Merge commit '11c67e7c2f992299ff5918ce67995b73d1e0be6d' into object-storage-ee-to-ce-backport

23 files changed, 233 insertions, 54 deletions

diff --git a/config/application.rb b/config/application.rb
index 32a290f2002..31e91835b9e 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -51,7 +51,7 @@ module Gitlab
     # Configure sensitive parameters which will be filtered from the log file.
     #
     # Parameters filtered:
-    # - Any parameter ending with `_token`
+    # - Any parameter ending with `token`
     # - Any parameter containing `password`
     # - Any parameter containing `secret`
     # - Two-factor tokens (:otp_attempt)
@@ -61,7 +61,7 @@ module Gitlab
     # - Webhook URLs (:hook)
     # - Sentry DSN (:sentry_dsn)
     # - Deploy keys (:key)
-    config.filter_parameters += [/_token$/, /password/, /secret/]
+    config.filter_parameters += [/token$/, /password/, /secret/]
     config.filter_parameters += %i(
       certificate
       encrypted_key
@@ -105,8 +105,7 @@ module Gitlab
     config.assets.precompile << "lib/ace.js"
     config.assets.precompile << "vendor/assets/fonts/*"
     config.assets.precompile << "test.css"
-    config.assets.precompile << "new_nav.css"
-    config.assets.precompile << "new_sidebar.css"
+    config.assets.precompile << "locale/**/app.js"
 
     # Version of your assets, change this if you want to expire all your assets
     config.assets.version = '1.0'
@@ -155,6 +154,9 @@ module Gitlab
     ENV['GITLAB_PATH_OUTSIDE_HOOK'] = ENV['PATH']
     ENV['GIT_TERMINAL_PROMPT'] = '0'
 
+    # Gitlab Read-only middleware support
+    config.middleware.insert_after ActionDispatch::Flash, 'Gitlab::Middleware::ReadOnly'
+
     config.generators do |g|
       g.factory_girl false
     end
diff --git a/config/dependency_decisions.yml b/config/dependency_decisions.yml
index d6c3c84851b..db31b01a7d2 100644
--- a/config/dependency_decisions.yml
+++ b/config/dependency_decisions.yml
@@ -416,3 +416,51 @@
     :why: https://gitlab.com/gitlab-com/organization/issues/117
     :versions: []
     :when: 2017-09-04 12:59:51.150798717 Z
+- - :approve
+  - console-browserify
+  - :who: Mike Greiling
+    :why: https://github.com/Raynos/console-browserify/blob/f0a8898487e2a47b8a5dc8734b91059fa2825506/LICENCE
+    :versions: []
+    :when: 2017-09-16 05:13:07.073651000 Z
+- - :approve
+  - duplexer
+  - :who: Mike Greiling
+    :why: https://github.com/Raynos/duplexer/blob/master/LICENCE
+    :versions: []
+    :when: 2017-09-16 05:14:15.774643000 Z
+- - :approve
+  - json3
+  - :who: Mike Greiling
+    :why: https://github.com/bestiejs/json3/blob/v3.3.2/LICENSE
+    :versions: []
+    :when: 2017-09-16 05:15:16.273892000 Z
+- - :approve
+  - mime
+  - :who: Mike Greiling
+    :why: https://github.com/broofa/node-mime/blob/v1.3.4/LICENSE
+    :versions: []
+    :when: 2017-09-16 05:16:21.135542000 Z
+- - :approve
+  - querystring-es3
+  - :who: Mike Greiling
+    :why: https://github.com/mike-spainhower/querystring/blob/v0.2.0/License.md
+    :versions: []
+    :when: 2017-09-16 05:17:20.372089000 Z
+- - :approve
+  - utils-merge
+  - :who: Mike Greiling
+    :why: https://github.com/jaredhanson/utils-merge/blob/v1.0.0/LICENSE
+    :versions: []
+    :when: 2017-09-16 05:18:26.193764000 Z
+- - :approve
+  - svg4everybody
+  - :who: Tim Zallmann
+    :why: CC0 1.0 - https://github.com/jonathantneal/svg4everybody/blob/master/LICENSE.md
+    :versions: []
+    :when: 2017-09-13 17:31:16.425819400 Z
+- - :approve
+  - gitlab-svgs
+  - :who: Tim Zallmann
+    :why: Our own library - https://gitlab.com/gitlab-org/gitlab-svgs
+    :versions: []
+    :when: 2017-09-19 14:36:32.795496000 Z
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 278144b8943..1edb6fd39b8 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -16,7 +16,7 @@ Rails.application.configure do
   config.cache_classes = ENV['CACHE_CLASSES'] == 'true'
 
   # Configure static asset server for tests with Cache-Control for performance
-  config.assets.digest = false
+  config.assets.compile = false if ENV['CI']
   config.serve_static_files = true
   config.static_cache_control = "public, max-age=3600"
 
diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index ec0d990aa0a..40ee85a3667 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -89,7 +89,7 @@ production: &base
     # This happens when the commit is pushed or merged into the default branch of a project.
     # When not specified the default issue_closing_pattern as specified below will be used.
     # Tip: you can test your closing pattern at http://rubular.com.
-    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
+    # issue_closing_pattern: '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)'
 
     ## Default project features settings
     default_projects_features:
@@ -186,6 +186,7 @@ production: &base
     host: example.com
     port: 80 # Set to 443 if you serve the pages with HTTPS
     https: false # Set to true if you serve the pages with HTTPS
+    artifacts_server: true
     # external_http: ["1.1.1.1:80", "[2001::1]:80"] # If defined, enables custom domain support in GitLab Pages
     # external_https: ["1.1.1.1:443", "[2001::1]:443"] # If defined, enables custom domain and certificate support in GitLab Pages
 
@@ -521,6 +522,8 @@ production: &base
 
   # Gitaly settings
   gitaly:
+    # Path to the directory containing Gitaly client executables.
+    client_path: /home/git/gitaly
     # Default Gitaly authentication token. Can be overriden per storage. Can
     # be left blank when Gitaly is running locally on a Unix socket, which
     # is the normal way to deploy Gitaly.
@@ -599,12 +602,6 @@ production: &base
   # Use the default values unless you really know what you are doing
   git:
     bin_path: /usr/bin/git
-    # The next value is the maximum memory size grit can use
-    # Given in number of bytes per git object (e.g. a commit)
-    # This value can be increased if you have very large commits
-    max_size: 20971520 # 20.megabytes
-    # Git timeout to read a commit, in seconds
-    timeout: 10
 
   ## Webpack settings
   # If enabled, this will tell rails to serve frontend assets from the webpack-dev-server running
@@ -714,7 +711,7 @@ test:
         gitaly_address: unix:tmp/tests/gitaly/gitaly.socket
 
   gitaly:
-    enabled: true
+    client_path: tmp/tests/gitaly
     token: secret
   backup:
     path: tmp/tests/backups
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index e9893c0d4d6..ec80045696b 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -257,7 +257,7 @@ Settings.gitlab['signup_enabled'] ||= true if Settings.gitlab['signup_enabled'].
 Settings.gitlab['password_authentication_enabled'] ||= true if Settings.gitlab['password_authentication_enabled'].nil?
 Settings.gitlab['restricted_visibility_levels'] = Settings.__send__(:verify_constant_array, Gitlab::VisibilityLevel, Settings.gitlab['restricted_visibility_levels'], [])
 Settings.gitlab['username_changing_enabled'] = true if Settings.gitlab['username_changing_enabled'].nil?
-Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing))(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil?
+Settings.gitlab['issue_closing_pattern'] = '((?:[Cc]los(?:e[sd]?|ing)|[Ff]ix(?:e[sd]|ing)?|[Rr]esolv(?:e[sd]?|ing)|[Ii]mplement(?:s|ed|ing)?)(:?) +(?:(?:issues? +)?%{issue_ref}(?:(?:, *| +and +)?)|([A-Z][A-Z0-9_]+-\d+))+)' if Settings.gitlab['issue_closing_pattern'].nil?
 Settings.gitlab['default_projects_features'] ||= {}
 Settings.gitlab['webhook_timeout'] ||= 10
 Settings.gitlab['max_attachment_size'] ||= 10
@@ -270,7 +270,7 @@ Settings.gitlab.default_projects_features['builds']             = true if Settin
 Settings.gitlab.default_projects_features['container_registry'] = true if Settings.gitlab.default_projects_features['container_registry'].nil?
 Settings.gitlab.default_projects_features['visibility_level']   = Settings.__send__(:verify_constant, Gitlab::VisibilityLevel, Settings.gitlab.default_projects_features['visibility_level'], Gitlab::VisibilityLevel::PRIVATE)
 Settings.gitlab['domain_whitelist'] ||= []
-Settings.gitlab['import_sources'] ||= %w[github bitbucket gitlab google_code fogbugz git gitlab_project gitea]
+Settings.gitlab['import_sources'] ||= Gitlab::ImportSources.values
 Settings.gitlab['trusted_proxies'] ||= []
 Settings.gitlab['no_todos_messages'] ||= YAML.load_file(Rails.root.join('config', 'no_todos_messages.yml'))
 Settings.gitlab['usage_ping_enabled'] = true if Settings.gitlab['usage_ping_enabled'].nil?
@@ -323,15 +323,16 @@ Settings.registry['path']            = Settings.absolute(Settings.registry['path
 # Pages
 #
 Settings['pages'] ||= Settingslogic.new({})
-Settings.pages['enabled']         = false if Settings.pages['enabled'].nil?
-Settings.pages['path']            = Settings.absolute(Settings.pages['path'] || File.join(Settings.shared['path'], "pages"))
-Settings.pages['https']           = false if Settings.pages['https'].nil?
-Settings.pages['host']            ||= "example.com"
-Settings.pages['port']            ||= Settings.pages.https ? 443 : 80
-Settings.pages['protocol']        ||= Settings.pages.https ? "https" : "http"
-Settings.pages['url']             ||= Settings.__send__(:build_pages_url)
-Settings.pages['external_http']   ||= false unless Settings.pages['external_http'].present?
-Settings.pages['external_https']  ||= false unless Settings.pages['external_https'].present?
+Settings.pages['enabled']           = false if Settings.pages['enabled'].nil?
+Settings.pages['path']              = Settings.absolute(Settings.pages['path'] || File.join(Settings.shared['path'], "pages"))
+Settings.pages['https']             = false if Settings.pages['https'].nil?
+Settings.pages['host']              ||= "example.com"
+Settings.pages['port']              ||= Settings.pages.https ? 443 : 80
+Settings.pages['protocol']          ||= Settings.pages.https ? "https" : "http"
+Settings.pages['url']               ||= Settings.__send__(:build_pages_url)
+Settings.pages['external_http']     ||= false unless Settings.pages['external_http'].present?
+Settings.pages['external_https']    ||= false unless Settings.pages['external_https'].present?
+Settings.pages['artifacts_server']  ||= Settings.pages['enabled'] if Settings.pages['artifacts_server'].nil?
 
 #
 # Git LFS
@@ -513,9 +514,7 @@ Settings.backup['upload']['storage_class'] ||= nil
 # Git
 #
 Settings['git'] ||= Settingslogic.new({})
-Settings.git['max_size']  ||= 20971520 # 20.megabytes
-Settings.git['bin_path']  ||= '/usr/bin/git'
-Settings.git['timeout']   ||= 10
+Settings.git['bin_path'] ||= '/usr/bin/git'
 
 # Important: keep the satellites.path setting until GitLab 9.0 at
 # least. This setting is fed to 'rm -rf' in
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 3aed2136f1b..c6ec0aeda7b 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -36,7 +36,7 @@ Devise.setup do |config|
   # Configure which authentication keys should be case-insensitive.
   # These keys will be downcased upon creating or modifying a user and when used
   # to authenticate or find a user. Default is :email.
-  config.case_insensitive_keys = [:email]
+  config.case_insensitive_keys = [:email, :email_confirmation]
 
   # Configure which authentication keys should have whitespace stripped.
   # These keys will have whitespace before and after removed upon creating or
@@ -175,7 +175,7 @@ Devise.setup do |config|
 
   # Configure the default scope given to Warden. By default it's the first
   # devise role declared in your routes (usually :user).
-  # config.default_scope = :user
+  config.default_scope = :user  # now have an :email scope as well, so set the default
 
   # Configure sign_out behavior.
   # Sign_out action can be scoped (i.e. /users/sign_out affects only :user scope).
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 40e635bf2cf..b89f0419b91 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -58,7 +58,7 @@ Doorkeeper.configure do
   # For more information go to
   # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
   default_scopes(*Gitlab::Auth::DEFAULT_SCOPES)
-  optional_scopes(*Gitlab::Auth::OPTIONAL_SCOPES)
+  optional_scopes(*Gitlab::Auth.optional_scopes)
 
   # Change the way client credentials are retrieved from the request object.
   # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
diff --git a/config/initializers/doorkeeper_openid_connect.rb b/config/initializers/doorkeeper_openid_connect.rb
index c58f425b19b..af174def047 100644
--- a/config/initializers/doorkeeper_openid_connect.rb
+++ b/config/initializers/doorkeeper_openid_connect.rb
@@ -1,7 +1,7 @@
 Doorkeeper::OpenidConnect.configure do
   issuer Gitlab.config.gitlab.url
 
-  jws_private_key Rails.application.secrets.jws_private_key
+  signing_key Rails.application.secrets.openid_connect_signing_key
 
   resource_owner_from_access_token do |access_token|
     User.active.find_by(id: access_token.resource_owner_id)
diff --git a/config/initializers/gettext_rails_i18n_patch.rb b/config/initializers/gettext_rails_i18n_patch.rb
index 377e5104f9d..49551319435 100644
--- a/config/initializers/gettext_rails_i18n_patch.rb
+++ b/config/initializers/gettext_rails_i18n_patch.rb
@@ -39,3 +39,17 @@ module GettextI18nRailsJs
     end
   end
 end
+
+class PoToJson
+  # This is required to modify the JS locale file output to our import needs
+  # Overwrites: https://github.com/webhippie/po_to_json/blob/master/lib/po_to_json.rb#L46
+  def generate_for_jed(language, overwrite = {})
+    @options = parse_options(overwrite.merge(language: language))
+    @parsed ||= inject_meta(parse_document)
+
+    generated = build_json_for(build_jed_for(@parsed))
+    [
+      "window.translations = #{generated};"
+    ].join(" ")
+  end
+end
diff --git a/config/initializers/grpc.rb b/config/initializers/grpc.rb
new file mode 100644
index 00000000000..b96962fe7db
--- /dev/null
+++ b/config/initializers/grpc.rb
@@ -0,0 +1,11 @@
+require 'logger'
+
+GRPC_LOGGER = Logger.new(Rails.root.join('log/grpc.log'))
+GRPC_LOGGER.level = ENV['GRPC_LOG_LEVEL'].presence || 'WARN'
+GRPC_LOGGER.progname = 'GRPC'
+
+module GRPC
+  def self.logger
+    GRPC_LOGGER
+  end
+end
diff --git a/config/initializers/lograge.rb b/config/initializers/lograge.rb
index 21fe8d72459..8560d24526f 100644
--- a/config/initializers/lograge.rb
+++ b/config/initializers/lograge.rb
@@ -12,13 +12,18 @@ unless Sidekiq.server?
     config.lograge.logger = ActiveSupport::Logger.new(filename)
     # Add request parameters to log output
     config.lograge.custom_options = lambda do |event|
-      {
+      payload = {
         time: event.time.utc.iso8601(3),
         params: event.payload[:params].except(*%w(controller action format)),
         remote_ip: event.payload[:remote_ip],
         user_id: event.payload[:user_id],
         username: event.payload[:username]
       }
+
+      gitaly_calls = Gitlab::GitalyClient.get_request_count
+      payload[:gitaly_calls] = gitaly_calls if gitaly_calls > 0
+
+      payload
     end
   end
 end
diff --git a/config/initializers/postgresql_opclasses_support.rb b/config/initializers/postgresql_opclasses_support.rb
index 820cc89ef57..c2f3023b330 100644
--- a/config/initializers/postgresql_opclasses_support.rb
+++ b/config/initializers/postgresql_opclasses_support.rb
@@ -127,7 +127,7 @@ module ActiveRecord
               orders = desc_order_columns.any? ? Hash[desc_order_columns.map {|order_column| [order_column, :desc]}] : {}
               where = inddef.scan(/WHERE (.+)$/).flatten[0]
               using = inddef.scan(/USING (.+?) /).flatten[0].to_sym
-              opclasses = Hash[inddef.scan(/\((.+)\)$/).flatten[0].split(',').map do |column_and_opclass|
+              opclasses = Hash[inddef.scan(/\((.+?)\)(?:$| WHERE )/).flatten[0].split(',').map do |column_and_opclass|
                                  column, opclass = column_and_opclass.split(' ').map(&:strip)
                                  [column, opclass] if opclass
                                end.compact]
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
index f9c1d2165d3..750a5b34f3b 100644
--- a/config/initializers/secret_token.rb
+++ b/config/initializers/secret_token.rb
@@ -25,7 +25,7 @@ def create_tokens
     secret_key_base: file_secret_key || generate_new_secure_token,
     otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
     db_key_base: generate_new_secure_token,
-    jws_private_key: generate_new_rsa_private_key
+    openid_connect_signing_key: generate_new_rsa_private_key
   }
 
   missing_secrets = set_missing_keys(defaults)
diff --git a/config/initializers/sentry.rb b/config/initializers/sentry.rb
index 62d0967009a..b2da3b3dc19 100644
--- a/config/initializers/sentry.rb
+++ b/config/initializers/sentry.rb
@@ -2,7 +2,7 @@
 
 require 'gitlab/current_settings'
 
-if Rails.env.production?
+def configure_sentry
   # allow it to fail: it may do so when create_from_defaults is executed before migrations are actually done
   begin
     sentry_enabled = Gitlab::CurrentSettings.current_application_settings.sentry_enabled
@@ -23,3 +23,5 @@ if Rails.env.production?
     end
   end
 end
+
+configure_sentry if Rails.env.production?
diff --git a/config/initializers/static_files.rb b/config/initializers/static_files.rb
index 943e01f1496..d3a7a2b9f8b 100644
--- a/config/initializers/static_files.rb
+++ b/config/initializers/static_files.rb
@@ -30,7 +30,7 @@ if app.config.serve_static_files
       settings.merge!(
         host: Gitlab.config.gitlab.host,
         port: Gitlab.config.gitlab.port,
-        https: Gitlab.config.gitlab.https
+        https: false
       )
       app.config.middleware.insert_before(
         Gitlab::Middleware::Static,
diff --git a/config/prometheus/additional_metrics.yml b/config/prometheus/additional_metrics.yml
index 0642a0b2fe9..33b897f46e2 100644
--- a/config/prometheus/additional_metrics.yml
+++ b/config/prometheus/additional_metrics.yml
@@ -4,12 +4,21 @@
   - title: "Throughput"
     y_label: "Requests / Sec"
     required_metrics:
-      - nginx_upstream_requests_total
+      - nginx_upstream_responses_total
     weight: 1
     queries:
-    - query_range: 'sum(rate(nginx_upstream_requests_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m]))'
-      label: Total
+    - query_range: 'sum(rate(nginx_upstream_responses_total{upstream=~"%{kube_namespace}-%{ci_environment_slug}-.*"}[2m])) by (status_code)'
       unit: req / sec
+      label: Status Code
+      series:
+        - label: status_code
+          when:
+            - value: 2xx
+              color: green
+            - value: 4xx
+              color: orange
+            - value: 5xx
+              color: red
   - title: "Latency"
     y_label: "Latency (ms)"
     required_metrics:
@@ -37,9 +46,17 @@
       - haproxy_frontend_http_requests_total
     weight: 1
     queries:
-    - query_range: 'sum(rate(haproxy_frontend_http_requests_total{%{environment_filter}}[2m]))'
-      label: Total
+    - query_range: 'sum(rate(haproxy_frontend_http_requests_total{%{environment_filter}}[2m])) by (code)'
       unit: req / sec
+      series:
+        - label: code
+          when:
+            - value: 2xx
+              color: green
+            - value: 4xx
+              color: yellow
+            - value: 5xx
+              color: red
   - title: "HTTP Error Rate"
     y_label: "Error Rate (%)"
     required_metrics:
@@ -86,12 +103,21 @@
   - title: "Throughput"
     y_label: "Requests / Sec"
     required_metrics:
-      - nginx_requests_total
+      - nginx_responses_total
     weight: 1
     queries:
-    - query_range: 'sum(rate(nginx_requests_total{server_zone!="*", server_zone!="_", %{environment_filter}}[2m]))'
-      label: Total
+    - query_range: 'sum(rate(nginx_responses_total{server_zone!="*", server_zone!="_", %{environment_filter}}[2m])) by (status_code)'
       unit: req / sec
+      label: Status Code
+      series:
+        - label: status_code
+          when:
+            - value: 2xx
+              color: green
+            - value: 4xx
+              color: orange
+            - value: 5xx
+              color: red
   - title: "Latency"
     y_label: "Latency (ms)"
     required_metrics:
@@ -128,6 +154,8 @@
      - container_cpu_usage_seconds_total
     weight: 1
     queries:
-    - query_range: 'sum(rate(container_cpu_usage_seconds_total{container_name!="POD",%{environment_filter}}[2m])) / count(container_cpu_usage_seconds_total{container_name!="POD",%{environment_filter}}) * 100'
-      label: Average
+    - query_range: 'sum(rate(container_cpu_usage_seconds_total{container_name!="POD",%{environment_filter}}[2m])) by (cpu)  * 100'
+      label: CPU
       unit: "%"
+      series:
+        - label: cpu
diff --git a/config/routes.rb b/config/routes.rb
index 5683725c8a2..405bfcc2d8e 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -87,6 +87,7 @@ Rails.application.routes.draw do
     resources :issues, module: :boards, only: [:index, :update]
   end
 
+  draw :google_api
   draw :import
   draw :uploads
   draw :explore
diff --git a/config/routes/google_api.rb b/config/routes/google_api.rb
new file mode 100644
index 00000000000..3fb236d3d51
--- /dev/null
+++ b/config/routes/google_api.rb
@@ -0,0 +1,5 @@
+namespace :google_api do
+  resource :auth, only: [], controller: :authorizations do
+    match :callback, via: [:get, :post]
+  end
+end
diff --git a/config/routes/profile.rb b/config/routes/profile.rb
index 3e4e6111ab8..ddc852f0132 100644
--- a/config/routes/profile.rb
+++ b/config/routes/profile.rb
@@ -1,3 +1,6 @@
+# for secondary email confirmations - uses the same confirmation controller as :users
+devise_for :emails, path: 'profile/emails', controllers: { confirmations: :confirmations }
+
 resource :profile, only: [:show, :update] do
   member do
     get :audit_log
@@ -28,7 +31,11 @@ resource :profile, only: [:show, :update] do
         put :revoke
       end
     end
-    resources :emails, only: [:index, :create, :destroy]
+    resources :emails, only: [:index, :create, :destroy] do
+      member do
+        put :resend_confirmation_instructions
+      end
+    end
     resources :chat_names, only: [:index, :new, :create, :destroy] do
       collection do
         delete :deny
diff --git a/config/routes/project.rb b/config/routes/project.rb
index b36d13888cd..7f0e056c884 100644
--- a/config/routes/project.rb
+++ b/config/routes/project.rb
@@ -183,6 +183,16 @@ constraints(ProjectUrlConstrainer.new) do
         end
       end
 
+      resources :clusters, except: [:edit] do
+        collection do
+          get :login
+        end
+
+        member do
+          get :status, format: :json
+        end
+      end
+
       resources :environments, except: [:destroy] do
         member do
           post :stop
@@ -271,7 +281,7 @@ constraints(ProjectUrlConstrainer.new) do
 
       namespace :registry do
         resources :repository, only: [] do
-          resources :tags, only: [:destroy],
+          resources :tags, only: [:index, :destroy],
                            constraints: { id: Gitlab::Regex.container_registry_tag_regex }
         end
       end
diff --git a/config/sidekiq_queues.yml b/config/sidekiq_queues.yml
index 883ffdcba4b..41b78bad8cc 100644
--- a/config/sidekiq_queues.yml
+++ b/config/sidekiq_queues.yml
@@ -38,7 +38,6 @@
   - [invalid_gpg_signature_update, 2]
   - [create_gpg_signature, 2]
   - [upload_checksum, 1]
-  - [use_key, 1]
   - [repository_fork, 1]
   - [repository_import, 1]
   - [project_service, 1]
@@ -64,3 +63,6 @@
   - [propagate_service_template, 1]
   - [background_migration, 1]
   - [object_storage_upload, 1]
+  - [gcp_cluster, 1]
+  - [project_migrate_hashed_storage, 1]
+  - [storage_migrator, 1]
diff --git a/config/svg.config.js b/config/svg.config.js
new file mode 100644
index 00000000000..be72741abec
--- /dev/null
+++ b/config/svg.config.js
@@ -0,0 +1,48 @@
+/* eslint-disable no-commonjs */
+const path = require('path');
+const fs = require('fs');
+
+const sourcePath = path.join('node_modules', 'gitlab-svgs', 'dist');
+const sourcePathIllustrations = path.join('node_modules', 'gitlab-svgs', 'dist', 'illustrations');
+const destPath = path.normalize(path.join('app', 'assets', 'images'));
+
+// Actual Task copying the 2 files + all illustrations
+copyFileSync(path.join(sourcePath, 'icons.svg'), destPath);
+copyFileSync(path.join(sourcePath, 'icons.json'), destPath);
+copyFolderRecursiveSync(sourcePathIllustrations, destPath);
+
+// Helper Functions
+function copyFileSync(source, target) {
+  var targetFile = target;
+  //if target is a directory a new file with the same name will be created
+  if (fs.existsSync(target)) {
+    if (fs.lstatSync(target).isDirectory()) {
+      targetFile = path.join(target, path.basename(source));
+    }
+  }
+  console.log(`Copy SVG File : ${targetFile}`);
+  fs.writeFileSync(targetFile, fs.readFileSync(source));
+}
+
+function copyFolderRecursiveSync(source, target) {
+  var files = [];
+
+  //check if folder needs to be created or integrated
+  var targetFolder = path.join(target, path.basename(source));
+  if (!fs.existsSync(targetFolder)) {
+    fs.mkdirSync(targetFolder);
+  }
+
+  //copy
+  if (fs.lstatSync(source).isDirectory()) {
+    files = fs.readdirSync(source);
+    files.forEach(function (file) {
+      var curSource = path.join(source, file);
+      if (fs.lstatSync(curSource).isDirectory()) {
+        copyFolderRecursiveSync(curSource, targetFolder);
+      } else {
+        copyFileSync(curSource, targetFolder);
+      }
+    });
+  }
+}
diff --git a/config/webpack.config.js b/config/webpack.config.js
index 6b0cd023291..8cded750a66 100644
--- a/config/webpack.config.js
+++ b/config/webpack.config.js
@@ -26,6 +26,7 @@ var config = {
   },
   context: path.join(ROOT_PATH, 'app/assets/javascripts'),
   entry: {
+    account:              './profile/account/index.js',
     balsamiq_viewer:      './blob/balsamiq_viewer.js',
     blob:                 './blob_edit/blob_bundle.js',
     boards:               './boards/boards_bundle.js',
@@ -45,6 +46,7 @@ var config = {
     group:                './group.js',
     groups:               './groups/index.js',
     groups_list:          './groups_list.js',
+    help:                 './help/help.js',
     how_to_merge:         './how_to_merge.js',
     issue_show:           './issue_show/index.js',
     integrations:         './integrations',
@@ -67,6 +69,7 @@ var config = {
     prometheus_metrics:   './prometheus_metrics',
     protected_branches:   './protected_branches',
     protected_tags:       './protected_tags',
+    registry_list:        './registry/index.js',
     repo:                 './repo/index.js',
     sidebar:              './sidebar/sidebar_bundle.js',
     schedule_form:        './pipeline_schedules/pipeline_schedule_form_bundle.js',
@@ -121,10 +124,6 @@ var config = {
         }
       },
       {
-        test: /locale\/\w+\/(.*)\.js$/,
-        loader: 'exports-loader?locales',
-      },
-      {
         test: /monaco-editor\/\w+\/vs\/loader\.js$/,
         use: [
           { loader: 'exports-loader', options: 'l.global' },
@@ -199,6 +198,7 @@ var config = {
         'pdf_viewer',
         'pipelines',
         'pipelines_details',
+        'registry_list',
         'repo',
         'schedule_form',
         'schedules_index',
@@ -221,7 +221,7 @@ var config = {
 
     // create cacheable common library bundles
     new webpack.optimize.CommonsChunkPlugin({
-      names: ['main', 'locale', 'common', 'webpack_runtime'],
+      names: ['main', 'common', 'webpack_runtime'],
     }),
 
     // enable scope hoisting