Add latest changes from gitlab-org/gitlab@master

11 files changed, 171 insertions, 117 deletions

diff --git a/spec/controllers/profiles/keys_controller_spec.rb b/spec/controllers/profiles/keys_controller_spec.rb
index 1a8568a08fe..66f6135df1e 100644
--- a/spec/controllers/profiles/keys_controller_spec.rb
+++ b/spec/controllers/profiles/keys_controller_spec.rb
@@ -20,108 +20,4 @@ RSpec.describe Profiles::KeysController do
       expect(Key.last.expires_at).to be_like_time(expires_at)
     end
   end
-
-  describe "#get_keys" do
-    describe "non existent user" do
-      it "does not generally work" do
-        get :get_keys, params: { username: 'not-existent' }
-
-        expect(response).not_to be_successful
-      end
-    end
-
-    describe "user with no keys" do
-      it "does generally work" do
-        get :get_keys, params: { username: user.username }
-
-        expect(response).to be_successful
-      end
-
-      it "renders all keys separated with a new line" do
-        get :get_keys, params: { username: user.username }
-
-        expect(response.body).to eq("")
-      end
-      it "responds with text/plain content type" do
-        get :get_keys, params: { username: user.username }
-        expect(response.media_type).to eq("text/plain")
-      end
-    end
-
-    describe "user with keys" do
-      let!(:key) { create(:key, user: user) }
-      let!(:another_key) { create(:another_key, user: user) }
-      let!(:deploy_key) { create(:deploy_key, user: user) }
-
-      describe "while signed in" do
-        before do
-          sign_in(user)
-        end
-
-        it "does generally work" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response).to be_successful
-        end
-
-        it "renders all non deploy keys separated with a new line" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response.body).not_to eq('')
-          expect(response.body).to eq(user.all_ssh_keys.join("\n"))
-
-          expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
-          expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
-
-          expect(response.body).not_to include(deploy_key.key)
-        end
-
-        it "does not render the comment of the key" do
-          get :get_keys, params: { username: user.username }
-          expect(response.body).not_to match(/dummy@gitlab.com/)
-        end
-
-        it "responds with text/plain content type" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response.media_type).to eq("text/plain")
-        end
-      end
-
-      describe 'when logged out' do
-        before do
-          sign_out(user)
-        end
-
-        it "still does generally work" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response).to be_successful
-        end
-
-        it "renders all non deploy keys separated with a new line" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response.body).not_to eq('')
-          expect(response.body).to eq(user.all_ssh_keys.join("\n"))
-
-          expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
-          expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
-
-          expect(response.body).not_to include(deploy_key.key)
-        end
-
-        it "does not render the comment of the key" do
-          get :get_keys, params: { username: user.username }
-          expect(response.body).not_to match(/dummy@gitlab.com/)
-        end
-
-        it "responds with text/plain content type" do
-          get :get_keys, params: { username: user.username }
-
-          expect(response.media_type).to eq("text/plain")
-        end
-      end
-    end
-  end
 end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index 8b89ced3031..862395069f0 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -221,6 +221,111 @@ RSpec.describe UsersController do
     end
   end
 
+  describe "#ssh_keys" do
+    describe "non existent user" do
+      it "does not generally work" do
+        get :ssh_keys, params: { username: 'not-existent' }
+
+        expect(response).not_to be_successful
+      end
+    end
+
+    describe "user with no keys" do
+      it "does generally work" do
+        get :ssh_keys, params: { username: user.username }
+
+        expect(response).to be_successful
+      end
+
+      it "renders all keys separated with a new line" do
+        get :ssh_keys, params: { username: user.username }
+
+        expect(response.body).to eq("")
+      end
+
+      it "responds with text/plain content type" do
+        get :ssh_keys, params: { username: user.username }
+        expect(response.content_type).to eq("text/plain")
+      end
+    end
+
+    describe "user with keys" do
+      let!(:key) { create(:key, user: user) }
+      let!(:another_key) { create(:another_key, user: user) }
+      let!(:deploy_key) { create(:deploy_key, user: user) }
+
+      describe "while signed in" do
+        before do
+          sign_in(user)
+        end
+
+        it "does generally work" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response).to be_successful
+        end
+
+        it "renders all non deploy keys separated with a new line" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response.body).not_to eq('')
+          expect(response.body).to eq(user.all_ssh_keys.join("\n"))
+
+          expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
+          expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
+
+          expect(response.body).not_to include(deploy_key.key)
+        end
+
+        it "does not render the comment of the key" do
+          get :ssh_keys, params: { username: user.username }
+          expect(response.body).not_to match(/dummy@gitlab.com/)
+        end
+
+        it "responds with text/plain content type" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response.content_type).to eq("text/plain")
+        end
+      end
+
+      describe 'when logged out' do
+        before do
+          sign_out(user)
+        end
+
+        it "still does generally work" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response).to be_successful
+        end
+
+        it "renders all non deploy keys separated with a new line" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response.body).not_to eq('')
+          expect(response.body).to eq(user.all_ssh_keys.join("\n"))
+
+          expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
+          expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
+
+          expect(response.body).not_to include(deploy_key.key)
+        end
+
+        it "does not render the comment of the key" do
+          get :ssh_keys, params: { username: user.username }
+          expect(response.body).not_to match(/dummy@gitlab.com/)
+        end
+
+        it "responds with text/plain content type" do
+          get :ssh_keys, params: { username: user.username }
+
+          expect(response.content_type).to eq("text/plain")
+        end
+      end
+    end
+  end
+
   describe 'GET #calendar' do
     context 'for user' do
       let(:project) { create(:project) }
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index 50656d14eb7..9b5e4a981a0 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -47,6 +47,10 @@ FactoryBot.define do
       user_type { :migration_bot }
     end
 
+    trait :security_bot do
+      user_type { :security_bot }
+    end
+
     trait :external do
       external { true }
     end
diff --git a/spec/features/issuables/discussion_lock_spec.rb b/spec/features/issues/discussion_lock_spec.rb
index 13f1742fbf6..13f1742fbf6 100644
--- a/spec/features/issuables/discussion_lock_spec.rb
+++ b/spec/features/issues/discussion_lock_spec.rb
diff --git a/spec/features/issuables/related_issues_spec.rb b/spec/features/issues/related_issues_spec.rb
index 837859bbe26..837859bbe26 100644
--- a/spec/features/issuables/related_issues_spec.rb
+++ b/spec/features/issues/related_issues_spec.rb
diff --git a/spec/features/projects_spec.rb b/spec/features/projects_spec.rb
index e67fb9c2bd6..618a256d4fb 100644
--- a/spec/features/projects_spec.rb
+++ b/spec/features/projects_spec.rb
@@ -34,7 +34,7 @@ RSpec.describe 'Project' do
     end
 
     context 'create with sample data template' do
-      it_behaves_like 'creates from template', Gitlab::SampleDataTemplate.find(:basic), '.sample-data-templates-tab'
+      it_behaves_like 'creates from template', Gitlab::SampleDataTemplate.find(:sample)
     end
   end
 
diff --git a/spec/lib/gitlab/sample_data_template_spec.rb b/spec/lib/gitlab/sample_data_template_spec.rb
index 7d0d415b3af..09ca41fcfc2 100644
--- a/spec/lib/gitlab/sample_data_template_spec.rb
+++ b/spec/lib/gitlab/sample_data_template_spec.rb
@@ -6,8 +6,7 @@ RSpec.describe Gitlab::SampleDataTemplate do
   describe '.all' do
     it 'returns all templates' do
       expected = %w[
-        basic
-        serenity_valley
+        sample
       ]
 
       expect(described_class.all).to be_an(Array)
@@ -19,7 +18,7 @@ RSpec.describe Gitlab::SampleDataTemplate do
     subject { described_class.find(query) }
 
     context 'when there is a match' do
-      let(:query) { :basic }
+      let(:query) { :sample }
 
       it { is_expected.to be_a(described_class) }
     end
diff --git a/spec/policies/global_policy_spec.rb b/spec/policies/global_policy_spec.rb
index 71c65857dde..e677f5558fd 100644
--- a/spec/policies/global_policy_spec.rb
+++ b/spec/policies/global_policy_spec.rb
@@ -7,6 +7,8 @@ RSpec.describe GlobalPolicy do
 
   let_it_be(:project_bot) { create(:user, :project_bot) }
   let_it_be(:migration_bot) { create(:user, :migration_bot) }
+  let_it_be(:security_bot) { create(:user, :security_bot) }
+
   let(:current_user) { create(:user) }
   let(:user) { create(:user) }
 
@@ -223,6 +225,12 @@ RSpec.describe GlobalPolicy do
       it { is_expected.not_to be_allowed(:access_api) }
     end
 
+    context 'security bot' do
+      let(:current_user) { security_bot }
+
+      it { is_expected.not_to be_allowed(:access_api) }
+    end
+
     context 'user blocked pending approval' do
       before do
         current_user.block_pending_approval
@@ -353,6 +361,12 @@ RSpec.describe GlobalPolicy do
       it { is_expected.to be_allowed(:access_git) }
     end
 
+    context 'security bot' do
+      let(:current_user) { security_bot }
+
+      it { is_expected.to be_allowed(:access_git) }
+    end
+
     describe 'deactivated user' do
       before do
         current_user.deactivate
@@ -513,6 +527,12 @@ RSpec.describe GlobalPolicy do
       it { is_expected.not_to be_allowed(:log_in) }
     end
 
+    context 'security bot' do
+      let(:current_user) { security_bot }
+
+      it { is_expected.not_to be_allowed(:log_in) }
+    end
+
     context 'user blocked pending approval' do
       before do
         current_user.block_pending_approval
diff --git a/spec/routing/routing_spec.rb b/spec/routing/routing_spec.rb
index 0f931e7cc9e..cbfb9f080ce 100644
--- a/spec/routing/routing_spec.rb
+++ b/spec/routing/routing_spec.rb
@@ -2,7 +2,8 @@
 
 require 'spec_helper'
 
-# user                       GET    /users/:username/
+# user                       GET    /:username
+# user_ssh_keys              GET    /:username.keys
 # user_groups                GET    /users/:username/groups(.:format)
 # user_projects              GET    /users/:username/projects(.:format)
 # user_contributed_projects  GET    /users/:username/contributed(.:format)
@@ -32,6 +33,13 @@ RSpec.describe UsersController, "routing" do
     expect(get("/users/User/snippets")).to route_to('users#snippets', username: 'User')
   end
 
+  # get all the ssh-keys of a user
+  it "to #ssh_keys" do
+    allow_any_instance_of(::Constraints::UserUrlConstrainer).to receive(:matches?).and_return(true)
+
+    expect(get("/User.keys")).to route_to('users#ssh_keys', username: 'User')
+  end
+
   it "to #calendar" do
     expect(get("/users/User/calendar")).to route_to('users#calendar', username: 'User')
   end
@@ -171,12 +179,6 @@ RSpec.describe Profiles::KeysController, "routing" do
   it "to #destroy" do
     expect(delete("/profile/keys/1")).to route_to('profiles/keys#destroy', id: '1')
   end
-
-  it "to #get_keys" do
-    allow_any_instance_of(::Constraints::UserUrlConstrainer).to receive(:matches?).and_return(true)
-
-    expect(get("/foo.keys")).to route_to('profiles/keys#get_keys', username: 'foo')
-  end
 end
 
 # keys GET    /gpg_keys      gpg_keys#index
diff --git a/spec/support/helpers/test_env.rb b/spec/support/helpers/test_env.rb
index 531f561da91..f54153a72f8 100644
--- a/spec/support/helpers/test_env.rb
+++ b/spec/support/helpers/test_env.rb
@@ -242,15 +242,39 @@ module TestEnv
 
   def setup_workhorse
     start = Time.now
+    return if skip_compile_workhorse?
+
     puts "\n==> Setting up GitLab Workhorse..."
 
     FileUtils.rm_rf(workhorse_dir)
     Gitlab::SetupHelper::Workhorse.compile_into(workhorse_dir)
     Gitlab::SetupHelper::Workhorse.create_configuration(workhorse_dir, nil)
 
+    File.write(workhorse_tree_file, workhorse_tree) if workhorse_source_clean?
+
     puts "    GitLab Workhorse set up in #{Time.now - start} seconds...\n"
   end
 
+  def skip_compile_workhorse?
+    File.directory?(workhorse_dir) &&
+      workhorse_source_clean? &&
+      File.exist?(workhorse_tree_file) &&
+      workhorse_tree == File.read(workhorse_tree_file)
+  end
+
+  def workhorse_source_clean?
+    out = IO.popen(%w[git status --porcelain workhorse], &:read)
+    $?.success? && out.empty?
+  end
+
+  def workhorse_tree
+    IO.popen(%w[git rev-parse HEAD:workhorse], &:read)
+  end
+
+  def workhorse_tree_file
+    File.join(workhorse_dir, 'WORKHORSE_TREE')
+  end
+
   def workhorse_dir
     @workhorse_path ||= File.join('tmp', 'tests', 'gitlab-workhorse')
   end
diff --git a/spec/workers/purge_dependency_proxy_cache_worker_spec.rb b/spec/workers/purge_dependency_proxy_cache_worker_spec.rb
index 9cd3b6636f5..8379b11af8f 100644
--- a/spec/workers/purge_dependency_proxy_cache_worker_spec.rb
+++ b/spec/workers/purge_dependency_proxy_cache_worker_spec.rb
@@ -6,6 +6,7 @@ RSpec.describe PurgeDependencyProxyCacheWorker do
   let_it_be(:user) { create(:admin) }
   let_it_be(:blob) { create(:dependency_proxy_blob )}
   let_it_be(:group, reload: true) { blob.group }
+  let_it_be(:manifest) { create(:dependency_proxy_manifest, group: group )}
   let_it_be(:group_id) { group.id }
 
   subject { described_class.new.perform(user.id, group_id) }
@@ -17,8 +18,9 @@ RSpec.describe PurgeDependencyProxyCacheWorker do
 
   describe '#perform' do
     shared_examples 'returns nil' do
-      it 'returns nil' do
+      it 'returns nil', :aggregate_failures do
         expect { subject }.not_to change { group.dependency_proxy_blobs.size }
+        expect { subject }.not_to change { group.dependency_proxy_manifests.size }
         expect(subject).to be_nil
       end
     end
@@ -27,12 +29,14 @@ RSpec.describe PurgeDependencyProxyCacheWorker do
       include_examples 'an idempotent worker' do
         let(:job_args) { [user.id, group_id] }
 
-        it 'deletes the blobs and returns ok' do
+        it 'deletes the blobs and returns ok', :aggregate_failures do
           expect(group.dependency_proxy_blobs.size).to eq(1)
+          expect(group.dependency_proxy_manifests.size).to eq(1)
 
           subject
 
           expect(group.dependency_proxy_blobs.size).to eq(0)
+          expect(group.dependency_proxy_manifests.size).to eq(0)
         end
       end
     end