           properties: {
             api_url: 'http://jira.example.com/rest/api/2',
diff --git a/spec/models/project_services/pivotaltracker_service_spec.rb b/spec/models/project_services/pivotaltracker_service_spec.rb
new file mode 100644
index 00000000000..f37edd4d970
--- /dev/null
+++ b/spec/models/project_services/pivotaltracker_service_spec.rb
@@ -0,0 +1,42 @@
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+
+require 'spec_helper'
+
+describe PivotaltrackerService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:token) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:token) }
+    end
+  end
+end
diff --git a/spec/models/project_services/pushover_service_spec.rb b/spec/models/project_services/pushover_service_spec.rb
index 96039f9491b..555d9757b47 100644
--- a/spec/models/project_services/pushover_service_spec.rb
+++ b/spec/models/project_services/pushover_service_spec.rb
@@ -27,14 +27,20 @@ describe PushoverService, models: true do
   end
 
   describe 'Validations' do
-    context 'active' do
-      before do
-        subject.active = true
-      end
+    context 'when service is active' do
+      before { subject.active = true }
 
-      it { is_expected.to validate_presence_of :api_key }
-      it { is_expected.to validate_presence_of :user_key }
-      it { is_expected.to validate_presence_of :priority }
+      it { is_expected.to validate_presence_of(:api_key) }
+      it { is_expected.to validate_presence_of(:user_key) }
+      it { is_expected.to validate_presence_of(:priority) }
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:api_key) }
+      it { is_expected.not_to validate_presence_of(:user_key) }
+      it { is_expected.not_to validate_presence_of(:priority) }
     end
   end
 
diff --git a/spec/models/project_services/redmine_service_spec.rb b/spec/models/project_services/redmine_service_spec.rb
new file mode 100644
index 00000000000..7d14f6e8280
--- /dev/null
+++ b/spec/models/project_services/redmine_service_spec.rb
@@ -0,0 +1,49 @@
+# == Schema Information
+#
+# Table name: services
+#
+#  id                    :integer          not null, primary key
+#  type                  :string(255)
+#  title                 :string(255)
+#  project_id            :integer
+#  created_at            :datetime
+#  updated_at            :datetime
+#  active                :boolean          default(FALSE), not null
+#  properties            :text
+#  template              :boolean          default(FALSE)
+#  push_events           :boolean          default(TRUE)
+#  issues_events         :boolean          default(TRUE)
+#  merge_requests_events :boolean          default(TRUE)
+#  tag_push_events       :boolean          default(TRUE)
+#  note_events           :boolean          default(TRUE), not null
+#
+
+require 'spec_helper'
+
+describe RedmineService, models: true do
+  describe 'Associations' do
+    it { is_expected.to belong_to :project }
+    it { is_expected.to have_one :service_hook }
+  end
+
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:project_url) }
+      it { is_expected.to validate_presence_of(:issues_url) }
+      it { is_expected.to validate_presence_of(:new_issue_url) }
+      it_behaves_like 'issue tracker service URL attribute', :project_url
+      it_behaves_like 'issue tracker service URL attribute', :issues_url
+      it_behaves_like 'issue tracker service URL attribute', :new_issue_url
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:project_url) }
+      it { is_expected.not_to validate_presence_of(:issues_url) }
+      it { is_expected.not_to validate_presence_of(:new_issue_url) }
+    end
+  end
+end
diff --git a/spec/models/project_services/slack_service/issue_message_spec.rb b/spec/models/project_services/slack_service/issue_message_spec.rb
index f648cbe2dee..0f8889bdf3c 100644
--- a/spec/models/project_services/slack_service/issue_message_spec.rb
+++ b/spec/models/project_services/slack_service/issue_message_spec.rb
@@ -25,7 +25,7 @@ describe SlackService::IssueMessage, models: true do
     }
   end
 
-  let(:color) { '#345' }
+  let(:color) { '#C95823' }
 
   context '#initialize' do
     before do
@@ -40,10 +40,11 @@ describe SlackService::IssueMessage, models: true do
   context 'open' do
     it 'returns a message regarding opening of issues' do
       expect(subject.pretext).to eq(
-        'Test User opened <url|issue #100> in <somewhere.com|project_name>: '\
-        '*Issue title*')
+        '<somewhere.com|[project_name>] Issue opened by Test User')
       expect(subject.attachments).to eq([
         {
+          title: "#100 Issue title",
+          title_link: "url",
           text: "issue description",
           color: color,
         }
@@ -56,10 +57,10 @@ describe SlackService::IssueMessage, models: true do
       args[:object_attributes][:action] = 'close'
       args[:object_attributes][:state] = 'closed'
     end
+
     it 'returns a message regarding closing of issues' do
       expect(subject.pretext). to eq(
-        'Test User closed <url|issue #100> in <somewhere.com|project_name>: '\
-        '*Issue title*')
+        '<somewhere.com|[project_name>] Issue <url|#100 Issue title> closed by Test User')
       expect(subject.attachments).to be_empty
     end
   end
diff --git a/spec/models/project_services/slack_service/note_message_spec.rb b/spec/models/project_services/slack_service/note_message_spec.rb
index d37590cab75..379c3e1219c 100644
--- a/spec/models/project_services/slack_service/note_message_spec.rb
+++ b/spec/models/project_services/slack_service/note_message_spec.rb
@@ -65,7 +65,7 @@ describe SlackService::NoteMessage, models: true do
       expect(message.pretext).to eq("Test User commented on " \
       "<url|merge request !30> in <somewhere.com|project_name>: " \
       "*merge request title*")
-      expected_attachments =  [
+      expected_attachments = [
           {
               text: "comment on a merge request",
               color: color,
@@ -117,7 +117,7 @@ describe SlackService::NoteMessage, models: true do
       expect(message.pretext).to eq("Test User commented on " \
       "<url|snippet #5> in <somewhere.com|project_name>: " \
       "*snippet title*")
-      expected_attachments =  [
+      expected_attachments = [
           {
               text: "comment on a snippet",
               color: color,
diff --git a/spec/models/project_services/slack_service_spec.rb b/spec/models/project_services/slack_service_spec.rb
index 478d59be08b..a97b7560137 100644
--- a/spec/models/project_services/slack_service_spec.rb
+++ b/spec/models/project_services/slack_service_spec.rb
@@ -26,13 +26,18 @@ describe SlackService, models: true do
     it { is_expected.to have_one :service_hook }
   end
 
-  describe "Validations" do
-    context "active" do
-      before do
-        subject.active = true
-      end
+  describe 'Validations' do
+    context 'when service is active' do
+      before { subject.active = true }
 
-      it { is_expected.to validate_presence_of :webhook }
+      it { is_expected.to validate_presence_of(:webhook) }
+      it_behaves_like 'issue tracker service URL attribute', :webhook
+    end
+
+    context 'when service is inactive' do
+      before { subject.active = false }
+
+      it { is_expected.not_to validate_presence_of(:webhook) }
     end
   end
 
diff --git a/spec/models/project_services/teamcity_service_spec.rb b/spec/models/project_services/teamcity_service_spec.rb
index bc7423cee69..ad24b895170 100644
--- a/spec/models/project_services/teamcity_service_spec.rb
+++ b/spec/models/project_services/teamcity_service_spec.rb
@@ -27,86 +27,51 @@ describe TeamcityService, models: true do
   end
 
   describe 'Validations' do
-    describe '#teamcity_url' do
-      it 'does not validate the presence of teamcity_url if service is not active' do
-        teamcity_service = service
-        teamcity_service.active = false
+    subject { service }
 
-        expect(teamcity_service).not_to validate_presence_of(:teamcity_url)
+    context 'when service is active' do
+      before { subject.active = true }
+
+      it { is_expected.to validate_presence_of(:build_type) }
+      it { is_expected.to validate_presence_of(:teamcity_url) }
+      it_behaves_like 'issue tracker service URL attribute', :teamcity_url
+
+      describe '#username' do
+        it 'does not validate the presence of username if password is nil' do
+          subject.password = nil
+
+          expect(subject).not_to validate_presence_of(:username)
+        end
+
+        it 'validates the presence of username if password is present' do
+          subject.password = 'secret'
+
+          expect(subject).to validate_presence_of(:username)
+        end
       end
 
-      it 'validates the presence of teamcity_url if service is active' do
-        teamcity_service = service
-        teamcity_service.active = true
+      describe '#password' do
+        it 'does not validate the presence of password if username is nil' do
+          subject.username = nil
 
-        expect(teamcity_service).to validate_presence_of(:teamcity_url)
+          expect(subject).not_to validate_presence_of(:password)
+        end
+
+        it 'validates the presence of password if username is present' do
+          subject.username = 'john'
+
+          expect(subject).to validate_presence_of(:password)
+        end
       end
     end
 
-    describe '#build_type' do
-      it 'does not validate the presence of build_type if service is not active' do
-        teamcity_service = service
-        teamcity_service.active = false
+    context 'when service is inactive' do
+      before { subject.active = false }
 
-        expect(teamcity_service).not_to validate_presence_of(:build_type)
-      end
-
-      it 'validates the presence of build_type if service is active' do
-        teamcity_service = service
-        teamcity_service.active = true
-
-        expect(teamcity_service).to validate_presence_of(:build_type)
-      end
-    end
-
-    describe '#username' do
-      it 'does not validate the presence of username if service is not active' do
-        teamcity_service = service
-        teamcity_service.active = false
-
-        expect(teamcity_service).not_to validate_presence_of(:username)
-      end
-
-      it 'does not validate the presence of username if username is nil' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.password = nil
-
-        expect(teamcity_service).not_to validate_presence_of(:username)
-      end
-
-      it 'validates the presence of username if service is active and username is present' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.password = 'secret'
-
-        expect(teamcity_service).to validate_presence_of(:username)
-      end
-    end
-
-    describe '#password' do
-      it 'does not validate the presence of password if service is not active' do
-        teamcity_service = service
-        teamcity_service.active = false
-
-        expect(teamcity_service).not_to validate_presence_of(:password)
-      end
-
-      it 'does not validate the presence of password if username is nil' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.username = nil
-
-        expect(teamcity_service).not_to validate_presence_of(:password)
-      end
-
-      it 'validates the presence of password if service is active and username is present' do
-        teamcity_service = service
-        teamcity_service.active = true
-        teamcity_service.username = 'john'
-
-        expect(teamcity_service).to validate_presence_of(:password)
-      end
+      it { is_expected.not_to validate_presence_of(:build_type) }
+      it { is_expected.not_to validate_presence_of(:teamcity_url) }
+      it { is_expected.not_to validate_presence_of(:username) }
+      it { is_expected.not_to validate_presence_of(:password) }
     end
   end
 
diff --git a/spec/models/project_snippet_spec.rb b/spec/models/project_snippet_spec.rb
index e0feb606f78..d9d7c0b0aaa 100644
--- a/spec/models/project_snippet_spec.rb
+++ b/spec/models/project_snippet_spec.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: snippets
-#
-#  id               :integer          not null, primary key
-#  title            :string(255)
-#  content          :text
-#  author_id        :integer          not null
-#  project_id       :integer
-#  created_at       :datetime
-#  updated_at       :datetime
-#  file_name        :string(255)
-#  type             :string(255)
-#  visibility_level :integer          default(0), not null
-#
-
 require 'spec_helper'
 
 describe ProjectSnippet, models: true do
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index becc743de31..60e1ec43f2b 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -1,43 +1,3 @@
-# == Schema Information
-#
-# Table name: projects
-#
-#  id                     :integer          not null, primary key
-#  name                   :string(255)
-#  path                   :string(255)
-#  description            :text
-#  created_at             :datetime
-#  updated_at             :datetime
-#  creator_id             :integer
-#  issues_enabled         :boolean          default(TRUE), not null
-#  wall_enabled           :boolean          default(TRUE), not null
-#  merge_requests_enabled :boolean          default(TRUE), not null
-#  wiki_enabled           :boolean          default(TRUE), not null
-#  namespace_id           :integer
-#  issues_tracker         :string(255)      default("gitlab"), not null
-#  issues_tracker_id      :string(255)
-#  snippets_enabled       :boolean          default(TRUE), not null
-#  last_activity_at       :datetime
-#  import_url             :string(255)
-#  visibility_level       :integer          default(0), not null
-#  archived               :boolean          default(FALSE), not null
-#  avatar                 :string(255)
-#  import_status          :string(255)
-#  repository_size        :float            default(0.0)
-#  star_count             :integer          default(0), not null
-#  import_type            :string(255)
-#  import_source          :string(255)
-#  commit_count           :integer          default(0)
-#  import_error           :text
-#  ci_id                  :integer
-#  builds_enabled         :boolean          default(TRUE), not null
-#  shared_runners_enabled :boolean          default(TRUE), not null
-#  runners_token          :string
-#  build_coverage_regex   :string
-#  build_allow_git_fetch  :boolean          default(TRUE), not null
-#  build_timeout          :integer          default(3600), not null
-#
-
 require 'spec_helper'
 
 describe Project, models: true do
@@ -674,11 +634,11 @@ describe Project, models: true do
       # Project#gitlab_shell returns a new instance of Gitlab::Shell on every
       # call. This makes testing a bit easier.
       allow(project).to receive(:gitlab_shell).and_return(gitlab_shell)
+
+      allow(project).to receive(:previous_changes).and_return('path' => ['foo'])
     end
 
     it 'renames a repository' do
-      allow(project).to receive(:previous_changes).and_return('path' => ['foo'])
-
       ns = project.namespace_dir
 
       expect(gitlab_shell).to receive(:mv_repository).
@@ -703,6 +663,17 @@ describe Project, models: true do
 
       project.rename_repo
     end
+
+    context 'container registry with tags' do
+      before do
+        stub_container_registry_config(enabled: true)
+        stub_container_registry_tags('tag')
+      end
+
+      subject { project.rename_repo }
+
+      it { expect{subject}.to raise_error(Exception) }
+    end
   end
 
   describe '#expire_caches_before_rename' do
@@ -719,11 +690,8 @@ describe Project, models: true do
         with('foo.wiki', project).
         and_return(wiki)
 
-      expect(repo).to receive(:expire_cache)
-      expect(repo).to receive(:expire_emptiness_caches)
-
-      expect(wiki).to receive(:expire_cache)
-      expect(wiki).to receive(:expire_emptiness_caches)
+      expect(repo).to receive(:before_delete)
+      expect(wiki).to receive(:before_delete)
 
       project.expire_caches_before_rename('foo')
     end
@@ -801,4 +769,85 @@ describe Project, models: true do
       end
     end
   end
+
+  describe '#protected_branch?' do
+    let(:project) { create(:empty_project) }
+
+    it 'returns true when a branch is a protected branch' do
+      project.protected_branches.create!(name: 'foo')
+
+      expect(project.protected_branch?('foo')).to eq(true)
+    end
+
+    it 'returns false when a branch is not a protected branch' do
+      expect(project.protected_branch?('foo')).to eq(false)
+    end
+  end
+
+  describe '#container_registry_repository' do
+    let(:project) { create(:empty_project) }
+
+    before { stub_container_registry_config(enabled: true) }
+
+    subject { project.container_registry_repository }
+
+    it { is_expected.to_not be_nil }
+  end
+
+  describe '#container_registry_repository_url' do
+    let(:project) { create(:empty_project) }
+
+    subject { project.container_registry_repository_url }
+
+    before { stub_container_registry_config(**registry_settings) }
+
+    context 'for enabled registry' do
+      let(:registry_settings) do
+        {
+          enabled: true,
+          host_port: 'example.com',
+        }
+      end
+
+      it { is_expected.to_not be_nil }
+    end
+
+    context 'for disabled registry' do
+      let(:registry_settings) do
+        {
+          enabled: false
+        }
+      end
+
+      it { is_expected.to be_nil }
+    end
+  end
+
+  describe '#has_container_registry_tags?' do
+    let(:project) { create(:empty_project) }
+
+    subject { project.has_container_registry_tags? }
+
+    context 'for enabled registry' do
+      before { stub_container_registry_config(enabled: true) }
+
+      context 'with tags' do
+        before { stub_container_registry_tags('test', 'test2') }
+
+        it { is_expected.to be_truthy }
+      end
+
+      context 'when no tags' do
+        before { stub_container_registry_tags }
+
+        it { is_expected.to be_falsey }
+      end
+    end
+
+    context 'for disabled registry' do
+      before { stub_container_registry_config(enabled: false) }
+
+      it { is_expected.to be_falsey }
+    end
+  end
 end
diff --git a/spec/models/project_wiki_spec.rb b/spec/models/project_wiki_spec.rb
index 532e3f013fd..91ebb612baa 100644
--- a/spec/models/project_wiki_spec.rb
+++ b/spec/models/project_wiki_spec.rb
@@ -38,7 +38,8 @@ describe ProjectWiki, models: true do
 
   describe "#wiki_base_path" do
     it "returns the wiki base path" do
-      wiki_base_path = "/#{project.path_with_namespace}/wikis"
+      wiki_base_path = "#{Gitlab.config.gitlab.relative_url_root}/#{project.path_with_namespace}/wikis"
+
       expect(subject.wiki_base_path).to eq(wiki_base_path)
     end
   end
diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb
index 7e956cf6779..b523834c6e9 100644
--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: protected_branches
-#
-#  id                  :integer          not null, primary key
-#  project_id          :integer          not null
-#  name                :string(255)      not null
-#  created_at          :datetime
-#  updated_at          :datetime
-#  developers_can_push :boolean          default(FALSE), not null
-#
-
 require 'spec_helper'
 
 describe ProtectedBranch, models: true do
diff --git a/spec/models/release_spec.rb b/spec/models/release_spec.rb
index 72ecb442a36..527005b2b69 100644
--- a/spec/models/release_spec.rb
+++ b/spec/models/release_spec.rb
@@ -1,15 +1,3 @@
-# == Schema Information
-#
-# Table name: releases
-#
-#  id          :integer          not null, primary key
-#  tag         :string(255)
-#  description :text
-#  project_id  :integer
-#  created_at  :datetime
-#  updated_at  :datetime
-#
-
 require 'rails_helper'
 
 RSpec.describe Release, type: :model do
diff --git a/spec/models/repository_spec.rb b/spec/models/repository_spec.rb
index b561aa663d1..34a13f9b5c9 100644
--- a/spec/models/repository_spec.rb
+++ b/spec/models/repository_spec.rb
@@ -132,10 +132,45 @@ describe Repository, models: true do
         it { expect(subject.basename).to eq('a/b/c') }
       end
     end
-
   end
 
-  describe '#license_blob' do
+  describe "#changelog" do
+    before do
+      repository.send(:cache).expire(:changelog)
+    end
+
+    it 'accepts changelog' do
+      expect(repository.tree).to receive(:blobs).and_return([TestBlob.new('changelog')])
+
+      expect(repository.changelog.name).to eq('changelog')
+    end
+
+    it 'accepts news instead of changelog' do
+      expect(repository.tree).to receive(:blobs).and_return([TestBlob.new('news')])
+
+      expect(repository.changelog.name).to eq('news')
+    end
+
+    it 'accepts history instead of changelog' do
+      expect(repository.tree).to receive(:blobs).and_return([TestBlob.new('history')])
+
+      expect(repository.changelog.name).to eq('history')
+    end
+
+    it 'accepts changes instead of changelog' do
+      expect(repository.tree).to receive(:blobs).and_return([TestBlob.new('changes')])
+
+      expect(repository.changelog.name).to eq('changes')
+    end
+
+    it 'is case-insensitive' do
+      expect(repository.tree).to receive(:blobs).and_return([TestBlob.new('CHANGELOG')])
+
+      expect(repository.changelog.name).to eq('CHANGELOG')
+    end
+  end
+
+  describe "#license_blob" do
     before do
       repository.send(:cache).expire(:license_blob)
       repository.remove_file(user, 'LICENSE', 'Remove LICENSE', 'master')
@@ -148,39 +183,18 @@ describe Repository, models: true do
       expect(repository.license_blob).to be_nil
     end
 
-    it 'favors license file with no extension' do
-      repository.commit_file(user, 'LICENSE', Licensee::License.new('mit').content, 'Add LICENSE', 'master', false)
-      repository.commit_file(user, 'LICENSE.md', Licensee::License.new('mit').content, 'Add LICENSE.md', 'master', false)
+    it 'detects license file with no recognizable open-source license content' do
+      repository.commit_file(user, 'LICENSE', 'Copyright!', 'Add LICENSE', 'master', false)
 
       expect(repository.license_blob.name).to eq('LICENSE')
     end
 
-    it 'favors .md file to .txt' do
-      repository.commit_file(user, 'LICENSE.md', Licensee::License.new('mit').content, 'Add LICENSE.md', 'master', false)
-      repository.commit_file(user, 'LICENSE.txt', Licensee::License.new('mit').content, 'Add LICENSE.txt', 'master', false)
+    %w[LICENSE LICENCE LiCensE LICENSE.md LICENSE.foo COPYING COPYING.md].each do |filename|
+      it "detects '#{filename}'" do
+        repository.commit_file(user, filename, Licensee::License.new('mit').content, "Add #{filename}", 'master', false)
 
-      expect(repository.license_blob.name).to eq('LICENSE.md')
-    end
-
-    it 'favors LICENCE to LICENSE' do
-      repository.commit_file(user, 'LICENSE', Licensee::License.new('mit').content, 'Add LICENSE', 'master', false)
-      repository.commit_file(user, 'LICENCE', Licensee::License.new('mit').content, 'Add LICENCE', 'master', false)
-
-      expect(repository.license_blob.name).to eq('LICENCE')
-    end
-
-    it 'favors LICENSE to COPYING' do
-      repository.commit_file(user, 'LICENSE', Licensee::License.new('mit').content, 'Add LICENSE', 'master', false)
-      repository.commit_file(user, 'COPYING', Licensee::License.new('mit').content, 'Add COPYING', 'master', false)
-
-      expect(repository.license_blob.name).to eq('LICENSE')
-    end
-
-    it 'favors LICENCE to COPYING' do
-      repository.commit_file(user, 'LICENCE', Licensee::License.new('mit').content, 'Add LICENCE', 'master', false)
-      repository.commit_file(user, 'COPYING', Licensee::License.new('mit').content, 'Add COPYING', 'master', false)
-
-      expect(repository.license_blob.name).to eq('LICENCE')
+        expect(repository.license_blob.name).to eq(filename)
+      end
     end
   end
 
@@ -190,8 +204,14 @@ describe Repository, models: true do
       repository.remove_file(user, 'LICENSE', 'Remove LICENSE', 'master')
     end
 
-    it 'returns "no-license" when no license is detected' do
-      expect(repository.license_key).to eq('no-license')
+    it 'returns nil when no license is detected' do
+      expect(repository.license_key).to be_nil
+    end
+
+    it 'detects license file with no recognizable open-source license content' do
+      repository.commit_file(user, 'LICENSE', 'Copyright!', 'Add LICENSE', 'master', false)
+
+      expect(repository.license_key).to be_nil
     end
 
     it 'returns the license key' do
@@ -541,7 +561,7 @@ describe Repository, models: true do
   end
 
   describe :skip_merged_commit do
-    subject { repository.commits(Gitlab::Git::BRANCH_REF_PREFIX + "'test'", nil, 100, 0, true).map{ |k| k.id } }
+    subject { repository.commits(Gitlab::Git::BRANCH_REF_PREFIX + "'test'", limit: 100, skip_merges: true).map{ |k| k.id } }
 
     it { is_expected.not_to include('e56497bb5f03a90a51293fc6d516788730953899') }
   end
@@ -775,6 +795,16 @@ describe Repository, models: true do
 
   end
 
+  describe "#copy_gitattributes" do
+    it 'returns true with a valid ref' do
+      expect(repository.copy_gitattributes('master')).to be_truthy
+    end
+
+    it 'returns false with an invalid ref' do
+      expect(repository.copy_gitattributes('invalid')).to be_falsey
+    end
+  end
+
   describe "#main_language" do
     it 'shows the main language of the project' do
       expect(repository.main_language).to eq("Ruby")
@@ -828,13 +858,30 @@ describe Repository, models: true do
   end
 
   describe '#add_tag' do
-    it 'adds a tag' do
-      expect(repository).to receive(:before_push_tag)
+    context 'with a valid target' do
+      let(:user) { build_stubbed(:user) }
 
-      expect_any_instance_of(Gitlab::Shell).to receive(:add_tag).
-        with(repository.path_with_namespace, '8.5', 'master', 'foo')
+      it 'creates the tag using rugged' do
+        expect(repository.rugged.tags).to receive(:create).
+          with('8.5', repository.commit('master').id,
+            hash_including(message: 'foo',
+                           tagger: hash_including(name: user.name, email: user.email))).
+          and_call_original
 
-      repository.add_tag('8.5', 'master', 'foo')
+        repository.add_tag(user, '8.5', 'master', 'foo')
+      end
+
+      it 'returns a Gitlab::Git::Tag object' do
+        tag = repository.add_tag(user, '8.5', 'master', 'foo')
+
+        expect(tag).to be_a(Gitlab::Git::Tag)
+      end
+    end
+
+    context 'with an invalid target' do
+      it 'returns false' do
+        expect(repository.add_tag(user, '8.5', 'bar', 'foo')).to be false
+      end
     end
   end
 
diff --git a/spec/models/service_spec.rb b/spec/models/service_spec.rb
index 173628c08d0..8592e112c50 100644
--- a/spec/models/service_spec.rb
+++ b/spec/models/service_spec.rb
@@ -1,24 +1,3 @@
-# == Schema Information
-#
-# Table name: services
-#
-#  id                    :integer          not null, primary key
-#  type                  :string(255)
-#  title                 :string(255)
-#  project_id            :integer
-#  created_at            :datetime
-#  updated_at            :datetime
-#  active                :boolean          default(FALSE), not null
-#  properties            :text
-#  template              :boolean          default(FALSE)
-#  push_events           :boolean          default(TRUE)
-#  issues_events         :boolean          default(TRUE)
-#  merge_requests_events :boolean          default(TRUE)
-#  tag_push_events       :boolean          default(TRUE)
-#  note_events           :boolean          default(TRUE), not null
-#  build_events          :boolean          default(FALSE), not null
-#
-
 require 'spec_helper'
 
 describe Service, models: true do
diff --git a/spec/models/snippet_spec.rb b/spec/models/snippet_spec.rb
index 5077ac7b62b..7a613e360d4 100644
--- a/spec/models/snippet_spec.rb
+++ b/spec/models/snippet_spec.rb
@@ -1,19 +1,3 @@
-# == Schema Information
-#
-# Table name: snippets
-#
-#  id               :integer          not null, primary key
-#  title            :string(255)
-#  content          :text
-#  author_id        :integer          not null
-#  project_id       :integer
-#  created_at       :datetime
-#  updated_at       :datetime
-#  file_name        :string(255)
-#  type             :string(255)
-#  visibility_level :integer          default(0), not null
-#
-
 require 'spec_helper'
 
 describe Snippet, models: true do
diff --git a/spec/models/todo_spec.rb b/spec/models/todo_spec.rb
index d9b86b9368f..623b82c01d8 100644
--- a/spec/models/todo_spec.rb
+++ b/spec/models/todo_spec.rb
@@ -1,21 +1,3 @@
-# == Schema Information
-#
-# Table name: todos
-#
-#  id          :integer          not null, primary key
-#  user_id     :integer          not null
-#  project_id  :integer          not null
-#  target_id   :integer
-#  target_type :string           not null
-#  author_id   :integer
-#  action      :integer          not null
-#  state       :string           not null
-#  created_at  :datetime
-#  updated_at  :datetime
-#  note_id     :integer
-#  commit_id   :string
-#
-
 require 'spec_helper'
 
 describe Todo, models: true do
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 8b2fb77e28e..9581990666b 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1,66 +1,3 @@
-# == Schema Information
-#
-# Table name: users
-#
-#  id                          :integer          not null, primary key
-#  email                       :string(255)      default(""), not null
-#  encrypted_password          :string(255)      default(""), not null
-#  reset_password_token        :string(255)
-#  reset_password_sent_at      :datetime
-#  remember_created_at         :datetime
-#  sign_in_count               :integer          default(0)
-#  current_sign_in_at          :datetime
-#  last_sign_in_at             :datetime
-#  current_sign_in_ip          :string(255)
-#  last_sign_in_ip             :string(255)
-#  created_at                  :datetime
-#  updated_at                  :datetime
-#  name                        :string(255)
-#  admin                       :boolean          default(FALSE), not null
-#  projects_limit              :integer          default(10)
-#  skype                       :string(255)      default(""), not null
-#  linkedin                    :string(255)      default(""), not null
-#  twitter                     :string(255)      default(""), not null
-#  authentication_token        :string(255)
-#  theme_id                    :integer          default(1), not null
-#  bio                         :string(255)
-#  failed_attempts             :integer          default(0)
-#  locked_at                   :datetime
-#  username                    :string(255)
-#  can_create_group            :boolean          default(TRUE), not null
-#  can_create_team             :boolean          default(TRUE), not null
-#  state                       :string(255)
-#  color_scheme_id             :integer          default(1), not null
-#  notification_level          :integer          default(1), not null
-#  password_expires_at         :datetime
-#  created_by_id               :integer
-#  last_credential_check_at    :datetime
-#  avatar                      :string(255)
-#  confirmation_token          :string(255)
-#  confirmed_at                :datetime
-#  confirmation_sent_at        :datetime
-#  unconfirmed_email           :string(255)
-#  hide_no_ssh_key             :boolean          default(FALSE)
-#  website_url                 :string(255)      default(""), not null
-#  notification_email          :string(255)
-#  hide_no_password            :boolean          default(FALSE)
-#  password_automatically_set  :boolean          default(FALSE)
-#  location                    :string(255)
-#  encrypted_otp_secret        :string(255)
-#  encrypted_otp_secret_iv     :string(255)
-#  encrypted_otp_secret_salt   :string(255)
-#  otp_required_for_login      :boolean          default(FALSE), not null
-#  otp_backup_codes            :text
-#  public_email                :string(255)      default(""), not null
-#  dashboard                   :integer          default(0)
-#  project_view                :integer          default(0)
-#  consumed_timestep           :integer
-#  layout                      :integer          default(0)
-#  hide_project_limit          :boolean          default(FALSE)
-#  unlock_token                :string
-#  otp_grace_period_started_at :datetime
-#
-
 require 'spec_helper'
 
 describe User, models: true do
@@ -204,6 +141,7 @@ describe User, models: true do
   end
 
   describe '#confirm' do
+    before { allow(current_application_settings).to receive(:send_user_confirmation_email).and_return(true) }
     let(:user) { create(:user, confirmed_at: nil, unconfirmed_email: 'test@gitlab.com') }
 
     it 'returns unconfirmed' do
@@ -845,4 +783,23 @@ describe User, models: true do
 
     it { is_expected.to eq([private_project]) }
   end
+
+  describe '#viewable_starred_projects' do
+    let(:user) { create(:user) }
+    let(:public_project) { create(:empty_project, :public) }
+    let(:private_project) { create(:empty_project, :private) }
+    let(:private_viewable_project) { create(:empty_project, :private) }
+
+    before do
+      private_viewable_project.team << [user, Gitlab::Access::MASTER]
+
+      [public_project, private_project, private_viewable_project].each do |project|
+        user.toggle_star(project)
+      end
+    end
+
+    it 'returns only starred projects the user can view' do
+      expect(user.viewable_starred_projects).not_to include(private_project)
+    end
+  end
 end
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb
index 5ead735be48..0fbc984c061 100644
--- a/spec/requests/api/builds_spec.rb
+++ b/spec/requests/api/builds_spec.rb
@@ -106,8 +106,8 @@ describe API::API, api: true  do
 
       context 'authorized user' do
         let(:download_headers) do
-          { 'Content-Transfer-Encoding'=>'binary',
-            'Content-Disposition'=>'attachment; filename=ci_build_artifacts.zip' }
+          { 'Content-Transfer-Encoding' => 'binary',
+            'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' }
         end
 
         it 'should return specific build artifacts' do
diff --git a/spec/requests/api/commit_status_spec.rb b/spec/requests/api/commit_statuses_spec.rb
similarity index 99%
rename from spec/requests/api/commit_status_spec.rb
rename to spec/requests/api/commit_statuses_spec.rb
index f3785b19362..633927c8c3e 100644
--- a/spec/requests/api/commit_status_spec.rb
+++ b/spec/requests/api/commit_statuses_spec.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-describe API::CommitStatus, api: true do
+describe API::CommitStatuses, api: true do
   include ApiHelpers
 
   let!(:project) { create(:project) }
diff --git a/spec/requests/api/commits_spec.rb b/spec/requests/api/commits_spec.rb
index e28998d51b5..cb82ca7802d 100644
--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -32,6 +32,41 @@ describe API::API, api: true  do
         expect(response.status).to eq(401)
       end
     end
+
+    context "since optional parameter" do
+      it "should return project commits since provided parameter" do
+        commits = project.repository.commits("master")
+        since = commits.second.created_at
+
+        get api("/projects/#{project.id}/repository/commits?since=#{since.utc.iso8601}", user)
+
+        expect(json_response.size).to eq 2
+        expect(json_response.first["id"]).to eq(commits.first.id)
+        expect(json_response.second["id"]).to eq(commits.second.id)
+      end
+    end
+
+    context "until optional parameter" do
+      it "should return project commits until provided parameter" do
+        commits = project.repository.commits("master")
+        before = commits.second.created_at
+
+        get api("/projects/#{project.id}/repository/commits?until=#{before.utc.iso8601}", user)
+
+        expect(json_response.size).to eq(commits.size - 1)
+        expect(json_response.first["id"]).to eq(commits.second.id)
+        expect(json_response.second["id"]).to eq(commits.third.id)
+      end
+    end
+
+    context "invalid xmlschema date parameters" do
+      it "should return an invalid parameter error message" do
+        get api("/projects/#{project.id}/repository/commits?since=invalid-date", user)
+
+        expect(response.status).to eq(400)
+        expect(json_response['message']).to include "\"since\" must be a timestamp in ISO 8601 format"
+      end
+    end
   end
 
   describe "GET /projects:id/repository/commits/:sha" do
diff --git a/spec/requests/api/group_members_spec.rb b/spec/requests/api/group_members_spec.rb
index 96d89e69209..02553d0f8e2 100644
--- a/spec/requests/api/group_members_spec.rb
+++ b/spec/requests/api/group_members_spec.rb
@@ -34,11 +34,11 @@ describe API::API, api: true  do
           expect(response.status).to eq(200)
           expect(json_response).to be_an Array
           expect(json_response.size).to eq(5)
-          expect(json_response.find { |e| e['id']==owner.id }['access_level']).to eq(GroupMember::OWNER)
-          expect(json_response.find { |e| e['id']==reporter.id }['access_level']).to eq(GroupMember::REPORTER)
-          expect(json_response.find { |e| e['id']==developer.id }['access_level']).to eq(GroupMember::DEVELOPER)
-          expect(json_response.find { |e| e['id']==master.id }['access_level']).to eq(GroupMember::MASTER)
-          expect(json_response.find { |e| e['id']==guest.id }['access_level']).to eq(GroupMember::GUEST)
+          expect(json_response.find { |e| e['id'] == owner.id }['access_level']).to eq(GroupMember::OWNER)
+          expect(json_response.find { |e| e['id'] == reporter.id }['access_level']).to eq(GroupMember::REPORTER)
+          expect(json_response.find { |e| e['id'] == developer.id }['access_level']).to eq(GroupMember::DEVELOPER)
+          expect(json_response.find { |e| e['id'] == master.id }['access_level']).to eq(GroupMember::MASTER)
+          expect(json_response.find { |e| e['id'] == guest.id }['access_level']).to eq(GroupMember::GUEST)
         end
       end
 
diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index f88e39cad9e..37ab9cc8cfe 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -39,6 +39,7 @@ describe API::API, api: true  do
   let!(:empty_milestone) do
     create(:milestone, title: '2.0.0', project: project)
   end
+  let!(:note) { create(:note_on_issue, author: user, project: project, noteable: issue) }
 
   before { project.team << [user, :reporter] }
 
@@ -232,8 +233,28 @@ describe API::API, api: true  do
   end
 
   describe "GET /projects/:id/issues/:issue_id" do
+    it 'exposes known attributes' do
+      get api("/projects/#{project.id}/issues/#{issue.id}", user)
+
+      expect(response.status).to eq(200)
+      expect(json_response['id']).to eq(issue.id)
+      expect(json_response['iid']).to eq(issue.iid)
+      expect(json_response['project_id']).to eq(issue.project.id)
+      expect(json_response['title']).to eq(issue.title)
+      expect(json_response['description']).to eq(issue.description)
+      expect(json_response['state']).to eq(issue.state)
+      expect(json_response['created_at']).to be_present
+      expect(json_response['updated_at']).to be_present
+      expect(json_response['labels']).to eq(issue.label_names)
+      expect(json_response['milestone']).to be_a Hash
+      expect(json_response['assignee']).to be_a Hash
+      expect(json_response['author']).to be_a Hash
+      expect(json_response['user_notes_count']).to be(1)
+    end
+
     it "should return a project issue by id" do
       get api("/projects/#{project.id}/issues/#{issue.id}", user)
+
       expect(response.status).to eq(200)
       expect(json_response['title']).to eq(issue.title)
       expect(json_response['iid']).to eq(issue.iid)
@@ -602,6 +623,12 @@ describe API::API, api: true  do
 
       expect(response.status).to eq(404)
     end
+
+    it 'returns 404 if the issue is confidential' do
+      post api("/projects/#{project.id}/issues/#{confidential_issue.id}/subscription", non_member)
+
+      expect(response.status).to eq(404)
+    end
   end
 
   describe 'DELETE :id/issues/:issue_id/subscription' do
@@ -623,5 +650,11 @@ describe API::API, api: true  do
 
       expect(response.status).to eq(404)
     end
+
+    it 'returns 404 if the issue is confidential' do
+      delete api("/projects/#{project.id}/issues/#{confidential_issue.id}/subscription", non_member)
+
+      expect(response.status).to eq(404)
+    end
   end
 end
diff --git a/spec/requests/api/labels_spec.rb b/spec/requests/api/labels_spec.rb
index 6943ff9d26c..b2c7f8d9acb 100644
--- a/spec/requests/api/labels_spec.rb
+++ b/spec/requests/api/labels_spec.rb
@@ -190,4 +190,86 @@ describe API::API, api: true  do
       expect(json_response['message']['color']).to eq(['must be a valid color code'])
     end
   end
+
+  describe "POST /projects/:id/labels/:label_id/subscription" do
+    context "when label_id is a label title" do
+      it "should subscribe to the label" do
+        post api("/projects/#{project.id}/labels/#{label1.title}/subscription", user)
+
+        expect(response.status).to eq(201)
+        expect(json_response["name"]).to eq(label1.title)
+        expect(json_response["subscribed"]).to be_truthy
+      end
+    end
+
+    context "when label_id is a label ID" do
+      it "should subscribe to the label" do
+        post api("/projects/#{project.id}/labels/#{label1.id}/subscription", user)
+
+        expect(response.status).to eq(201)
+        expect(json_response["name"]).to eq(label1.title)
+        expect(json_response["subscribed"]).to be_truthy
+      end
+    end
+
+    context "when user is already subscribed to label" do
+      before { label1.subscribe(user) }
+
+      it "should return 304" do
+        post api("/projects/#{project.id}/labels/#{label1.id}/subscription", user)
+
+        expect(response.status).to eq(304)
+      end
+    end
+
+    context "when label ID is not found" do
+      it "should a return 404 error" do
+        post api("/projects/#{project.id}/labels/1234/subscription", user)
+
+        expect(response.status).to eq(404)
+      end
+    end
+  end
+
+  describe "DELETE /projects/:id/labels/:label_id/subscription" do
+    before { label1.subscribe(user) }
+
+    context "when label_id is a label title" do
+      it "should unsubscribe from the label" do
+        delete api("/projects/#{project.id}/labels/#{label1.title}/subscription", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response["name"]).to eq(label1.title)
+        expect(json_response["subscribed"]).to be_falsey
+      end
+    end
+
+    context "when label_id is a label ID" do
+      it "should unsubscribe from the label" do
+        delete api("/projects/#{project.id}/labels/#{label1.id}/subscription", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response["name"]).to eq(label1.title)
+        expect(json_response["subscribed"]).to be_falsey
+      end
+    end
+
+    context "when user is already unsubscribed from label" do
+      before { label1.unsubscribe(user) }
+
+      it "should return 304" do
+        delete api("/projects/#{project.id}/labels/#{label1.id}/subscription", user)
+
+        expect(response.status).to eq(304)
+      end
+    end
+
+    context "when label ID is not found" do
+      it "should a return 404 error" do
+        delete api("/projects/#{project.id}/labels/1234/subscription", user)
+
+        expect(response.status).to eq(404)
+      end
+    end
+  end
 end
diff --git a/spec/requests/api/merge_requests_spec.rb b/spec/requests/api/merge_requests_spec.rb
index 1fa7e76894f..4b0111df149 100644
--- a/spec/requests/api/merge_requests_spec.rb
+++ b/spec/requests/api/merge_requests_spec.rb
@@ -113,6 +113,34 @@ describe API::API, api: true  do
   end
 
   describe "GET /projects/:id/merge_requests/:merge_request_id" do
+    it 'exposes known attributes' do
+      get api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user)
+
+      expect(response.status).to eq(200)
+      expect(json_response['id']).to eq(merge_request.id)
+      expect(json_response['iid']).to eq(merge_request.iid)
+      expect(json_response['project_id']).to eq(merge_request.project.id)
+      expect(json_response['title']).to eq(merge_request.title)
+      expect(json_response['description']).to eq(merge_request.description)
+      expect(json_response['state']).to eq(merge_request.state)
+      expect(json_response['created_at']).to be_present
+      expect(json_response['updated_at']).to be_present
+      expect(json_response['labels']).to eq(merge_request.label_names)
+      expect(json_response['milestone']).to be_nil
+      expect(json_response['assignee']).to be_a Hash
+      expect(json_response['author']).to be_a Hash
+      expect(json_response['target_branch']).to eq(merge_request.target_branch)
+      expect(json_response['source_branch']).to eq(merge_request.source_branch)
+      expect(json_response['upvotes']).to eq(0)
+      expect(json_response['downvotes']).to eq(0)
+      expect(json_response['source_project_id']).to eq(merge_request.source_project.id)
+      expect(json_response['target_project_id']).to eq(merge_request.target_project.id)
+      expect(json_response['work_in_progress']).to be_falsy
+      expect(json_response['merge_when_build_succeeds']).to be_falsy
+      expect(json_response['merge_status']).to eq('can_be_merged')
+      expect(json_response['user_notes_count']).to be(2)
+    end
+
     it "should return merge_request" do
       get api("/projects/#{project.id}/merge_requests/#{merge_request.id}", user)
       expect(response.status).to eq(200)
diff --git a/spec/requests/api/milestones_spec.rb b/spec/requests/api/milestones_spec.rb
index 344f0fe0b7f..241995041bb 100644
--- a/spec/requests/api/milestones_spec.rb
+++ b/spec/requests/api/milestones_spec.rb
@@ -127,7 +127,7 @@ describe API::API, api: true  do
 
   describe 'GET /projects/:id/milestones/:milestone_id/issues' do
     before do
-      milestone.issues << create(:issue)
+      milestone.issues << create(:issue, project: project)
     end
     it 'should return project issues for a particular milestone' do
       get api("/projects/#{project.id}/milestones/#{milestone.id}/issues", user)
@@ -140,5 +140,34 @@ describe API::API, api: true  do
       get api("/projects/#{project.id}/milestones/#{milestone.id}/issues")
       expect(response.status).to eq(401)
     end
+
+    describe 'confidential issues' do
+      let(:public_project) { create(:project, :public) }
+      let(:milestone) { create(:milestone, project: public_project) }
+      let(:issue) { create(:issue, project: public_project) }
+      let(:confidential_issue) { create(:issue, confidential: true, project: public_project) }
+      before do
+        public_project.team << [user, :developer]
+        milestone.issues << issue << confidential_issue
+      end
+
+      it 'returns confidential issues to team members' do
+        get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(2)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id, confidential_issue.id)
+      end
+
+      it 'does not return confidential issues to regular users' do
+        get api("/projects/#{public_project.id}/milestones/#{milestone.id}/issues", create(:user))
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+        expect(json_response.size).to eq(1)
+        expect(json_response.map { |issue| issue['id'] }).to include(issue.id)
+      end
+    end
   end
 end
diff --git a/spec/requests/api/notes_spec.rb b/spec/requests/api/notes_spec.rb
index ec9eda0a2ed..ed1ed5aeb95 100644
--- a/spec/requests/api/notes_spec.rb
+++ b/spec/requests/api/notes_spec.rb
@@ -3,7 +3,7 @@ require 'spec_helper'
 describe API::API, api: true  do
   include ApiHelpers
   let(:user) { create(:user) }
-  let!(:project) { create(:project, namespace: user.namespace ) }
+  let!(:project) { create(:project, :public, namespace: user.namespace) }
   let!(:issue) { create(:issue, project: project, author: user) }
   let!(:merge_request) { create(:merge_request, source_project: project, target_project: project, author: user) }
   let!(:snippet) { create(:project_snippet, project: project, author: user) }
@@ -39,27 +39,41 @@ describe API::API, api: true  do
     context "when noteable is an Issue" do
       it "should return an array of issue notes" do
         get api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
+
         expect(response.status).to eq(200)
         expect(json_response).to be_an Array
         expect(json_response.first['body']).to eq(issue_note.note)
       end
 
       it "should return a 404 error when issue id not found" do
-        get api("/projects/#{project.id}/issues/123/notes", user)
+        get api("/projects/#{project.id}/issues/12345/notes", user)
+
         expect(response.status).to eq(404)
       end
 
-      context "that references a private issue" do
+      context "and current user cannot view the notes" do
         it "should return an empty array" do
           get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
+
           expect(response.status).to eq(200)
           expect(json_response).to be_an Array
           expect(json_response).to be_empty
         end
 
+        context "and issue is confidential" do
+          before { ext_issue.update_attributes(confidential: true) }
+
+          it "returns 404" do
+            get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", user)
+
+            expect(response.status).to eq(404)
+          end
+        end
+
         context "and current user can view the note" do
           it "should return an empty array" do
             get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes", private_user)
+
             expect(response.status).to eq(200)
             expect(json_response).to be_an Array
             expect(json_response.first['body']).to eq(cross_reference_note.note)
@@ -71,6 +85,7 @@ describe API::API, api: true  do
     context "when noteable is a Snippet" do
       it "should return an array of snippet notes" do
         get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
+
         expect(response.status).to eq(200)
         expect(json_response).to be_an Array
         expect(json_response.first['body']).to eq(snippet_note.note)
@@ -78,6 +93,13 @@ describe API::API, api: true  do
 
       it "should return a 404 error when snippet id not found" do
         get api("/projects/#{project.id}/snippets/42/notes", user)
+
+        expect(response.status).to eq(404)
+      end
+
+      it "returns 404 when not authorized" do
+        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes", private_user)
+
         expect(response.status).to eq(404)
       end
     end
@@ -85,6 +107,7 @@ describe API::API, api: true  do
     context "when noteable is a Merge Request" do
       it "should return an array of merge_requests notes" do
         get api("/projects/#{project.id}/merge_requests/#{merge_request.id}/notes", user)
+
         expect(response.status).to eq(200)
         expect(json_response).to be_an Array
         expect(json_response.first['body']).to eq(merge_request_note.note)
@@ -92,6 +115,13 @@ describe API::API, api: true  do
 
       it "should return a 404 error if merge request id not found" do
         get api("/projects/#{project.id}/merge_requests/4444/notes", user)
+
+        expect(response.status).to eq(404)
+      end
+
+      it "returns 404 when not authorized" do
+        get api("/projects/#{project.id}/merge_requests/4444/notes", private_user)
+
         expect(response.status).to eq(404)
       end
     end
@@ -101,24 +131,39 @@ describe API::API, api: true  do
     context "when noteable is an Issue" do
       it "should return an issue note by id" do
         get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", user)
+
         expect(response.status).to eq(200)
         expect(json_response['body']).to eq(issue_note.note)
       end
 
       it "should return a 404 error if issue note not found" do
-        get api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user)
+        get api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
+
         expect(response.status).to eq(404)
       end
 
-      context "that references a private issue" do
+      context "and current user cannot view the note" do
         it "should return a 404 error" do
           get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", user)
+
           expect(response.status).to eq(404)
         end
 
+        context "when issue is confidential" do
+          before { issue.update_attributes(confidential: true) }
+
+          it "returns 404" do
+            get api("/projects/#{project.id}/issues/#{issue.id}/notes/#{issue_note.id}", private_user)
+
+            expect(response.status).to eq(404)
+          end
+        end
+
+
         context "and current user can view the note" do
           it "should return an issue note by id" do
             get api("/projects/#{ext_proj.id}/issues/#{ext_issue.id}/notes/#{cross_reference_note.id}", private_user)
+
             expect(response.status).to eq(200)
             expect(json_response['body']).to eq(cross_reference_note.note)
           end
@@ -129,12 +174,14 @@ describe API::API, api: true  do
     context "when noteable is a Snippet" do
       it "should return a snippet note by id" do
         get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/#{snippet_note.id}", user)
+
         expect(response.status).to eq(200)
         expect(json_response['body']).to eq(snippet_note.note)
       end
 
       it "should return a 404 error if snippet note not found" do
-        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/123", user)
+        get api("/projects/#{project.id}/snippets/#{snippet.id}/notes/12345", user)
+
         expect(response.status).to eq(404)
       end
     end
@@ -144,6 +191,7 @@ describe API::API, api: true  do
     context "when noteable is an Issue" do
       it "should create a new issue note" do
         post api("/projects/#{project.id}/issues/#{issue.id}/notes", user), body: 'hi!'
+
         expect(response.status).to eq(201)
         expect(json_response['body']).to eq('hi!')
         expect(json_response['author']['username']).to eq(user.username)
@@ -151,11 +199,13 @@ describe API::API, api: true  do
 
       it "should return a 400 bad request error if body not given" do
         post api("/projects/#{project.id}/issues/#{issue.id}/notes", user)
+
         expect(response.status).to eq(400)
       end
 
       it "should return a 401 unauthorized error if user not authenticated" do
         post api("/projects/#{project.id}/issues/#{issue.id}/notes"), body: 'hi!'
+
         expect(response.status).to eq(401)
       end
 
@@ -164,6 +214,7 @@ describe API::API, api: true  do
           creation_time = 2.weeks.ago
           post api("/projects/#{project.id}/issues/#{issue.id}/notes", user),
             body: 'hi!', created_at: creation_time
+
           expect(response.status).to eq(201)
           expect(json_response['body']).to eq('hi!')
           expect(json_response['author']['username']).to eq(user.username)
@@ -176,6 +227,7 @@ describe API::API, api: true  do
     context "when noteable is a Snippet" do
       it "should create a new snippet note" do
         post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user), body: 'hi!'
+
         expect(response.status).to eq(201)
         expect(json_response['body']).to eq('hi!')
         expect(json_response['author']['username']).to eq(user.username)
@@ -183,14 +235,37 @@ describe API::API, api: true  do
 
       it "should return a 400 bad request error if body not given" do
         post api("/projects/#{project.id}/snippets/#{snippet.id}/notes", user)
+
         expect(response.status).to eq(400)
       end
 
       it "should return a 401 unauthorized error if user not authenticated" do
         post api("/projects/#{project.id}/snippets/#{snippet.id}/notes"), body: 'hi!'
+
         expect(response.status).to eq(401)
       end
     end
+
+    context 'when user does not have access to create noteable' do
+      let(:private_issue) { create(:issue, project: create(:project, :private)) }
+
+      ##
+      # We are posting to project user has access to, but we use issue id
+      # from a different project, see #15577
+      #
+      before do
+        post api("/projects/#{project.id}/issues/#{private_issue.id}/notes", user),
+             body: 'Hi!'
+      end
+
+      it 'responds with 500' do
+        expect(response.status).to eq 500
+      end
+
+      it 'does not create new note' do
+        expect(private_issue.notes.reload).to be_empty
+      end
+    end
   end
 
   describe "POST /projects/:id/noteable/:noteable_id/notes to test observer on create" do
@@ -206,19 +281,22 @@ describe API::API, api: true  do
       it 'should return modified note' do
         put api("/projects/#{project.id}/issues/#{issue.id}/"\
                   "notes/#{issue_note.id}", user), body: 'Hello!'
+
         expect(response.status).to eq(200)
         expect(json_response['body']).to eq('Hello!')
       end
 
       it 'should return a 404 error when note id not found' do
-        put api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user),
+        put api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user),
                 body: 'Hello!'
+
         expect(response.status).to eq(404)
       end
 
       it 'should return a 400 bad request error if body not given' do
         put api("/projects/#{project.id}/issues/#{issue.id}/"\
                   "notes/#{issue_note.id}", user)
+
         expect(response.status).to eq(400)
       end
     end
@@ -227,13 +305,15 @@ describe API::API, api: true  do
       it 'should return modified note' do
         put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
                   "notes/#{snippet_note.id}", user), body: 'Hello!'
+
         expect(response.status).to eq(200)
         expect(json_response['body']).to eq('Hello!')
       end
 
       it 'should return a 404 error when note id not found' do
         put api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                  "notes/123", user), body: "Hello!"
+                  "notes/12345", user), body: "Hello!"
+
         expect(response.status).to eq(404)
       end
     end
@@ -242,13 +322,15 @@ describe API::API, api: true  do
       it 'should return modified note' do
         put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
                   "notes/#{merge_request_note.id}", user), body: 'Hello!'
+
         expect(response.status).to eq(200)
         expect(json_response['body']).to eq('Hello!')
       end
 
       it 'should return a 404 error when note id not found' do
         put api("/projects/#{project.id}/merge_requests/#{merge_request.id}/"\
-                  "notes/123", user), body: "Hello!"
+                  "notes/12345", user), body: "Hello!"
+
         expect(response.status).to eq(404)
       end
     end
@@ -268,7 +350,7 @@ describe API::API, api: true  do
       end
 
       it 'returns a 404 error when note id not found' do
-        delete api("/projects/#{project.id}/issues/#{issue.id}/notes/123", user)
+        delete api("/projects/#{project.id}/issues/#{issue.id}/notes/12345", user)
 
         expect(response.status).to eq(404)
       end
@@ -288,7 +370,7 @@ describe API::API, api: true  do
 
       it 'returns a 404 error when note id not found' do
         delete api("/projects/#{project.id}/snippets/#{snippet.id}/"\
-                   "notes/123", user)
+                   "notes/12345", user)
 
         expect(response.status).to eq(404)
       end
@@ -308,7 +390,7 @@ describe API::API, api: true  do
 
       it 'returns a 404 error when note id not found' do
         delete api("/projects/#{project.id}/merge_requests/"\
-                   "#{merge_request.id}/notes/123", user)
+                   "#{merge_request.id}/notes/12345", user)
 
         expect(response.status).to eq(404)
       end
diff --git a/spec/requests/api/project_hooks_spec.rb b/spec/requests/api/project_hooks_spec.rb
index 142b637d291..ffb93bbb120 100644
--- a/spec/requests/api/project_hooks_spec.rb
+++ b/spec/requests/api/project_hooks_spec.rb
@@ -148,14 +148,24 @@ describe API::API, 'ProjectHooks', api: true do
       expect(response.status).to eq(200)
     end
 
-    it "should return success when deleting non existent hook" do
+    it "should return a 404 error when deleting non existent hook" do
       delete api("/projects/#{project.id}/hooks/42", user)
-      expect(response.status).to eq(200)
+      expect(response.status).to eq(404)
     end
 
     it "should return a 405 error if hook id not given" do
       delete api("/projects/#{project.id}/hooks", user)
       expect(response.status).to eq(405)
     end
+
+    it "shold return a 404 if a user attempts to delete project hooks he/she does not own" do
+      test_user = create(:user)
+      other_project = create(:project)
+      other_project.team << [test_user, :master]
+
+      delete api("/projects/#{other_project.id}/hooks/#{hook.id}", test_user)
+      expect(response.status).to eq(404)
+      expect(WebHook.exists?(hook.id)).to be_truthy
+    end
   end
 end
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index 3722ddf5a33..9706d060cfa 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -15,4 +15,91 @@ describe API::API, api: true do
       expect(json_response['expires_at']).to be_nil
     end
   end
+
+  describe 'GET /projects/:project_id/snippets/' do
+    it 'all snippets available to team member' do
+      project = create(:project, :public)
+      user = create(:user)
+      project.team << [user, :developer]
+      public_snippet = create(:project_snippet, :public, project: project)
+      internal_snippet = create(:project_snippet, :internal, project: project)
+      private_snippet = create(:project_snippet, :private, project: project)
+
+      get api("/projects/#{project.id}/snippets/", user)
+
+      expect(response.status).to eq(200)
+      expect(json_response.size).to eq(3)
+      expect(json_response.map{ |snippet| snippet['id']} ).to include(public_snippet.id, internal_snippet.id, private_snippet.id)
+    end
+
+    it 'hides private snippets from regular user' do
+      project = create(:project, :public)
+      user = create(:user)
+      create(:project_snippet, :private, project: project)
+
+      get api("/projects/#{project.id}/snippets/", user)
+      expect(response.status).to eq(200)
+      expect(json_response.size).to eq(0)
+    end
+  end
+
+  describe 'POST /projects/:project_id/snippets/' do
+    it 'creates a new snippet' do
+      admin = create(:admin)
+      project = create(:project)
+      params = {
+        title: 'Test Title',
+        file_name: 'test.rb',
+        code: 'puts "hello world"',
+        visibility_level: Gitlab::VisibilityLevel::PUBLIC
+      }
+
+      post api("/projects/#{project.id}/snippets/", admin), params
+
+      expect(response.status).to eq(201)
+      snippet = ProjectSnippet.find(json_response['id'])
+      expect(snippet.content).to eq(params[:code])
+      expect(snippet.title).to eq(params[:title])
+      expect(snippet.file_name).to eq(params[:file_name])
+      expect(snippet.visibility_level).to eq(params[:visibility_level])
+    end
+  end
+
+  describe 'PUT /projects/:project_id/snippets/:id/' do
+    it 'updates snippet' do
+      admin = create(:admin)
+      snippet = create(:project_snippet, author: admin)
+      new_content = 'New content'
+
+      put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin), code: new_content
+
+      expect(response.status).to eq(200)
+      snippet.reload
+      expect(snippet.content).to eq(new_content)
+    end
+  end
+
+  describe 'DELETE /projects/:project_id/snippets/:id/' do
+    it 'deletes snippet' do
+      admin = create(:admin)
+      snippet = create(:project_snippet, author: admin)
+
+      delete api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/", admin)
+
+      expect(response.status).to eq(200)
+    end
+  end
+
+  describe 'GET /projects/:project_id/snippets/:id/raw' do
+    it 'returns raw text' do
+      admin = create(:admin)
+      snippet = create(:project_snippet, author: admin)
+
+      get api("/projects/#{snippet.project.id}/snippets/#{snippet.id}/raw", admin)
+
+      expect(response.status).to eq(200)
+      expect(response.content_type).to eq 'text/plain'
+      expect(response.body).to eq(snippet.content)
+    end
+  end
 end
diff --git a/spec/requests/api/projects_spec.rb b/spec/requests/api/projects_spec.rb
index fccd08bd6da..f167813e07d 100644
--- a/spec/requests/api/projects_spec.rb
+++ b/spec/requests/api/projects_spec.rb
@@ -10,20 +10,20 @@ describe API::API, api: true  do
   let(:admin) { create(:admin) }
   let(:project) { create(:project, creator_id: user.id, namespace: user.namespace) }
   let(:project2) { create(:project, path: 'project2', creator_id: user.id, namespace: user.namespace) }
-  let(:project3) { create(:project, path: 'project3', creator_id: user.id, namespace: user.namespace) }
-  let(:snippet) { create(:project_snippet, author: user, project: project, title: 'example') }
+  let(:snippet) { create(:project_snippet, :public, author: user, project: project, title: 'example') }
   let(:project_member) { create(:project_member, :master, user: user, project: project) }
   let(:project_member2) { create(:project_member, :developer, user: user3, project: project) }
   let(:user4) { create(:user) }
   let(:project3) do
     create(:project,
+    :private,
     name: 'second_project',
     path: 'second_project',
     creator_id: user.id,
     namespace: user.namespace,
     merge_requests_enabled: false,
     issues_enabled: false, wiki_enabled: false,
-    snippets_enabled: false, visibility_level: 0)
+    snippets_enabled: false)
   end
   let(:project_member3) do
     create(:project_member,
@@ -164,21 +164,18 @@ describe API::API, api: true  do
   end
 
   describe 'GET /projects/starred' do
+    let(:public_project) { create(:project, :public) }
+
     before do
-      admin.starred_projects << project
-      admin.save!
+      project_member2
+      user3.update_attributes(starred_projects: [project, project2, project3, public_project])
     end
 
-    it 'should return the starred projects' do
-      get api('/projects/all', admin)
+    it 'should return the starred projects viewable by the user' do
+      get api('/projects/starred', user3)
       expect(response.status).to eq(200)
       expect(json_response).to be_an Array
-
-      expect(json_response).to satisfy do |response|
-        response.one? do |entry|
-          entry['name'] == project.name
-        end
-      end
+      expect(json_response.map { |project| project['id'] }).to contain_exactly(project.id, public_project.id)
     end
   end
 
diff --git a/spec/requests/api/tags_spec.rb b/spec/requests/api/tags_spec.rb
index edcb2bedbf7..12e170b232f 100644
--- a/spec/requests/api/tags_spec.rb
+++ b/spec/requests/api/tags_spec.rb
@@ -147,7 +147,7 @@ describe API::API, api: true  do
            tag_name: 'v8.0.0',
            ref: 'master'
       expect(response.status).to eq(400)
-      expect(json_response['message']).to eq('Tag already exists')
+      expect(json_response['message']).to eq('Tag v8.0.0 already exists')
     end
 
     it 'should return 400 if ref name is invalid' do
@@ -155,7 +155,7 @@ describe API::API, api: true  do
            tag_name: 'mytag',
            ref: 'foo'
       expect(response.status).to eq(400)
-      expect(json_response['message']).to eq('Invalid reference name')
+      expect(json_response['message']).to eq('Target foo is invalid')
     end
   end
 
diff --git a/spec/requests/ci/api/builds_spec.rb b/spec/requests/ci/api/builds_spec.rb
index dfd361a2cdd..cae4656010f 100644
--- a/spec/requests/ci/api/builds_spec.rb
+++ b/spec/requests/ci/api/builds_spec.rb
@@ -402,8 +402,8 @@ describe Ci::API::API do
         context 'build has artifacts' do
           let(:build) { create(:ci_build, :artifacts) }
           let(:download_headers) do
-            { 'Content-Transfer-Encoding'=>'binary',
-              'Content-Disposition'=>'attachment; filename=ci_build_artifacts.zip' }
+            { 'Content-Transfer-Encoding' => 'binary',
+              'Content-Disposition' => 'attachment; filename=ci_build_artifacts.zip' }
           end
 
           it 'should download artifact' do
diff --git a/spec/requests/jwt_controller_spec.rb b/spec/requests/jwt_controller_spec.rb
new file mode 100644
index 00000000000..7bb71365a48
--- /dev/null
+++ b/spec/requests/jwt_controller_spec.rb
@@ -0,0 +1,72 @@
+require 'spec_helper'
+
+describe JwtController do
+  let(:service) { double(execute: {}) }
+  let(:service_class) { double(new: service) }
+  let(:service_name) { 'test' }
+  let(:parameters) { { service: service_name } }
+
+  before { stub_const('JwtController::SERVICES', service_name => service_class) }
+
+  context 'existing service' do
+    subject! { get '/jwt/auth', parameters }
+
+    it { expect(response.status).to eq(200) }
+
+    context 'returning custom http code' do
+      let(:service) { double(execute: { http_status: 505 }) }
+
+      it { expect(response.status).to eq(505) }
+    end
+  end
+
+  context 'when using authorized request' do
+    context 'using CI token' do
+      let(:project) { create(:empty_project, runners_token: 'token', builds_enabled: builds_enabled) }
+      let(:headers) { { authorization: credentials('gitlab_ci_token', project.runners_token) } }
+
+      subject! { get '/jwt/auth', parameters, headers }
+
+      context 'project with enabled CI' do
+        let(:builds_enabled) { true }
+
+        it { expect(service_class).to have_received(:new).with(project, nil, parameters) }
+      end
+
+      context 'project with disabled CI' do
+        let(:builds_enabled) { false }
+
+        it { expect(response.status).to eq(403) }
+      end
+    end
+
+    context 'using User login' do
+      let(:user) { create(:user) }
+      let(:headers) { { authorization: credentials('user', 'password') } }
+
+      before { expect_any_instance_of(Gitlab::Auth).to receive(:find).with('user', 'password').and_return(user) }
+
+      subject! { get '/jwt/auth', parameters, headers }
+
+      it { expect(service_class).to have_received(:new).with(nil, user, parameters) }
+    end
+
+    context 'using invalid login' do
+      let(:headers) { { authorization: credentials('invalid', 'password') } }
+
+      subject! { get '/jwt/auth', parameters, headers }
+
+      it { expect(response.status).to eq(403) }
+    end
+  end
+
+  context 'unknown service' do
+    subject! { get '/jwt/auth', service: 'unknown' }
+
+    it { expect(response.status).to eq(404) }
+  end
+
+  def credentials(login, password)
+    ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
+  end
+end
diff --git a/spec/routing/admin_routing_spec.rb b/spec/routing/admin_routing_spec.rb
index cd16a8e6322..b5ed8584c8a 100644
--- a/spec/routing/admin_routing_spec.rb
+++ b/spec/routing/admin_routing_spec.rb
@@ -118,3 +118,10 @@ describe Admin::DashboardController, "routing" do
     expect(get("/admin")).to route_to('admin/dashboard#index')
   end
 end
+
+# admin_health_check GET    /admin/health_check(.:format) admin/health_check#show
+describe Admin::HealthCheckController, "routing" do
+  it "to #show" do
+    expect(get("/admin/health_check")).to route_to('admin/health_check#show')
+  end
+end
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index 1527eddfa48..de13c0db5d1 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -1,5 +1,42 @@
 require 'spec_helper'
 
+# user                       GET    /u/:username/
+# user_groups                GET    /u/:username/groups(.:format)
+# user_projects              GET    /u/:username/projects(.:format)
+# user_contributed_projects  GET    /u/:username/contributed(.:format)
+# user_snippets              GET    /u/:username/snippets(.:format)
+# user_calendar              GET    /u/:username/calendar(.:format)
+# user_calendar_activities   GET    /u/:username/calendar_activities(.:format)
+describe UsersController, "routing" do
+  it "to #show" do
+    expect(get("/u/User")).to route_to('users#show', username: 'User')
+  end
+
+  it "to #groups" do
+    expect(get("/u/User/groups")).to route_to('users#groups', username: 'User')
+  end
+
+  it "to #projects" do
+    expect(get("/u/User/projects")).to route_to('users#projects', username: 'User')
+  end
+
+  it "to #contributed" do
+    expect(get("/u/User/contributed")).to route_to('users#contributed', username: 'User')
+  end
+
+  it "to #snippets" do
+    expect(get("/u/User/snippets")).to route_to('users#snippets', username: 'User')
+  end
+
+  it "to #calendar" do
+    expect(get("/u/User/calendar")).to route_to('users#calendar', username: 'User')
+  end
+
+  it "to #calendar_activities" do
+    expect(get("/u/User/calendar_activities")).to route_to('users#calendar_activities', username: 'User')
+  end
+end
+
 # search GET    /search(.:format) search#show
 describe SearchController, "routing" do
   it "to #show" do
@@ -27,10 +64,6 @@ end
 #          PUT    /snippets/:id(.:format)      snippets#update
 #          DELETE /snippets/:id(.:format)      snippets#destroy
 describe SnippetsController, "routing" do
-  it "to #user_index" do
-    expect(get("/s/User")).to route_to('snippets#index', username: 'User')
-  end
-
   it "to #raw" do
     expect(get("/snippets/1/raw")).to route_to('snippets#raw', id: '1')
   end
@@ -243,3 +276,13 @@ describe "Groups", "routing" do
     expect(get('/1')).to route_to('namespaces#show', id: '1')
   end
 end
+
+describe HealthCheckController, 'routing' do
+  it 'to #index' do
+    expect(get('/health_check')).to route_to('health_check#index')
+  end
+
+  it 'also supports passing checks in the url' do
+    expect(get('/health_check/email')).to route_to('health_check#index', checks: 'email')
+  end
+end
diff --git a/spec/services/auth/container_registry_authentication_service_spec.rb b/spec/services/auth/container_registry_authentication_service_spec.rb
new file mode 100644
index 00000000000..6c9f56a4fba
--- /dev/null
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -0,0 +1,228 @@
+require 'spec_helper'
+
+describe Auth::ContainerRegistryAuthenticationService, services: true do
+  let(:current_project) { nil }
+  let(:current_user) { nil }
+  let(:current_params) { {} }
+  let(:rsa_key) { OpenSSL::PKey::RSA.generate(512) }
+  let(:payload) { JWT.decode(subject[:token], rsa_key).first }
+
+  subject { described_class.new(current_project, current_user, current_params).execute }
+
+  before do
+    stub_container_registry_config(enabled: true, issuer: 'rspec', key: nil)
+    allow_any_instance_of(JSONWebToken::RSAToken).to receive(:key).and_return(rsa_key)
+  end
+
+  shared_examples 'an authenticated' do
+    it { is_expected.to include(:token) }
+    it { expect(payload).to include('access') }
+  end
+
+  shared_examples 'a accessible' do
+    let(:access) do
+      [{
+         'type' => 'repository',
+         'name' => project.path_with_namespace,
+         'actions' => actions,
+       }]
+    end
+
+    it_behaves_like 'an authenticated'
+    it { expect(payload).to include('access' => access) }
+  end
+
+  shared_examples 'a pullable' do
+    it_behaves_like 'a accessible' do
+      let(:actions) { ['pull'] }
+    end
+  end
+
+  shared_examples 'a pushable' do
+    it_behaves_like 'a accessible' do
+      let(:actions) { ['push'] }
+    end
+  end
+
+  shared_examples 'a pullable and pushable' do
+    it_behaves_like 'a accessible' do
+      let(:actions) { ['pull', 'push'] }
+    end
+  end
+
+  shared_examples 'an unauthorized' do
+    it { is_expected.to include(http_status: 401) }
+    it { is_expected.to_not include(:token) }
+  end
+
+  shared_examples 'a forbidden' do
+    it { is_expected.to include(http_status: 403) }
+    it { is_expected.to_not include(:token) }
+  end
+
+  context 'user authorization' do
+    let(:project) { create(:project) }
+    let(:current_user) { create(:user) }
+
+    context 'allow to use offline_token' do
+      let(:current_params) do
+        { offline_token: true }
+      end
+
+      it_behaves_like 'an authenticated'
+    end
+
+    context 'allow developer to push images' do
+      before { project.team << [current_user, :developer] }
+
+      let(:current_params) do
+        { scope: "repository:#{project.path_with_namespace}:push" }
+      end
+
+      it_behaves_like 'a pushable'
+    end
+
+    context 'allow reporter to pull images' do
+      before { project.team << [current_user, :reporter] }
+
+      let(:current_params) do
+        { scope: "repository:#{project.path_with_namespace}:pull" }
+      end
+
+      it_behaves_like 'a pullable'
+    end
+
+    context 'return a least of privileges' do
+      before { project.team << [current_user, :reporter] }
+
+      let(:current_params) do
+        { scope: "repository:#{project.path_with_namespace}:push,pull" }
+      end
+
+      it_behaves_like 'a pullable'
+    end
+
+    context 'disallow guest to pull or push images' do
+      before { project.team << [current_user, :guest] }
+
+      let(:current_params) do
+        { scope: "repository:#{project.path_with_namespace}:pull,push" }
+      end
+
+      it_behaves_like 'a forbidden'
+    end
+  end
+
+  context 'project authorization' do
+    let(:current_project) { create(:empty_project) }
+
+    context 'disallow to use offline_token' do
+      let(:current_params) do
+        { offline_token: true }
+      end
+
+      it_behaves_like 'an unauthorized'
+    end
+
+    context 'allow to pull and push images' do
+      let(:current_params) do
+        { scope: "repository:#{current_project.path_with_namespace}:pull,push" }
+      end
+
+      it_behaves_like 'a pullable and pushable' do
+        let(:project) { current_project }
+      end
+    end
+
+    context 'for other projects' do
+      context 'when pulling' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:pull" }
+        end
+
+        context 'allow for public' do
+          let(:project) { create(:empty_project, :public) }
+          it_behaves_like 'a pullable'
+        end
+
+        context 'disallow for private' do
+          let(:project) { create(:empty_project, :private) }
+          it_behaves_like 'a forbidden'
+        end
+      end
+
+      context 'when pushing' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:push" }
+        end
+
+        context 'disallow for all' do
+          let(:project) { create(:empty_project, :public) }
+          it_behaves_like 'a forbidden'
+        end
+      end
+    end
+
+    context 'for project without container registry' do
+      let(:project) { create(:empty_project, :public, container_registry_enabled: false) }
+
+      before { project.update(container_registry_enabled: false) }
+
+      context 'disallow when pulling' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:pull" }
+        end
+
+        it_behaves_like 'a forbidden'
+      end
+    end
+  end
+
+  context 'unauthorized' do
+    context 'disallow to use offline_token' do
+      let(:current_params) do
+        { offline_token: true }
+      end
+
+      it_behaves_like 'an unauthorized'
+    end
+
+    context 'for invalid scope' do
+      let(:current_params) do
+        { scope: 'invalid:aa:bb' }
+      end
+
+      it_behaves_like 'a forbidden'
+    end
+
+    context 'for private project' do
+      let(:project) { create(:empty_project, :private) }
+
+      let(:current_params) do
+        { scope: "repository:#{project.path_with_namespace}:pull" }
+      end
+
+      it_behaves_like 'a forbidden'
+    end
+
+    context 'for public project' do
+      let(:project) { create(:empty_project, :public) }
+
+      context 'when pulling and pushing' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:pull,push" }
+        end
+
+        it_behaves_like 'a pullable'
+      end
+
+      context 'when pushing' do
+        let(:current_params) do
+          { scope: "repository:#{project.path_with_namespace}:push" }
+        end
+
+        it_behaves_like 'a forbidden'
+      end
+    end
+  end
+end
diff --git a/spec/services/create_tag_service_spec.rb b/spec/services/create_tag_service_spec.rb
new file mode 100644
index 00000000000..91f9e663b66
--- /dev/null
+++ b/spec/services/create_tag_service_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+describe CreateTagService, services: true do
+  let(:project) { create(:project) }
+  let(:repository) { project.repository }
+  let(:user) { create(:user) }
+  let(:service) { described_class.new(project, user) }
+
+  describe '#execute' do
+    it 'creates the tag and returns success' do
+      response = service.execute('v42.42.42', 'master', 'Foo')
+
+      expect(response[:status]).to eq(:success)
+      expect(response[:tag]).to be_a Gitlab::Git::Tag
+      expect(response[:tag].name).to eq('v42.42.42')
+    end
+
+    context 'when target is invalid' do
+      it 'returns an error' do
+        response = service.execute('v1.1.0', 'foo', 'Foo')
+
+        expect(response).to eq(status: :error,
+                               message: 'Target foo is invalid')
+      end
+    end
+
+    context 'when tag already exists' do
+      it 'returns an error' do
+        expect(repository).to receive(:add_tag).
+          with(user, 'v1.1.0', 'master', 'Foo').
+          and_raise(Rugged::TagError)
+
+        response = service.execute('v1.1.0', 'master', 'Foo')
+
+        expect(response).to eq(status: :error,
+                               message: 'Tag v1.1.0 already exists')
+      end
+    end
+
+    context 'when pre-receive hook fails' do
+      it 'returns an error' do
+        expect(repository).to receive(:add_tag).
+          with(user, 'v1.1.0', 'master', 'Foo').
+          and_raise(GitHooksService::PreReceiveError)
+
+        response = service.execute('v1.1.0', 'master', 'Foo')
+
+        expect(response).to eq(status: :error,
+                               message: 'Tag creation was rejected by Git hook')
+      end
+    end
+  end
+end
diff --git a/spec/services/git_push_service_spec.rb b/spec/services/git_push_service_spec.rb
index b40a5c1c818..eeab540c2fd 100644
--- a/spec/services/git_push_service_spec.rb
+++ b/spec/services/git_push_service_spec.rb
@@ -201,6 +201,36 @@ describe GitPushService, services: true do
   end
 
 
+  describe "Updates git attributes" do
+    context "for default branch" do
+      it "calls the copy attributes method for the first push to the default branch" do
+        expect(project.repository).to receive(:copy_gitattributes).with('master')
+
+        execute_service(project, user, @blankrev, 'newrev', 'refs/heads/master')
+      end
+
+      it "calls the copy attributes method for changes to the default branch" do
+        expect(project.repository).to receive(:copy_gitattributes).with('refs/heads/master')
+
+        execute_service(project, user, 'oldrev', 'newrev', 'refs/heads/master')
+      end
+    end
+
+    context "for non-default branch" do
+      before do
+        # Make sure the "default" branch is different
+        allow(project).to receive(:default_branch).and_return('not-master')
+      end
+
+      it "does not call copy attributes method" do
+        expect(project.repository).not_to receive(:copy_gitattributes)
+
+        execute_service(project, user, @oldrev, @newrev, @ref)
+      end
+    end
+  end
+
+
   describe "Webhooks" do
     context "execute webhooks" do
       it "when pushing a branch for the first time" do
diff --git a/spec/services/issues/move_service_spec.rb b/spec/services/issues/move_service_spec.rb
index 2a5e4ac3ec4..c15e26189a5 100644
--- a/spec/services/issues/move_service_spec.rb
+++ b/spec/services/issues/move_service_spec.rb
@@ -7,10 +7,11 @@ describe Issues::MoveService, services: true do
   let(:description) { 'Some issue description' }
   let(:old_project) { create(:project) }
   let(:new_project) { create(:project) }
+  let(:milestone1) { create(:milestone, project_id: old_project.id, title: 'v9.0') }
 
   let(:old_issue) do
     create(:issue, title: title, description: description,
-                   project: old_project, author: author)
+                   project: old_project, author: author, milestone: milestone1)
   end
 
   let(:move_service) do
@@ -21,11 +22,24 @@ describe Issues::MoveService, services: true do
     before do
       old_project.team << [user, :reporter]
       new_project.team << [user, :reporter]
+
+      ['label1', 'label2'].each do |label|
+        old_issue.labels << create(:label,
+          project_id: old_project.id,
+          title: label)
+      end
+
+      new_project.labels << create(:label, title: 'label1')
+      new_project.labels << create(:label, title: 'label2')
     end
   end
 
   describe '#execute' do
     shared_context 'issue move executed' do
+      let!(:milestone2) do
+        create(:milestone, project_id: new_project.id, title: 'v9.0')
+      end
+
       let!(:new_issue) { move_service.execute(old_issue, new_project) }
     end
 
@@ -39,6 +53,23 @@ describe Issues::MoveService, services: true do
           expect(new_issue.project).to eq new_project
         end
 
+        it 'assigns milestone to new issue' do
+          expect(new_issue.reload.milestone.title).to eq 'v9.0'
+          expect(new_issue.reload.milestone).to eq(milestone2)
+        end
+
+        it 'assign labels to new issue' do
+          expected_label_titles = new_issue.reload.labels.map(&:title)
+          expect(expected_label_titles).to include 'label1'
+          expect(expected_label_titles).to include 'label2'
+          expect(expected_label_titles.size).to eq 2
+
+          new_issue.labels.each do |label|
+            expect(new_project.labels).to include(label)
+            expect(old_project.labels).not_to include(label)
+          end
+        end
+
         it 'rewrites issue title' do
           expect(new_issue.title).to eq title
         end
@@ -72,11 +103,6 @@ describe Issues::MoveService, services: true do
           expect(new_issue.author).to eq author
         end
 
-        it 'removes data that is invalid in new context' do
-          expect(new_issue.milestone).to be_nil
-          expect(new_issue.labels).to be_empty
-        end
-
         it 'creates a new internal id for issue' do
           expect(new_issue.iid).to be 1
         end
diff --git a/spec/services/merge_requests/build_service_spec.rb b/spec/services/merge_requests/build_service_spec.rb
new file mode 100644
index 00000000000..782d74ec5ec
--- /dev/null
+++ b/spec/services/merge_requests/build_service_spec.rb
@@ -0,0 +1,181 @@
+require 'spec_helper'
+
+describe MergeRequests::BuildService, services: true do
+  include RepoHelpers
+
+  let(:project) { create(:project) }
+  let(:user) { create(:user) }
+  let(:issue_confidential) { false }
+  let(:issue) { create(:issue, project: project, title: 'A bug', confidential: issue_confidential) }
+  let(:description) { nil }
+  let(:source_branch) { 'feature-branch' }
+  let(:target_branch) { 'master' }
+  let(:merge_request) { service.execute }
+  let(:compare) { double(:compare, commits: commits) }
+  let(:commit_1) { double(:commit_1, safe_message: "Initial commit\n\nCreate the app") }
+  let(:commit_2) { double(:commit_2, safe_message: 'This is a bad commit message!') }
+  let(:commits) { nil }
+
+  let(:service) do
+    MergeRequests::BuildService.new(project, user,
+                                    description: description,
+                                    source_branch: source_branch,
+                                    target_branch: target_branch)
+  end
+
+  before do
+    allow(CompareService).to receive_message_chain(:new, :execute).and_return(compare)
+  end
+
+  describe 'execute' do
+    context 'missing source branch' do
+      let(:source_branch) { '' }
+
+      it 'forbids the merge request from being created' do
+        expect(merge_request.can_be_created).to eq(false)
+      end
+
+      it 'adds an error message to the merge request' do
+        expect(merge_request.errors).to contain_exactly('You must select source and target branch')
+      end
+    end
+
+    context 'missing target branch' do
+      let(:target_branch) { '' }
+
+      it 'forbids the merge request from being created' do
+        expect(merge_request.can_be_created).to eq(false)
+      end
+
+      it 'adds an error message to the merge request' do
+        expect(merge_request.errors).to contain_exactly('You must select source and target branch')
+      end
+    end
+
+    context 'no commits in the diff' do
+      let(:commits) { [] }
+
+      it 'forbids the merge request from being created' do
+        expect(merge_request.can_be_created).to eq(false)
+      end
+    end
+
+    context 'one commit in the diff' do
+      let(:commits) { [commit_1] }
+
+      it 'allows the merge request to be created' do
+        expect(merge_request.can_be_created).to eq(true)
+      end
+
+      it 'uses the title of the commit as the title of the merge request' do
+        expect(merge_request.title).to eq(commit_1.safe_message.split("\n").first)
+      end
+
+      it 'uses the description of the commit as the description of the merge request' do
+        expect(merge_request.description).to eq(commit_1.safe_message.split(/\n+/, 2).last)
+      end
+
+      context 'merge request already has a description set' do
+        let(:description) { 'Merge request description' }
+
+        it 'keeps the description from the initial params' do
+          expect(merge_request.description).to eq(description)
+        end
+      end
+
+      context 'commit has no description' do
+        let(:commits) { [commit_2] }
+
+        it 'uses the title of the commit as the title of the merge request' do
+          expect(merge_request.title).to eq(commit_2.safe_message)
+        end
+
+        it 'sets the description to nil' do
+          expect(merge_request.description).to be_nil
+        end
+      end
+
+      context 'branch starts with issue IID followed by a hyphen' do
+        let(:source_branch) { "#{issue.iid}-fix-issue" }
+
+        it 'appends "Closes #$issue-iid" to the description' do
+          expect(merge_request.description).to eq("#{commit_1.safe_message.split(/\n+/, 2).last}\nCloses ##{issue.iid}")
+        end
+
+        context 'merge request already has a description set' do
+          let(:description) { 'Merge request description' }
+
+          it 'appends "Closes #$issue-iid" to the description' do
+            expect(merge_request.description).to eq("#{description}\nCloses ##{issue.iid}")
+          end
+        end
+
+        context 'commit has no description' do
+          let(:commits) { [commit_2] }
+
+          it 'sets the description to "Closes #$issue-iid"' do
+            expect(merge_request.description).to eq("Closes ##{issue.iid}")
+          end
+        end
+      end
+    end
+
+    context 'more than one commit in the diff' do
+      let(:commits) { [commit_1, commit_2] }
+
+      it 'allows the merge request to be created' do
+        expect(merge_request.can_be_created).to eq(true)
+      end
+
+      it 'uses the title of the branch as the merge request title' do
+        expect(merge_request.title).to eq('Feature branch')
+      end
+
+      it 'does not add a description' do
+        expect(merge_request.description).to be_nil
+      end
+
+      context 'merge request already has a description set' do
+        let(:description) { 'Merge request description' }
+
+        it 'keeps the description from the initial params' do
+          expect(merge_request.description).to eq(description)
+        end
+      end
+
+      context 'branch starts with GitLab issue IID followed by a hyphen' do
+        let(:source_branch) { "#{issue.iid}-fix-issue" }
+
+        it 'sets the title to: Resolves "$issue-title"' do
+          expect(merge_request.title).to eq("Resolve \"#{issue.title}\"")
+        end
+
+        context 'issue does not exist' do
+          let(:source_branch) { "#{issue.iid.succ}-fix-issue" }
+
+          it 'uses the title of the branch as the merge request title' do
+            expect(merge_request.title).to eq("#{issue.iid.succ} fix issue")
+          end
+        end
+
+        context 'issue is confidential' do
+          let(:issue_confidential) { true }
+
+          it 'uses the title of the branch as the merge request title' do
+            expect(merge_request.title).to eq("#{issue.iid} fix issue")
+          end
+        end
+      end
+
+      context 'branch starts with external issue IID followed by a hyphen' do
+        let(:source_branch) { '12345-fix-issue' }
+
+        before { allow(project).to receive(:default_issues_tracker?).and_return(false) }
+
+        it 'sets the title to: Resolves External Issue $issue-iid' do
+          expect(merge_request.title).to eq('Resolve External Issue 12345')
+        end
+      end
+    end
+  end
+end
diff --git a/spec/services/notification_service_spec.rb b/spec/services/notification_service_spec.rb
index d7c72dc0811..4bbc4ddc3ab 100644
--- a/spec/services/notification_service_spec.rb
+++ b/spec/services/notification_service_spec.rb
@@ -10,7 +10,7 @@ describe NotificationService, services: true do
   end
 
   describe 'Keys' do
-    describe :new_key do
+    describe '#new_key' do
       let!(:key) { create(:personal_key) }
 
       it { expect(notification.new_key(key)).to be_truthy }
@@ -22,7 +22,7 @@ describe NotificationService, services: true do
   end
 
   describe 'Email' do
-    describe :new_email do
+    describe '#new_email' do
       let!(:email) { create(:email) }
 
       it { expect(notification.new_email(email)).to be_truthy }
@@ -147,8 +147,8 @@ describe NotificationService, services: true do
         ActionMailer::Base.deliveries.clear
       end
 
-      describe :new_note do
-        it do
+      describe '#new_note' do
+        it 'notifies the team members' do
           notification.new_note(note)
 
           # Notify all team members
@@ -177,6 +177,39 @@ describe NotificationService, services: true do
       end
     end
 
+    context 'project snippet note' do
+      let(:project) { create(:empty_project, :public) }
+      let(:snippet) { create(:project_snippet, project: project, author: create(:user)) }
+      let(:note) { create(:note_on_project_snippet, noteable: snippet, project_id: snippet.project.id, note: '@all mentioned') }
+
+      before do
+        build_team(note.project)
+        note.project.team << [note.author, :master]
+        ActionMailer::Base.deliveries.clear
+      end
+
+      describe '#new_note' do
+        it 'notifies the team members' do
+          notification.new_note(note)
+
+          # Notify all team members
+          note.project.team.members.each do |member|
+            # User with disabled notification should not be notified
+            next if member.id == @u_disabled.id
+            # Author should not be notified
+            next if member.id == note.author.id
+            should_email(member)
+          end
+
+          should_email(note.noteable.author)
+          should_not_email(note.author)
+          should_email(@u_mentioned)
+          should_not_email(@u_disabled)
+          should_email(@u_not_mentioned)
+        end
+      end
+    end
+
     context 'commit note' do
       let(:project) { create(:project, :public) }
       let(:note) { create(:note_on_commit, project: project) }
@@ -187,7 +220,7 @@ describe NotificationService, services: true do
         allow_any_instance_of(Commit).to receive(:author).and_return(@u_committer)
       end
 
-      describe :new_note, :perform_enqueued_jobs do
+      describe '#new_note, #perform_enqueued_jobs' do
         it do
           notification.new_note(note)
 
@@ -230,7 +263,7 @@ describe NotificationService, services: true do
       ActionMailer::Base.deliveries.clear
     end
 
-    describe :new_issue do
+    describe '#new_issue' do
       it do
         notification.new_issue(issue, @u_disabled)
 
@@ -289,7 +322,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :reassigned_issue do
+    describe '#reassigned_issue' do
       it 'emails new assignee' do
         notification.reassigned_issue(issue, @u_disabled)
 
@@ -419,7 +452,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :close_issue do
+    describe '#close_issue' do
       it 'should sent email to issue assignee and issue author' do
         notification.close_issue(issue, @u_disabled)
 
@@ -435,7 +468,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :reopen_issue do
+    describe '#reopen_issue' do
       it 'should send email to issue assignee and issue author' do
         notification.reopen_issue(issue, @u_disabled)
 
@@ -461,7 +494,7 @@ describe NotificationService, services: true do
       ActionMailer::Base.deliveries.clear
     end
 
-    describe :new_merge_request do
+    describe '#new_merge_request' do
       it do
         notification.new_merge_request(merge_request, @u_disabled)
 
@@ -483,7 +516,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :reassigned_merge_request do
+    describe '#reassigned_merge_request' do
       it do
         notification.reassigned_merge_request(merge_request, merge_request.author)
 
@@ -498,7 +531,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :relabel_merge_request do
+    describe '#relabel_merge_request' do
       let(:label) { create(:label, merge_requests: [merge_request]) }
       let(:label2) { create(:label) }
       let!(:subscriber_to_label) { create(:user).tap { |u| label.toggle_subscription(u) } }
@@ -527,7 +560,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :closed_merge_request do
+    describe '#closed_merge_request' do
       it do
         notification.close_mr(merge_request, @u_disabled)
 
@@ -542,7 +575,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :merged_merge_request do
+    describe '#merged_merge_request' do
       it do
         notification.merge_mr(merge_request, @u_disabled)
 
@@ -557,7 +590,7 @@ describe NotificationService, services: true do
       end
     end
 
-    describe :reopen_merge_request do
+    describe '#reopen_merge_request' do
       it do
         notification.reopen_mr(merge_request, @u_disabled)
 
@@ -581,7 +614,7 @@ describe NotificationService, services: true do
       ActionMailer::Base.deliveries.clear
     end
 
-    describe :project_was_moved do
+    describe '#project_was_moved' do
       it do
         notification.project_was_moved(project, "gitlab/gitlab")
 
diff --git a/spec/services/projects/create_service_spec.rb b/spec/services/projects/create_service_spec.rb
index e43903dbd3c..fd114359467 100644
--- a/spec/services/projects/create_service_spec.rb
+++ b/spec/services/projects/create_service_spec.rb
@@ -64,7 +64,7 @@ describe Projects::CreateService, services: true do
           @path = ProjectWiki.new(@project, @user).send(:path_to_repo)
         end
 
-        it { expect(File.exists?(@path)).to be_truthy }
+        it { expect(File.exist?(@path)).to be_truthy }
       end
 
       context 'wiki_enabled false does not create wiki repository directory' do
@@ -74,7 +74,7 @@ describe Projects::CreateService, services: true do
           @path = ProjectWiki.new(@project, @user).send(:path_to_repo)
         end
 
-        it { expect(File.exists?(@path)).to be_falsey }
+        it { expect(File.exist?(@path)).to be_falsey }
       end
     end
 
diff --git a/spec/services/projects/destroy_service_spec.rb b/spec/services/projects/destroy_service_spec.rb
index 1ec27077717..29341c5e57e 100644
--- a/spec/services/projects/destroy_service_spec.rb
+++ b/spec/services/projects/destroy_service_spec.rb
@@ -13,8 +13,8 @@ describe Projects::DestroyService, services: true do
     end
 
     it { expect(Project.all).not_to include(project) }
-    it { expect(Dir.exists?(path)).to be_falsey }
-    it { expect(Dir.exists?(remove_path)).to be_falsey }
+    it { expect(Dir.exist?(path)).to be_falsey }
+    it { expect(Dir.exist?(remove_path)).to be_falsey }
   end
 
   context 'Sidekiq fake' do
@@ -24,8 +24,31 @@ describe Projects::DestroyService, services: true do
     end
 
     it { expect(Project.all).not_to include(project) }
-    it { expect(Dir.exists?(path)).to be_falsey }
-    it { expect(Dir.exists?(remove_path)).to be_truthy }
+    it { expect(Dir.exist?(path)).to be_falsey }
+    it { expect(Dir.exist?(remove_path)).to be_truthy }
+  end
+
+  context 'container registry' do
+    before do
+      stub_container_registry_config(enabled: true)
+      stub_container_registry_tags('tag')
+    end
+
+    context 'tags deletion succeeds' do
+      it do
+        expect_any_instance_of(ContainerRegistry::Tag).to receive(:delete).and_return(true)
+
+        destroy_project(project, user, {})
+      end
+    end
+
+    context 'tags deletion fails' do
+      before { expect_any_instance_of(ContainerRegistry::Tag).to receive(:delete).and_return(false) }
+
+      subject { destroy_project(project, user, {}) }
+
+      it { expect{subject}.to raise_error(Projects::DestroyService::DestroyError) }
+    end
   end
 
   def destroy_project(project, user, params)
diff --git a/spec/services/projects/import_service_spec.rb b/spec/services/projects/import_service_spec.rb
index 32bf3acf483..7f2dcdab960 100644
--- a/spec/services/projects/import_service_spec.rb
+++ b/spec/services/projects/import_service_spec.rb
@@ -112,9 +112,16 @@ describe Projects::ImportService, services: true do
 
     def stub_github_omniauth_provider
       provider = OpenStruct.new(
-        name: 'github',
-        app_id: 'asd123',
-        app_secret: 'asd123'
+        'name' => 'github',
+        'app_id' => 'asd123',
+        'app_secret' => 'asd123',
+        'args' => {
+          'client_options' => {
+            'site' => 'https://github.com/api/v3',
+            'authorize_url' => 'https://github.com/login/oauth/authorize',
+            'token_url' => 'https://github.com/login/oauth/access_token'
+          }
+        }
       )
 
       Gitlab.config.omniauth.providers << provider
diff --git a/spec/services/projects/transfer_service_spec.rb b/spec/services/projects/transfer_service_spec.rb
index 06017317339..d5aa115a074 100644
--- a/spec/services/projects/transfer_service_spec.rb
+++ b/spec/services/projects/transfer_service_spec.rb
@@ -26,6 +26,17 @@ describe Projects::TransferService, services: true do
     it { expect(project.namespace).to eq(user.namespace) }
   end
 
+  context 'disallow transfering of project with tags' do
+    before do
+      stub_container_registry_config(enabled: true)
+      stub_container_registry_tags('tag')
+    end
+
+    subject { transfer_project(project, user, group) }
+
+    it { is_expected.to be_falsey }
+  end
+
   context 'namespace -> not allowed namespace' do
     before do
       @result = transfer_project(project, user, group)
diff --git a/spec/services/system_note_service_spec.rb b/spec/services/system_note_service_spec.rb
index 240eae10052..5fbf2ae5247 100644
--- a/spec/services/system_note_service_spec.rb
+++ b/spec/services/system_note_service_spec.rb
@@ -506,6 +506,15 @@ describe SystemNoteService, services: true do
     end
   end
 
+  describe '.new_commit_summary' do
+    it 'escapes HTML titles' do
+      commit = double(title: '<pre>This is a test</pre>', short_id: '12345678')
+      escaped = '* 12345678 - &lt;pre&gt;This is a test&lt;&#x2F;pre&gt;'
+
+      expect(described_class.new_commit_summary([commit])).to eq([escaped])
+    end
+  end
+
   include JiraServiceHelper
 
   describe 'JIRA integration' do
diff --git a/spec/services/todo_service_spec.rb b/spec/services/todo_service_spec.rb
index 82b7fbfa816..a075496ee63 100644
--- a/spec/services/todo_service_spec.rb
+++ b/spec/services/todo_service_spec.rb
@@ -55,6 +55,25 @@ describe TodoService, services: true do
         should_create_todo(user: admin, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
         should_not_create_todo(user: john_doe, target: confidential_issue, author: john_doe, action: Todo::MENTIONED)
       end
+
+      context 'when a private group is mentioned' do
+        let(:group) { create :group, :private }
+        let(:project) { create :project, :private, group: group }
+        let(:issue) { create :issue, author: author, project: project, description: group.to_reference }
+
+        before do
+          group.add_owner(author)
+          group.add_user(member, Gitlab::Access::DEVELOPER)
+          group.add_user(john_doe, Gitlab::Access::DEVELOPER)
+
+          service.new_issue(issue, author)
+        end
+
+        it 'creates a todo for group members' do
+          should_create_todo(user: member, target: issue)
+          should_create_todo(user: john_doe, target: issue)
+        end
+      end
     end
 
     describe '#update_issue' do
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 596d607f2a1..576d16e7ea3 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -51,10 +51,4 @@ FactoryGirl::SyntaxRunner.class_eval do
   include RSpec::Mocks::ExampleMethods
 end
 
-# Work around a Rails 4.2.5.1 issue
-# See https://github.com/rspec/rspec-rails/issues/1532
-RSpec::Rails::ViewRendering::EmptyTemplatePathSetDecorator.class_eval do
-  alias_method :find_all_anywhere, :find_all
-end
-
 ActiveRecord::Migration.maintain_test_schema!
diff --git a/spec/support/issue_tracker_service_shared_example.rb b/spec/support/issue_tracker_service_shared_example.rb
new file mode 100644
index 00000000000..b6d7436c360
--- /dev/null
+++ b/spec/support/issue_tracker_service_shared_example.rb
@@ -0,0 +1,7 @@
+RSpec.shared_examples 'issue tracker service URL attribute' do |url_attr|
+  it { is_expected.to allow_value('https://example.com').for(url_attr) }
+
+  it { is_expected.not_to allow_value('example.com').for(url_attr) }
+  it { is_expected.not_to allow_value('ftp://example.com').for(url_attr) }
+  it { is_expected.not_to allow_value('herp-and-derp').for(url_attr) }
+end
diff --git a/spec/support/jira_service_helper.rb b/spec/support/jira_service_helper.rb
index a3f496359b1..5ebe095743b 100644
--- a/spec/support/jira_service_helper.rb
+++ b/spec/support/jira_service_helper.rb
@@ -2,11 +2,11 @@ module JiraServiceHelper
 
   def jira_service_settings
     properties = {
-      "title"=>"JIRA tracker",
-      "project_url"=>"http://jira.example/issues/?jql=project=A",
-      "issues_url"=>"http://jira.example/browse/JIRA-1",
-      "new_issue_url"=>"http://jira.example/secure/CreateIssue.jspa",
-      "api_url"=>"http://jira.example/rest/api/2"
+      "title" => "JIRA tracker",
+      "project_url" => "http://jira.example/issues/?jql=project=A",
+      "issues_url" => "http://jira.example/browse/JIRA-1",
+      "new_issue_url" => "http://jira.example/secure/CreateIssue.jspa",
+      "api_url" => "http://jira.example/rest/api/2"
     }
 
     jira_tracker.update_attributes(properties: properties, active: true)
diff --git a/spec/support/stub_gitlab_calls.rb b/spec/support/stub_gitlab_calls.rb
index eec2e681117..f73416a3d0f 100644
--- a/spec/support/stub_gitlab_calls.rb
+++ b/spec/support/stub_gitlab_calls.rb
@@ -25,6 +25,23 @@ module StubGitlabCalls
     allow_any_instance_of(Project).to receive(:builds_enabled?).and_return(false)
   end
 
+  def stub_container_registry_config(registry_settings)
+    allow(Gitlab.config.registry).to receive_messages(registry_settings)
+    allow(Auth::ContainerRegistryAuthenticationService).to receive(:full_access_token).and_return('token')
+  end
+
+  def stub_container_registry_tags(*tags)
+    allow_any_instance_of(ContainerRegistry::Client).to receive(:repository_tags).and_return(
+      { "tags" => tags }
+    )
+    allow_any_instance_of(ContainerRegistry::Client).to receive(:repository_manifest).and_return(
+      JSON.load(File.read(Rails.root + 'spec/fixtures/container_registry/tag_manifest.json'))
+    )
+    allow_any_instance_of(ContainerRegistry::Client).to receive(:blob).and_return(
+      File.read(Rails.root + 'spec/fixtures/container_registry/config_blob.json')
+    )
+  end
+
   private
 
   def gitlab_url
@@ -36,20 +53,20 @@ module StubGitlabCalls
 
     stub_request(:post, "#{gitlab_url}api/v3/session.json").
       with(body: "{\"email\":\"test@test.com\",\"password\":\"123456\"}",
-           headers: { 'Content-Type'=>'application/json' }).
-           to_return(status: 201, body: f, headers: { 'Content-Type'=>'application/json' })
+           headers: { 'Content-Type' => 'application/json' }).
+           to_return(status: 201, body: f, headers: { 'Content-Type' => 'application/json' })
   end
 
   def stub_user
     f = File.read(Rails.root.join('spec/support/gitlab_stubs/user.json'))
 
     stub_request(:get, "#{gitlab_url}api/v3/user?private_token=Wvjy2Krpb7y8xi93owUz").
-      with(headers: { 'Content-Type'=>'application/json' }).
-      to_return(status: 200, body: f, headers: { 'Content-Type'=>'application/json' })
+      with(headers: { 'Content-Type' => 'application/json' }).
+      to_return(status: 200, body: f, headers: { 'Content-Type' => 'application/json' })
 
     stub_request(:get, "#{gitlab_url}api/v3/user?access_token=some_token").
-      with(headers: { 'Content-Type'=>'application/json' }).
-      to_return(status: 200, body: f, headers: { 'Content-Type'=>'application/json' })
+      with(headers: { 'Content-Type' => 'application/json' }).
+      to_return(status: 200, body: f, headers: { 'Content-Type' => 'application/json' })
   end
 
   def stub_project_8
@@ -66,19 +83,19 @@ module StubGitlabCalls
     f = File.read(Rails.root.join('spec/support/gitlab_stubs/projects.json'))
 
     stub_request(:get, "#{gitlab_url}api/v3/projects.json?archived=false&ci_enabled_first=true&private_token=Wvjy2Krpb7y8xi93owUz").
-      with(headers: { 'Content-Type'=>'application/json' }).
-      to_return(status: 200, body: f, headers: { 'Content-Type'=>'application/json' })
+      with(headers: { 'Content-Type' => 'application/json' }).
+      to_return(status: 200, body: f, headers: { 'Content-Type' => 'application/json' })
   end
 
   def stub_projects_owned
     stub_request(:get, "#{gitlab_url}api/v3/projects/owned.json?archived=false&ci_enabled_first=true&private_token=Wvjy2Krpb7y8xi93owUz").
-      with(headers: { 'Content-Type'=>'application/json' }).
+      with(headers: { 'Content-Type' => 'application/json' }).
       to_return(status: 200, body: "", headers: {})
   end
 
   def stub_ci_enable
     stub_request(:put, "#{gitlab_url}api/v3/projects/2/services/gitlab-ci.json?private_token=Wvjy2Krpb7y8xi93owUz").
-      with(headers: { 'Content-Type'=>'application/json' }).
+      with(headers: { 'Content-Type' => 'application/json' }).
       to_return(status: 200, body: "", headers: {})
   end
 
diff --git a/spec/tasks/gitlab/backup_rake_spec.rb b/spec/tasks/gitlab/backup_rake_spec.rb
index 05fc4c4554f..8aeb013eec6 100644
--- a/spec/tasks/gitlab/backup_rake_spec.rb
+++ b/spec/tasks/gitlab/backup_rake_spec.rb
@@ -21,7 +21,7 @@ describe 'gitlab:app namespace rake task' do
   end
 
   def reenable_backup_sub_tasks
-    %w{db repo uploads builds artifacts lfs}.each do |subtask|
+    %w{db repo uploads builds artifacts lfs registry}.each do |subtask|
       Rake::Task["gitlab:backup:#{subtask}:create"].reenable
     end
   end
@@ -65,6 +65,7 @@ describe 'gitlab:app namespace rake task' do
         expect(Rake::Task['gitlab:backup:uploads:restore']).to receive(:invoke)
         expect(Rake::Task['gitlab:backup:artifacts:restore']).to receive(:invoke)
         expect(Rake::Task['gitlab:backup:lfs:restore']).to receive(:invoke)
+        expect(Rake::Task['gitlab:backup:registry:restore']).to receive(:invoke)
         expect(Rake::Task['gitlab:shell:setup']).to receive(:invoke)
         expect { run_rake_task('gitlab:backup:restore') }.not_to raise_error
       end
@@ -122,7 +123,7 @@ describe 'gitlab:app namespace rake task' do
 
     it 'should set correct permissions on the tar contents' do
       tar_contents, exit_status = Gitlab::Popen.popen(
-        %W{tar -tvf #{@backup_tar} db uploads.tar.gz repositories builds.tar.gz artifacts.tar.gz lfs.tar.gz}
+        %W{tar -tvf #{@backup_tar} db uploads.tar.gz repositories builds.tar.gz artifacts.tar.gz lfs.tar.gz registry.tar.gz}
       )
       expect(exit_status).to eq(0)
       expect(tar_contents).to match('db/')
@@ -131,12 +132,13 @@ describe 'gitlab:app namespace rake task' do
       expect(tar_contents).to match('builds.tar.gz')
       expect(tar_contents).to match('artifacts.tar.gz')
       expect(tar_contents).to match('lfs.tar.gz')
-      expect(tar_contents).not_to match(/^.{4,9}[rwx].* (database.sql.gz|uploads.tar.gz|repositories|builds.tar.gz|artifacts.tar.gz)\/$/)
+      expect(tar_contents).to match('registry.tar.gz')
+      expect(tar_contents).not_to match(/^.{4,9}[rwx].* (database.sql.gz|uploads.tar.gz|repositories|builds.tar.gz|artifacts.tar.gz|registry.tar.gz)\/$/)
     end
 
     it 'should delete temp directories' do
       temp_dirs = Dir.glob(
-        File.join(Gitlab.config.backup.path, '{db,repositories,uploads,builds,artifacts,lfs}')
+        File.join(Gitlab.config.backup.path, '{db,repositories,uploads,builds,artifacts,lfs,registry}')
       )
 
       expect(temp_dirs).to be_empty
@@ -172,7 +174,7 @@ describe 'gitlab:app namespace rake task' do
 
     it "does not contain skipped item" do
       tar_contents, _exit_status = Gitlab::Popen.popen(
-        %W{tar -tvf #{@backup_tar} db uploads.tar.gz repositories builds.tar.gz artifacts.tar.gz lfs.tar.gz}
+        %W{tar -tvf #{@backup_tar} db uploads.tar.gz repositories builds.tar.gz artifacts.tar.gz lfs.tar.gz registry.tar.gz}
       )
 
       expect(tar_contents).to match('db/')
@@ -180,6 +182,7 @@ describe 'gitlab:app namespace rake task' do
       expect(tar_contents).to match('builds.tar.gz')
       expect(tar_contents).to match('artifacts.tar.gz')
       expect(tar_contents).to match('lfs.tar.gz')
+      expect(tar_contents).to match('registry.tar.gz')
       expect(tar_contents).not_to match('repositories/')
     end
 
@@ -195,6 +198,7 @@ describe 'gitlab:app namespace rake task' do
       expect(Rake::Task['gitlab:backup:builds:restore']).to receive :invoke
       expect(Rake::Task['gitlab:backup:artifacts:restore']).to receive :invoke
       expect(Rake::Task['gitlab:backup:lfs:restore']).to receive :invoke
+      expect(Rake::Task['gitlab:backup:registry:restore']).to receive :invoke
       expect(Rake::Task['gitlab:shell:setup']).to receive :invoke
       expect { run_rake_task('gitlab:backup:restore') }.not_to raise_error
     end
diff --git a/spec/workers/emails_on_push_worker_spec.rb b/spec/workers/emails_on_push_worker_spec.rb
index 3600c771075..439da765c2c 100644
--- a/spec/workers/emails_on_push_worker_spec.rb
+++ b/spec/workers/emails_on_push_worker_spec.rb
@@ -6,29 +6,66 @@ describe EmailsOnPushWorker do
   let(:project) { create(:project) }
   let(:user) { create(:user) }
   let(:data) { Gitlab::PushDataBuilder.build_sample(project, user) }
+  let(:recipients) { user.email }
+  let(:perform) { subject.perform(project.id, recipients, data.stringify_keys) }
 
   subject { EmailsOnPushWorker.new }
 
-  before do
-    allow(Project).to receive(:find).and_return(project)
-  end
-
   describe "#perform" do
-    it "sends mail" do
-      subject.perform(project.id, user.email, data.stringify_keys)
+    context "when there are no errors in sending" do
+      let(:email) { ActionMailer::Base.deliveries.last }
 
-      email = ActionMailer::Base.deliveries.last
-      expect(email.subject).to include('Change some files')
-      expect(email.to).to eq([user.email])
+      before { perform }
+
+      it "sends a mail with the correct subject" do
+        expect(email.subject).to include('Change some files')
+      end
+
+      it "sends the mail to the correct recipient" do
+        expect(email.to).to eq([user.email])
+      end
     end
 
-    it "gracefully handles an input SMTP error" do
-      ActionMailer::Base.deliveries.clear
-      allow(Notify).to receive(:repository_push_email).and_raise(Net::SMTPFatalError)
+    context "when there is an SMTP error" do
+      before do
+        ActionMailer::Base.deliveries.clear
+        allow(Notify).to receive(:repository_push_email).and_raise(Net::SMTPFatalError)
+        perform
+      end
 
-      subject.perform(project.id, user.email, data.stringify_keys)
+      it "gracefully handles an input SMTP error" do
+        expect(ActionMailer::Base.deliveries.count).to eq(0)
+      end
+    end
 
-      expect(ActionMailer::Base.deliveries.count).to eq(0)
+    context "when there are multiple recipients" do
+      let(:recipients) do
+        1.upto(5).map { |i| user.email.sub('@', "+#{i}@") }.join("\n")
+      end
+
+      before do
+        # This is a hack because we modify the mail object before sending, for efficency,
+        # but the TestMailer adapter just appends the objects to an array. To clone a mail
+        # object, create a new one!
+        #   https://github.com/mikel/mail/issues/314#issuecomment-12750108
+        allow_any_instance_of(Mail::TestMailer).to receive(:deliver!).and_wrap_original do |original, mail|
+          original.call(Mail.new(mail.encoded))
+        end
+
+        ActionMailer::Base.deliveries.clear
+      end
+
+      it "sends the mail to each of the recipients" do
+        perform
+        expect(ActionMailer::Base.deliveries.count).to eq(5)
+        expect(ActionMailer::Base.deliveries.map(&:to).flatten).to contain_exactly(*recipients.split)
+      end
+
+      it "only generates the mail once" do
+        expect(Notify).to receive(:repository_push_email).once.and_call_original
+        expect(Premailer::Rails::CustomizedPremailer).to receive(:new).once.and_call_original
+        perform
+      end
     end
   end
 end
diff --git a/spec/workers/repository_check/batch_worker_spec.rb b/spec/workers/repository_check/batch_worker_spec.rb
index f486e45ddad..27727d6abf9 100644
--- a/spec/workers/repository_check/batch_worker_spec.rb
+++ b/spec/workers/repository_check/batch_worker_spec.rb
@@ -4,7 +4,7 @@ describe RepositoryCheck::BatchWorker do
   subject { described_class.new }
 
   it 'prefers projects that have never been checked' do
-    projects = create_list(:project, 3)
+    projects = create_list(:project, 3, created_at: 1.week.ago)
     projects[0].update_column(:last_repository_check_at, 4.months.ago)
     projects[2].update_column(:last_repository_check_at, 3.months.ago)
 
@@ -12,7 +12,7 @@ describe RepositoryCheck::BatchWorker do
   end
 
   it 'sorts projects by last_repository_check_at' do
-    projects = create_list(:project, 3)
+    projects = create_list(:project, 3, created_at: 1.week.ago)
     projects[0].update_column(:last_repository_check_at, 2.months.ago)
     projects[1].update_column(:last_repository_check_at, 4.months.ago)
     projects[2].update_column(:last_repository_check_at, 3.months.ago)
@@ -21,7 +21,7 @@ describe RepositoryCheck::BatchWorker do
   end
 
   it 'excludes projects that were checked recently' do
-    projects = create_list(:project, 3)
+    projects = create_list(:project, 3, created_at: 1.week.ago)
     projects[0].update_column(:last_repository_check_at, 2.days.ago)
     projects[1].update_column(:last_repository_check_at, 2.months.ago)
     projects[2].update_column(:last_repository_check_at, 3.days.ago)
@@ -30,10 +30,17 @@ describe RepositoryCheck::BatchWorker do
   end
 
   it 'does nothing when repository checks are disabled' do
-    create(:empty_project)
+    create(:empty_project, created_at: 1.week.ago)
     current_settings = double('settings', repository_checks_enabled: false)
     expect(subject).to receive(:current_settings) { current_settings }
 
     expect(subject.perform).to eq(nil)
   end
+
+  it 'skips projects created less than 24 hours ago' do
+    project = create(:empty_project)
+    project.update_column(:created_at, 23.hours.ago)
+  
+    expect(subject.perform).to eq([])
+  end
 end
diff --git a/spec/workers/repository_check/single_repository_worker_spec.rb b/spec/workers/repository_check/single_repository_worker_spec.rb
index 087e4c667d8..5a03bb77ebd 100644
--- a/spec/workers/repository_check/single_repository_worker_spec.rb
+++ b/spec/workers/repository_check/single_repository_worker_spec.rb
@@ -12,7 +12,7 @@ describe RepositoryCheck::SingleRepositoryWorker do
     subject.perform(project.id)
     expect(project.reload.last_repository_check_failed).to eq(false)
 
-    destroy_wiki(project)
+    break_wiki(project)
     subject.perform(project.id)
 
     expect(project.reload.last_repository_check_failed).to eq(true)
@@ -20,15 +20,38 @@ describe RepositoryCheck::SingleRepositoryWorker do
 
   it 'skips wikis when disabled' do
     project = create(:project_empty_repo, wiki_enabled: false)
-    # Make sure the test would fail if it checked the wiki repo
-    destroy_wiki(project)
+    # Make sure the test would fail if the wiki repo was checked
+    break_wiki(project)
 
     subject.perform(project.id)
 
     expect(project.reload.last_repository_check_failed).to eq(false)
   end
 
-  def destroy_wiki(project)
-    FileUtils.rm_rf(project.wiki.repository.path_to_repo)
+  it 'creates missing wikis' do
+    project = create(:project_empty_repo, wiki_enabled: true)
+    FileUtils.rm_rf(wiki_path(project))
+
+    subject.perform(project.id)
+
+    expect(project.reload.last_repository_check_failed).to eq(false)
+  end
+
+  it 'does not create a wiki if the main repo does not exist at all' do
+    project = create(:project_empty_repo)
+    FileUtils.rm_rf(project.repository.path_to_repo)
+    FileUtils.rm_rf(wiki_path(project))
+
+    subject.perform(project.id)
+
+    expect(File.exist?(wiki_path(project))).to eq(false)
+  end
+
+  def break_wiki(project)
+    FileUtils.rm_rf(wiki_path(project) + '/objects')
+  end
+
+  def wiki_path(project)
+    project.wiki.repository.path_to_repo
   end
 end
diff --git a/spec/workers/repository_import_worker_spec.rb b/spec/workers/repository_import_worker_spec.rb
index 6739063543b..f1b1574abf4 100644
--- a/spec/workers/repository_import_worker_spec.rb
+++ b/spec/workers/repository_import_worker_spec.rb
@@ -6,14 +6,28 @@ describe RepositoryImportWorker do
   subject { described_class.new }
 
   describe '#perform' do
-    it 'imports a project' do
-      expect_any_instance_of(Projects::ImportService).to receive(:execute).
-        and_return({ status: :ok })
+    context 'when the import was successful' do
+      it 'imports a project' do
+        expect_any_instance_of(Projects::ImportService).to receive(:execute).
+          and_return({ status: :ok })
 
-      expect_any_instance_of(Repository).to receive(:expire_emptiness_caches)
-      expect_any_instance_of(Project).to receive(:import_finish)
+        expect_any_instance_of(Repository).to receive(:expire_emptiness_caches)
+        expect_any_instance_of(Project).to receive(:import_finish)
 
-      subject.perform(project.id)
+        subject.perform(project.id)
+      end
+    end
+
+    context 'when the import has failed' do
+      it 'hide the credentials that were used in the import URL' do
+        error = %Q{remote: Not Found fatal: repository 'https://user:pass@test.com/root/repoC.git/' not found }
+        expect_any_instance_of(Projects::ImportService).to receive(:execute).
+          and_return({ status: :error, message: error })
+
+        subject.perform(project.id)
+
+        expect(project.reload.import_error).to include("https://*****:*****@test.com/root/repoC.git/")
+      end
     end
   end
 end
diff --git a/vendor/assets/javascripts/jquery.scrollTo.js b/vendor/assets/javascripts/jquery.scrollTo.js
new file mode 100755
index 00000000000..7ba17766b70
--- /dev/null
+++ b/vendor/assets/javascripts/jquery.scrollTo.js
@@ -0,0 +1,210 @@
+/*!
+ * jQuery.scrollTo
+ * Copyright (c) 2007-2015 Ariel Flesler - aflesler<a>gmail<d>com | http://flesler.blogspot.com
+ * Licensed under MIT
+ * http://flesler.blogspot.com/2007/10/jqueryscrollto.html
+ * @projectDescription Lightweight, cross-browser and highly customizable animated scrolling with jQuery
+ * @author Ariel Flesler
+ * @version 2.1.2
+ */
+;(function(factory) {
+	'use strict';
+	if (typeof define === 'function' && define.amd) {
+		// AMD
+		define(['jquery'], factory);
+	} else if (typeof module !== 'undefined' && module.exports) {
+		// CommonJS
+		module.exports = factory(require('jquery'));
+	} else {
+		// Global
+		factory(jQuery);
+	}
+})(function($) {
+	'use strict';
+
+	var $scrollTo = $.scrollTo = function(target, duration, settings) {
+		return $(window).scrollTo(target, duration, settings);
+	};
+
+	$scrollTo.defaults = {
+		axis:'xy',
+		duration: 0,
+		limit:true
+	};
+
+	function isWin(elem) {
+		return !elem.nodeName ||
+			$.inArray(elem.nodeName.toLowerCase(), ['iframe','#document','html','body']) !== -1;
+	}		
+
+	$.fn.scrollTo = function(target, duration, settings) {
+		if (typeof duration === 'object') {
+			settings = duration;
+			duration = 0;
+		}
+		if (typeof settings === 'function') {
+			settings = { onAfter:settings };
+		}
+		if (target === 'max') {
+			target = 9e9;
+		}
+
+		settings = $.extend({}, $scrollTo.defaults, settings);
+		// Speed is still recognized for backwards compatibility
+		duration = duration || settings.duration;
+		// Make sure the settings are given right
+		var queue = settings.queue && settings.axis.length > 1;
+		if (queue) {
+			// Let's keep the overall duration
+			duration /= 2;
+		}
+		settings.offset = both(settings.offset);
+		settings.over = both(settings.over);
+
+		return this.each(function() {
+			// Null target yields nothing, just like jQuery does
+			if (target === null) return;
+
+			var win = isWin(this),
+				elem = win ? this.contentWindow || window : this,
+				$elem = $(elem),
+				targ = target, 
+				attr = {},
+				toff;
+
+			switch (typeof targ) {
+				// A number will pass the regex
+				case 'number':
+				case 'string':
+					if (/^([+-]=?)?\d+(\.\d+)?(px|%)?$/.test(targ)) {
+						targ = both(targ);
+						// We are done
+						break;
+					}
+					// Relative/Absolute selector
+					targ = win ? $(targ) : $(targ, elem);
+					/* falls through */
+				case 'object':
+					if (targ.length === 0) return;
+					// DOMElement / jQuery
+					if (targ.is || targ.style) {
+						// Get the real position of the target
+						toff = (targ = $(targ)).offset();
+					}
+			}
+
+			var offset = $.isFunction(settings.offset) && settings.offset(elem, targ) || settings.offset;
+
+			$.each(settings.axis.split(''), function(i, axis) {
+				var Pos	= axis === 'x' ? 'Left' : 'Top',
+					pos = Pos.toLowerCase(),
+					key = 'scroll' + Pos,
+					prev = $elem[key](),
+					max = $scrollTo.max(elem, axis);
+
+				if (toff) {// jQuery / DOMElement
+					attr[key] = toff[pos] + (win ? 0 : prev - $elem.offset()[pos]);
+
+					// If it's a dom element, reduce the margin
+					if (settings.margin) {
+						attr[key] -= parseInt(targ.css('margin'+Pos), 10) || 0;
+						attr[key] -= parseInt(targ.css('border'+Pos+'Width'), 10) || 0;
+					}
+
+					attr[key] += offset[pos] || 0;
+
+					if (settings.over[pos]) {
+						// Scroll to a fraction of its width/height
+						attr[key] += targ[axis === 'x'?'width':'height']() * settings.over[pos];
+					}
+				} else {
+					var val = targ[pos];
+					// Handle percentage values
+					attr[key] = val.slice && val.slice(-1) === '%' ?
+						parseFloat(val) / 100 * max
+						: val;
+				}
+
+				// Number or 'number'
+				if (settings.limit && /^\d+$/.test(attr[key])) {
+					// Check the limits
+					attr[key] = attr[key] <= 0 ? 0 : Math.min(attr[key], max);
+				}
+
+				// Don't waste time animating, if there's no need.
+				if (!i && settings.axis.length > 1) {
+					if (prev === attr[key]) {
+						// No animation needed
+						attr = {};
+					} else if (queue) {
+						// Intermediate animation
+						animate(settings.onAfterFirst);
+						// Don't animate this axis again in the next iteration.
+						attr = {};
+					}
+				}
+			});
+
+			animate(settings.onAfter);
+
+			function animate(callback) {
+				var opts = $.extend({}, settings, {
+					// The queue setting conflicts with animate()
+					// Force it to always be true
+					queue: true,
+					duration: duration,
+					complete: callback && function() {
+						callback.call(elem, targ, settings);
+					}
+				});
+				$elem.animate(attr, opts);
+			}
+		});
+	};
+
+	// Max scrolling position, works on quirks mode
+	// It only fails (not too badly) on IE, quirks mode.
+	$scrollTo.max = function(elem, axis) {
+		var Dim = axis === 'x' ? 'Width' : 'Height',
+			scroll = 'scroll'+Dim;
+
+		if (!isWin(elem))
+			return elem[scroll] - $(elem)[Dim.toLowerCase()]();
+
+		var size = 'client' + Dim,
+			doc = elem.ownerDocument || elem.document,
+			html = doc.documentElement,
+			body = doc.body;
+
+		return Math.max(html[scroll], body[scroll]) - Math.min(html[size], body[size]);
+	};
+
+	function both(val) {
+		return $.isFunction(val) || $.isPlainObject(val) ? val : { top:val, left:val };
+	}
+
+	// Add special hooks so that window scroll properties can be animated
+	$.Tween.propHooks.scrollLeft = 
+	$.Tween.propHooks.scrollTop = {
+		get: function(t) {
+			return $(t.elem)[t.prop]();
+		},
+		set: function(t) {
+			var curr = this.get(t);
+			// If interrupt is true and user scrolled, stop animating
+			if (t.options.interrupt && t._last && t._last !== curr) {
+				return $(t.elem).stop();
+			}
+			var next = Math.round(t.now);
+			// Don't waste CPU
+			// Browsers don't render floating point scroll
+			if (curr !== next) {
+				$(t.elem)[t.prop](next);
+				t._last = this.get(t);
+			}
+		}
+	};
+
+	// AMD requirement
+	return $scrollTo;
+});