Merge branch 'master' into feature/gb/manual-actions-protected-branches-permissions

* master: (314 commits)
  Better Explore Groups view
  Update Carrierwave and fog-core
  Add specs for Gitlab::RequestProfiler
  Add scripts/static-analysis to run all the static analysers in one go
  Shorten and improve some job names
  Group static-analysis jobs into a single job
  Don't blow up when email has no References header
  Update CHANGELOG.md for 9.1.2
  Add changelog
  Add changelog
  Show Raw button as Download for binary files
  Use blob viewers for snippets
  Fix typo
  Fixed transient failure related to dropdown animations
  Revert "Merge branch 'tc-no-todo-service-select' into 'master'"
  fix link to MR 10416
  Another change from .click -> .trigger('click') to make spec pass
  Change from .click -> .trigger('click') to make spec pass
  Disable AddColumnWithDefaultToLargeTable cop for pre-existing migrations
  Add AddColumnWithDefaultToLargeTable cop
  ...

Conflicts:
	spec/requests/api/jobs_spec.rb

7 files changed, 68 insertions, 77 deletions

diff --git a/app/services/boards/issues/move_service.rb b/app/services/boards/issues/move_service.rb
index d5735f13c1e..e73b1a4361a 100644
--- a/app/services/boards/issues/move_service.rb
+++ b/app/services/boards/issues/move_service.rb
@@ -61,7 +61,7 @@ module Boards
           if moving_to_list.movable?
             moving_from_list.label_id
           else
-            project.boards.joins(:lists).merge(List.movable).pluck(:label_id)
+            Label.on_project_boards(project.id).pluck(:label_id)
           end
 
         Array(label_ids).compact
diff --git a/app/services/ci/expire_pipeline_cache_service.rb b/app/services/ci/expire_pipeline_cache_service.rb
deleted file mode 100644
index 91d9c1d2ba1..00000000000
--- a/app/services/ci/expire_pipeline_cache_service.rb
+++ /dev/null
@@ -1,51 +0,0 @@
-module Ci
-  class ExpirePipelineCacheService < BaseService
-    attr_reader :pipeline
-
-    def execute(pipeline)
-      @pipeline = pipeline
-      store = Gitlab::EtagCaching::Store.new
-
-      store.touch(project_pipelines_path)
-      store.touch(commit_pipelines_path) if pipeline.commit
-      store.touch(new_merge_request_pipelines_path)
-      merge_requests_pipelines_paths.each { |path| store.touch(path) }
-
-      Gitlab::Cache::Ci::ProjectPipelineStatus.update_for_pipeline(@pipeline)
-    end
-
-    private
-
-    def project_pipelines_path
-      Gitlab::Routing.url_helpers.namespace_project_pipelines_path(
-        project.namespace,
-        project,
-        format: :json)
-    end
-
-    def commit_pipelines_path
-      Gitlab::Routing.url_helpers.pipelines_namespace_project_commit_path(
-        project.namespace,
-        project,
-        pipeline.commit.id,
-        format: :json)
-    end
-
-    def new_merge_request_pipelines_path
-      Gitlab::Routing.url_helpers.new_namespace_project_merge_request_path(
-        project.namespace,
-        project,
-        format: :json)
-    end
-
-    def merge_requests_pipelines_paths
-      pipeline.merge_requests.collect do |merge_request|
-        Gitlab::Routing.url_helpers.pipelines_namespace_project_merge_request_path(
-          project.namespace,
-          project,
-          merge_request,
-          format: :json)
-      end
-    end
-  end
-end
diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb
index 7828c5806b0..535d93385e6 100644
--- a/app/services/projects/create_service.rb
+++ b/app/services/projects/create_service.rb
@@ -97,7 +97,8 @@ module Projects
       system_hook_service.execute_hooks_for(@project, :create)
 
       unless @project.group || @project.gitlab_project_import?
-        @project.team << [current_user, :master, current_user]
+        owners = [current_user, @project.namespace.owner].compact.uniq
+        @project.add_master(owners, current_user: current_user)
       end
 
       @project.group&.refresh_members_authorized_projects
diff --git a/app/services/slash_commands/interpret_service.rb b/app/services/slash_commands/interpret_service.rb
index 49d45ec9dbd..6aeebc26685 100644
--- a/app/services/slash_commands/interpret_service.rb
+++ b/app/services/slash_commands/interpret_service.rb
@@ -330,6 +330,28 @@ module SlashCommands
       @updates[:target_branch] = branch_name if project.repository.branch_names.include?(branch_name)
     end
 
+    desc 'Move issue from one column of the board to another'
+    params '~"Target column"'
+    condition do
+      issuable.is_a?(Issue) &&
+        current_user.can?(:"update_#{issuable.to_ability_name}", issuable) &&
+        issuable.project.boards.count == 1
+    end
+    command :board_move do |target_list_name|
+      label_ids = find_label_ids(target_list_name)
+
+      if label_ids.size == 1
+        label_id = label_ids.first
+
+        # Ensure this label corresponds to a list on the board
+        next unless Label.on_project_boards(issuable.project_id).where(id: label_id).exists?
+
+        @updates[:remove_label_ids] =
+          issuable.labels.on_project_boards(issuable.project_id).where.not(id: label_id).pluck(:id)
+        @updates[:add_label_ids] = [label_id]
+      end
+    end
+
     def find_label_ids(labels_param)
       label_ids_by_reference = extract_references(labels_param, :label).map(&:id)
       labels_ids_by_name = LabelsFinder.new(current_user, project_id: project.id, name: labels_param.split).execute.select(:id)
diff --git a/app/services/users/build_service.rb b/app/services/users/build_service.rb
index 9a0a5a12f91..363135ef09b 100644
--- a/app/services/users/build_service.rb
+++ b/app/services/users/build_service.rb
@@ -6,18 +6,16 @@ module Users
       @params = params.dup
     end
 
-    def execute
-      raise Gitlab::Access::AccessDeniedError unless can_create_user?
+    def execute(skip_authorization: false)
+      raise Gitlab::Access::AccessDeniedError unless skip_authorization || can_create_user?
 
-      user = User.new(build_user_params)
+      user_params = build_user_params(skip_authorization: skip_authorization)
+      user = User.new(user_params)
 
       if current_user&.admin?
-        if params[:reset_password]
-          user.generate_reset_token
-          params[:force_random_password] = true
-        end
+        @reset_token = user.generate_reset_token if params[:reset_password]
 
-        if params[:force_random_password]
+        if user_params[:force_random_password]
           random_password = Devise.friendly_token.first(Devise.password_length.min)
           user.password = user.password_confirmation = random_password
         end
@@ -81,7 +79,7 @@ module Users
       ]
     end
 
-    def build_user_params
+    def build_user_params(skip_authorization:)
       if current_user&.admin?
         user_params = params.slice(*admin_create_params)
         user_params[:created_by_id] = current_user&.id
@@ -90,11 +88,20 @@ module Users
           user_params.merge!(force_random_password: true, password_expires_at: nil)
         end
       else
-        user_params = params.slice(*signup_params)
-        user_params[:skip_confirmation] = !current_application_settings.send_user_confirmation_email
+        allowed_signup_params = signup_params
+        allowed_signup_params << :skip_confirmation if skip_authorization
+
+        user_params = params.slice(*allowed_signup_params)
+        if user_params[:skip_confirmation].nil?
+          user_params[:skip_confirmation] = skip_user_confirmation_email_from_setting
+        end
       end
 
       user_params
     end
+
+    def skip_user_confirmation_email_from_setting
+      !current_application_settings.send_user_confirmation_email
+    end
   end
 end
diff --git a/app/services/users/create_service.rb b/app/services/users/create_service.rb
index a2105d31f71..e22f7225ae2 100644
--- a/app/services/users/create_service.rb
+++ b/app/services/users/create_service.rb
@@ -6,8 +6,8 @@ module Users
       @params = params.dup
     end
 
-    def execute
-      user = Users::BuildService.new(current_user, params).execute
+    def execute(skip_authorization: false)
+      user = Users::BuildService.new(current_user, params).execute(skip_authorization: skip_authorization)
 
       @reset_token = user.generate_reset_token if user.recently_sent_password_reset?
 
diff --git a/app/services/users/migrate_to_ghost_user_service.rb b/app/services/users/migrate_to_ghost_user_service.rb
index 1e1ed1791ec..4628c4c6f6e 100644
--- a/app/services/users/migrate_to_ghost_user_service.rb
+++ b/app/services/users/migrate_to_ghost_user_service.rb
@@ -15,27 +15,39 @@ module Users
     end
 
     def execute
-      # Block the user before moving records to prevent a data race.
-      # For example, if the user creates an issue after `migrate_issues`
-      # runs and before the user is destroyed, the destroy will fail with
-      # an exception.
-      user.block
+      transition = user.block_transition
 
       user.transaction do
+        # Block the user before moving records to prevent a data race.
+        # For example, if the user creates an issue after `migrate_issues`
+        # runs and before the user is destroyed, the destroy will fail with
+        # an exception.
+        user.block
+
+        # Reverse the user block if record migration fails
+        if !migrate_records && transition
+          transition.rollback
+          user.save!
+        end
+      end
+
+      user.reload
+    end
+
+    private
+
+    def migrate_records
+      user.transaction(requires_new: true) do
         @ghost_user = User.ghost
 
         migrate_issues
         migrate_merge_requests
         migrate_notes
         migrate_abuse_reports
-        migrate_award_emoji
+        migrate_award_emojis
       end
-
-      user.reload
     end
 
-    private
-
     def migrate_issues
       user.issues.update_all(author_id: ghost_user.id)
     end
@@ -52,7 +64,7 @@ module Users
       user.reported_abuse_reports.update_all(reporter_id: ghost_user.id)
     end
 
-    def migrate_award_emoji
+    def migrate_award_emojis
       user.award_emoji.update_all(user_id: ghost_user.id)
     end
   end