ci: sync CircleCI config from master to 5.0.x

The two configurations became out of sync due to a few commits which were erroneously only applied to the master branch.
fix(animations): ensure DOM is cleaned up after multiple @trigger leave animations finish (#20740 )
2017-12-14 08:36:01 -08:00 · 2017-12-06 07:02:50 -08:00 · 2017-12-06 06:58:44 -08:00 · 2017-12-06 06:54:09 -08:00 · 2017-12-06 06:53:40 -08:00 · 2017-12-05 21:54:13 -08:00
4877 changed files with 80058 additions and 291359 deletions
--- a/.bazelignore
+++ b/.bazelignore
@ -1,3 +0,0 @@
-node_modules
-dist
-aio/node_modules
--- a/.bazelrc
+++ b/.bazelrc
@ -1,101 +1,18 @@
-# Load any settings specific to the current user
-try-import .bazelrc.user
-################################
-# Settings for Angular team members only
-################################
-# To enable this feature check the "Remote caching" section in docs/BAZEL.md.
-build:angular-team --remote_http_cache=https://storage.googleapis.com/angular-team-cache
-
-###############################
-# Typescript / Angular / Sass #
-###############################
-
 # Make compilation fast, by keeping a few copies of the compilers
 # running as daemons, and cache SourceFile AST's to reduce parse time.
 build --strategy=TypeScriptCompile=worker
 build --strategy=AngularTemplateCompile=worker

-# Enable debugging tests with --config=debug
-test:debug --test_arg=--node_options=--inspect-brk --test_output=streamed --test_strategy=exclusive --test_timeout=9999 --nocache_test_results
-
-###############################
-# Filesystem interactions     #
-###############################
-
-# Don't create symlinks like bazel-out in the project.
-# These cause VSCode to traverse a massive tree, opening file handles and
-# eventually a surprising failure with auto-discovery of the C++ toolchain in
-# MacOS High Sierra.
-# See https://github.com/bazelbuild/bazel/issues/4603
+# Don't create bazel-* symlinks in the WORKSPACE directory.
+# These require .gitignore and may scare users.
+# Also, it's a workaround for https://github.com/bazelbuild/rules_typescript/issues/12
+# which affects the common case of having `tsconfig.json` in the WORKSPACE directory.
+#
+# Instead, you should run `bazel info bazel-bin` to find out where the outputs went.
 build --symlink_prefix=/

 # Performance: avoid stat'ing input files
 build --watchfs

-# Turn off legacy external runfiles
-run --nolegacy_external_runfiles
-test --nolegacy_external_runfiles
-
-###############################
-# Release support             #
-# Turn on these settings with #
-#  --config=release           #
-###############################
-
-# Releases should always be stamped with version control info
-build:release --workspace_status_command=./tools/bazel_stamp_vars.sh
-
-###############################
-# Output                      #
-###############################
-
-# A more useful default output mode for bazel query
-# Prints eg. "ng_module rule //foo:bar" rather than just "//foo:bar"
-query --output=label_kind
-
-# By default, failing tests don't print any output, it goes to the log file
-test --test_output=errors
-
-# Show which actions are run under workers,
-# and print all the actions running in parallel.
-# Helps to demonstrate that bazel uses all the cores on the machine.
-build --experimental_ui
-test --experimental_ui
-
-################################
-# Settings for CircleCI        #
-################################
-
-# Bazel flags for CircleCI are in /.circleci/bazel.rc
-
-################################
-# Temporary Settings for Ivy   #
-################################
-# to determine if the compiler used should be Ivy or ViewEngine one can use `--define=compile=local` on
-# any bazel target. This is a temporary flag until codebase is permanently switched to Ivy.
-build --define=compile=legacy
-
-###############################
-# Remote Build Execution support
-# Turn on these settings with
-#  --config=remote
-###############################
-
-# Load default settings for Remote Build Execution
-import %workspace%/third_party/github.com/bazelbuild/bazel-toolchains/bazelrc/bazel-0.20.0.bazelrc
-
-# Increase the default number of jobs by 50% because our build has lots of
-# parallelism
-build:remote --jobs=150
-
-# Point to our custom execution platform; see tools/BUILD.bazel
-build:remote --extra_execution_platforms=//tools:rbe_ubuntu1604-angular
-build:remote --host_platform=//tools:rbe_ubuntu1604-angular
-build:remote --platforms=//tools:rbe_ubuntu1604-angular
-
-# Remote instance.
-build:remote --remote_instance_name=projects/internal-200822/instances/default_instance
-
-# Do not accept remote cache.
-# We need to understand the security risks of using prior build artifacts.
-build:remote --remote_accept_cached=false
+# Don't print all the .d.ts output locations after builds
+build --show_result=0
--- a/.buildkite/Dockerfile
+++ b/.buildkite/Dockerfile
@ -1,42 +0,0 @@
-# Heavily based on https://github.com/StefanScherer/dockerfiles-windows/ images.
-# Combines the node windowsservercore image with the Bazel Prerequisites (https://docs.bazel.build/versions/master/install-windows.html).
-# msys install taken from https://github.com/StefanScherer/dockerfiles-windows/issues/30
-# VS redist install taken from https://github.com/StefanScherer/dockerfiles-windows/blob/master/apache/Dockerfile
-# The nanoserver image won't work because MSYS2 does not run in it https://github.com/Alexpux/MSYS2-packages/issues/1493
-
-# Before building this image, you must locally build node-windows:10.13.0-windowsservercore-1803.
-# Clone https://github.com/StefanScherer/dockerfiles-windows/commit/4ce7101a766b9b880ac262479dd9126b64d656cf and build using
-# docker build -t node-windows:10.13.0-windowsservercore-1803 --build-arg core=microsoft/windowsservercore:1803 --build-arg target=microsoft/windowsservercore:1803 .
-FROM node-windows:10.13.0-windowsservercore-1803
-
-SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
-
-# Install 7zip to extract msys2
-RUN Invoke-WebRequest -UseBasicParsing 'https://www.7-zip.org/a/7z1805-x64.exe' -OutFile 7z.exe
-# For some reason the last letter in the destination directory is lost. So '/D=C:\\7zip0' will extract to '/D=C:\\7zip'.
-RUN Start-Process -FilePath 'C:\\7z.exe' -ArgumentList '/S', '/D=C:\\7zip0' -NoNewWindow -Wait
-
-# Extract msys2
-RUN Invoke-WebRequest -UseBasicParsing 'http://repo.msys2.org/distrib/x86_64/msys2-base-x86_64-20180531.tar.xz' -OutFile msys2.tar.xz
-RUN Start-Process -FilePath 'C:\\7zip\\7z' -ArgumentList 'e', 'msys2.tar.xz' -Wait
-RUN Start-Process -FilePath 'C:\\7zip\\7z' -ArgumentList 'x', 'msys2.tar', '-oC:\\' -Wait
-RUN Remove-Item msys2.tar.xz
-RUN Remove-Item msys2.tar
-RUN Remove-Item 7z.exe
-RUN Remove-Item -Recurse 7zip
-
-# Add MSYS2 to PATH, and set BAZEL_SH
-RUN [Environment]::SetEnvironmentVariable('Path', $env:Path + ';C:\msys64\usr\bin', [System.EnvironmentVariableTarget]::Machine)
-RUN [Environment]::SetEnvironmentVariable('BAZEL_SH', 'C:\msys64\usr\bin\bash.exe', [System.EnvironmentVariableTarget]::Machine)
-
-# Install Microsoft Visual C++ Redistributable for Visual Studio 2015
-RUN Invoke-WebRequest -UseBasicParsing 'https://download.microsoft.com/download/9/3/F/93FCF1E7-E6A4-478B-96E7-D4B285925B00/vc_redist.x64.exe' -OutFile vc_redist.x64.exe
-RUN Start-Process 'c:\\vc_redist.x64.exe' -ArgumentList '/Install', '/Passive', '/NoRestart' -NoNewWindow -Wait
-RUN Remove-Item vc_redist.x64.exe
-
-# Add a fix for https://github.com/docker/for-win/issues/2920 as entry point to the container.
-SHELL ["cmd", "/c"]
-COPY "fix-msys64.cmd" "C:\\fix-msys64.cmd"
-ENTRYPOINT cmd /C C:\\fix-msys64.cmd && cmd /c
-
-CMD ["cmd.exe"]
--- a/.buildkite/README.md
+++ b/.buildkite/README.md
@ -1,96 +0,0 @@
-# BuildKite configuration
-
-This folder contains configuration for the [BuildKite](https://buildkite.com) based CI checks for 
-this repository.
-
-BuildKite is a CI provider that provides build coordination and reports while we provide the 
-infrastructure.
-
-CI runs are triggered by new PRs and will show up on the GitHub checks interface, along with the 
-other current CI solutions.
-
-Currently it is only used for tests on Windows platforms.
-
-
-## The build pipeline
-
-BuildKite uses a pipeline for each repository. The `pipeline.yml` file defines pipeline 
-[build steps](https://buildkite.com/docs/pipelines/defining-steps) for this repository.
-
-Run results can be seen in the GitHub checks interface and in the 
-[pipeline dashboard](https://buildkite.com/angular/angular).
-
-Although most configuration is done via `pipeline.yml`, some options are only available
-in the online [pipeline settings](https://buildkite.com/angular/angular/settings).
-
-
-## Infrastructure
-
-BuildKite does not provide the host machines where the builds runs, providing instead the
-[BuildKite Agent](https://buildkite.com/docs/agent/v3) that should be run our own infrastructure.
-
-
-### Agents
-
-This agent polls the BuildKite API for builds, runs them, and reports back the results.
-Agents are the unit of concurrency: each agent can run one build at any given time. 
-Adding agents allows more builds to be ran at the same time.
-
-Individual agents can have tags, and pipeline steps can target only agents with certain tags via the
-`agents` field in `pipeline.yml`.
-For example: agents on Windows machines are tagged as `windows`, and the Windows specific build 
-steps list `windows: true` in their `agents` field.
-
-You can see the current agent pool, along with their tags, in the 
-[agents list](https://buildkite.com/organizations/angular/agents).
-
-
-### Our host machines
-
-We use [Google Cloud](https://cloud.google.com/) as our cloud provider, under the 
-[Angular project](https://console.cloud.google.com/home/dashboard?project=internal-200822).
-To access this project you need need to be logged in with a Google account that's a member of 
-team@angular.io. 
-For googlers this may be your google.com account, for others it is an angular.io account.
-
-In this project we have a number of Windows VMs running, each of them with several agents.
-The `provision-windows-buildkite.ps1` file contains instructions on how to create new host VMs that
-are fully configured to run the BuildKite agents as services.
-
-Our pipeline uses [docker-buildkite-plugin](https://github.com/buildkite-plugins/docker-buildkite-plugin)
-to run build steps inside docker containers.
-This way we achieve isolation and hermeticity.
-
-The `Dockerfile` file describes a custom Docker image that includes NodeJs, Yarn, and the Bazel 
-pre-requisites on Windows.
-
-To upload a new version of the docker image, follow any build instructions in `Dockerfile` and then
-run `docker build -t angular/node-bazel-windows:NEW_VERSION`, followed by 
-`docker push angular/node-bazel-windows:NEW_VERSION`. 
-After being pushed it should be available online, and you can use the new version in `pipeline.yml`.
-
-
-## Caretaker 
-
-BuildKite status can be found at https://www.buildkitestatus.com/.
-
-Issues related to the BuildKite setup should be escalated to the Tools Team via the current 
-caretaker, followed by Alex Eagle and Filipe Silva.
-
-Support requests should be submitted via email to support@buildkite.com and cc Igor, Misko, Alex,
-Jeremy and Manu
-
-
-## Rollout strategy
-
-At the moment our BuildKite CI uses 1 host VM running 4 agents, thus being capable of 4 concurrent 
-builds.
-The only test running is `bazel test //tools/ts-api-guardian:all`, and the PR check is not 
-mandatory.
-
-In the future we should add cache support to speed up the initial `yarn` install, and also Bazel
-remote caching to speed up Bazel builds.
-
-After the current setup is verified as stable and reliable the GitHub PR check can become mandatory.
-
-The tests ran should also be expanded to cover most, if not all, of the Bazel tests.
--- a/.buildkite/fix-msys64.cmd
+++ b/.buildkite/fix-msys64.cmd
@ -1,6 +0,0 @@
-@echo off
-REM Fix for https://github.com/docker/for-win/issues/2920
-REM echo "Fixing msys64 folder..."
-REM Touch all .dll files inside C:\msys64\
-forfiles /p C:\msys64\ /s /m *.dll /c "cmd /c Copy /B @path+,, >NUL"
-REM echo "Fixed msys64 folder."
--- a/.buildkite/pipeline.yml
+++ b/.buildkite/pipeline.yml
@ -1,10 +0,0 @@
-steps:
-  - label: windows-test
-    commands:
-      - "yarn install --frozen-lockfile --non-interactive --network-timeout 100000"
-      - "yarn bazel test //tools/ts-api-guardian:all --noshow_progress"
-    plugins:
-      - docker#v2.1.0:
-          image: "filipesilva/node-bazel-windows:0.0.2"
-    agents:
-      windows: true
--- a/.buildkite/provision-windows-buildkite.ps1
+++ b/.buildkite/provision-windows-buildkite.ps1
@ -1,92 +0,0 @@
-# PowerShell script to provision a Windows Server with BuildKite
-# This script follows https://buildkite.com/docs/agent/v3/windows.
-
-# Instructions
-
-# VM creation:
-# In Google Cloud Platform, create a Compute Engine instance.
-# We recommend machine type n1-highcpu-16 (16 vCPUs, 14.4 GB memory).
-# Use a windows boot disk with container support such as
-# "Windows Server version 1803 Datacenter Core for Containers".
-# Give it a name, then click "Create".
-
-# VM setup:
-# In the Compute Engine menu, select "VM Instances". Click on the VM name you chose before.
-# Click "Set Windows Password" to choose a username and password.
-# Click RDP to open a remote desktop via browser, using the username and password.
-# In the Windows command prompt start an elevated powershell by inputing
-# "powershell -Command "Start-Process PowerShell -Verb RunAs" followed by Enter.
-# Download and execute this script from GitHub, passing the token (mandatory), tags (optional)
-# and number of agents (optional) as args:
-# ```
-# Invoke-WebRequest -Uri https://raw.githubusercontent.com/angular/angular/master/.buildkite/provision-windows-buildkite.ps1 -OutFile provision.ps1
-# .\provision.ps1 -token "MY_TOKEN" -tags "windows=true,another_tag=true" -agents 4
-# ```
-# The VM should restart and be fully configured.
-
-# Creating extra VMs
-# You can create an image of the current VM by following the instructions below.
-# https://cloud.google.com/compute/docs/instances/windows/creating-windows-os-image
-# Then create a new VM and choose "Custom images".
-
-
-# Script proper.
-
-# Get the token and tags from arguments.
-param (
-  [Parameter(Mandatory=$true)][string]$token,
-  [string]$tags = ""
-  [Int]$agents = 1
-)
-
-# Allow HTTPS
-[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
-
-# Helper to add to PATH.
-# Will take current PATH so avoid running it after anything to modifies only the powershell session path.
-function Add-Path ([string]$newPathItem) {
-  $Env:Path+= ";" +  $newPathItem + ";"
-  [Environment]::SetEnvironmentVariable("Path",$env:Path, [System.EnvironmentVariableTarget]::Machine)
-}
-
-# Install Git for Windows
-Write-Host "Installing Git for Windows."
-Invoke-WebRequest -Uri https://github.com/git-for-windows/git/releases/download/v2.19.1.windows.1/Git-2.19.1-64-bit.exe -OutFile git.exe
-.\git.exe /VERYSILENT /NORESTART /NOCANCEL /SP- /CLOSEAPPLICATIONS /RESTARTAPPLICATIONS /COMPONENTS="icons,ext\reg\shellhere,assoc,assoc_sh" /DIR="C:\git"
-Add-Path "C:\git\bin"
-Remove-Item git.exe
-
-# Download NSSM (https://nssm.cc/) to run the BuildKite agent as a service.
-Write-Host "Downloading NSSM."
-Invoke-WebRequest -Uri https://nssm.cc/ci/nssm-2.24-101-g897c7ad.zip -OutFile nssm.zip
-Expand-Archive -Path nssm.zip -DestinationPath C:\nssm
-Add-Path "C:\nssm\nssm-2.24-101-g897c7ad\win64"
-Remove-Item nssm.zip
-
-# Run the BuildKite agent install script
-Write-Host "Installing BuildKite agent."
-$env:buildkiteAgentToken = $token
-$env:buildkiteAgentTags = $tags
-Set-ExecutionPolicy Bypass -Scope Process -Force
-iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/buildkite/agent/master/install.ps1'))
-
-# Configure the BuildKite agent clone and timestamp behavior
-Add-Content C:\buildkite-agent\buildkite-agent.cfg "`ngit-clone-flags=--config core.autocrlf=input --config core.eol=lf --config core.longpaths=true --config core.symlinks=true`n"
-Add-Content C:\buildkite-agent\buildkite-agent.cfg "`ntimestamp-lines=true`n"
-
-# Register the BuildKite agent service using NSSM, so that it persists through restarts and is
-# restarted if the process dies.
-for ($i=1; $i -le $agents; $i++)
-{
-  $agentName = "buildkite-agent-$i"
-  Write-Host "Registering $agentName as a service."
-  nssm.exe install $agentName "C:\buildkite-agent\bin\buildkite-agent.exe" "start"
-  nssm.exe set $agentName AppStdout "C:\buildkite-agent\$agentName.log"
-  nssm.exe set $agentName AppStderr "C:\buildkite-agent\$agentName.log"
-  nssm.exe status $agentName
-  nssm.exe start $agentName
-  nssm.exe status $agentName
-}
-
-# Restart the machine.
-Restart-Computer
--- a/.circleci/README.md
+++ b/.circleci/README.md
@ -1,19 +0,0 @@
-# Encryption
-
-Based on https://github.com/circleci/encrypted-files
-
-In the CircleCI web UI, we have a secret variable called `KEY`
-https://circleci.com/gh/angular/angular/edit#env-vars
-which is only exposed to non-fork builds
-(see "Pass secrets to builds from forked pull requests" under
-https://circleci.com/gh/angular/angular/edit#advanced-settings)
-
-We use this as a symmetric AES encryption key to encrypt tokens like
-a GitHub token that enables publishing snapshots.
-
-To create the github_token file, we take this approach:
- Find the angular-builds:token in http://valentine
- Go inside the CircleCI default docker image so you use the same version of openssl as we will at runtime: `docker run --rm -it circleci/node:10.12`
- echo "https://[token]:@github.com" > credentials
- openssl aes-256-cbc -e -in credentials -out .circleci/github_token -k $KEY
- If needed, base64-encode the result so you can copy-paste it out of docker: `base64 github_token`
--- a/.circleci/bazel.rc
+++ b/.circleci/bazel.rc
@ -1,26 +0,0 @@
-# These options are enabled when running on CI
-# We do this by copying this file to /etc/bazel.bazelrc at the start of the build.
-# See documentation in /docs/BAZEL.md
-
-# Don't be spammy in the logs
-# TODO(gmagolan): Hide progress again once build performance improves
-# Presently, CircleCI can timeout during bazel test ... with the following
-# error: Too long with no output (exceeded 10m0s)
-# build --noshow_progress
-
-# Print all the options that apply to the build.
-# This helps us diagnose which options override others
-# (e.g. /etc/bazel.bazelrc vs. tools/bazel.rc)
-build --announce_rc
-
-# Workaround https://github.com/bazelbuild/bazel/issues/3645
-# Bazel doesn't calculate the memory ceiling correctly when running under Docker.
-# Limit Bazel to consuming resources that fit in CircleCI "xlarge" class
-# https://circleci.com/docs/2.0/configuration-reference/#resource_class
-build --local_resources=14336,8.0,1.0
-
-# Retry in the event of flakes, eg. https://circleci.com/gh/angular/angular/31309
-test --flaky_test_attempts=2
-
-# More details on failures
-build --verbose_failures=true
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -7,50 +7,25 @@
 # To validate changes, use an online parser, eg.
 # http://yaml-online-parser.appspot.com/

-# Note that the browser docker image comes with Chrome and Firefox preinstalled. This is just
-# needed for jobs that run tests without Bazel. Bazel runs tests with browsers that will be
-# fetched by the Webtesting rules. Therefore for jobs that run tests with Bazel, we don't need a
-# docker image with browsers pre-installed.
-# **NOTE**: If you change the version of the docker images, also change the `cache_key` suffix.
-var_1: &default_docker_image circleci/node:10.12
-var_2: &browsers_docker_image circleci/node:10.12-browsers
-var_3: &cache_key v2-angular-{{ .Branch }}-{{ checksum "yarn.lock" }}-node-10.12
+# Variables

-# Define common ENV vars
-var_4: &define_env_vars
-  run:
-    name: Define environment variables
-    command: ./.circleci/env.sh
-
-var_5: &setup_bazel_remote_execution
-  run:
-    name: "Setup bazel RBE remote execution"
-    command: |
-      openssl aes-256-cbc -d -in .circleci/gcp_token -k "$CI_REPO_NAME" -out /home/circleci/.gcp_credentials
-      echo "export GOOGLE_APPLICATION_CREDENTIALS=/home/circleci/.gcp_credentials" >> $BASH_ENV
-      sudo bash -c "echo 'build --config=remote' >> /etc/bazel.bazelrc"
+## IMPORTANT
+# If you change the `docker_image` version, also change the `cache_key` suffix and the version of
+# `com_github_bazelbuild_buildtools` in the `/WORKSPACE` file.
+var_1: &docker_image angular/ngcontainer:0.0.8
+var_2: &cache_key angular-{{ .Branch }}-{{ checksum "yarn.lock" }}-0.0.8

 # Settings common to each job
-var_6: &job_defaults
+anchor_1: &job_defaults
  working_directory: ~/ng
  docker:
-  - image: *default_docker_image
+    - image: *docker_image

 # After checkout, rebase on top of master.
 # Similar to travis behavior, but not quite the same.
 # See https://discuss.circleci.com/t/1662
-var_7: &post_checkout
-  post: git pull --ff-only origin "refs/pull/${CI_PULL_REQUEST//*pull\//}/merge"
-
-var_8: &yarn_install
-  run:
-    name: Running Yarn install
-    command: yarn install --frozen-lockfile --non-interactive
-
-var_9: &setup_circleci_bazel_config
-  run:
-    name: Setting up CircleCI bazel configuration
-    command: sudo cp .circleci/bazel.rc /etc/bazel.bazelrc
+anchor_2: &post_checkout
+  post: git pull --ff-only origin "refs/pull/${CIRCLE_PULL_REQUEST//*pull\//}/merge"

 version: 2
 jobs:
@ -59,407 +34,40 @@ jobs:
    steps:
      - checkout:
          <<: *post_checkout
+      # Check BUILD.bazel formatting before we have a node_modules directory
+      # Then we don't need any exclude pattern to avoid checking those files
+      - run: 'buildifier -mode=check $(find . -type f \( -name BUILD.bazel -or -name BUILD \)) ||
+              (echo "BUILD files not formatted. Please run ''yarn buildifier''" ; exit 1)'
+
      - restore_cache:
          key: *cache_key
-      - *define_env_vars
-      - *yarn_install
-
-      - run: 'yarn bazel:format -mode=check ||
-              (echo "BUILD files not formatted. Please run ''yarn bazel:format''" ; exit 1)'
-      # Run the skylark linter to check our Bazel rules
-      - run: 'yarn bazel:lint ||
-              (echo -e "\n.bzl files have lint errors. Please run ''yarn bazel:lint-fix''"; exit 1)'

+      - run: yarn install --frozen-lockfile --non-interactive
      - run: ./node_modules/.bin/gulp lint

-  test:
+  build:
    <<: *job_defaults
-    resource_class: xlarge
    steps:
      - checkout:
          <<: *post_checkout
      - restore_cache:
          key: *cache_key
-      - *define_env_vars
-      - *setup_circleci_bazel_config
-      - *yarn_install
-
-      # Setup remote execution and run RBE-compatible tests.
-      - *setup_bazel_remote_execution
-      - run: yarn bazel test //... --build_tag_filters=-ivy-only --test_tag_filters=-ivy-only,-local
-      # Now run RBE incompatible tests locally.
-      - run: sudo cp .circleci/bazel.rc /etc/bazel.bazelrc
-      - run: yarn bazel test //... --build_tag_filters=-ivy-only,local --test_tag_filters=-ivy-only,local
+      
+      - run: bazel info release
+      - run: bazel run @yarn//:yarn
+      # Use bazel query so that we explicitly ask for all buildable targets to be built as well
+      # This avoids waiting for a build command to finish before running the first test
+      # See https://github.com/bazelbuild/bazel/issues/4257
+      - run: bazel query --output=label '//packages/... union @angular//...' | xargs bazel test --config=ci

      - save_cache:
          key: *cache_key
          paths:
            - "node_modules"
-            - "~/bazel_repository_cache"
-
-  # Temporary job to test what will happen when we flip the Ivy flag to true
-  test_ivy_aot:
-    <<: *job_defaults
-    resource_class: xlarge
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-      - *setup_circleci_bazel_config
-      - *yarn_install
-      - *setup_bazel_remote_execution
-
-        # We need to explicitly specify the --symlink_prefix option because otherwise we would
-        # not be able to easily find the output bin directory when uploading artifacts for size
-        # measurements.
-      - run: yarn test-ivy-aot //... --symlink_prefix=dist/
-
-        # Publish bundle artifacts which will be used to calculate the size change. **Note**: Make
-        # sure that the size plugin from the Angular robot fetches the artifacts from this CircleCI
-        # job (see .github/angular-robot.yml). Additionally any artifacts need to be stored with the
-        # following path format: "{projectName}/{context}/{fileName}". This format is necessary
-        # because otherwise the bot is not able to pick up the artifacts from CircleCI. See:
-        # https://github.com/angular/github-robot/blob/master/functions/src/plugins/size.ts#L392-L394
-      - store_artifacts:
-          path: dist/bin/packages/core/test/bundling/hello_world/bundle.min.js
-          destination: core/hello_world/bundle
-      - store_artifacts:
-          path: dist/bin/packages/core/test/bundling/todo/bundle.min.js
-          destination: core/todo/bundle
-      - store_artifacts:
-          path: dist/bin/packages/core/test/bundling/hello_world/bundle.min.js.br
-          destination: core/hello_world/bundle.br
-      - store_artifacts:
-          path: dist/bin/packages/core/test/bundling/todo/bundle.min.js.br
-          destination: core/todo/bundle.br
-
-  test_aio:
-    <<: *job_defaults
-    docker:
-      # Needed because the AIO tests and the PWA score test depend on Chrome being available.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-        # Build aio
-      - run: yarn --cwd aio build --progress=false
-        # Lint the code
-      - run: yarn --cwd aio lint
-        # Run PWA-score tests
-        # (Run before unit and e2e tests, which destroy the `dist/` directory.)
-      - run: yarn --cwd aio test-pwa-score-localhost $CI_AIO_MIN_PWA_SCORE
-        # Check the bundle sizes.
-        # (Run before unit and e2e tests, which destroy the `dist/` directory.)
-      - run: yarn --cwd aio payload-size
-        # Run unit tests
-      - run: yarn --cwd aio test --watch=false
-        # Run e2e tests
-      - run: yarn --cwd aio e2e
-        # Run unit tests for Firebase redirects
-      - run: yarn --cwd aio redirects-test
-
-  deploy_aio:
-    <<: *job_defaults
-    docker:
-    # Needed because before deploying the deploy-production script runs the PWA score tests.
-    - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-        # Deploy angular.io to production (if necessary)
-      - run: setPublicVar CI_STABLE_BRANCH "$(npm info @angular/core dist-tags.latest | sed -r 's/^\s*([0-9]+\.[0-9]+)\.[0-9]+.*$/\1.x/')"
-      - run: yarn --cwd aio deploy-production
-
-  test_aio_local:
-    <<: *job_defaults
-    docker:
-      # Needed because the AIO tests and the PWA score test depend on Chrome being available.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - attach_workspace:
-          at: dist
-      - *define_env_vars
-        # Build aio (with local Angular packages)
-      - run: yarn --cwd aio build-local --progress=false
-        # Run PWA-score tests
-        # (Run before unit and e2e tests, which destroy the `dist/` directory.)
-      - run: yarn --cwd aio test-pwa-score-localhost $CI_AIO_MIN_PWA_SCORE
-        # Run unit tests
-      - run: yarn --cwd aio test --watch=false
-        # Run e2e tests
-      - run: yarn --cwd aio e2e
-
-  test_aio_tools:
-    <<: *job_defaults
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - attach_workspace:
-          at: dist
-      - *define_env_vars
-        # Install
-      - run: yarn --cwd aio install --frozen-lockfile --non-interactive
-      - run: yarn --cwd aio extract-cli-command-docs
-        # Run tools tests
-      - run: yarn --cwd aio tools-test
-      - run: ./aio/aio-builds-setup/scripts/test.sh
-
-  test_docs_examples_0:
-    <<: *job_defaults
-    docker:
-      # Needed because the example e2e tests depend on Chrome.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - attach_workspace:
-          at: dist
-      - *define_env_vars
-        # Install root
-      - *yarn_install
-        # Install aio
-      - run: yarn --cwd aio install --frozen-lockfile --non-interactive
-        # Run examples tests
-      - run: yarn --cwd aio example-e2e --setup --local --shard=0/2
-
-  test_docs_examples_1:
-    <<: *job_defaults
-    docker:
-      # Needed because the example e2e tests depend on Chrome.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - attach_workspace:
-          at: dist
-      - *define_env_vars
-        # Install root
-      - *yarn_install
-        # Install aio
-      - run: yarn --cwd aio install --frozen-lockfile --non-interactive
-        # Run examples tests
-      - run: yarn --cwd aio example-e2e --setup --local --shard=1/2
-
-  # This job should only be run on PR builds, where `CI_PULL_REQUEST` is not `false`.
-  aio_preview:
-    <<: *job_defaults
-    environment:
-       AIO_SNAPSHOT_ARTIFACT_PATH: &aio_preview_artifact_path 'aio/tmp/snapshot.tgz'
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-      - *yarn_install
-      - run: ./aio/scripts/build-artifacts.sh $AIO_SNAPSHOT_ARTIFACT_PATH $CI_PULL_REQUEST $CI_COMMIT
-      - store_artifacts:
-          path: *aio_preview_artifact_path
-          # The `destination` needs to be kept in synch with the value of
-          # `AIO_ARTIFACT_PATH` in `aio/aio-builds-setup/Dockerfile`
-          destination: aio/dist/aio-snapshot.tgz
-      - run: node ./aio/scripts/create-preview $CIRCLE_BUILD_NUM
-
-  # This job should only be run on PR builds, where `CI_PULL_REQUEST` is not `false`.
-  test_aio_preview:
-    <<: *job_defaults
-    docker:
-      # Needed because the test-preview script runs e2e tests and the PWA score test with Chrome.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-      - run: yarn install --cwd aio --frozen-lockfile --non-interactive
-      - run:
-          name: Wait for preview and run tests
-          command: node aio/scripts/test-preview.js $CI_PULL_REQUEST $CI_COMMIT $CI_AIO_MIN_PWA_SCORE
-
-  # This job exists only for backwards-compatibility with old scripts and tests
-  # that rely on the pre-Bazel dist/packages-dist layout.
-  # It duplicates some work with the job above: we build the bazel packages
-  # twice. Even though we have a remote cache, these jobs will typically run in
-  # parallel so up-to-date outputs will not be available at the time the build
-  # starts.
-  # No new jobs should depend on this one.
-  build-packages-dist:
-    <<: *job_defaults
-    resource_class: xlarge
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-      - *setup_circleci_bazel_config
-      - *yarn_install
-      - *setup_bazel_remote_execution
-
-      - run: scripts/build-packages-dist.sh
-
-      # Save the npm packages from //packages/... for other workflow jobs to read
-      # https://circleci.com/docs/2.0/workflows/#using-workspaces-to-share-data-among-jobs
-      - persist_to_workspace:
-          root: dist
-          paths:
-            - packages-dist
-            - packages-dist-ivy-jit
-            - packages-dist-ivy-aot
-
-  # We run the integration tests outside of Bazel for now.
-  # They are a separate workflow job so that they can be easily re-run.
-  # When the tests are ported to bazel test targets, they should move to the "test"
-  # job above, as part of the bazel test command. That has flaky_test_attempts so the
-  # need to re-run manually should be alleviated.
-  # See comments inside the integration/run_tests.sh script.
-  integration_test:
-    <<: *job_defaults
-    docker:
-      # Needed because the integration tests expect Chrome to be installed (e.g cli-hello-world)
-      - image: *browsers_docker_image
-    # Note: we run Bazel in one of the integration tests, and it can consume >2G
-    # of memory. Together with the system under test, this can exhaust the RAM
-    # on a 4G worker so we use a larger machine here too.
-    resource_class: xlarge
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - attach_workspace:
-          at: dist
-      - *define_env_vars
-      - run: ./integration/run_tests.sh
-
-  # This job updates the content of repos like github.com/angular/core-builds
-  # for every green build on angular/angular.
-  publish_snapshot:
-    <<: *job_defaults
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - *define_env_vars
-      # See below - ideally this job should not trigger for non-upstream builds.
-      # But since it does, we have to check this condition.
-      - run:
-          name: Skip this job for Pull Requests and Fork builds
-          # Note, `|| true` on the end makes this step always exit 0
-          command: '[[
-              "$CI_PULL_REQUEST" != "false"
-              || "$CI_REPO_OWNER" != "angular"
-              || "$CI_REPO_NAME" != "angular"
-          ]] && circleci step halt || true'
-      - attach_workspace:
-          at: dist
-      # CircleCI has a config setting to force SSH for all github connections
-      # This is not compatible with our mechanism of using a Personal Access Token
-      # Clear the global setting
-      - run: git config --global --unset "url.ssh://git@github.com.insteadof"
-      - run:
-          name: Decrypt github credentials
-          command: 'openssl aes-256-cbc -d -in .circleci/github_token -k "${KEY}" -out ~/.git_credentials'
-      - run: ./scripts/ci/publish-build-artifacts.sh
-
-  aio_monitoring:
-    <<: *job_defaults
-    docker:
-      # This job needs Chrome to be globally installed because the tests run with Protractor
-      # which does not load the browser through the Bazel webtesting rules.
-      - image: *browsers_docker_image
-    steps:
-      - checkout:
-          <<: *post_checkout
-      - restore_cache:
-          key: *cache_key
-      - *define_env_vars
-      - run:
-          name: Run tests against the deployed apps
-          command: ./aio/scripts/test-production.sh $CI_AIO_MIN_PWA_SCORE
-      - run:
-          name: Notify caretaker about failure
-          command: 'curl --request POST --header "Content-Type: application/json" --data "{\"text\":\":x: \`$CIRCLE_JOB\` job failed on build $CIRCLE_BUILD_NUM: $CIRCLE_BUILD_URL :scream:\"}" $CI_SECRET_SLACK_CARETAKER_WEBHOOK_URL'
-          when: on_fail

 workflows:
  version: 2
  default_workflow:
    jobs:
      - lint
-      - test
-      - test_ivy_aot
-      - build-packages-dist
-      - test_aio
-      - deploy_aio:
-          requires:
-            - test_aio
-      - test_aio_local:
-          requires:
-            - build-packages-dist
-      - test_aio_tools:
-          requires:
-            - build-packages-dist
-      - test_docs_examples_0:
-          requires:
-            - build-packages-dist
-      - test_docs_examples_1:
-          requires:
-            - build-packages-dist
-      - aio_preview:
-          # Only run on PR builds. (There can be no previews for non-PR builds.)
-          filters:
-            branches:
-              only: /pull\/\d+/
-      - test_aio_preview:
-          requires:
-            - aio_preview
-      - integration_test:
-          requires:
-            - build-packages-dist
-      - publish_snapshot:
-          # Note: no filters on this job because we want it to run for all upstream branches
-          # We'd really like to filter out pull requests here, but not yet available:
-          # https://discuss.circleci.com/t/workflows-pull-request-filter/14396/4
-          # Instead, the job just exits immediately at the first step.
-          requires:
-            # Only publish if tests and integration tests pass
-            - test
-            - test_ivy_aot
-            - integration_test
-            # Only publish if `aio`/`docs` tests using the locally built Angular packages pass
-            - test_aio_local
-            - test_docs_examples_0
-            - test_docs_examples_1
-            # Get the artifacts to publish from the build-packages-dist job
-            # since the publishing script expects the legacy outputs layout.
-            - build-packages-dist
-
-  aio_monitoring:
-    jobs:
-      - aio_monitoring
-    triggers:
-      - schedule:
-          cron: "0 0 * * *"
-          filters:
-            branches:
-              only:
-                - master
+      - build
--- a/.circleci/env-helpers.inc.sh
+++ b/.circleci/env-helpers.inc.sh
@ -1,38 +0,0 @@
-####################################################################################################
-# Helpers for defining environment variables for CircleCI.
-#
-# In CircleCI, each step runs in a new shell. The way to share ENV variables across steps is to
-# export them from `$BASH_ENV`, which is automatically sourced at the beginning of every step (for
-# the default `bash` shell).
-#
-# See also https://circleci.com/docs/2.0/env-vars/#using-bash_env-to-set-environment-variables.
-####################################################################################################
-
-# Set and print an environment variable.
-#
-# Use this function for setting environment variables that are public, i.e. it is OK for them to be
-# visible to anyone through the CI logs.
-#
-# Usage: `setPublicVar <name> <value>`
-function setPublicVar() {
-  setSecretVar $1 $2;
-  echo "$1=$2";
-}
-
-# Set (without printing) an environment variable.
-#
-# Use this function for setting environment variables that are secret, i.e. should not be visible to
-# everyone through the CI logs.
-#
-# Usage: `setSecretVar <name> <value>`
-function setSecretVar() {
-  # WARNING: Secrets (e.g. passwords, access tokens) should NOT be printed.
-  # (Keep original shell options to restore at the end.)
-  local -r originalShellOptions=$(set +o);
-  set +x -eu -o pipefail;
-
-  echo "export $1=\"${2:-}\";" >> $BASH_ENV;
-
-  # Restore original shell options.
-  eval "$originalShellOptions";
-}
--- a/.circleci/env.sh
+++ b/.circleci/env.sh
@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-# Load helpers and make them available everywhere (through `$BASH_ENV`).
-readonly envHelpersPath="`dirname $0`/env-helpers.inc.sh";
-source $envHelpersPath;
-echo "source $envHelpersPath;" >> $BASH_ENV;
-
-
-####################################################################################################
-# Define PUBLIC environment variables for CircleCI.
-####################################################################################################
-setPublicVar PROJECT_ROOT "$(pwd)";
-setPublicVar CI_AIO_MIN_PWA_SCORE "95";
-# This is the branch being built; e.g. `pull/12345` for PR builds.
-setPublicVar CI_BRANCH "$CIRCLE_BRANCH";
-setPublicVar CI_COMMIT "$CIRCLE_SHA1";
-# `CI_COMMIT_RANGE` will only be available when `CIRCLE_COMPARE_URL` is also available,
-# i.e. on push builds (a.k.a. non-PR builds). That is fine, since we only need it in push builds.
-setPublicVar CI_COMMIT_RANGE "$(sed -r 's|^.*/([0-9a-f]+\.\.\.[0-9a-f]+)$|\1|i' <<< ${CIRCLE_COMPARE_URL:-})";
-setPublicVar CI_PULL_REQUEST "${CIRCLE_PR_NUMBER:-false}";
-setPublicVar CI_REPO_NAME "$CIRCLE_PROJECT_REPONAME";
-setPublicVar CI_REPO_OWNER "$CIRCLE_PROJECT_USERNAME";
-
-
-####################################################################################################
-# Define SECRET environment variables for CircleCI.
-####################################################################################################
-setSecretVar CI_SECRET_AIO_DEPLOY_FIREBASE_TOKEN "$AIO_DEPLOY_TOKEN";
-setSecretVar CI_SECRET_PAYLOAD_FIREBASE_TOKEN "$ANGULAR_PAYLOAD_TOKEN";
-# Defined in https://angular-team.slack.com/apps/A0F7VRE7N-circleci.
-setSecretVar CI_SECRET_SLACK_CARETAKER_WEBHOOK_URL "$SLACK_CARETAKER_WEBHOOK_URL";
-
-
-# Source `$BASH_ENV` to make the variables available immediately.
-source $BASH_ENV;
--- a/.circleci/gcp_token
+++ b/.circleci/gcp_token
--- a/.circleci/github_token
+++ b/.circleci/github_token
--- a/.circleci/setup_cache.sh
+++ b/.circleci/setup_cache.sh
@ -1,11 +0,0 @@
-#!/bin/sh
-# Install bazel remote cache proxy
-# This is temporary until the feature is no longer experimental on CircleCI.
-# See remote cache documentation in /docs/BAZEL.md
-
-set -u -e
-
-readonly DOWNLOAD_URL="https://5-116431813-gh.circle-artifacts.com/0/pkg/bazel-remote-proxy-$(uname -s)_$(uname -m)"
-
-curl --fail -o ~/bazel-remote-proxy "$DOWNLOAD_URL"
-chmod +x ~/bazel-remote-proxy
--- a/.circleci/trigger-webhook.js
+++ b/.circleci/trigger-webhook.js
@ -1,107 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Usage (cli):
- * ```
- * node create-preview <build-number> <job-name> <webhook-url>
- * ```
- *
- * Usage (JS):
- * ```js
- * require('./trigger-webhook').
- *   triggerWebhook(buildNumber, jobName, webhookUrl).
- *   then(...);
- * ```
- *
- * Triggers a notification webhook with CircleCI specific info.
- *
- * It can be used for notifying external servers and trigger operations based on CircleCI job status
- * (e.g. triggering the creation of a preview based on previously stored build atrifacts).
- *
- * The body of the sent payload is of the form:
- * ```json
- * {
- *   "payload": {
- *     "build_num": ${buildNumber}
- *     "build_parameters": {
- *       "CIRCLE_JOB": "${jobName}"
- *     }
- *   }
- * }
- * ```
- *
- * When used from JS, it returns a promise which resolves to an object of the form:
- * ```json
- * {
- *   "statucCode": ${statusCode},
- *   "responseText": "${responseText}"
- * }
- * ```
- *
- * NOTE:
- * - When used from the cli, the command will exit with an error code if the response's status code
- *   is outside the [200, 400) range.
- * - When used from JS, the returned promise will be resolved, even if the response's status code is
- *   outside the [200, 400) range. It is up to the caller to decide how this should be handled.
- */
-
-// Imports
-const {request} = require('https');
-
-// Exports
-module.exports = {
-  triggerWebhook,
-};
-
-// Run
-if (require.resolve === module) {
-  _main(process.argv.slice(2));
-}
-
-// Helpers
-function _main(args) {
-  triggerWebhook(...args).
-    then(({statusCode, responseText}) => (200 <= statusCode && statusCode < 400) ?
-      console.log(`Status: ${statusCode}\n${responseText}`) :
-      Promise.reject(new Error(`Request failed (status: ${statusCode}): ${responseText}`))).
-    catch(err => {
-      console.error(err);
-      process.exit(1);
-    });
-}
-
-function postJson(url, data) {
-  return new Promise((resolve, reject) => {
-    const opts = {method: 'post', headers: {'Content-Type': 'application/json'}};
-    const onResponse = res => {
-      const statusCode = res.statusCode || -1;
-      let responseText = '';
-
-      res.
-        on('error', reject).
-        on('data', d => responseText += d).
-        on('end', () => resolve({statusCode, responseText}));
-    };
-
-    request(url, opts, onResponse).
-      on('error', reject).
-      end(JSON.stringify(data));
-  });
-}
-
-async function triggerWebhook(buildNumber, jobName, webhookUrl) {
-  if (!buildNumber || !jobName || !webhookUrl || isNaN(buildNumber)) {
-    throw new Error(
-        'Missing or invalid arguments.\n' +
-        'Expected: buildNumber (number), jobName (string), webhookUrl (string)');
-  }
-
-  const data = {
-    payload: {
-      build_num: +buildNumber,
-      build_parameters: {CIRCLE_JOB: jobName},
-    },
-  };
-
-  return postJson(webhookUrl, data);
-}
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -1,10 +1,57 @@
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
+<!--
+PLEASE HELP US PROCESS GITHUB ISSUES FASTER BY PROVIDING THE FOLLOWING INFORMATION.

-Please help us process issues more efficiently by filing an
-issue using one of the following templates:
+ISSUES MISSING IMPORTANT INFORMATION MAY BE CLOSED WITHOUT INVESTIGATION.
+-->

-https://github.com/angular/angular/issues/new/choose
+## I'm submitting a...
+<!-- Check one of the following options with "x" -->
+<pre><code>
+[ ] Regression (a behavior that used to work and stopped working in a new release)
+[ ] Bug report  <!-- Please search GitHub for a similar issue or PR before submitting -->
+[ ] Feature request
+[ ] Documentation issue or request
+[ ] Support request => Please do not submit support request here, instead see https://github.com/angular/angular/blob/master/CONTRIBUTING.md#question
+</code></pre>

-Thank you!
+## Current behavior
+<!-- Describe how the issue manifests. -->

-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
+
+## Expected behavior
+<!-- Describe what the desired behavior would be. -->
+
+
+## Minimal reproduction of the problem with instructions
+<!--
+For bug reports please provide the *STEPS TO REPRODUCE* and if possible a *MINIMAL DEMO* of the problem via
+https://plnkr.co or similar (you can use this template as a starting point: http://plnkr.co/edit/tpl:AvJOMERrnz94ekVua0u5).
+-->
+
+## What is the motivation / use case for changing the behavior?
+<!-- Describe the motivation or the concrete use case. -->
+
+
+## Environment
+
+<pre><code>
+Angular version: X.Y.Z
+<!-- Check whether this is still an issue in the most recent Angular version -->
+
+Browser:
+- [ ] Chrome (desktop) version XX
+- [ ] Chrome (Android) version XX
+- [ ] Chrome (iOS) version XX
+- [ ] Firefox version XX
+- [ ] Safari (desktop) version XX
+- [ ] Safari (iOS) version XX
+- [ ] IE version XX
+- [ ] Edge version XX
+ 
+For Tooling issues:
+- Node version: XX  <!-- run `node --version` -->
+- Platform:  <!-- Mac, Linux, Windows -->
+
+Others:
+<!-- Anything else relevant?  Operating system version, IDE, package manager, HTTP server, ... -->
+</code></pre>
--- a/.github/ISSUE_TEMPLATE/1-bug-report.md
+++ b/.github/ISSUE_TEMPLATE/1-bug-report.md
@ -1,63 +0,0 @@
---
-name: "\U0001F41EBug report"
-about: Report a bug in the Angular Framework
---
-<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
-
-Oh hi there! 😄 
-
-To expedite issue processing please search open and closed issues before submitting a new one.
-Existing issues often contain information about workarounds, resolution, or progress updates.
-
-🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
-
-
-# 🐞 bug report
-
-### Affected Package
-<!-- Can you pin-point one or more @angular/* packages as the source of the bug? -->
-<!-- ✍️edit: --> The issue is caused by package @angular/....
-
-
-### Is this a regression?
-
-<!-- Did this behavior use to work in the previous version? -->
-<!-- ✍️--> Yes, the previous version in which this bug was not present was: ....
-
-
-### Description
-
-<!-- ✍️--> A clear and concise description of the problem...
-
-
-## 🔬 Minimal Reproduction
-<!--
-Please create and share minimal reproduction of the issue starting with this template: https://stackblitz.com/fork/angular-issue-repro2
-->
-<!-- ✍️--> https://stackblitz.com/...
-
-<!--
-If StackBlitz is not suitable for reproduction of your issue, please create a minimal GitHub repository with the reproduction of the issue. Share the link to the repo below along with step-by-step instructions to reproduce the problem, as well as expected and actual behavior.
-->
-
-## 🔥 Exception or Error
-<pre><code>
-<!-- If the issue is accompanied by an exception or an error, please share it below: -->
-<!-- ✍️-->
-
-</code></pre>
-
-
-## 🌍  Your Environment
-
-**Angular Version:**
-<pre><code>
-<!-- run `ng version` and paste output below -->
-<!-- ✍️-->
-
-</code></pre>
-
-**Anything else relevant?**
-<!-- ✍️Is this a browser specific issue? If so, please specify the browser and version. -->
-
-<!-- ✍️Do any of these matter: operating system, IDE, package manager, HTTP server, ...? If so, please mention it below. -->
--- a/.github/ISSUE_TEMPLATE/2-feature-request.md
+++ b/.github/ISSUE_TEMPLATE/2-feature-request.md
@ -1,32 +0,0 @@
---
-name: "\U0001F680Feature request"
-about: Suggest a feature for Angular Framework
-
---
-<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
-
-Oh hi there! 😄 
-
-To expedite issue processing please search open and closed issues before submitting a new one.
-Existing issues often contain information about workarounds, resolution, or progress updates.
-
-🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
-
-
-# 🚀 feature request
-
-### Relevant Package
-<!-- Can you pin-point one or more @angular/* packages the are relevant for this feature request? -->
-<!-- ✍️edit: --> This feature request is for @angular/....
-
-
-### Description
-<!-- ✍️--> A clear and concise description of the problem or missing capability...
-
-
-### Describe the solution you'd like
-<!-- ✍️--> If you have a solution in mind, please describe it.
-
-
-### Describe alternatives you've considered
-<!-- ✍️--> Have you considered any alternative solutions or workarounds?
--- a/.github/ISSUE_TEMPLATE/3-docs-bug.md
+++ b/.github/ISSUE_TEMPLATE/3-docs-bug.md
@ -1,55 +0,0 @@
---
-name: "📚 Docs or angular.io issue report"
-about: Report an issue in Angular's documentation or angular.io application
-
---
-<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅
-
-Oh hi there! 😄
-
-To expedite issue processing please search open and closed issues before submitting a new one.
-Existing issues often contain information about workarounds, resolution, or progress updates.
-
-🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅-->
-
-# 📚 Docs or angular.io bug report
-
-### Description
-
-<!-- ✍️edit:--> A clear and concise description of the problem...
-
-
-## 🔬 Minimal Reproduction
-
-### What's the affected URL?**
-<!-- ✍️edit:--> https://angular.io/...
-
-### Reproduction Steps**
-<!-- If applicable please list the steps to take to reproduce the issue -->
-<!-- ✍️edit:-->
-
-### Expected vs Actual Behavior**
-<!-- If applicable please describe the difference between the expected and actual behavior after following the repro steps. -->
-<!-- ✍️edit:-->
-
-
-## 📷Screenshot
-<!-- Often a screenshot can help to capture the issue better than a long description. -->
-<!-- ✍️upload a screenshot:-->
-
-
-## 🔥 Exception or Error
-<pre><code>
-<!-- If the issue is accompanied by an exception or an error, please share it below: -->
-<!-- ✍️-->
-
-</code></pre>
-
-
-## 🌍  Your Environment
-
-### Browser info
-<!-- ✍️Is this a browser specific issue? If so, please specify the device, browser, and version. -->
-
-### Anything else relevant?
-<!-- ✍️Please provide additional info if necessary. -->
--- a/.github/ISSUE_TEMPLATE/4-security-issue-disclosure.md
+++ b/.github/ISSUE_TEMPLATE/4-security-issue-disclosure.md
@ -1,11 +0,0 @@
---
-name: ⚠️ Security issue disclosure
-about: Report a security issue in Angular Framework, Material, or CLI
-
---
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
-
-Please read https://angular.io/guide/security#report-issues on how to disclose security related issues.
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
--- a/.github/ISSUE_TEMPLATE/5-support-request.md
+++ b/.github/ISSUE_TEMPLATE/5-support-request.md
@ -1,16 +0,0 @@
---
-name: "❓Support request"
-about: Questions and requests for support
-
---
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
-
-Please do not file questions or support requests on the GitHub issues tracker.
-
-You can get your questions answered using other communication channels. Please see: 
-https://github.com/angular/angular/blob/master/CONTRIBUTING.md#question
-
-Thank you!
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
--- a/.github/ISSUE_TEMPLATE/6-angular-cli.md
+++ b/.github/ISSUE_TEMPLATE/6-angular-cli.md
@ -1,13 +0,0 @@
---
-name: "\U0001F6E0️Angular CLI"
-about: Issues and feature requests for Angular CLI
-
---
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
-
-Please file any Angular CLI issues at: https://github.com/angular/angular-cli/issues/new
-
-For the time being, we keep Angular CLI issues in a separate repository.
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
--- a/.github/ISSUE_TEMPLATE/7-angular-material.md
+++ b/.github/ISSUE_TEMPLATE/7-angular-material.md
@ -1,13 +0,0 @@
---
-name: "\U0001F48EAngular Material"
-about: Issues and feature requests for Angular Material
-
---
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
-
-Please file any Angular Material issues at: https://github.com/angular/material2/issues/new
-
-For the time being, we keep Angular Material issues in a separate repository.
-
-🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑🛑
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -10,17 +10,17 @@ Please check if your PR fulfills the following requirements:
 What kind of change does this PR introduce?

 <!-- Please check the one that applies to this PR using "x". -->
-
- [ ] Bugfix
- [ ] Feature
- [ ] Code style update (formatting, local variables)
- [ ] Refactoring (no functional changes, no api changes)
- [ ] Build related changes
- [ ] CI related changes
- [ ] Documentation content changes
- [ ] angular.io application / infrastructure changes
- [ ] Other... Please describe:
-
+```
+[ ] Bugfix
+[ ] Feature
+[ ] Code style update (formatting, local variables)
+[ ] Refactoring (no functional changes, no api changes)
+[ ] Build related changes
+[ ] CI related changes
+[ ] Documentation content changes
+[ ] angular.io application / infrastructure changes
+[ ] Other... Please describe:
+```

 ## What is the current behavior?
 <!-- Please describe the current behavior that you are modifying, or link to a relevant issue. -->
@ -32,10 +32,10 @@ Issue Number: N/A


 ## Does this PR introduce a breaking change?
-
- [ ] Yes
- [ ] No
-
+```
+[ ] Yes
+[ ] No
+```

 <!-- If this PR contains a breaking change, please describe the impact and migration path for existing applications below. -->

--- a/.github/angular-robot.yml
+++ b/.github/angular-robot.yml
@ -1,152 +0,0 @@
-# Configuration for angular-robot
-
-#options for the size plugin
-size:
-  disabled: false
-  maxSizeIncrease: 2000
-  circleCiStatusName: "ci/circleci: test_ivy_aot"
-
-# options for the merge plugin
-merge:
-  # the status will be added to your pull requests
-  status:
-    # set to true to disable
-    disabled: false
-    # the name of the status
-    context: "ci/angular: merge status"
-    # text to show when all checks pass
-    successText: "All checks passed!"
-    # text to show when some checks are failing
-    failureText: "The following checks are failing:"
-
-  # the g3 status will be added to your pull requests if they include files that match the patterns
-  g3Status:
-    # set to true to disable
-    disabled: false
-    # the name of the status
-    context: "google3"
-    # text to show when the status is pending, {{PRNumber}} will be replaced by the PR number
-    pendingDesc: "Googler: run g3sync presubmit {{PRNumber}}"
-    # text to show when the status is success
-    successDesc: "Does not affect google3"
-    # link to use for the details
-    url: "http://go/angular-g3sync"
-    # list of patterns to check for the files changed by the PR
-    # this list must be manually kept in sync with google3/third_party/javascript/angular2/copy.bara.sky
-    include:
-      - "LICENSE"
-      - "modules/**"
-      - "packages/**"
-    # list of patterns to ignore for the files changed by the PR
-    exclude:
-      - "packages/bazel/*.bzl"
-      - "packages/language-service/**"
-      - "**/.gitignore"
-      - "**/.gitkeep"
-      - "**/package.json"
-      - "**/tsconfig-build.json"
-      - "**/tsconfig.json"
-      - "**/rollup.config.js"
-      - "**/BUILD.bazel"
-      - "packages/**/integrationtest/**"
-      - "packages/**/test/**"
-      - "packages/compiler-cli/src/ngcc/**"
-
-  # comment that will be added to a PR when there is a conflict, leave empty or set to false to disable
-  mergeConflictComment: "Hi @{{PRAuthor}}! This PR has merge conflicts due to recent upstream merges.
-\nPlease help to unblock it by resolving these conflicts. Thanks!"
-
-  # label to monitor
-  mergeLabel: "PR action: merge"
-
-  # adding any of these labels will also add the merge label
-  mergeLinkedLabels:
-    - "PR action: merge-assistance"
-
-  # list of checks that will determine if the merge label can be added
-  checks:
-
-    # require that the PR has reviews from all requested reviewers
-    #
-    # This enables us to request reviews from both eng and tech writers, or multiple eng folks, and prevents accidental merges.
-    # Rather than merging PRs with pending reviews, if all PullApprove requirements are satisfied and additional reviews are not needed pending reviewers should be removed via GitHub UI (this also leaves an audit trail behind these decisions).
-    requireReviews: true,
-
-    # whether the PR shouldn't have a conflict with the base branch
-    noConflict: true
-    # list of labels that a PR needs to have, checked with a regexp (e.g. "PR target:" will work for the label "PR target: master")
-    requiredLabels:
-      - "PR target: *"
-      - "cla: yes"
-
-    # list of labels that a PR shouldn't have, checked after the required labels with a regexp
-    forbiddenLabels:
-      - "PR target: TBD"
-      - "PR action: cleanup"
-      - "PR action: review"
-      - "PR state: blocked"
-      - "cla: no"
-
-    # list of PR statuses that need to be successful
-    requiredStatuses:
-      - "continuous-integration/travis-ci/pr"
-      - "code-review/pullapprove"
-      - "ci/circleci: build"
-      - "ci/circleci: lint"
-
-  # the comment that will be added when the merge label is added despite failing checks, leave empty or set to false to disable
-  # {{MERGE_LABEL}} will be replaced by the value of the mergeLabel option
-  # {{PLACEHOLDER}} will be replaced by the list of failing checks
-  mergeRemovedComment: "I see that you just added the `{{MERGE_LABEL}}` label, but the following checks are still failing:
-\n{{PLACEHOLDER}}
-\n
-\n**If you want your PR to be merged, it has to pass all the CI checks.**
-\n
-\nIf you can't get the PR to a green state due to flakes or broken master, please try rebasing to master and/or restarting the CI job. If that fails and you believe that the issue is not due to your change, please contact the caretaker and ask for help."
-
-# options for the triage plugin
-triage:
-  # number of the milestone to apply when the issue has not been triaged yet
-  needsTriageMilestone: 83,
-  # number of the milestone to apply when the issue is triaged
-  defaultMilestone: 82,
-  # arrays of labels that determine if an issue has been triaged by the caretaker
-  l1TriageLabels:
-    -
-      - "comp: *"
-  # arrays of labels that determine if an issue has been fully triaged
-  l2TriageLabels:
-    -
-      - "type: bug/fix"
-      - "severity*"
-      - "freq*"
-      - "comp: *"
-    -
-      - "type: feature"
-      - "comp: *"
-    -
-      - "type: refactor"
-      - "comp: *"
-    -
-      - "type: RFC / Discussion / question"
-      - "comp: *"
-
-# options for the triage PR plugin
-triagePR:
-  # set to true to disable
-  disabled: false
-  # number of the milestone to apply when the PR has not been triaged yet
-  needsTriageMilestone: 83,
-  # number of the milestone to apply when the PR is triaged
-  defaultMilestone: 82,
-  # arrays of labels that determine if a PR has been triaged by the caretaker
-  l1TriageLabels:
-    -
-      - "comp: *"
-  # arrays of labels that determine if a PR has been fully triaged
-  l2TriageLabels:
-    -
-      - "type: *"
-      - "effort*"
-      - "risk*"
-      - "comp: *"
--- a/.gitignore
+++ b/.gitignore
@ -1,8 +1,7 @@
 .DS_STORE

 /dist/
-/bazel-*
-/integration/bazel/bazel-*
+bazel-*
 e2e_test.*
 node_modules
 bower_components
@ -30,7 +29,3 @@ yarn-error.log

 # rollup-test output
 /modules/rollup-test/dist/
-
-# User specific bazel settings
-.bazelrc.user
-
--- a/.nvmrc
+++ b/.nvmrc
@ -1 +1 @@
-10.9.0
+6.9.5
--- a/.pullapprove.yml
+++ b/.pullapprove.yml
@ -7,24 +7,25 @@
 #
 # alexeagle - Alex Eagle
 # alxhub - Alex Rickabaugh
-# andrewseguin - Andrew Seguin
-# benlesh - Ben Lesh
-# brandonroberts - Brandon Roberts
 # brocco - Mike Brocchi
+# chuckjaz - Chuck Jazdzewski
 # filipesilva - Filipe Silva
+# Foxandxss - Jesús Rodríguez
 # gkalpak - George Kalpakas
 # hansl - Hans Larsen
 # IgorMinar - Igor Minar
 # jasonaden - Jason Aden
-# jenniferfell - Jennifer Fell
+# juleskremer - Jules Kremer
 # kara - Kara Erickson
-# kyliau - Keen Yee Liau
 # matsko - Matias Niemelä
 # mhevery - Misko Hevery
 # petebacondarwin - Pete Bacon Darwin
 # pkozlowski-opensource - Pawel Kozlowski
 # robwormald - Rob Wormald
+# tinayuangao - Tina Gao
+# vicb - Victor Berchet
 # vikerman - Vikram Subramanian
+# wardbell - Ward Bell


 version: 2
@ -35,41 +36,20 @@ group_defaults:
    enabled: true
  approve_by_comment:
    enabled: false
-  # see http://docs.pullapprove.com/groups/author_approval/
-  author_approval:
-    # If the author is a reviewer on the PR, they will automatically have an "approved" status.
-    auto: true

 groups:
-  # Require all PRs to have at least one approval from *someone*
-  all:
-    users: all
-    required: 1
-    rejection_value: -999
-    # In this group, your self-approval does not count
-    author_approval:
-      auto: false
-      ignored: true
-    files:
-      include:
-        - "*"
-
  root:
    conditions:
      files:
        include:
          - "*"
        exclude:
-          - "WORKSPACE"
-          - "BUILD.bazel"
-          - ".circleci/*"
          - "aio/*"
          - "integration/*"
          - "modules/*"
          - "packages/*"
          - "tools/*"
    users:
-      - alexeagle
      - IgorMinar
      - mhevery

@ -87,18 +67,13 @@ groups:
      files:
        include:
          - "WORKSPACE"
-          - ".bazel*"
          - "*.bazel"
          - "*.bzl"
          - "packages/bazel/*"
-          - "/docs/BAZEL.md"
    users:
      - alexeagle #primary
-      - kyliau
-      - IgorMinar #fallback
-      - mhevery
+      - chuckjaz
      - vikerman #fallback
-      - kara

  build-and-ci:
    conditions:
@ -109,9 +84,8 @@ groups:
          - "*.lock"
          - "tools/*"
        exclude:
-          - "aio/*"
-          - "packages/core/test/bundling/*"
          - "tools/public_api_guard/*"
+          - "aio/*"
    users:
      - IgorMinar #primary
      - alexeagle
@ -125,119 +99,49 @@ groups:
    users:
      - alexeagle
      - mhevery
+      - vicb
      - IgorMinar #fallback

  core:
    conditions:
      files:
        - "packages/core/*"
-        - "aio/content/guide/bootstrapping.md"
-        - "aio/content/examples/bootstrapping/*"
-        - "aio/content/guide/attribute-directives.md"
-        - "aio/content/examples/attribute-directives/*"
-        - "aio/content/images/guide/attribute-directives/*"
-        - "aio/content/guide/structural-directives.md"
-        - "aio/content/examples/structural-directives/*"
-        - "aio/content/images/guide/structural-directives/*"
-        - "aio/content/guide/dynamic-component-loader.md"
-        - "aio/content/examples/dynamic-component-loader/*"
-        - "aio/content/images/guide/dynamic-component-loader/*"
-        - "aio/content/guide/template-syntax.md"
-        - "aio/content/examples/template-syntax/*"
-        - "aio/content/images/guide/template-syntax/*"
-        - "aio/content/guide/dependency-injection.md"
-        - "aio/content/examples/dependency-injection/*"
-        - "aio/content/images/guide/dependency-injection/*"
-        - "aio/content/guide/dependency-injection-in-action.md"
-        - "aio/content/examples/dependency-injection-in-action/*"
-        - "aio/content/images/guide/dependency-injection-in-action/*"
-        - "aio/content/guide/hierarchical-dependency-injection.md"
-        - "aio/content/examples/hierarchical-dependency-injection/*"
-        - "aio/content/guide/singleton-services.md"
-        - "aio/content/guide/dependency-injection-pattern.md"
-        - "aio/content/guide/providers.md"
-        - "aio/content/examples/providers/*"
-        - "aio/content/guide/component-interaction.md"
-        - "aio/content/examples/component-interaction/*"
-        - "aio/content/images/guide/component-interaction/*"
-        - "aio/content/guide/component-styles.md"
-        - "aio/content/examples/component-styles/*"
-        - "aio/content/guide/lifecycle-hooks.md"
-        - "aio/content/examples/lifecycle-hooks/*"
-        - "aio/content/images/guide/lifecycle-hooks/*"
-        - "aio/content/examples/ngcontainer/*"
-        - "aio/content/images/guide/ngcontainer/*"
-        - "aio/content/guide/pipes.md"
-        - "aio/content/examples/pipes/*"
-        - "aio/content/images/guide/pipes/*"
-        - "aio/content/guide/entry-components.md"
-        - "aio/content/guide/set-document-title.md"
-        - "aio/content/examples/set-document-title/*"
-        - "aio/content/images/guide/set-document-title/*"
-        - "aio/content/guide/ngmodules.md"
-        - "aio/content/examples/ngmodules/*"
-        - "aio/content/examples/ngmodule/*"
-        - "aio/content/images/guide/ngmodule/*"
-        - "aio/content/guide/ngmodule-faq.md"
-        - "aio/content/examples/ngmodule-faq/*"
-        - "aio/content/guide/module-types.md"
-        - "aio/content/guide/sharing-ngmodules.md"
-        - "aio/content/guide/frequent-ngmodules.md"
-        - "aio/content/images/guide/frequent-ngmodules/*"
-        - "aio/content/guide/ngmodule-api.md"
-        - "aio/content/guide/ngmodule-vs-jsmodule.md"
-        - "aio/content/guide/feature-modules.md"
-        - "aio/content/examples/feature-modules/*"
-        - "aio/content/images/guide/feature-modules/*"
-        - "aio/content/guide/lazy-loading-ngmodules.md"
-        - "aio/content/examples/lazy-loading-ngmodules/*"
-        - "aio/content/images/guide/lazy-loading-ngmodules"
    users:
-      - mhevery #primary
-      - jasonaden
-      - kara
-      - IgorMinar
-      - jenniferfell #docs only
+      - chuckjaz #primary
+      - mhevery
+      - vicb
+      - IgorMinar #fallback

  animations:
    conditions:
      files:
        - "packages/animations/*"
        - "packages/platform-browser/animations/*"
-        - "aio/content/guide/animations.md"
-        - "aio/content/examples/animations/*"
-        - "aio/content/images/guide/animations/*"
    users:
      - matsko #primary
+      - chuckjaz #fallback
      - mhevery #fallback
      - IgorMinar #fallback
-      - jenniferfell #docs only
-      - kara

  compiler/i18n:
    conditions:
      files:
        - "packages/compiler/src/i18n/*"
-        - "aio/content/guide/i18n.md"
-        - "aio/content/examples/i18n/*"
    users:
-      - alxhub #primary
+      - vicb #primary
+      - chuckjaz
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only
-      - kara

  compiler:
    conditions:
      files:
        - "packages/compiler/*"
-        - "aio/content/guide/aot-compiler.md"
    users:
-      - alxhub #primary
+      - chuckjaz #primary
+      - vicb
      - mhevery
      - IgorMinar #fallback
-      - jenniferfell #docs only
-      - kara

  compiler-cli/ngtools:
    conditions:
@ -246,8 +150,7 @@ groups:
    users:
      - hansl
      - filipesilva #fallback
-      - IgorMinar #fallback
-      - kara
+      - brocco #fallback

  compiler-cli:
    conditions:
@ -259,10 +162,10 @@ groups:
          - "packages/compiler-cli/src/ngtools*"
    users:
      - alexeagle
-      - alxhub
+      - chuckjaz
+      - vicb
      - IgorMinar #fallback
      - mhevery #fallback
-      - kara

  common:
    conditions:
@ -273,188 +176,115 @@ groups:
          - "packages/common/http/*"
    users:
      - pkozlowski-opensource #primary
+      - vicb
      - IgorMinar #fallback
      - mhevery #fallback
-      - kara

  forms:
    conditions:
      files:
        - "packages/forms/*"
-        - "aio/content/guide/forms.md"
-        - "aio/content/examples/forms/*"
-        - "aio/content/images/guide/forms/*"
-        - "aio/content/guide/forms-overview.md"
-        - "aio/content/examples/forms-overview/*"
-        - "aio/content/images/guide/forms-overview/*"
-        - "aio/content/guide/form-validation.md"
-        - "aio/content/examples/form-validation/*"
-        - "aio/content/images/guide/form-validation/*"
-        - "aio/content/guide/dynamic-form.md"
-        - "aio/content/examples/dynamic-form/*"
-        - "aio/content/images/guide/dynamic-form/*"
-        - "aio/content/guide/reactive-forms.md"
-        - "aio/content/examples/reactive-forms/*"
-        - "aio/content/images/guide/reactive-forms/*"
    users:
      - kara #primary
+      - tinayuangao #secondary
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only

  http:
    conditions:
      files:
        - "packages/common/http/*"
        - "packages/http/*"
-        - "aio/content/guide/http.md"
-        - "aio/content/examples/http/*"
-        - "aio/content/images/guide/http/*"
    users:
-      - alxhub #primary
-      - IgorMinar
+      - vikerman #primary
+      - alxhub
+      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only

  language-service:
    conditions:
      files:
        - "packages/language-service/*"
-        - "aio/content/guide/language-service.md"
-        - "aio/content/images/guide/language-service/*"
    users:
-      - kyliau #primary
+      - chuckjaz #primary
      # needs secondary
+      - vicb
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only

  router:
    conditions:
      files:
        - "packages/router/*"
-        - "aio/content/guide/router.md"
-        - "aio/content/examples/router/*"
-        - "aio/content/images/guide/router/*"
    users:
-      - jasonaden #primary
+      - jasonaden
+      - vicb
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only
-      - kara
-
-  testing:
-    conditions:
-      files:
-        - "*/testing/*"
-        - "aio/content/guide/testing.md"
-        - "aio/content/examples/testing/*"
-        - "aio/content/images/guide/testing/*"
-    users:
-      - vikerman
-      - IgorMinar #fallback
-      - mhevery #fallback
-      - jenniferfell #docs only

  upgrade:
    conditions:
      files:
        - "packages/upgrade/*"
-        - "aio/content/guide/upgrade.md"
-        - "aio/content/examples/upgrade-module/*"
-        - "aio/content/images/guide/upgrade/*"
-        - "aio/content/examples/upgrade-phonecat-1-typescript/*"
-        - "aio/content/examples/upgrade-phonecat-2-hybrid/*"
-        - "aio/content/examples/upgrade-phonecat-3-final/*"
-        - "aio/content/guide/upgrade-performance.md"
-        - "aio/content/guide/ajs-quick-reference.md"
-        - "aio/content/examples/ajs-quick-reference/*"
    users:
      - petebacondarwin #primary
      - gkalpak
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only
-      - kara

  platform-browser:
    conditions:
      files:
        - "packages/platform-browser/*"
    users:
-      - mhevery #primary
+      - vicb #primary
      # needs secondary
      - IgorMinar #fallback
-      - kara
+      - mhevery #fallback

  platform-server:
    conditions:
      files:
        - "packages/platform-server/*"
-        - "aio/content/guide/universal.md"
-        - "aio/content/examples/universal/*"
    users:
      - vikerman #primary
-      - alxhub #secondary
+      # needs secondary
+      - alxhub
+      - vicb
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only

  platform-webworker:
    conditions:
      files:
        - "packages/platform-webworker/*"
    users:
-      - mhevery #primary
+      - vicb #primary
      # needs secondary
      - IgorMinar #fallback
-      - kara
+      - mhevery #fallback

  service-worker:
    conditions:
      files:
        - "packages/service-worker/*"
-        - "aio/content/guide/service-worker-getting-started.md"
-        - "aio/content/examples/service-worker-getting-started/*"
-        - "aio/content/guide/service-worker-communications.md"
-        - "aio/content/guide/service-worker-config.md"
-        - "aio/content/guide/service-worker-devops.md"
-        - "aio/content/guide/service-worker-intro.md"
-        - "aio/content/images/guide/service-worker/*"
    users:
-      - gkalpak #primary
-      - alxhub
-      - IgorMinar
-      - mhevery #fallback
-      - jenniferfell #docs only
-
-  elements:
-    conditions:
-      files:
-        - "packages/elements/*"
-        - "aio/content/examples/elements/*"
-        - "aio/content/images/guide/elements/*"
-        - "aio/content/guide/elements.md"
-    users:
-      - andrewseguin #primary
+      - alxhub #primary
      - gkalpak
-      - robwormald
      - IgorMinar #fallback
      - mhevery #fallback
-      - jenniferfell #docs only
-      - kara

  benchpress:
    conditions:
      files:
        - "packages/benchpress/*"
    users:
-      - alxhub # primary
+      - alxhub #primary
      # needs secondary
      - IgorMinar #fallback
      - mhevery #fallback

-  docs-infra:
+  angular.io:
    conditions:
      files:
        include:
@ -467,7 +297,7 @@ groups:
      - gkalpak
      - mhevery #fallback

-  docs/guide-and-tutorial:
+  angular.io-guide-and-tutorial:
    conditions:
      files:
        include:
@ -477,66 +307,26 @@ groups:
          - "aio/content/navigation.json"
          - "aio/content/license.md"
    users:
+      - juleskremer #primary
+      - Foxandxss
      - stephenfluin
-      - jenniferfell
-      - brandonroberts
+      - wardbell
      - petebacondarwin
      - gkalpak
-      - IgorMinar
+      - IgorMinar #fallback
      - mhevery #fallback

-  docs/marketing:
+  angular.io-marketing:
    conditions:
      files:
        include:
          - "aio/content/marketing/*"
-          - "aio/content/images/marketing/*"
          - "aio/content/navigation.json"
          - "aio/content/license.md"
    users:
+      - juleskremer #primary
      - stephenfluin
      - petebacondarwin
      - gkalpak
-      - IgorMinar
-      - robwormald
+      - IgorMinar #fallback
      - mhevery #fallback
-
-  docs/observables:
-    conditions:
-      files:
-        - "aio/content/examples/observables/*"
-        - "aio/content/images/guide/observables/*"
-        - "aio/content/guide/observables.md"
-        - "aio/content/guide/comparing-observables.md"
-        - "aio/content/examples/observables-in-angular/*"
-        - "aio/content/images/guide/observables-in-angular/*"
-        - "aio/content/guide/observables-in-angular.md"
-        - "aio/content/examples/practical-observable-usage/*"
-        - "aio/content/guide/practical-observable-usage.md"
-        - "aio/content/examples/rx-library/*"
-        - "aio/content/guide/rx-library.md"
-    users:
-      - jasonaden
-      - benlesh
-      - IgorMinar
-      - mhevery
-      - jenniferfell #docs only
-
-  docs/packaging:
-    conditions:
-      files:
-        - "aio/content/guide/npm-packages.md"
-        - "aio/content/guide/browser-support.md"
-        - "aio/content/guide/typescript-configuration.md"
-        - "aio/content/guide/setup-systemjs-anatomy.md"
-        - "aio/content/examples/setup/*"
-        - "aio/content/guide/setup.md"
-        - "aio/content/guide/deployment.md"
-        - "aio/content/guide/releases.md"
-        - "aio/content/guide/updating.md"
-    users:
-      - IgorMinar #primary
-      - alexeagle
-      - hansl
-      - mhevery #fallback
-      - jenniferfell #docs only
--- a/.travis.yml
+++ b/.travis.yml
@ -2,7 +2,7 @@ language: node_js
 sudo: false
 dist: trusty
 node_js:
-  - '10.9.0'
+  - '8.9.1'

 addons:
 #  firefox: "38.0"
@ -13,7 +13,11 @@ addons:
    packages:
      # needed to install g++ that is used by npms's native modules
      - g++-4.8
-
+  # https://docs.travis-ci.com/user/jwt
+  jwt:
+    # SAUCE_ACCESS_KEY<=secret for NGBUILDS_IO_KEY to work around travis-ci/travis-ci#7223, unencrypted value in valentine as NGBUILDS_IO_KEY>
+    # we alias NGBUILDS_IO_KEY to $SAUCE_ACCESS_KEY in env.sh and set the SAUCE_ACCESS_KEY there
+    - secure: "L7nrZwkAtFtYrP2DykPXgZvEKjkv0J/TwQ/r2QGxFTaBq4VZn+2Dw0YS7uCxoMqYzDwH0aAOqxoutibVpk8Z/16nE3tNmU5RzltMd6Xmt3qU2f/JDQLMo6PSlBodnjOUsDHJgmtrcbjhqrx/znA237BkNUu6UZRT7mxhXIZpn0U="
 branches:
  except:
    - g3
@ -30,21 +34,37 @@ env:
    # GITHUB_TOKEN_ANGULAR=<github token, a personal access token of the angular-builds account, account access in valentine>
    # This is needed for the e2e Travis matrix task to publish packages to github for continuous packages delivery.
    - secure: "aCdHveZuY8AT4Jr1JoJB4LxZsnGWRe/KseZh1YXYe5UtufFCtTVHvUcLn0j2aLBF0KpdyS+hWf0i4np9jthKu2xPKriefoPgCMpisYeC0MFkwbmv+XlgkUbgkgVZMGiVyX7DCYXVahxIoOUjVMEDCbNiHTIrfEuyq24U3ok2tHc="
+    # FIREBASE_TOKEN
+    # This is needed for publishing builds to the "aio-staging" and "angular-io" firebase projects.
+    # This token was generated using the aio-deploy@angular.io account using `firebase login:ci` and password from valentine
+    - secure: "L5CyQmpwWtoR4Qi4xlWQh/cL1M6ZeJL4W4QAr4HdKFMgYt9h+Whqkymyh2NxwmCbPvWa7yUd+OiLQUDCY7L2VIg16hTwoe2CgYDyQA0BEwLzxtRrJXl93TfwMlrUx5JSIzAccD6D4sjtz8kSFMomK2Nls33xOXOukwyhVMjd0Cg="
+    # ANGULAR_PAYLOAD_FIREBASE_TOKEN
+    # This is for payload size data to "angular-payload-size" firebase project
+    # This token was generated using the payload@angular.io account using `firebase login:ci` and password from valentine
+    - secure: "SxotP/ymNy6uWAVbfwM9BlwETPEBpkRvU/F7fCtQDDic99WfQHzzUSQqHTk8eKk3GrGAOSL09vT0WfStQYEIGEoS5UHWNgOnelxhw+d5EnaoB8vQ0dKQBTK092hQg4feFprr+B/tCasyMV6mVwpUzZMbIJNn/Rx7H5g1bp+Gkfg="
  matrix:
    # Order: a slower build first, so that we don't occupy an idle travis worker waiting for others to complete.
    - CI_MODE=e2e
+    - CI_MODE=e2e_2
    - CI_MODE=js
    - CI_MODE=saucelabs_required
    # deactivated, see #19768
    # - CI_MODE=browserstack_required
    - CI_MODE=saucelabs_optional
    - CI_MODE=browserstack_optional
+    - CI_MODE=aio_tools_test
+    - CI_MODE=aio
+    - CI_MODE=aio_optional
+    - CI_MODE=aio_e2e AIO_SHARD=0
+    - CI_MODE=aio_e2e AIO_SHARD=1
+    - CI_MODE=bazel

 matrix:
  fast_finish: true
  allow_failures:
    - env: "CI_MODE=saucelabs_optional"
    - env: "CI_MODE=browserstack_optional"
+    - env: "CI_MODE=aio_optional"

 before_install:
  # source the env.sh script so that the exported variables are available to other scripts later on
@ -56,6 +76,8 @@ install:
 script:
  - ./scripts/ci/build.sh
  - ./scripts/ci/test.sh
+  # deploy is part of 'script' and not 'after_success' so that we fail the build if the deployment fails
+  - ./scripts/ci/deploy.sh
  - ./scripts/ci/angular.sh
  # all the scripts under this line will not quickly abort in case ${TRAVIS_TEST_RESULT} is 1 (job failure)
  - ./scripts/ci/cleanup.sh
--- a/BUILD.bazel
+++ b/BUILD.bazel
@ -1,51 +1,31 @@
 package(default_visibility = ["//visibility:public"])
+exports_files(["tsconfig.json"])

-load("@build_bazel_rules_nodejs//:defs.bzl", "node_modules_filegroup")
-
-exports_files([
-    "tsconfig.json",
-    "LICENSE",
-    "protractor-perf.conf.js",
-])
-
+# This rule belongs in node_modules/BUILD
+# It's here as a workaround for
+# https://github.com/bazelbuild/bazel/issues/374#issuecomment-296217940
 filegroup(
-    name = "web_test_bootstrap_scripts",
-    # do not sort
-    srcs = [
-        "@ngdeps//node_modules/reflect-metadata:Reflect.js",
-        "@ngdeps//node_modules/zone.js:dist/zone.js",
-        "@ngdeps//node_modules/zone.js:dist/zone-testing.js",
-        "@ngdeps//node_modules/zone.js:dist/task-tracking.js",
-        "//:test-events.js",
-    ],
-)
-
-filegroup(
-    name = "angularjs_scripts",
-    srcs = [
-        "@ngdeps//node_modules/angular:angular.js",
-        "@ngdeps//node_modules/angular-1.5:angular.js",
-        "@ngdeps//node_modules/angular-1.6:angular.js",
-        "@ngdeps//node_modules/angular-mocks:angular-mocks.js",
-        "@ngdeps//node_modules/angular-mocks-1.5:angular-mocks.js",
-        "@ngdeps//node_modules/angular-mocks-1.6:angular-mocks.js",
-    ],
-)
-
-load("@build_bazel_rules_nodejs//:defs.bzl", "nodejs_binary")
-
-# A nodejs_binary for @angular/bazel/ngc-wrapped to use by default in
-# ng_module that depends on @npm//@angular/bazel instead of the
-# output of the //packages/bazel/src/ngc-wrapped ts_library rule. This
-# default is for downstream users that depend on the @angular/bazel npm
-# package. The generated @npm//@angular/bazel/ngc-wrapped target
-# does not work because it does not have the node `--expose-gc` flag
-# set which is required to support the call to `global.gc()`.
-nodejs_binary(
-    name = "@angular/bazel/ngc-wrapped",
-    configuration_env_vars = ["compile"],
-    data = ["@npm//@angular/bazel"],
-    entry_point = "@angular/bazel/src/ngc-wrapped/index.js",
-    install_source_map_support = False,
-    templated_args = ["--node_options=--expose-gc"],
+    name = "node_modules",
+    # Performance workaround: list individual files
+    # Reduces the number of files as inputs to nodejs_binary:
+    # bazel query "deps(:node_modules)" | wc -l
+    # This won't scale in the general case.
+    # TODO(alexeagle): figure out what to do
+    srcs = glob(["/".join(["node_modules", pkg, "**", ext]) for pkg in [
+        "jasmine",
+        "typescript",
+        "zone.js",
+        "rxjs",
+        "@types",
+        "tsickle",
+        "hammerjs",
+        "protobufjs",
+        "bytebuffer",
+        "reflect-metadata",
+        "minimist",
+    ] for ext in [
+        "*.js",
+        "*.json",
+        "*.d.ts",
+    ]]),
 )
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@ -1,12 +0,0 @@
-# Contributor Code of Conduct
-## Version 0.3b-angular
-
-As contributors and maintainers of the Angular project, we pledge to respect everyone who contributes by posting issues, updating documentation, submitting pull requests, providing feedback in comments, and any other activities.
-
-Communication through any of Angular's channels (GitHub, Gitter, IRC, mailing lists, Google+, Twitter, etc.) must be constructive and never resort to personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
-
-We promise to extend courtesy and respect to everyone involved in this project regardless of gender, gender identity, sexual orientation, disability, age, race, ethnicity, religion, or level of experience. We expect anyone contributing to the Angular project to do the same.
-
-If any member of the community violates this code of conduct, the maintainers of the Angular project may take action, removing issues, comments, and PRs or blocking accounts as deemed appropriate.
-
-If you are subject to or witness unacceptable behavior, or have any other concerns, please email us at [conduct@angular.io](mailto:conduct@angular.io).
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -51,7 +51,7 @@ and help you to craft the change so that it is successfully accepted into the pr

 Before you submit an issue, please search the issue tracker, maybe an issue for your problem already exists and the discussion might inform you of workarounds readily available.

-We want to fix all the issues as soon as possible, but before fixing a bug we need to reproduce and confirm it. In order to reproduce bugs, we will systematically ask you to provide a minimal reproduction scenario using http://plnkr.co. Having a live, reproducible scenario gives us a wealth of important information without going back & forth to you with additional questions like:
+We want to fix all the issues as soon as possible, but before fixing a bug we need to reproduce and confirm it. In order to reproduce bugs we will systematically ask you to provide a minimal reproduction scenario using http://plnkr.co. Having a live, reproducible scenario gives us wealth of important information without going back & forth to you with additional questions like:

 - version of Angular used
 - 3rd-party libraries and their versions
@ -61,47 +61,44 @@ A minimal reproduce scenario using http://plnkr.co/ allows us to quickly confirm

 We will be insisting on a minimal reproduce scenario in order to save maintainers time and ultimately be able to fix more bugs. Interestingly, from our experience users often find coding problems themselves while preparing a minimal plunk. We understand that sometimes it might be hard to extract essentials bits of code from a larger code-base but we really need to isolate the problem before we can fix it.

-Unfortunately, we are not able to investigate / fix bugs without a minimal reproduction, so if we don't hear back from you we are going to close an issue that doesn't have enough info to be reproduced.
+Unfortunately we are not able to investigate / fix bugs without a minimal reproduction, so if we don't hear back from you we are going to close an issue that don't have enough info to be reproduced.

-You can file new issues by selecting from our [new issue templates](https://github.com/angular/angular/issues/new/choose) and filling out the form.
+You can file new issues by filling out our [new issue form](https://github.com/angular/angular/issues/new).


 ### <a name="submit-pr"></a> Submitting a Pull Request (PR)
 Before you submit your Pull Request (PR) consider the following guidelines:

-1. Search [GitHub](https://github.com/angular/angular/pulls) for an open or closed PR
+* Search [GitHub](https://github.com/angular/angular/pulls) for an open or closed PR
  that relates to your submission. You don't want to duplicate effort.
-1. Be sure that an issue describes the problem you're fixing, or documents the design for the feature you'd like to add.
-  Discussing the design up front helps to ensure that we're ready to accept your work.
-1. Please sign our [Contributor License Agreement (CLA)](#cla) before sending PRs.
-  We cannot accept code without this. Make sure you sign with the primary email address of the Git identity that has been granted access to the Angular repository.
-1. Fork the angular/angular repo.
-1. Make your changes in a new git branch:
+* Please sign our [Contributor License Agreement (CLA)](#cla) before sending PRs.
+  We cannot accept code without this.
+* Make your changes in a new git branch:

     ```shell
     git checkout -b my-fix-branch master
     ```

-1. Create your patch, **including appropriate test cases**.
-1. Follow our [Coding Rules](#rules).
-1. Run the full Angular test suite, as described in the [developer documentation][dev-doc],
+* Create your patch, **including appropriate test cases**.
+* Follow our [Coding Rules](#rules).
+* Run the full Angular test suite, as described in the [developer documentation][dev-doc],
  and ensure that all tests pass.
-1. Commit your changes using a descriptive commit message that follows our
+* Commit your changes using a descriptive commit message that follows our
  [commit message conventions](#commit). Adherence to these conventions
  is necessary because release notes are automatically generated from these messages.

     ```shell
     git commit -a
     ```
-    Note: the optional commit `-a` command line option will automatically "add" and "rm" edited files.
+  Note: the optional commit `-a` command line option will automatically "add" and "rm" edited files.

-1. Push your branch to GitHub:
+* Push your branch to GitHub:

    ```shell
    git push origin my-fix-branch
    ```

-1. In GitHub, send a pull request to `angular:master`.
+* In GitHub, send a pull request to `angular:master`.
 * If we suggest changes then:
  * Make the required updates.
  * Re-run the Angular test suites to ensure tests are still passing.
@ -175,12 +172,12 @@ The **header** is mandatory and the **scope** of the header is optional.
 Any line of the commit message cannot be longer 100 characters! This allows the message to be easier
 to read on GitHub as well as in various git tools.

-The footer should contain a [closing reference to an issue](https://help.github.com/articles/closing-issues-via-commit-messages/) if any.
+Footer should contain a [closing reference to an issue](https://help.github.com/articles/closing-issues-via-commit-messages/) if any.

 Samples: (even more [samples](https://github.com/angular/angular/commits/master))

 ```
-docs(changelog): update changelog to beta.5
+docs(changelog): update change log to beta.5
 ```
 ```
 fix(release): need to depend on latest rxjs and zone.js
@ -205,7 +202,7 @@ Must be one of the following:
 * **test**: Adding missing tests or correcting existing tests

 ### Scope
-The scope should be the name of the npm package affected (as perceived by the person reading the changelog generated from commit messages.
+The scope should be the name of the npm package affected (as perceived by person reading changelog generated from commit messages.

 The following is the list of supported scopes:

@ -214,7 +211,6 @@ The following is the list of supported scopes:
 * **compiler**
 * **compiler-cli**
 * **core**
-* **elements**
 * **forms**
 * **http**
 * **language-service**
@ -229,21 +225,16 @@ The following is the list of supported scopes:

 There are currently a few exceptions to the "use package name" rule:

-* **packaging**: used for changes that change the npm package layout in all of our packages, e.g.
-  public path changes, package.json changes done to all packages, d.ts file/format changes, changes
-  to bundles, etc.
+* **packaging**: used for changes that change the npm package layout in all of our packages, e.g. public path changes, package.json changes done to all packages, d.ts file/format changes, changes to bundles, etc.
 * **changelog**: used for updating the release notes in CHANGELOG.md
-* **docs-infra**: used for docs-app (angular.io) related changes within the /aio directory of the
-  repo
-* none/empty string: useful for `style`, `test` and `refactor` changes that are done across all
-  packages (e.g. `style: add missing semicolons`) and for docs changes that are not related to a
-  specific package (e.g. `docs: fix typo in tutorial`).
+* **aio**: used for docs-app (angular.io) related changes within the /aio directory of the repo
+* none/empty string: useful for `style`, `test` and `refactor` changes that are done across all packages (e.g. `style: add missing semicolons`)

 ### Subject
-The subject contains a succinct description of the change:
+The subject contains succinct description of the change:

 * use the imperative, present tense: "change" not "changed" nor "changes"
-* don't capitalize the first letter
+* don't capitalize first letter
 * no dot (.) at the end

 ### Body
@ -267,19 +258,6 @@ changes to be accepted, the CLA must be signed. It's a quick process, we promise
 * For corporations we'll need you to
  [print, sign and one of scan+email, fax or mail the form][corporate-cla].

-<hr>
-
-  If you have more than one Git identity, you must make sure that you sign the CLA using the primary email address associated with the ID that has been granted access to the Angular repository. Git identities can be associated with more than one email address, and only one is primary. Here are some links to help you sort out multiple Git identities and email addresses:
-
-  * https://help.github.com/articles/setting-your-commit-email-address-in-git/
-  * https://stackoverflow.com/questions/37245303/what-does-usera-committed-with-userb-13-days-ago-on-github-mean
-  * https://help.github.com/articles/about-commit-email-addresses/
-  * https://help.github.com/articles/blocking-command-line-pushes-that-expose-your-personal-email-address/
-
-  Note that if you have more than one Git identity, it is important to verify that you are logged in with the same ID with which you signed the CLA, before you commit changes. If not, your PR will fail the CLA check.
-
-<hr>
-

 [angular-group]: https://groups.google.com/forum/#!forum/angular
 [coc]: https://github.com/angular/code-of-conduct/blob/master/CODE_OF_CONDUCT.md
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 The MIT License

-Copyright (c) 2014-2018 Google, Inc. http://angular.io
+Copyright (c) 2014-2017 Google, Inc. http://angular.io

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@ -2,9 +2,15 @@
 [![CircleCI](https://circleci.com/gh/angular/angular/tree/master.svg?style=shield)](https://circleci.com/gh/angular/angular/tree/master)
 [![BrowserStack Status](https://www.browserstack.com/automate/badge.svg?badge_key=LzF3RzBVVGt6VWE2S0hHaC9uYllOZz09LS1BVjNTclBKV0x4eVRlcjA4QVY1M0N3PT0=--eb4ce8c8dc2c1c5b2b5352d473ee12a73ac20e06)](https://www.browserstack.com/automate/public-build/LzF3RzBVVGt6VWE2S0hHaC9uYllOZz09LS1BVjNTclBKV0x4eVRlcjA4QVY1M0N3PT0=--eb4ce8c8dc2c1c5b2b5352d473ee12a73ac20e06)
 [![Join the chat at https://gitter.im/angular/angular](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/angular/angular?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[![Issue Stats](http://issuestats.com/github/angular/angular/badge/pr?style=flat)](http://issuestats.com/github/angular/angular)
+[![Issue Stats](http://issuestats.com/github/angular/angular/badge/issue?style=flat)](http://issuestats.com/github/angular/angular)
 [![npm version](https://badge.fury.io/js/%40angular%2Fcore.svg)](https://www.npmjs.com/@angular/core)


+[![Sauce Test Status](https://saucelabs.com/browser-matrix/angular2-ci.svg)](https://saucelabs.com/u/angular2-ci)
+
+*Safari (7+), iOS (7+) and IE mobile (11) are tested on [BrowserStack][browserstack].*
+
 # Angular

 Angular is a development platform for building mobile and desktop web applications using Typescript/JavaScript and other languages.
@ -13,17 +19,12 @@ Angular is a development platform for building mobile and desktop web applicatio

 [Get started in 5 minutes][quickstart].

-## Changelog
-
-[Learn about the latest improvements][changelog]. 
-
 ## Want to help?

 Want to file a bug, contribute some code, or improve documentation? Excellent! Read up on our
 guidelines for [contributing][contributing] and then check out one of our issues in the [hotlist: community-help](https://github.com/angular/angular/labels/hotlist%3A%20community-help).

 [browserstack]: https://www.browserstack.com/automate/public-build/LzF3RzBVVGt6VWE2S0hHaC9uYllOZz09LS1BVjNTclBKV0x4eVRlcjA4QVY1M0N3PT0=--eb4ce8c8dc2c1c5b2b5352d473ee12a73ac20e06
-[contributing]: https://github.com/angular/angular/blob/master/CONTRIBUTING.md
-[quickstart]: https://angular.io/guide/quickstart
-[changelog]: https://github.com/angular/angular/blob/master/CHANGELOG.md
-[ng]: https://angular.io
+[contributing]: http://github.com/angular/angular/blob/master/CONTRIBUTING.md
+[quickstart]: https://angular.io/docs/ts/latest/quickstart.html
+[ng]: http://angular.io
--- a/120
+++ b/120
@ -1,116 +1,24 @@
-workspace(name = "angular")
+workspace(name = "angular_src")

-load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
-load(
-    "//packages/bazel:package.bzl",
-    "rules_angular_dependencies",
-    "rules_angular_dev_dependencies",
+load("@bazel_tools//tools/build_defs/repo:git.bzl", "git_repository")
+
+git_repository(
+    name = "build_bazel_rules_nodejs",
+    remote = "https://github.com/bazelbuild/rules_nodejs.git",
+    # TODO(alexeagle): use the correct tag here.
+    commit = "2c6243df53fd33fdab283ebdd01582e4eb815db8",
 )

-http_archive(
-    name = "io_bazel_rules_go",
-    sha256 = "b7a62250a3a73277ade0ce306d22f122365b513f5402222403e507f2f997d421",
-    url = "https://github.com/bazelbuild/rules_go/releases/download/0.16.3/rules_go-0.16.3.tar.gz",
-)
+load("@build_bazel_rules_nodejs//:defs.bzl", "node_repositories")

-# Uncomment for local bazel rules development
-#local_repository(
-#    name = "build_bazel_rules_nodejs",
-#    path = "../rules_nodejs",
-#)
-#local_repository(
-#    name = "build_bazel_rules_typescript",
-#    path = "../rules_typescript",
-#)
+node_repositories(package_json = ["//:package.json"])

-# Angular Bazel users will call this function
-rules_angular_dependencies()
-
-# Install transitive deps of rules_nodejs
-load("@build_bazel_rules_nodejs//:package.bzl", "rules_nodejs_dependencies")
-
-rules_nodejs_dependencies()
-
-# These are the dependencies only for us
-rules_angular_dev_dependencies()
-
-# Install transitive deps of rules_typescript
-load("@build_bazel_rules_typescript//:package.bzl", "rules_typescript_dependencies")
-
-rules_typescript_dependencies()
-
-#
-# Point Bazel to WORKSPACEs that live in subdirectories
-#
-http_archive(
-    name = "rxjs",
-    sha256 = "72b0b4e517f43358f554c125e40e39f67688cd2738a8998b4a266981ed32f403",
-    strip_prefix = "package/src",
-    url = "https://registry.yarnpkg.com/rxjs/-/rxjs-6.3.3.tgz",
-)
-
-# Point to the integration test workspace just so that Bazel doesn't descend into it
-# when expanding the //... pattern
 local_repository(
-    name = "bazel_integration_test",
-    path = "integration/bazel",
-)
-
-#
-# Load and install our dependencies downloaded above.
-#
-load("@build_bazel_rules_nodejs//:defs.bzl", "check_bazel_version", "node_repositories", "yarn_install")
-
-check_bazel_version("0.20.0", """
-You no longer need to install Bazel on your machine.
-Angular has a dependency on the @bazel/bazel package which supplies it.
-Try running `yarn bazel` instead.
-    (If you did run that, check that you've got a fresh `yarn install`)
-
-""")
-
-node_repositories(
-    node_version = "10.9.0",
-    package_json = ["//:package.json"],
-    preserve_symlinks = True,
-    yarn_version = "1.12.1",
+    name = "build_bazel_rules_typescript",
+    path = "node_modules/@bazel/typescript",
 )

 local_repository(
-    name = "npm",
-    path = "tools/npm_workspace",
+    name = "angular",
+    path = "packages/bazel",
 )
-
-load("@io_bazel_rules_go//go:def.bzl", "go_register_toolchains", "go_rules_dependencies")
-
-go_rules_dependencies()
-
-go_register_toolchains()
-
-load("@io_bazel_rules_webtesting//web:repositories.bzl", "browser_repositories", "web_test_repositories")
-
-web_test_repositories()
-
-browser_repositories(
-    chromium = True,
-    firefox = True,
-)
-
-load("@build_bazel_rules_typescript//:defs.bzl", "ts_setup_workspace")
-
-ts_setup_workspace()
-
-load("@angular//:index.bzl", "ng_setup_workspace")
-
-ng_setup_workspace()
-
-##################################
-# Skylark documentation generation
-
-load("@io_bazel_rules_sass//sass:sass_repositories.bzl", "sass_repositories")
-
-sass_repositories()
-
-load("@io_bazel_skydoc//skylark:skylark.bzl", "skydoc_repositories")
-
-skydoc_repositories()
--- a/aio/.angular-cli.json
+++ b/aio/.angular-cli.json
@ -0,0 +1,67 @@
+{
+  "$schema": "./node_modules/@angular/cli/lib/config/schema.json",
+  "project": {
+    "name": "site"
+  },
+  "apps": [
+    {
+      "root": "src",
+      "outDir": "dist",
+      "assets": [
+        "assets",
+        "generated",
+        "app/search/search-worker.js",
+        "favicon.ico",
+        "pwa-manifest.json",
+        "google385281288605d160.html"
+      ],
+      "index": "index.html",
+      "main": "main.ts",
+      "polyfills": "polyfills.ts",
+      "test": "test.ts",
+      "tsconfig": "tsconfig.app.json",
+      "testTsconfig": "tsconfig.spec.json",
+      "prefix": "aio",
+      "serviceWorker": false,
+      "styles": [
+        "styles.scss"
+      ],
+      "scripts": [
+      ],
+      "environmentSource": "environments/environment.ts",
+      "environments": {
+        "dev": "environments/environment.ts",
+        "next": "environments/environment.next.ts",
+        "stable": "environments/environment.stable.ts",
+        "archive": "environments/environment.archive.ts"
+      }
+    }
+  ],
+  "e2e": {
+    "protractor": {
+      "config": "./protractor.conf.js"
+    }
+  },
+  "lint": [
+    {
+      "project": "src/tsconfig.app.json"
+    },
+    {
+      "project": "src/tsconfig.spec.json"
+    },
+    {
+      "project": "e2e/tsconfig.e2e.json"
+    }
+  ],
+  "test": {
+    "karma": {
+      "config": "./karma.conf.js"
+    }
+  },
+  "defaults": {
+    "styleExt": "scss",
+    "component": {
+      "inlineStyle": true
+    }
+  }
+}
--- a/aio/.gitignore
+++ b/aio/.gitignore
@ -30,7 +30,6 @@
 /connect.lock
 /coverage
 /libpeerconnection.log
-debug.log
 npm-debug.log
 testem.log
 /typings
@ -44,3 +43,6 @@ protractor-results*.txt
 # System Files
 .DS_Store
 Thumbs.db
+
+# copied dependencies
+src/assets/js/lunr*
--- a/aio/README.md
+++ b/aio/README.md
@ -4,16 +4,16 @@ Everything in this folder is part of the documentation project. This includes

 * the web site for displaying the documentation
 * the dgeni configuration for converting source files to rendered files that can be viewed in the web site.
-* the tooling for setting up examples for development; and generating live-example and zip files from the examples.
+* the tooling for setting up examples for development; and generating plunkers and zip files from the examples.

 ## Developer tasks

-We use [Yarn](https://yarnpkg.com) to manage the dependencies and to run build tasks.
+We use `yarn` to manage the dependencies and to run build tasks.
 You should run all these tasks from the `angular/aio` folder.
 Here are the most important tasks you might need to use:

 * `yarn` - install all the dependencies.
-* `yarn setup` - install all the dependencies, boilerplate, stackblitz, zips and run dgeni on the docs.
+* `yarn setup` - install all the dependencies, boilerplate, plunkers, zips and run dgeni on the docs.
 * `yarn setup-local` - same as `setup`, but use the locally built Angular packages for aio and docs examples boilerplate.

 * `yarn build` - create a production build of the application (after installing dependencies, boilerplate, etc).
@ -23,7 +23,6 @@ Here are the most important tasks you might need to use:
 * `yarn serve-and-sync` - run both the `docs-watch` and `start` in the same console.
 * `yarn lint` - check that the doc-viewer code follows our style rules.
 * `yarn test` - watch all the source files, for the doc-viewer, and run all the unit tests when any change.
-* `yarn test --watch=false` - run all the unit tests once.
 * `yarn e2e` - run all the e2e tests for the doc-viewer.

 * `yarn docs` - generate all the docs from the source files.
@ -33,7 +32,7 @@ Here are the most important tasks you might need to use:

 * `yarn boilerplate:add` - generate all the boilerplate code for the examples, so that they can be run locally. Add the option `--local` to use your local version of Angular contained in the "dist" folder.
 * `yarn boilerplate:remove` - remove all the boilerplate code that was added via `yarn boilerplate:add`.
-* `yarn generate-stackblitz` - generate the stackblitz files that are used by the `live-example` tags in the docs.
+* `yarn generate-plunkers` - generate the plunker files that are used by the `live-example` tags in the docs.
 * `yarn generate-zips` - generate the zip files from the examples. Zip available via the `live-example` tags in the docs.

 * `yarn example-e2e` - run all e2e tests for examples
@ -41,22 +40,18 @@ Here are the most important tasks you might need to use:
  - `yarn example-e2e --filter=foo` - limit e2e tests to those containing the word "foo"
  - `yarn example-e2e --setup --local` - run e2e tests with the local version of Angular contained in the "dist" folder

-## Developing on Windows
-The `packages/` directory may contain Linux-specific symlinks, which are not recognized by Windows.
-These unresolved links cause the docs generation process to fail because it cannot locate certain files.
-
-> Hint: The following steps require administration rights or [Windows Developer Mode](https://docs.microsoft.com/en-us/windows/uwp/get-started/enable-your-device-for-development) enabled!
-
-To fix this problem, run `scripts/windows/create-symlinks.sh`. This command creates temporary files where the symlinks used to be. Make sure not to commit those files with your documentation changes.
-When you are done making and testing your documentation changes, you can restore the original symlinks and delete the temporary files by running `scripts/windows/remove-symlinks.sh`.
-
-It's necessary to remove the temporary files, because otherwise they're displayed as local changes in your git working copy and certain operations are blocked.
+* `yarn build-ie-polyfills` - generates a js file of polyfills that can be loaded in Internet Explorer.

 ## Using ServiceWorker locally

-Running `yarn start` (even when explicitly targeting production mode) does not set up the
-ServiceWorker. If you want to test the ServiceWorker locally, you can use `yarn build` and then
-serve the files in `dist/` with `yarn http-server dist -p 4200`.
+Since abb36e3cb, running `yarn start --prod` will no longer set up the ServiceWorker, which
+would require manually running `yarn sw-manifest` and `yarn sw-copy` (something that is not possible
+with webpack serving the files from memory).
+
+If you want to test ServiceWorker locally, you can use `yarn build` and serve the files in `dist/`
+with `yarn http-server dist -p 4200`.
+
+For more details see #16745.


 ## Guide to authoring
@ -73,11 +68,6 @@ The content is written in markdown.
 All other content is written using markdown in text files, located in the `angular/aio/content` folder.
 More specifically, there are sub-folders that contain particular types of content: guides, tutorial and marketing.

-* **Code examples**: code examples need to be testable to ensure their accuracy.
-Also, our examples have a specific look and feel and allow the user to copy the source code. For larger
-examples they are rendered in a tabbed interface (e.g. template, HTML, and TypeScript on separate
-tabs). Additionally, some are live examples, which provide links where the code can be edited, executed, and/or downloaded. For details on working with code examples, please read the [Code snippets](https://angular.io/guide/docs-style-guide#code-snippets), [Source code markup](https://angular.io/guide/docs-style-guide#source-code-markup), and [Live examples](https://angular.io/guide/docs-style-guide#live-examples) pages of the [Authors Style Guide](https://angular.io/guide/docs-style-guide).
-
 We use the [dgeni](https://github.com/angular/dgeni) tool to convert these files into docs that can be viewed in the doc-viewer.

 The [Authors Style Guide](https://angular.io/guide/docs-style-guide) prescribes guidelines for
@ -110,7 +100,8 @@ The general setup is as follows:
 * Open a terminal, ensure the dependencies are installed; run an initial doc generation; then start the doc-viewer:

 ```bash
-yarn setup
+yarn
+yarn docs
 yarn start
 ```

--- a/aio/aio-builds-setup/dockerbuild/Dockerfile
+++ b/aio/aio-builds-setup/dockerbuild/Dockerfile
@ -8,62 +8,53 @@ LABEL name="angular.io PR preview" \

 VOLUME /aio-secrets
 VOLUME /var/www/aio-builds
-VOLUME /dockerbuild

 EXPOSE 80 443


 # Build-time args and env vars
-# The AIO_ARTIFACT_PATH path needs to be kept in synch with the value of
-# `aio_preview->steps->store_artifacts->destination` property in `.circleci/config.yml`
-ARG      AIO_ARTIFACT_PATH=aio/dist/aio-snapshot.tgz
-ARG TEST_AIO_ARTIFACT_PATH=$AIO_ARTIFACT_PATH
 ARG      AIO_BUILDS_DIR=/var/www/aio-builds
 ARG TEST_AIO_BUILDS_DIR=/tmp/aio-builds
 ARG      AIO_DOMAIN_NAME=ngbuilds.io
 ARG TEST_AIO_DOMAIN_NAME=$AIO_DOMAIN_NAME.localhost
 ARG      AIO_GITHUB_ORGANIZATION=angular
-ARG TEST_AIO_GITHUB_ORGANIZATION=test-org
-ARG      AIO_GITHUB_REPO=angular
-ARG TEST_AIO_GITHUB_REPO=test-repo
-ARG      AIO_GITHUB_TEAM_SLUGS=team,aio-contributors
-ARG TEST_AIO_GITHUB_TEAM_SLUGS=team,aio-contributors
+ARG TEST_AIO_GITHUB_ORGANIZATION=angular
+ARG      AIO_GITHUB_TEAM_SLUGS=angular-core,aio-contributors
+ARG TEST_AIO_GITHUB_TEAM_SLUGS=angular-core,aio-contributors
 ARG      AIO_NGINX_HOSTNAME=$AIO_DOMAIN_NAME
 ARG TEST_AIO_NGINX_HOSTNAME=$TEST_AIO_DOMAIN_NAME
 ARG      AIO_NGINX_PORT_HTTP=80
 ARG TEST_AIO_NGINX_PORT_HTTP=8080
 ARG      AIO_NGINX_PORT_HTTPS=443
 ARG TEST_AIO_NGINX_PORT_HTTPS=4433
-ARG      AIO_SIGNIFICANT_FILES_PATTERN='^(?:aio|packages)/(?!.*[._]spec\\.[jt]s$)'
-ARG TEST_AIO_SIGNIFICANT_FILES_PATTERN=$AIO_SIGNIFICANT_FILES_PATTERN
+ARG      AIO_REPO_SLUG=angular/angular
+ARG TEST_AIO_REPO_SLUG=test-repo/test-slug
 ARG      AIO_TRUSTED_PR_LABEL="aio: preview"
 ARG TEST_AIO_TRUSTED_PR_LABEL="aio: preview"
-ARG      AIO_PREVIEW_SERVER_HOSTNAME=preview.localhost
-ARG TEST_AIO_PREVIEW_SERVER_HOSTNAME=preview.localhost
-ARG      AIO_ARTIFACT_MAX_SIZE=20971520
-ARG TEST_AIO_ARTIFACT_MAX_SIZE=200
-ARG      AIO_PREVIEW_SERVER_PORT=3000
-ARG TEST_AIO_PREVIEW_SERVER_PORT=3001
+ARG      AIO_UPLOAD_HOSTNAME=upload.localhost
+ARG TEST_AIO_UPLOAD_HOSTNAME=upload.localhost
+ARG      AIO_UPLOAD_MAX_SIZE=20971520
+ARG TEST_AIO_UPLOAD_MAX_SIZE=20971520
+ARG      AIO_UPLOAD_PORT=3000
+ARG TEST_AIO_UPLOAD_PORT=3001

-ENV AIO_ARTIFACT_PATH=$AIO_ARTIFACT_PATH                          TEST_AIO_ARTIFACT_PATH=$TEST_AIO_ARTIFACT_PATH                          \
-    AIO_BUILDS_DIR=$AIO_BUILDS_DIR                                TEST_AIO_BUILDS_DIR=$TEST_AIO_BUILDS_DIR                                \
-    AIO_DOMAIN_NAME=$AIO_DOMAIN_NAME                              TEST_AIO_DOMAIN_NAME=$TEST_AIO_DOMAIN_NAME                              \
-    AIO_GITHUB_ORGANIZATION=$AIO_GITHUB_ORGANIZATION              TEST_AIO_GITHUB_ORGANIZATION=$TEST_AIO_GITHUB_ORGANIZATION              \
-    AIO_GITHUB_REPO=$AIO_GITHUB_REPO                              TEST_AIO_GITHUB_REPO=$TEST_AIO_GITHUB_REPO                              \
-    AIO_GITHUB_TEAM_SLUGS=$AIO_GITHUB_TEAM_SLUGS                  TEST_AIO_GITHUB_TEAM_SLUGS=$TEST_AIO_GITHUB_TEAM_SLUGS                  \
-    AIO_LOCALCERTS_DIR=/etc/ssl/localcerts                        TEST_AIO_LOCALCERTS_DIR=/etc/ssl/localcerts-test                        \
-    AIO_NGINX_HOSTNAME=$AIO_NGINX_HOSTNAME                        TEST_AIO_NGINX_HOSTNAME=$TEST_AIO_NGINX_HOSTNAME                        \
-    AIO_NGINX_LOGS_DIR=/var/log/aio/nginx                         TEST_AIO_NGINX_LOGS_DIR=/var/log/aio/nginx-test                         \
-    AIO_NGINX_PORT_HTTP=$AIO_NGINX_PORT_HTTP                      TEST_AIO_NGINX_PORT_HTTP=$TEST_AIO_NGINX_PORT_HTTP                      \
-    AIO_NGINX_PORT_HTTPS=$AIO_NGINX_PORT_HTTPS                    TEST_AIO_NGINX_PORT_HTTPS=$TEST_AIO_NGINX_PORT_HTTPS                    \
-    AIO_SCRIPTS_JS_DIR=/usr/share/aio-scripts-js                                                                                          \
-    AIO_SCRIPTS_SH_DIR=/usr/share/aio-scripts-sh                                                                                          \
-    AIO_SIGNIFICANT_FILES_PATTERN=$AIO_SIGNIFICANT_FILES_PATTERN  TEST_AIO_SIGNIFICANT_FILES_PATTERN=$TEST_AIO_SIGNIFICANT_FILES_PATTERN  \
-    AIO_TRUSTED_PR_LABEL=$AIO_TRUSTED_PR_LABEL                    TEST_AIO_TRUSTED_PR_LABEL=$TEST_AIO_TRUSTED_PR_LABEL                    \
-    AIO_PREVIEW_SERVER_HOSTNAME=$AIO_PREVIEW_SERVER_HOSTNAME                      TEST_AIO_PREVIEW_SERVER_HOSTNAME=$TEST_AIO_PREVIEW_SERVER_HOSTNAME                      \
-    AIO_ARTIFACT_MAX_SIZE=$AIO_ARTIFACT_MAX_SIZE                      TEST_AIO_ARTIFACT_MAX_SIZE=$TEST_AIO_ARTIFACT_MAX_SIZE                      \
-    AIO_PREVIEW_SERVER_PORT=$AIO_PREVIEW_SERVER_PORT                              TEST_AIO_PREVIEW_SERVER_PORT=$TEST_AIO_PREVIEW_SERVER_PORT                              \
-    AIO_WWW_USER=www-data                                                                                                                 \
+ENV AIO_BUILDS_DIR=$AIO_BUILDS_DIR                     TEST_AIO_BUILDS_DIR=$TEST_AIO_BUILDS_DIR                     \
+    AIO_DOMAIN_NAME=$AIO_DOMAIN_NAME                   TEST_AIO_DOMAIN_NAME=$TEST_AIO_DOMAIN_NAME                   \
+    AIO_GITHUB_ORGANIZATION=$AIO_GITHUB_ORGANIZATION   TEST_AIO_GITHUB_ORGANIZATION=$TEST_AIO_GITHUB_ORGANIZATION   \
+    AIO_GITHUB_TEAM_SLUGS=$AIO_GITHUB_TEAM_SLUGS       TEST_AIO_GITHUB_TEAM_SLUGS=$TEST_AIO_GITHUB_TEAM_SLUGS       \
+    AIO_LOCALCERTS_DIR=/etc/ssl/localcerts             TEST_AIO_LOCALCERTS_DIR=/etc/ssl/localcerts-test             \
+    AIO_NGINX_HOSTNAME=$AIO_NGINX_HOSTNAME             TEST_AIO_NGINX_HOSTNAME=$TEST_AIO_NGINX_HOSTNAME             \
+    AIO_NGINX_LOGS_DIR=/var/log/aio/nginx              TEST_AIO_NGINX_LOGS_DIR=/var/log/aio/nginx-test              \
+    AIO_NGINX_PORT_HTTP=$AIO_NGINX_PORT_HTTP           TEST_AIO_NGINX_PORT_HTTP=$TEST_AIO_NGINX_PORT_HTTP           \
+    AIO_NGINX_PORT_HTTPS=$AIO_NGINX_PORT_HTTPS         TEST_AIO_NGINX_PORT_HTTPS=$TEST_AIO_NGINX_PORT_HTTPS         \
+    AIO_REPO_SLUG=$AIO_REPO_SLUG                       TEST_AIO_REPO_SLUG=$TEST_AIO_REPO_SLUG                       \
+    AIO_SCRIPTS_JS_DIR=/usr/share/aio-scripts-js                                                                    \
+    AIO_SCRIPTS_SH_DIR=/usr/share/aio-scripts-sh                                                                    \
+    AIO_TRUSTED_PR_LABEL=$AIO_TRUSTED_PR_LABEL         TEST_AIO_TRUSTED_PR_LABEL=$TEST_AIO_TRUSTED_PR_LABEL         \
+    AIO_UPLOAD_HOSTNAME=$AIO_UPLOAD_HOSTNAME           TEST_AIO_UPLOAD_HOSTNAME=$TEST_AIO_UPLOAD_HOSTNAME           \
+    AIO_UPLOAD_MAX_SIZE=$AIO_UPLOAD_MAX_SIZE           TEST_AIO_UPLOAD_MAX_SIZE=$TEST_AIO_UPLOAD_MAX_SIZE           \
+    AIO_UPLOAD_PORT=$AIO_UPLOAD_PORT                   TEST_AIO_UPLOAD_PORT=$TEST_AIO_UPLOAD_PORT                   \
+    AIO_WWW_USER=www-data                                                                                           \
    NODE_ENV=production


@ -73,7 +64,7 @@ RUN mkdir /var/log/aio

 # Add extra package sources
 RUN apt-get update -y && apt-get install -y curl
-RUN curl --silent --show-error --location https://deb.nodesource.com/setup_10.x | bash -
+RUN curl --silent --show-error --location https://deb.nodesource.com/setup_6.x | bash -
 RUN curl --silent --show-error https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
 RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
 RUN echo "deb http://ftp.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/backports.list
@ -108,9 +99,9 @@ RUN printenv | grep AIO_ >> /etc/environment
 # Set up dnsmasq
 COPY dnsmasq/dnsmasq.conf /etc/
 RUN sed -i "s|{{\$AIO_NGINX_HOSTNAME}}|$AIO_NGINX_HOSTNAME|g" /etc/dnsmasq.conf
-RUN sed -i "s|{{\$AIO_PREVIEW_SERVER_HOSTNAME}}|$AIO_PREVIEW_SERVER_HOSTNAME|g" /etc/dnsmasq.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_HOSTNAME}}|$AIO_UPLOAD_HOSTNAME|g" /etc/dnsmasq.conf
 RUN sed -i "s|{{\$TEST_AIO_NGINX_HOSTNAME}}|$TEST_AIO_NGINX_HOSTNAME|g" /etc/dnsmasq.conf
-RUN sed -i "s|{{\$TEST_AIO_PREVIEW_SERVER_HOSTNAME}}|$TEST_AIO_PREVIEW_SERVER_HOSTNAME|g" /etc/dnsmasq.conf
+RUN sed -i "s|{{\$TEST_AIO_UPLOAD_HOSTNAME}}|$TEST_AIO_UPLOAD_HOSTNAME|g" /etc/dnsmasq.conf


 # Set up SSL/TLS certificates
@ -134,9 +125,9 @@ RUN sed -i "s|{{\$AIO_LOCALCERTS_DIR}}|$AIO_LOCALCERTS_DIR|g" /etc/nginx/conf.d/
 RUN sed -i "s|{{\$AIO_NGINX_LOGS_DIR}}|$AIO_NGINX_LOGS_DIR|g" /etc/nginx/conf.d/aio-builds-prod.conf
 RUN sed -i "s|{{\$AIO_NGINX_PORT_HTTP}}|$AIO_NGINX_PORT_HTTP|g" /etc/nginx/conf.d/aio-builds-prod.conf
 RUN sed -i "s|{{\$AIO_NGINX_PORT_HTTPS}}|$AIO_NGINX_PORT_HTTPS|g" /etc/nginx/conf.d/aio-builds-prod.conf
-RUN sed -i "s|{{\$AIO_PREVIEW_SERVER_HOSTNAME}}|$AIO_PREVIEW_SERVER_HOSTNAME|g" /etc/nginx/conf.d/aio-builds-prod.conf
-RUN sed -i "s|{{\$AIO_ARTIFACT_MAX_SIZE}}|$AIO_ARTIFACT_MAX_SIZE|g" /etc/nginx/conf.d/aio-builds-prod.conf
-RUN sed -i "s|{{\$AIO_PREVIEW_SERVER_PORT}}|$AIO_PREVIEW_SERVER_PORT|g" /etc/nginx/conf.d/aio-builds-prod.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_HOSTNAME}}|$AIO_UPLOAD_HOSTNAME|g" /etc/nginx/conf.d/aio-builds-prod.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_MAX_SIZE}}|$AIO_UPLOAD_MAX_SIZE|g" /etc/nginx/conf.d/aio-builds-prod.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_PORT}}|$AIO_UPLOAD_PORT|g" /etc/nginx/conf.d/aio-builds-prod.conf

 COPY nginx/aio-builds.conf /etc/nginx/conf.d/aio-builds-test.conf
 RUN sed -i "s|{{\$AIO_BUILDS_DIR}}|$TEST_AIO_BUILDS_DIR|g" /etc/nginx/conf.d/aio-builds-test.conf
@ -145,9 +136,9 @@ RUN sed -i "s|{{\$AIO_LOCALCERTS_DIR}}|$TEST_AIO_LOCALCERTS_DIR|g" /etc/nginx/co
 RUN sed -i "s|{{\$AIO_NGINX_LOGS_DIR}}|$TEST_AIO_NGINX_LOGS_DIR|g" /etc/nginx/conf.d/aio-builds-test.conf
 RUN sed -i "s|{{\$AIO_NGINX_PORT_HTTP}}|$TEST_AIO_NGINX_PORT_HTTP|g" /etc/nginx/conf.d/aio-builds-test.conf
 RUN sed -i "s|{{\$AIO_NGINX_PORT_HTTPS}}|$TEST_AIO_NGINX_PORT_HTTPS|g" /etc/nginx/conf.d/aio-builds-test.conf
-RUN sed -i "s|{{\$AIO_PREVIEW_SERVER_HOSTNAME}}|$TEST_AIO_PREVIEW_SERVER_HOSTNAME|g" /etc/nginx/conf.d/aio-builds-test.conf
-RUN sed -i "s|{{\$AIO_ARTIFACT_MAX_SIZE}}|$TEST_AIO_ARTIFACT_MAX_SIZE|g" /etc/nginx/conf.d/aio-builds-test.conf
-RUN sed -i "s|{{\$AIO_PREVIEW_SERVER_PORT}}|$TEST_AIO_PREVIEW_SERVER_PORT|g" /etc/nginx/conf.d/aio-builds-test.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_HOSTNAME}}|$TEST_AIO_UPLOAD_HOSTNAME|g" /etc/nginx/conf.d/aio-builds-test.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_MAX_SIZE}}|$TEST_AIO_UPLOAD_MAX_SIZE|g" /etc/nginx/conf.d/aio-builds-test.conf
+RUN sed -i "s|{{\$AIO_UPLOAD_PORT}}|$TEST_AIO_UPLOAD_PORT|g" /etc/nginx/conf.d/aio-builds-test.conf


 # Set up pm2
--- a/aio/aio-builds-setup/dockerbuild/cronjobs/aio-builds-cleanup
+++ b/aio/aio-builds-setup/dockerbuild/cronjobs/aio-builds-cleanup
@ -1,2 +1,2 @@
 # Periodically clean up builds that do not correspond to currently open PRs
-0 12 * * * /usr/local/bin/aio-clean-up >> /var/log/cron.log 2>&1
+0 12 * * * root /usr/local/bin/aio-clean-up >> /var/log/cron.log 2>&1
--- a/aio/aio-builds-setup/dockerbuild/dnsmasq/dnsmasq.conf
+++ b/aio/aio-builds-setup/dockerbuild/dnsmasq/dnsmasq.conf
@ -8,9 +8,9 @@ listen-address=127.0.0.1

 # Force an IP address for these domains.
 address=/{{$AIO_NGINX_HOSTNAME}}/127.0.0.1
-address=/{{$AIO_PREVIEW_SERVER_HOSTNAME}}/127.0.0.1
+address=/{{$AIO_UPLOAD_HOSTNAME}}/127.0.0.1
 address=/{{$TEST_AIO_NGINX_HOSTNAME}}/127.0.0.1
-address=/{{$TEST_AIO_PREVIEW_SERVER_HOSTNAME}}/127.0.0.1
+address=/{{$TEST_AIO_UPLOAD_HOSTNAME}}/127.0.0.1

 # Run as root (required from inside docker container).
 user=root
--- a/aio/aio-builds-setup/dockerbuild/logrotate/aio-preview-server
+++ b/aio/aio-builds-setup/dockerbuild/logrotate/aio-preview-server
@ -1,4 +1,4 @@
-/var/log/aio/preview-server-*.log {
+/var/log/aio/upload-server-*.log {
  compress
  copytruncate
  delaycompress
--- a/aio/aio-builds-setup/dockerbuild/nginx/aio-builds.conf
+++ b/aio/aio-builds-setup/dockerbuild/nginx/aio-builds.conf
@ -36,11 +36,6 @@ server {
  access_log {{$AIO_NGINX_LOGS_DIR}}/access.log;
  error_log  {{$AIO_NGINX_LOGS_DIR}}/error.log;

-  error_page 404 /404.html;
-  location "=/404.html" {
-    internal;
-  }
-
  location "~/[^/]+\.[^/]+$" {
    try_files $uri $uri/ =404;
  }
@ -71,32 +66,24 @@ server {
    return 200 '';
  }

-  # Check PRs previewability
-  location "~^/can-have-public-preview/\d+/?$" {
-    if ($request_method != "GET") {
-      add_header Allow "GET";
-      return 405;
-    }
-
-    proxy_pass_request_headers on;
-    proxy_redirect             off;
-    proxy_method               GET;
-    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;
-
-    resolver 127.0.0.1;
-  }
-
-  # Notify about CircleCI builds
-  location "~^/circle-build/?$" {
+  # Upload builds
+  location "~^/create-build/(?<pr>[1-9][0-9]*)/(?<sha>[0-9a-f]{40})/?$" {
    if ($request_method != "POST") {
      add_header Allow "POST";
      return 405;
    }

+    client_body_temp_path    /tmp/aio-create-builds;
+    client_body_buffer_size  128K;
+    client_max_body_size     {{$AIO_UPLOAD_MAX_SIZE}};
+    client_body_in_file_only on;
+
    proxy_pass_request_headers on;
+    proxy_set_header           X-FILE $request_body_file;
+    proxy_set_body             off;
    proxy_redirect             off;
-    proxy_method               POST;
-    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;
+    proxy_method               GET;
+    proxy_pass                 http://{{$AIO_UPLOAD_HOSTNAME}}:{{$AIO_UPLOAD_PORT}}$request_uri;

    resolver 127.0.0.1;
  }
@ -111,7 +98,7 @@ server {
    proxy_pass_request_headers on;
    proxy_redirect             off;
    proxy_method               POST;
-    proxy_pass                 http://{{$AIO_PREVIEW_SERVER_HOSTNAME}}:{{$AIO_PREVIEW_SERVER_PORT}}$request_uri;
+    proxy_pass                 http://{{$AIO_UPLOAD_HOSTNAME}}:{{$AIO_UPLOAD_PORT}}$request_uri;

    resolver 127.0.0.1;
  }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/clean-up/build-cleaner.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/clean-up/build-cleaner.ts
@ -3,53 +3,29 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as shell from 'shelljs';
 import {HIDDEN_DIR_PREFIX} from '../common/constants';
-import {GithubApi} from '../common/github-api';
 import {GithubPullRequests} from '../common/github-pull-requests';
-import {assertNotMissingOrEmpty, getPrInfoFromDownloadPath, Logger} from '../common/utils';
+import {assertNotMissingOrEmpty} from '../common/utils';

 // Classes
 export class BuildCleaner {
-
-  private logger = new Logger('BuildCleaner');
-
  // Constructor
-  constructor(protected buildsDir: string, protected githubOrg: string, protected githubRepo: string,
-              protected githubToken: string, protected downloadsDir: string, protected artifactPath: string) {
+  constructor(protected buildsDir: string, protected repoSlug: string, protected githubToken: string) {
    assertNotMissingOrEmpty('buildsDir', buildsDir);
-    assertNotMissingOrEmpty('githubOrg', githubOrg);
-    assertNotMissingOrEmpty('githubRepo', githubRepo);
+    assertNotMissingOrEmpty('repoSlug', repoSlug);
    assertNotMissingOrEmpty('githubToken', githubToken);
-    assertNotMissingOrEmpty('downloadsDir', downloadsDir);
-    assertNotMissingOrEmpty('artifactPath', artifactPath);
  }

  // Methods - Public
-  public async cleanUp(): Promise<void> {
-    try {
-      this.logger.log('Cleaning up builds and downloads');
-      const openPrs = await this.getOpenPrNumbers();
-      this.logger.log(`Open pull requests: ${openPrs.length}`);
-      await Promise.all([
-        this.cleanBuilds(openPrs),
-        this.cleanDownloads(openPrs),
-      ]);
-    } catch (error) {
-      this.logger.error('ERROR:', error);
-    }
+  public cleanUp(): Promise<void> {
+    return Promise.all([
+      this.getExistingBuildNumbers(),
+      this.getOpenPrNumbers(),
+    ]).then(([existingBuilds, openPrs]) => this.removeUnnecessaryBuilds(existingBuilds, openPrs));
  }

-  public async cleanBuilds(openPrs: number[]): Promise<void> {
-    const existingBuilds = await this.getExistingBuildNumbers();
-    await this.removeUnnecessaryBuilds(existingBuilds, openPrs);
-  }
-
-  public async cleanDownloads(openPrs: number[]): Promise<void> {
-    const existingDownloads = await this.getExistingDownloads();
-    await this.removeUnnecessaryDownloads(existingDownloads, openPrs);
-  }
-
-  public getExistingBuildNumbers(): Promise<number[]> {
-    return new Promise<number[]>((resolve, reject) => {
+  // Methods - Protected
+  protected getExistingBuildNumbers(): Promise<number[]> {
+    return new Promise((resolve, reject) => {
      fs.readdir(this.buildsDir, (err, files) => {
        if (err) {
          return reject(err);
@ -65,29 +41,32 @@ export class BuildCleaner {
    });
  }

-  public async getOpenPrNumbers(): Promise<number[]> {
-    const api = new GithubApi(this.githubToken);
-    const githubPullRequests = new GithubPullRequests(api, this.githubOrg, this.githubRepo);
-    const prs = await githubPullRequests.fetchAll('open');
-    return prs.map(pr => pr.number);
+  protected getOpenPrNumbers(): Promise<number[]> {
+    const githubPullRequests = new GithubPullRequests(this.githubToken, this.repoSlug);
+
+    return githubPullRequests.
+      fetchAll('open').
+      then(prs => prs.map(pr => pr.number));
  }

-  public removeDir(dir: string): void {
+  protected removeDir(dir: string) {
    try {
      if (shell.test('-d', dir)) {
-        shell.chmod('-R', 'a+w', dir);
+        // Undocumented signature (see https://github.com/shelljs/shelljs/pull/663).
+        (shell as any).chmod('-R', 'a+w', dir);
        shell.rm('-rf', dir);
      }
    } catch (err) {
-      this.logger.error(`ERROR: Unable to remove '${dir}' due to:`, err);
+      console.error(`ERROR: Unable to remove '${dir}' due to:`, err);
    }
  }

-  public removeUnnecessaryBuilds(existingBuildNumbers: number[], openPrNumbers: number[]): void {
+  protected removeUnnecessaryBuilds(existingBuildNumbers: number[], openPrNumbers: number[]) {
    const toRemove = existingBuildNumbers.filter(num => !openPrNumbers.includes(num));

-    this.logger.log(`Existing builds: ${existingBuildNumbers.length}`);
-    this.logger.log(`Removing ${toRemove.length} build(s): ${toRemove.join(', ')}`);
+    console.log(`Existing builds: ${existingBuildNumbers.length}`);
+    console.log(`Open pull requests: ${openPrNumbers.length}`);
+    console.log(`Removing ${toRemove.length} build(s): ${toRemove.join(', ')}`);

    // Try removing public dirs.
    toRemove.
@ -99,29 +78,4 @@ export class BuildCleaner {
      map(num => path.join(this.buildsDir, HIDDEN_DIR_PREFIX + String(num))).
      forEach(dir => this.removeDir(dir));
  }
-
-  public getExistingDownloads(): Promise<string[]> {
-    const artifactFile = path.basename(this.artifactPath);
-    return new Promise<string[]>((resolve, reject) => {
-      fs.readdir(this.downloadsDir, (err, files) => {
-        if (err) {
-          return reject(err);
-        }
-        files = files.filter(file => file.endsWith(artifactFile));
-        resolve(files);
-      });
-    });
-  }
-
-  public removeUnnecessaryDownloads(existingDownloads: string[], openPrNumbers: number[]): void {
-    const toRemove = existingDownloads.filter(filePath => {
-      const {pr} = getPrInfoFromDownloadPath(filePath);
-      return !openPrNumbers.includes(pr);
-    });
-
-    this.logger.log(`Existing downloads: ${existingDownloads.length}`);
-    this.logger.log(`Removing ${toRemove.length} download(s): ${toRemove.join(', ')}`);
-
-    toRemove.forEach(filePath => shell.rm(path.join(this.downloadsDir, filePath)));
-  }
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/clean-up/index.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/clean-up/index.ts
@ -1,26 +1,23 @@
 // Imports
-import {AIO_DOWNLOADS_DIR} from '../common/constants';
-import {
-  AIO_ARTIFACT_PATH,
-  AIO_BUILDS_DIR,
-  AIO_GITHUB_ORGANIZATION,
-  AIO_GITHUB_REPO,
-  AIO_GITHUB_TOKEN,
-} from '../common/env-variables';
+import {getEnvVar} from '../common/utils';
 import {BuildCleaner} from './build-cleaner';

+// Constants
+const AIO_BUILDS_DIR = getEnvVar('AIO_BUILDS_DIR');
+const AIO_GITHUB_TOKEN = getEnvVar('AIO_GITHUB_TOKEN', true);
+const AIO_REPO_SLUG = getEnvVar('AIO_REPO_SLUG');
+
 // Run
 _main();

 // Functions
-function _main(): void {
-  const buildCleaner = new BuildCleaner(
-    AIO_BUILDS_DIR,
-    AIO_GITHUB_ORGANIZATION,
-    AIO_GITHUB_REPO,
-    AIO_GITHUB_TOKEN,
-    AIO_DOWNLOADS_DIR,
-    AIO_ARTIFACT_PATH);
+function _main() {
+  console.log(`[${new Date()}] - Cleaning up builds...`);

-  buildCleaner.cleanUp().catch(() => process.exit(1));
+  const buildCleaner = new BuildCleaner(AIO_BUILDS_DIR, AIO_REPO_SLUG, AIO_GITHUB_TOKEN);
+
+  buildCleaner.cleanUp().catch(err => {
+    console.error('ERROR:', err);
+    process.exit(1);
+  });
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/circle-ci-api.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/circle-ci-api.ts
@ -1,90 +0,0 @@
-// Imports
-import fetch from 'node-fetch';
-import {assertNotMissingOrEmpty} from './utils';
-
-// Constants
-const CIRCLE_CI_API_URL = 'https://circleci.com/api/v1.1/project/github';
-
-// Interfaces - Types
-export interface ArtifactInfo {
-  path: string;
-  pretty_path: string;
-  node_index: number;
-  url: string;
-}
-
-export type ArtifactResponse = ArtifactInfo[];
-
-export interface BuildInfo {
-  reponame: string;
-  failed: boolean;
-  branch: string;
-  username: string;
-  build_num: number;
-  has_artifacts: boolean;
-  outcome: string; // e.g. 'success'
-  vcs_revision: string; // HEAD SHA
-  // there are other fields but they are not used in this code
-}
-
-/**
- * A Helper that can interact with the CircleCI API.
- */
-export class CircleCiApi {
-
-  private tokenParam = `circle-token=${this.circleCiToken}`;
-
-  /**
-   * Construct a helper that can interact with the CircleCI REST API.
-   * @param githubOrg The Github organisation whose repos we want to access in CircleCI (e.g. angular).
-   * @param githubRepo The Github repo whose builds we want to access in CircleCI (e.g. angular).
-   * @param circleCiToken The CircleCI API access token (secret).
-   */
-  constructor(
-    private githubOrg: string,
-    private githubRepo: string,
-    private circleCiToken: string,
-  ) {
-    assertNotMissingOrEmpty('githubOrg', githubOrg);
-    assertNotMissingOrEmpty('githubRepo', githubRepo);
-    assertNotMissingOrEmpty('circleCiToken', circleCiToken);
-  }
-
-  /**
-   * Get the info for a build from the CircleCI API
-   * @param buildNumber The CircleCI build number that generated the artifact.
-   * @returns A promise to the info about the build
-   */
-  public async getBuildInfo(buildNumber: number): Promise<BuildInfo> {
-    try {
-      const baseUrl = `${CIRCLE_CI_API_URL}/${this.githubOrg}/${this.githubRepo}/${buildNumber}`;
-      const response = await fetch(`${baseUrl}?${this.tokenParam}`);
-      if (response.status !== 200) {
-        throw new Error(`${baseUrl}: ${response.status} - ${response.statusText}`);
-      }
-      return response.json();
-    } catch (error) {
-        throw new Error(`CircleCI build info request failed (${error.message})`);
-    }
-  }
-
-  /**
-   * Query the CircleCI API to get a URL for a specified artifact from a specified build.
-   * @param artifactPath The path, within the build to the artifact.
-   * @returns A promise to the URL that can be requested to download the actual build artifact file.
-   */
-  public async getBuildArtifactUrl(buildNumber: number, artifactPath: string): Promise<string> {
-    const baseUrl = `${CIRCLE_CI_API_URL}/${this.githubOrg}/${this.githubRepo}/${buildNumber}`;
-    try {
-      const response = await fetch(`${baseUrl}/artifacts?${this.tokenParam}`);
-      const artifacts = await response.json() as ArtifactResponse;
-      const artifact = artifacts.find(item => item.path === artifactPath);
-      if (!artifact) {
-        throw new Error(`Missing artifact (${artifactPath}) for CircleCI build: ${buildNumber}`);
-      }
-      return artifact.url;
-    } catch (error) {
-      throw new Error(`CircleCI artifact URL request failed (${error.message})`);
-    }
-  }
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/constants.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/constants.ts
@ -1,4 +1,3 @@
 // Constants
-export const AIO_DOWNLOADS_DIR = '/tmp/aio-downloads';
 export const HIDDEN_DIR_PREFIX = 'hidden--';
 export const SHORT_SHA_LEN = 7;
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/env-variables.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/env-variables.ts
@ -1,19 +0,0 @@
-import {getEnvVar} from './utils';
-
-export const AIO_ARTIFACT_PATH = getEnvVar('AIO_ARTIFACT_PATH');
-export const AIO_BUILDS_DIR = getEnvVar('AIO_BUILDS_DIR');
-export const AIO_GITHUB_TOKEN = getEnvVar('AIO_GITHUB_TOKEN');
-export const AIO_CIRCLE_CI_TOKEN = getEnvVar('AIO_CIRCLE_CI_TOKEN');
-export const AIO_DOMAIN_NAME = getEnvVar('AIO_DOMAIN_NAME');
-export const AIO_GITHUB_ORGANIZATION = getEnvVar('AIO_GITHUB_ORGANIZATION');
-export const AIO_GITHUB_REPO = getEnvVar('AIO_GITHUB_REPO');
-export const AIO_GITHUB_TEAM_SLUGS = getEnvVar('AIO_GITHUB_TEAM_SLUGS');
-export const AIO_NGINX_HOSTNAME = getEnvVar('AIO_NGINX_HOSTNAME');
-export const AIO_NGINX_PORT_HTTP = +getEnvVar('AIO_NGINX_PORT_HTTP');
-export const AIO_NGINX_PORT_HTTPS = +getEnvVar('AIO_NGINX_PORT_HTTPS');
-export const AIO_SIGNIFICANT_FILES_PATTERN = getEnvVar('AIO_SIGNIFICANT_FILES_PATTERN');
-export const AIO_TRUSTED_PR_LABEL = getEnvVar('AIO_TRUSTED_PR_LABEL');
-export const AIO_PREVIEW_SERVER_HOSTNAME = getEnvVar('AIO_PREVIEW_SERVER_HOSTNAME');
-export const AIO_PREVIEW_SERVER_PORT = +getEnvVar('AIO_PREVIEW_SERVER_PORT');
-export const AIO_ARTIFACT_MAX_SIZE = +getEnvVar('AIO_ARTIFACT_MAX_SIZE');
-export const AIO_WWW_USER = getEnvVar('AIO_WWW_USER');
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-api.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-api.ts
@ -28,18 +28,29 @@ export class GithubApi {
  }

  // Methods - Public
-  public get<T = any>(pathname: string, params?: RequestParamsOrNull): Promise<T> {
+  public get<T>(pathname: string, params?: RequestParamsOrNull): Promise<T> {
    const path = this.buildPath(pathname, params);
    return this.request<T>('get', path);
  }

-  public post<T = any>(pathname: string, params?: RequestParamsOrNull, data?: any): Promise<T> {
+  public post<T>(pathname: string, params?: RequestParamsOrNull, data?: any): Promise<T> {
    const path = this.buildPath(pathname, params);
    return this.request<T>('post', path, data);
  }

-  // In GitHub API paginated requests, page numbering is 1-based. (https://developer.github.com/v3/#pagination)
-  public getPaginated<T>(pathname: string, baseParams: RequestParams = {}, currentPage: number = 1): Promise<T[]> {
+  // Methods - Protected
+  protected buildPath(pathname: string, params?: RequestParamsOrNull): string {
+    if (params == null) {
+      return pathname;
+    }
+
+    const search = (params === null) ? '' : this.serializeSearchParams(params);
+    const joiner = search && '?';
+
+    return `${pathname}${joiner}${search}`;
+  }
+
+  protected getPaginated<T>(pathname: string, baseParams: RequestParams = {}, currentPage: number = 0): Promise<T[]> {
    const perPage = 100;
    const params = {
      ...baseParams,
@ -56,18 +67,6 @@ export class GithubApi {
    });
  }

-  // Methods - Protected
-  protected buildPath(pathname: string, params?: RequestParamsOrNull): string {
-    if (params == null) {
-      return pathname;
-    }
-
-    const search = (params === null) ? '' : this.serializeSearchParams(params);
-    const joiner = search && '?';
-
-    return `${pathname}${joiner}${search}`;
-  }
-
  protected request<T>(method: string, path: string, data: any = null): Promise<T> {
    return new Promise<T>((resolve, reject) => {
      const options = {
@ -82,7 +81,7 @@ export class GithubApi {
        reject(`Request to '${url}' failed (status: ${statusCode}): ${responseText}`);
      };
      const onSuccess = (responseText: string) => {
-        try { resolve(responseText && JSON.parse(responseText)); } catch (err) { reject(err); }
+        try { resolve(JSON.parse(responseText)); } catch (err) { reject(err); }
      };
      const onResponse = (res: IncomingMessage) => {
        const statusCode = res.statusCode || -1;
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-pull-requests.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-pull-requests.ts
@ -1,79 +1,46 @@
+// Imports
+import {assertNotMissingOrEmpty} from '../common/utils';
 import {GithubApi} from './github-api';
-import {assert, assertNotMissingOrEmpty} from './utils';

-export interface PullRequest {
+// Interfaces - Types
+export interface PullRequest  {
  number: number;
  user: {login: string};
  labels: {name: string}[];
 }

-export interface FileInfo {
-  sha: string;
-  filename: string;
-}
-
 export type PullRequestState = 'all' | 'closed' | 'open';

-/**
- * Access pull requests on GitHub.
- */
-export class GithubPullRequests {
-  public repoSlug: string;
-
-  /**
-   * Create an instance of this helper
-   * @param api An instance of the Github API helper.
-   * @param githubOrg The organisation on GitHub whose repo we will interrogate.
-   * @param githubRepo The repository on Github with whose PRs we will interact.
-   */
-  constructor(private api: GithubApi, githubOrg: string, githubRepo: string) {
-    assertNotMissingOrEmpty('githubOrg', githubOrg);
-    assertNotMissingOrEmpty('githubRepo', githubRepo);
-    this.repoSlug = `${githubOrg}/${githubRepo}`;
+// Classes
+export class GithubPullRequests extends GithubApi {
+  // Constructor
+  constructor(githubToken: string, protected repoSlug: string) {
+    super(githubToken);
+    assertNotMissingOrEmpty('repoSlug', repoSlug);
  }

-  /**
-   * Post a comment on a PR.
-   * @param pr The number of the PR on which to comment.
-   * @param body The body of the comment to post.
-   * @returns A promise that resolves when the comment has been posted.
-   */
-  public addComment(pr: number, body: string): Promise<any> {
-    assert(pr > 0, `Invalid PR number: ${pr}`);
-    assert(!!body, `Invalid or empty comment body: ${body}`);
-    return this.api.post<any>(`/repos/${this.repoSlug}/issues/${pr}/comments`, null, {body});
+  // Methods - Public
+  public addComment(pr: number, body: string): Promise<void> {
+    if (!(pr > 0)) {
+      throw new Error(`Invalid PR number: ${pr}`);
+    } else if (!body) {
+      throw new Error(`Invalid or empty comment body: ${body}`);
+    }
+
+    return this.post<void>(`/repos/${this.repoSlug}/issues/${pr}/comments`, null, {body});
  }

-  /**
-   * Request information about a PR.
-   * @param pr The number of the PR for which to request info.
-   * @returns A promise that is resolves with information about the specified PR.
-   */
  public fetch(pr: number): Promise<PullRequest> {
-    assert(pr > 0, `Invalid PR number: ${pr}`);
    // Using the `/issues/` URL, because the `/pulls/` one does not provide labels.
-    return this.api.get<PullRequest>(`/repos/${this.repoSlug}/issues/${pr}`);
+    return this.get<PullRequest>(`/repos/${this.repoSlug}/issues/${pr}`);
  }

-  /**
-   * Request information about all PRs that match the given state.
-   * @param state Only retrieve PRs that have this state.
-   * @returns A promise that is resolved with information about the requested PRs.
-   */
  public fetchAll(state: PullRequestState = 'all'): Promise<PullRequest[]> {
+    console.log(`Fetching ${state} pull requests...`);
+
    const pathname = `/repos/${this.repoSlug}/pulls`;
    const params = {state};

-    return this.api.getPaginated<PullRequest>(pathname, params);
-  }
-
-  /**
-   * Request a list of files for the given PR.
-   * @param pr The number of the PR for which to request files.
-   * @returns A promise that resolves to an array of file information
-   */
-  public fetchFiles(pr: number): Promise<FileInfo[]> {
-    assert(pr > 0, `Invalid PR number: ${pr}`);
-    return this.api.getPaginated<FileInfo>(`/repos/${this.repoSlug}/pulls/${pr}/files`);
+    return this.getPaginated<PullRequest>(pathname, params);
  }
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-teams.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/github-teams.ts
@ -1,72 +1,45 @@
+// Imports
+import {assertNotMissingOrEmpty} from '../common/utils';
 import {GithubApi} from './github-api';
-import {assertNotMissingOrEmpty} from './utils';

-export interface Team {
+// Interfaces - Types
+interface Team {
  id: number;
  slug: string;
 }

-export interface TeamMembership {
+interface TeamMembership {
  state: string;
 }

-export class GithubTeams {
-  /**
-   * Create an instance of this helper
-   * @param api An instance of the Github API helper.
-   * @param githubOrg The organisation on GitHub whose repo we will interrogate.
-   */
-  constructor(private api: GithubApi, protected githubOrg: string) {
-    assertNotMissingOrEmpty('githubOrg', githubOrg);
+// Classes
+export class GithubTeams extends GithubApi {
+  // Constructor
+  constructor(githubToken: string, protected organization: string) {
+    super(githubToken);
+    assertNotMissingOrEmpty('organization', organization);
  }

-  /**
-   * Request information about all the organisation's teams in GitHub.
-   * @returns A promise that is resolved with information about the teams.
-   */
+  // Methods - Public
  public fetchAll(): Promise<Team[]> {
-    return this.api.getPaginated<Team>(`/orgs/${this.githubOrg}/teams`);
+    return this.getPaginated<Team>(`/orgs/${this.organization}/teams`);
  }

-  /**
-   * Check whether the specified username is a member of the specified team.
-   * @param username The usernane to check for in the team.
-   * @param teamIds The team to check for the username.
-   * @returns a Promise that resolves to `true` if the username is a member of the team.
-   */
-  public async isMemberById(username: string, teamIds: number[]): Promise<boolean> {
+  public isMemberById(username: string, teamIds: number[]): Promise<boolean> {
+    const getMembership = (teamId: number) =>
+      this.get<TeamMembership>(`/teams/${teamId}/memberships/${username}`).
+        then(membership => membership.state === 'active').
+        catch(() => false);
+    const reduceFn = (promise: Promise<boolean>, teamId: number) =>
+      promise.then(isMember => isMember || getMembership(teamId));

-    const getMembership = async (teamId: number) => {
-      try {
-        const {state} = await this.api.get<TeamMembership>(`/teams/${teamId}/memberships/${username}`);
-        return state === 'active';
-      } catch (error) {
-        return false;
-      }
-    };
-
-    for (const teamId of teamIds) {
-      if (await getMembership(teamId)) {
-        return true;
-      }
-    }
-
-    return false;
+    return teamIds.reduce(reduceFn, Promise.resolve(false));
  }

-  /**
-   * Check whether the given username is a member of the teams specified by the team slugs.
-   * @param username The username to check for in the teams.
-   * @param teamSlugs A collection of slugs that represent the teams to check for the the username.
-   * @returns a Promise that resolves to `true` if the usernane is a member of at least one of the specified teams.
-   */
-  public async isMemberBySlug(username: string, teamSlugs: string[]): Promise<boolean> {
-    try {
-      const teams = await this.fetchAll();
-      const teamIds = teams.filter(team => teamSlugs.includes(team.slug)).map(team => team.id);
-      return await this.isMemberById(username, teamIds);
-    } catch (error) {
-      return false;
-    }
+  public isMemberBySlug(username: string, teamSlugs: string[]): Promise<boolean> {
+    return this.fetchAll().
+      then(teams => teams.filter(team => teamSlugs.includes(team.slug)).map(team => team.id)).
+      then(teamIds => this.isMemberById(username, teamIds)).
+      catch(() => false);
  }
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/run-tests.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/run-tests.ts
@ -1,14 +1,14 @@
-// We can't use `import...from` here, because of the following mess:
-// - GitHub project `jasmine/jasmine` is `jasmine-core` on npm and its typings `@types/jasmine`.
-// - GitHub project `jasmine/jasmine-npm` is `jasmine` on npm and has no typings.
-//
-// Using `import...from 'jasmine'` here, would import from `@types/jasmine` (which refers to the
-// `jasmine-core` module and the `jasmine` module).
-import Jasmine = require('jasmine');
-import 'source-map-support/register';
-
-export const runTests = (specFiles: string[]) => {
+export const runTests = (specFiles: string[], helpers?: string[]) => {
+  // We can't use `import` here, because of the following mess:
+  // - GitHub project `jasmine/jasmine` is `jasmine-core` on npm and its typings `@types/jasmine`.
+  // - GitHub project `jasmine/jasmine-npm` is `jasmine` on npm and has no typings.
+  //
+  // Using `import...from 'jasmine'` here, would import from `@types/jasmine` (which refers to the
+  // `jasmine-core` module and the `jasmine` module).
+  // tslint:disable-next-line: no-var-requires variable-name
+  const Jasmine = require('jasmine');
  const config = {
+    helpers,
    random: true,
    spec_files: specFiles,
    stopSpecOnExpectationFailure: true,
@ -16,7 +16,7 @@ export const runTests = (specFiles: string[]) => {

  process.on('unhandledRejection', (reason: any) => console.log('Unhandled rejection:', reason));

-  const runner = new Jasmine({});
+  const runner = new Jasmine();
  runner.loadConfig(config);
  runner.onComplete((passed: boolean) => process.exit(passed ? 0 : 1));
  runner.execute();
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/utils.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/common/utils.ts
@ -1,98 +1,17 @@
-import {basename, resolve as resolvePath} from 'path';
-import {SHORT_SHA_LEN} from './constants';
-
-/**
- * Shorten a SHA to make it more readable
- * @param sha The SHA to shorten.
- */
-export function computeShortSha(sha: string) {
-  return sha.substr(0, SHORT_SHA_LEN);
-}
-
-/**
- * Compute the path for a downloaded artifact file.
- * @param downloadsDir The directory where artifacts are downloaded
- * @param pr The PR associated with this artifact.
- * @param sha The SHA associated with the build for this artifact.
- * @param artifactPath The path to the artifact on CircleCI.
- * @returns The fully resolved location for the specified downloaded artifact.
- */
-export function computeArtifactDownloadPath(downloadsDir: string, pr: number, sha: string, artifactPath: string) {
-  return resolvePath(downloadsDir, `${pr}-${computeShortSha(sha)}-${basename(artifactPath)}`);
-}
-
-/**
- * Extract the PR number and latest commit SHA from a downloaded file path.
- * @param downloadPath the path to the downloaded file.
- * @returns An object whose keys are the PR and SHA extracted from the file path.
- */
-export function getPrInfoFromDownloadPath(downloadPath: string) {
-  const file = basename(downloadPath);
-  const [pr, sha] = file.split('-');
-  return {pr: +pr, sha};
-}
-
-/**
- * Assert that a value is true.
- * @param value The value to assert.
- * @param message The message if the value is not true.
- */
-export function assert(value: boolean, message: string) {
-  if (!value) {
-    throw new Error(message);
-  }
-}
-
-/**
- * Assert that a parameter is not equal to "".
- * @param name The name of the parameter.
- * @param value The value of the parameter.
- */
+// Functions
 export const assertNotMissingOrEmpty = (name: string, value: string | null | undefined) => {
-  assert(!!value, `Missing or empty required parameter '${name}'!`);
+  if (!value) {
+    throw new Error(`Missing or empty required parameter '${name}'!`);
+  }
 };

-/**
- * Get an environment variable.
- * @param name The name of the environment variable.
- * @param isOptional True if the variable is optional.
- * @returns The value of the variable or "" if it is optional and falsy.
- * @throws `Error` if the variable is falsy and not optional.
- */
 export const getEnvVar = (name: string, isOptional = false): string => {
  const value = process.env[name];

  if (!isOptional && !value) {
-    try {
-     throw new Error(`ERROR: Missing required environment variable '${name}'!`);
-    } catch (error) {
-      console.error(error.stack);
-      process.exit(1);
-    }
+    console.error(`ERROR: Missing required environment variable '${name}'!`);
+    process.exit(1);
  }

  return value || '';
 };
-
-/**
- * A basic logger implementation.
- * Delegates to `console`, but prepends each message with the current date and specified scope (i.e caller).
- */
-export class Logger {
-  private padding = ' '.repeat(20 - this.scope.length);
-
-  /**
-   * Create a new `Logger` instance for the specified `scope`.
-   * @param scope The logger's scope (added to all messages).
-   */
-  constructor(private scope: string) {}
-
-  public error(...args: any[]) { this.callMethod('error', args); }
-  public info(...args: any[]) { this.callMethod('info', args); }
-  public log(...args: any[]) { this.callMethod('log', args); }
-  public warn(...args: any[]) { this.callMethod('warn', args); }
-
-  private callMethod(method: 'error' | 'info' | 'log' | 'warn', args: any[]) {
-    console[method](`[${new Date()}]`, `${this.scope}:${this.padding}`, ...args);
-  }
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-retriever.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-retriever.ts
@ -1,83 +0,0 @@
-import * as fs from 'fs';
-import fetch from 'node-fetch';
-import {dirname} from 'path';
-import {mkdir} from 'shelljs';
-import {promisify} from 'util';
-import {CircleCiApi} from '../common/circle-ci-api';
-import {assert, assertNotMissingOrEmpty, computeArtifactDownloadPath, Logger} from '../common/utils';
-import {PreviewServerError} from './preview-error';
-
-export interface GithubInfo {
-  org: string;
-  pr: number;
-  repo: string;
-  sha: string;
-  success: boolean;
-}
-
-/**
- * A helper that can get information about builds and download build artifacts.
- */
-export class BuildRetriever {
-  private logger = new Logger('BuildRetriever');
-  constructor(private api: CircleCiApi, private downloadSizeLimit: number, private downloadDir: string) {
-    assert(downloadSizeLimit > 0, 'Invalid parameter "downloadSizeLimit" should be a number greater than 0.');
-    assertNotMissingOrEmpty('downloadDir', downloadDir);
-  }
-
-  /**
-   * Get GitHub information about a build
-   * @param buildNum The number of the build for which to retrieve the info.
-   * @returns The Github org, repo, PR and latest SHA for the specified build.
-   */
-  public async getGithubInfo(buildNum: number): Promise<GithubInfo> {
-    const buildInfo = await this.api.getBuildInfo(buildNum);
-    const githubInfo: GithubInfo = {
-      org: buildInfo.username,
-      pr: getPrFromBranch(buildInfo.branch),
-      repo: buildInfo.reponame,
-      sha: buildInfo.vcs_revision,
-      success: !buildInfo.failed,
-    };
-    return githubInfo;
-  }
-
-  /**
-   * Make a request to the given URL for a build artifact and store it locally.
-   * @param buildNum the number of the CircleCI build whose artifact we want to download.
-   * @param pr the number of the PR that triggered the CircleCI build.
-   * @param sha the commit in the PR that triggered the CircleCI build.
-   * @param artifactPath the path on CircleCI where the artifact was stored.
-   * @returns A promise to the file path where the downloaded file was stored.
-   */
-  public async downloadBuildArtifact(buildNum: number, pr: number, sha: string, artifactPath: string): Promise<string> {
-    try {
-      const outPath = computeArtifactDownloadPath(this.downloadDir, pr, sha, artifactPath);
-      const downloadExists = await new Promise(resolve => fs.exists(outPath, exists => resolve(exists)));
-      if (!downloadExists) {
-        const url = await this.api.getBuildArtifactUrl(buildNum, artifactPath);
-        const response = await fetch(url, {size: this.downloadSizeLimit});
-        if (response.status !== 200) {
-          throw new PreviewServerError(response.status, `Error ${response.status} - ${response.statusText}`);
-        }
-        const buffer = await response.buffer();
-        mkdir('-p', dirname(outPath));
-        await promisify(fs.writeFile)(outPath, buffer);
-      }
-      return outPath;
-    } catch (error) {
-      this.logger.warn(error);
-      const status = (error.type === 'max-size') ? 413 : 500;
-      throw new PreviewServerError(status, `CircleCI artifact download failed (${error.message || error})`);
-    }
-  }
-}
-
-function getPrFromBranch(branch: string): number {
-  // CircleCI only exposes PR numbers via the `branch` field :-(
-  const match = /^pull\/(\d+)$/.exec(branch);
-  if (!match) {
-    throw new Error(`No PR found in branch field: ${branch}`);
-  }
-  return +match[1];
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-verifier.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-verifier.ts
@ -1,46 +0,0 @@
-import {GithubPullRequests, PullRequest} from '../common/github-pull-requests';
-import {GithubTeams} from '../common/github-teams';
-import {assertNotMissingOrEmpty} from '../common/utils';
-
-/**
- * A helper to verify whether builds are trusted.
- */
-export class BuildVerifier {
-  /**
-   * Construct a new BuildVerifier instance.
-   * @param prs A helper to access PR information.
-   * @param teams A helper to access Github team information.
-   * @param allowedTeamSlugs The teams that are trusted.
-   * @param trustedPrLabel The github label that indicates that a PR is trusted.
-   */
-  constructor(protected prs: GithubPullRequests, protected teams: GithubTeams,
-              protected allowedTeamSlugs: string[], protected trustedPrLabel: string) {
-    assertNotMissingOrEmpty('allowedTeamSlugs', allowedTeamSlugs && allowedTeamSlugs.join(''));
-    assertNotMissingOrEmpty('trustedPrLabel', trustedPrLabel);
-  }
-
-  /**
-   * Check whether a PR contains files that are significant to the build.
-   * @param pr The number of the PR to check
-   * @param significantFilePattern A regex that selects files that are significant.
-   */
-  public async getSignificantFilesChanged(pr: number, significantFilePattern: RegExp): Promise<boolean> {
-    const files = await this.prs.fetchFiles(pr);
-    return files.some(file => significantFilePattern.test(file.filename));
-  }
-
-  /**
-   * Check whether a PR is trusted.
-   * @param pr The number of the PR to check.
-   * @returns true if the PR is trusted.
-   */
-  public async getPrIsTrusted(pr: number): Promise<boolean> {
-    const prInfo = await this.prs.fetch(pr);
-    return this.hasLabel(prInfo, this.trustedPrLabel) ||
-           (await this.teams.isMemberBySlug(prInfo.user.login, this.allowedTeamSlugs));
-  }
-
-  protected hasLabel(prInfo: PullRequest, label: string): boolean {
-    return prInfo.labels.some(labelObj => labelObj.name === label);
-  }
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/index.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/index.ts
@ -1,41 +0,0 @@
-// Imports
-import {AIO_DOWNLOADS_DIR} from '../common/constants';
-import {
-  AIO_ARTIFACT_MAX_SIZE,
-  AIO_ARTIFACT_PATH,
-  AIO_BUILDS_DIR,
-  AIO_CIRCLE_CI_TOKEN,
-  AIO_DOMAIN_NAME,
-  AIO_GITHUB_ORGANIZATION,
-  AIO_GITHUB_REPO,
-  AIO_GITHUB_TEAM_SLUGS,
-  AIO_GITHUB_TOKEN,
-  AIO_PREVIEW_SERVER_HOSTNAME,
-  AIO_PREVIEW_SERVER_PORT,
-  AIO_SIGNIFICANT_FILES_PATTERN,
-  AIO_TRUSTED_PR_LABEL,
-} from '../common/env-variables';
-import {PreviewServerFactory} from './preview-server-factory';
-
-// Run
-_main();
-
-// Functions
-function _main(): void {
-  PreviewServerFactory
-    .create({
-      buildArtifactPath: AIO_ARTIFACT_PATH,
-      buildsDir: AIO_BUILDS_DIR,
-      circleCiToken: AIO_CIRCLE_CI_TOKEN,
-      domainName: AIO_DOMAIN_NAME,
-      downloadSizeLimit: AIO_ARTIFACT_MAX_SIZE,
-      downloadsDir: AIO_DOWNLOADS_DIR,
-      githubOrg: AIO_GITHUB_ORGANIZATION,
-      githubRepo: AIO_GITHUB_REPO,
-      githubTeamSlugs: AIO_GITHUB_TEAM_SLUGS.split(','),
-      githubToken: AIO_GITHUB_TOKEN,
-      significantFilesPattern: AIO_SIGNIFICANT_FILES_PATTERN,
-      trustedPrLabel: AIO_TRUSTED_PR_LABEL,
-    })
-    .listen(AIO_PREVIEW_SERVER_PORT, AIO_PREVIEW_SERVER_HOSTNAME);
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/preview-server-factory.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/preview-server-factory.ts
@ -1,213 +0,0 @@
-// Imports
-import * as bodyParser from 'body-parser';
-import * as express from 'express';
-import * as http from 'http';
-import {AddressInfo} from 'net';
-import {CircleCiApi} from '../common/circle-ci-api';
-import {GithubApi} from '../common/github-api';
-import {GithubPullRequests} from '../common/github-pull-requests';
-import {GithubTeams} from '../common/github-teams';
-import {assert, assertNotMissingOrEmpty, computeShortSha, Logger} from '../common/utils';
-import {BuildCreator} from './build-creator';
-import {ChangedPrVisibilityEvent, CreatedBuildEvent} from './build-events';
-import {BuildRetriever} from './build-retriever';
-import {BuildVerifier} from './build-verifier';
-import {respondWithError, throwRequestError} from './utils';
-
-const AIO_PREVIEW_JOB = 'aio_preview';
-
-// Interfaces - Types
-export interface PreviewServerConfig {
-  downloadsDir: string;
-  downloadSizeLimit: number;
-  buildArtifactPath: string;
-  buildsDir: string;
-  domainName: string;
-  githubOrg: string;
-  githubRepo: string;
-  githubTeamSlugs: string[];
-  circleCiToken: string;
-  githubToken: string;
-  significantFilesPattern: string;
-  trustedPrLabel: string;
-}
-
-const logger = new Logger('PreviewServer');
-
-// Classes
-export class PreviewServerFactory {
-  // Methods - Public
-  public static create(cfg: PreviewServerConfig): http.Server {
-    assertNotMissingOrEmpty('domainName', cfg.domainName);
-
-    const circleCiApi = new CircleCiApi(cfg.githubOrg, cfg.githubRepo, cfg.circleCiToken);
-    const githubApi = new GithubApi(cfg.githubToken);
-    const prs = new GithubPullRequests(githubApi, cfg.githubOrg, cfg.githubRepo);
-    const teams = new GithubTeams(githubApi, cfg.githubOrg);
-
-    const buildRetriever = new BuildRetriever(circleCiApi, cfg.downloadSizeLimit, cfg.downloadsDir);
-    const buildVerifier = new BuildVerifier(prs, teams, cfg.githubTeamSlugs, cfg.trustedPrLabel);
-    const buildCreator = PreviewServerFactory.createBuildCreator(prs, cfg.buildsDir, cfg.domainName);
-
-    const middleware = PreviewServerFactory.createMiddleware(buildRetriever, buildVerifier, buildCreator, cfg);
-    const httpServer = http.createServer(middleware as any);
-
-    httpServer.on('listening', () => {
-      const info = httpServer.address() as AddressInfo;
-      logger.info(`Up and running (and listening on ${info.address}:${info.port})...`);
-    });
-
-    return httpServer;
-  }
-
-  public static createMiddleware(buildRetriever: BuildRetriever, buildVerifier: BuildVerifier,
-                                 buildCreator: BuildCreator, cfg: PreviewServerConfig): express.Express {
-    const middleware = express();
-    const jsonParser = bodyParser.json();
-    const significantFilesRe = new RegExp(cfg.significantFilesPattern);
-
-    // RESPOND TO IS-ALIVE PING
-    middleware.get(/^\/health-check\/?$/, (_req, res) => res.sendStatus(200));
-
-    // RESPOND TO CAN-HAVE-PUBLIC-PREVIEW CHECK
-    const canHavePublicPreviewRe = /^\/can-have-public-preview\/(\d+)\/?$/;
-    middleware.get(canHavePublicPreviewRe, async (req, res) => {
-      try {
-        const pr = +canHavePublicPreviewRe.exec(req.url)![1];
-
-        if (!await buildVerifier.getSignificantFilesChanged(pr, significantFilesRe)) {
-          // Cannot have preview: PR did not touch relevant files: `aio/` or `packages/` (except for spec files).
-          res.send({canHavePublicPreview: false, reason: 'No significant files touched.'});
-          logger.log(`PR:${pr} - Cannot have a public preview, because it did not touch any significant files.`);
-        } else if (!await buildVerifier.getPrIsTrusted(pr)) {
-          // Cannot have preview: PR not automatically verifiable as "trusted".
-          res.send({canHavePublicPreview: false, reason: 'Not automatically verifiable as "trusted".'});
-          logger.log(`PR:${pr} - Cannot have a public preview, because not automatically verifiable as "trusted".`);
-        } else {
-          // Can have preview.
-          res.send({canHavePublicPreview: true, reason: null});
-          logger.log(`PR:${pr} - Can have a public preview.`);
-        }
-      } catch (err) {
-        logger.error('Previewability check error', err);
-        respondWithError(res, err);
-      }
-    });
-
-    // CIRCLE_CI BUILD COMPLETE WEBHOOK
-    middleware.post(/^\/circle-build\/?$/, jsonParser, async (req, res) => {
-      try {
-        if (!(
-          req.is('json') &&
-          req.body &&
-          req.body.payload &&
-          req.body.payload.build_num > 0 &&
-          req.body.payload.build_parameters &&
-          req.body.payload.build_parameters.CIRCLE_JOB
-        )) {
-          throwRequestError(400, `Incorrect body content. Expected JSON`, req);
-        }
-
-        const job = req.body.payload.build_parameters.CIRCLE_JOB;
-        const buildNum = req.body.payload.build_num;
-
-        logger.log(`Build:${buildNum}, Job:${job} - processing web-hook trigger`);
-
-        if (job !== AIO_PREVIEW_JOB) {
-          res.sendStatus(204);
-          logger.log(`Build:${buildNum}, Job:${job} -`,
-                     `Skipping preview processing because this is not the "${AIO_PREVIEW_JOB}" job.`);
-          return;
-        }
-
-        const { pr, sha, org, repo, success } = await buildRetriever.getGithubInfo(buildNum);
-
-        if (!success) {
-          res.sendStatus(204);
-          logger.log(`PR:${pr}, Build:${buildNum} - Skipping preview processing because this build did not succeed.`);
-          return;
-        }
-
-        assert(cfg.githubOrg === org,
-          `Invalid webhook: expected "githubOrg" property to equal "${cfg.githubOrg}" but got "${org}".`);
-        assert(cfg.githubRepo === repo,
-          `Invalid webhook: expected "githubRepo" property to equal "${cfg.githubRepo}" but got "${repo}".`);
-
-        // Do not deploy unless this PR has touched relevant files: `aio/` or `packages/` (except for spec files)
-        if (!await buildVerifier.getSignificantFilesChanged(pr, significantFilesRe)) {
-          res.sendStatus(204);
-          logger.log(`PR:${pr}, Build:${buildNum} - ` +
-                     `Skipping preview processing because this PR did not touch any significant files.`);
-          return;
-        }
-
-        const artifactPath = await buildRetriever.downloadBuildArtifact(buildNum, pr, sha, cfg.buildArtifactPath);
-        const isPublic = await buildVerifier.getPrIsTrusted(pr);
-        await buildCreator.create(pr, sha, artifactPath, isPublic);
-
-        res.sendStatus(isPublic ? 201 : 202);
-        logger.log(`PR:${pr}, SHA:${computeShortSha(sha)}, Build:${buildNum} - ` +
-                   `Successfully created ${isPublic ? 'public' : 'non-public'} preview.`);
-      } catch (err) {
-        logger.error('CircleCI webhook error', err);
-        respondWithError(res, err);
-      }
-    });
-
-    // GITHUB PR UPDATED WEBHOOK
-    middleware.post(/^\/pr-updated\/?$/, jsonParser, async (req, res) => {
-      const { action, number: prNo }: { action?: string, number?: number } = req.body;
-      const visMayHaveChanged = !action || (action === 'labeled') || (action === 'unlabeled');
-
-      try {
-        if (!visMayHaveChanged) {
-          res.sendStatus(200);
-        } else if (!prNo) {
-          throwRequestError(400, `Missing or empty 'number' field`, req);
-        } else {
-          const isPublic = await buildVerifier.getPrIsTrusted(prNo);
-          await buildCreator.updatePrVisibility(prNo, isPublic);
-          res.sendStatus(200);
-        }
-      } catch (err) {
-        logger.error('PR update hook error', err);
-        respondWithError(res, err);
-      }
-    });
-
-    // ALL OTHER REQUESTS
-    middleware.all('*', req => throwRequestError(404, 'Unknown resource', req));
-    middleware.use((err: any, _req: any, res: express.Response, _next: any) => {
-      const statusText = http.STATUS_CODES[err.status] || '???';
-      logger.error(`Preview server error: ${err.status} - ${statusText}:`, err.message);
-      respondWithError(res, err);
-    });
-
-    return middleware;
-  }
-
-  public static createBuildCreator(prs: GithubPullRequests, buildsDir: string, domainName: string): BuildCreator {
-    const buildCreator = new BuildCreator(buildsDir);
-    const postPreviewsComment = (pr: number, shas: string[]) => {
-      const body = shas.
-        map(sha => `You can preview ${sha} at https://pr${pr}-${sha}.${domainName}/.`).
-        join('\n');
-
-      return prs.addComment(pr, body);
-    };
-
-    buildCreator.on(CreatedBuildEvent.type, ({pr, sha, isPublic}: CreatedBuildEvent) => {
-      if (isPublic) {
-        postPreviewsComment(pr, [sha]);
-      }
-    });
-
-    buildCreator.on(ChangedPrVisibilityEvent.type, ({pr, shas, isPublic}: ChangedPrVisibilityEvent) => {
-      if (isPublic && shas.length) {
-        postPreviewsComment(pr, shas);
-      }
-    });
-
-    return buildCreator;
-  }
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/utils.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/utils.ts
@ -1,29 +0,0 @@
-import * as express from 'express';
-import {promisify} from 'util';
-import {PreviewServerError} from './preview-error';
-
-/**
- * Update the response to report that an error has occurred.
- * @param res The response to configure as an error.
- * @param err The error that needs to be reported.
- */
-export async function respondWithError(res: express.Response, err: any): Promise<void> {
-  if (!(err instanceof PreviewServerError)) {
-    err = new PreviewServerError(500, String((err && err.message) || err));
-  }
-
-  res.status(err.status);
-  await promisify(res.end.bind(res))(err.message);
-}
-
-/**
- * Throw an exception that describes the given error information.
- * @param status The HTTP status code include in the error.
- * @param error The error message to include in the error.
- * @param req The request that triggered this error.
- */
-export function throwRequestError(status: number, error: string, req: express.Request): never {
-  const message = `${error} in request: ${req.method} ${req.originalUrl}` +
-                  (!req.body ? '' : ` ${JSON.stringify(req.body)}`);
-  throw new PreviewServerError(status, message);
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-creator.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-creator.ts
@ -4,16 +4,13 @@ import {EventEmitter} from 'events';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as shell from 'shelljs';
-import {HIDDEN_DIR_PREFIX} from '../common/constants';
-import {assertNotMissingOrEmpty, computeShortSha, Logger} from '../common/utils';
+import {HIDDEN_DIR_PREFIX, SHORT_SHA_LEN} from '../common/constants';
+import {assertNotMissingOrEmpty} from '../common/utils';
 import {ChangedPrVisibilityEvent, CreatedBuildEvent} from './build-events';
-import {PreviewServerError} from './preview-error';
+import {UploadError} from './upload-error';

 // Classes
 export class BuildCreator extends EventEmitter {
-
-  private logger = new Logger('BuildCreator');
-
  // Constructor
  constructor(protected buildsDir: string) {
    super();
@ -21,9 +18,9 @@ export class BuildCreator extends EventEmitter {
  }

  // Methods - Public
-  public create(pr: number, sha: string, archivePath: string, isPublic: boolean): Promise<void> {
+  public create(pr: string, sha: string, archivePath: string, isPublic: boolean): Promise<void> {
    // Use only part of the SHA for more readable URLs.
-    sha = computeShortSha(sha);
+    sha = sha.substr(0, SHORT_SHA_LEN);

    const {newPrDir: prDir} = this.getCandidatePrDirs(pr, isPublic);
    const shaDir = path.join(prDir, sha);
@ -36,7 +33,7 @@ export class BuildCreator extends EventEmitter {
      then(([prDirExisted, shaDirExisted]) => {
        if (shaDirExisted) {
          const publicOrNot = isPublic ? 'public' : 'non-public';
-          throw new PreviewServerError(409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
+          throw new UploadError(409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
        }

        dirToRemoveOnError = prDirExisted ? shaDir : prDir;
@ -52,15 +49,15 @@ export class BuildCreator extends EventEmitter {
          shell.rm('-rf', dirToRemoveOnError);
        }

-        if (!(err instanceof PreviewServerError)) {
-          err = new PreviewServerError(500, `Error while creating preview at: ${shaDir}\n${err}`);
+        if (!(err instanceof UploadError)) {
+          err = new UploadError(500, `Error while uploading to directory: ${shaDir}\n${err}`);
        }

        throw err;
      });
  }

-  public updatePrVisibility(pr: number, makePublic: boolean): Promise<boolean> {
+  public updatePrVisibility(pr: string, makePublic: boolean): Promise<boolean> {
    const {oldPrDir: otherVisPrDir, newPrDir: targetVisPrDir} = this.getCandidatePrDirs(pr, makePublic);

    return Promise.
@ -71,8 +68,7 @@ export class BuildCreator extends EventEmitter {
          return false;
        } else if (targetVisPrDirExisted) {
          // Error: Directories for both visibilities exist.
-          throw new PreviewServerError(409,
-              `Request to move '${otherVisPrDir}' to existing directory '${targetVisPrDir}'.`);
+          throw new UploadError(409, `Request to move '${otherVisPrDir}' to existing directory '${targetVisPrDir}'.`);
        }

        // Visibility change: Moving `otherVisPrDir` to `targetVisPrDir`.
@ -83,8 +79,8 @@ export class BuildCreator extends EventEmitter {
          then(() => true);
      }).
      catch(err => {
-        if (!(err instanceof PreviewServerError)) {
-          err = new PreviewServerError(500, `Error while making PR ${pr} ${makePublic ? 'public' : 'hidden'}.\n${err}`);
+        if (!(err instanceof UploadError)) {
+          err = new UploadError(500, `Error while making PR ${pr} ${makePublic ? 'public' : 'hidden'}.\n${err}`);
        }

        throw err;
@ -106,11 +102,12 @@ export class BuildCreator extends EventEmitter {
        }

        if (stderr) {
-          this.logger.warn(stderr);
+          console.warn(stderr);
        }

        try {
-          shell.chmod('-R', 'a-w', outputDir);
+          // Undocumented signature (see https://github.com/shelljs/shelljs/pull/663).
+          (shell as any).chmod('-R', 'a-w', outputDir);
          shell.rm('-f', inputFile);
          resolve();
        } catch (err) {
@ -120,9 +117,9 @@ export class BuildCreator extends EventEmitter {
    });
  }

-  protected getCandidatePrDirs(pr: number, isPublic: boolean): {oldPrDir: string, newPrDir: string} {
+  protected getCandidatePrDirs(pr: string, isPublic: boolean) {
    const hiddenPrDir = path.join(this.buildsDir, HIDDEN_DIR_PREFIX + pr);
-    const publicPrDir = path.join(this.buildsDir, `${pr}`);
+    const publicPrDir = path.join(this.buildsDir, pr);

    const oldPrDir = isPublic ? hiddenPrDir : publicPrDir;
    const newPrDir = isPublic ? publicPrDir : hiddenPrDir;
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-events.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/build-events.ts
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/build-verifier.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/build-verifier.ts
@ -0,0 +1,87 @@
+// Imports
+import * as jwt from 'jsonwebtoken';
+import {GithubPullRequests, PullRequest} from '../common/github-pull-requests';
+import {GithubTeams} from '../common/github-teams';
+import {assertNotMissingOrEmpty} from '../common/utils';
+import {UploadError} from './upload-error';
+
+// Interfaces - Types
+interface JwtPayload {
+  slug: string;
+  'pull-request': number;
+}
+
+// Enums
+export enum BUILD_VERIFICATION_STATUS {
+  verifiedAndTrusted,
+  verifiedNotTrusted,
+}
+
+// Classes
+export class BuildVerifier {
+  // Properties - Protected
+  protected githubPullRequests: GithubPullRequests;
+  protected githubTeams: GithubTeams;
+
+  // Constructor
+  constructor(protected secret: string, githubToken: string, protected repoSlug: string, organization: string,
+              protected allowedTeamSlugs: string[], protected trustedPrLabel: string) {
+    assertNotMissingOrEmpty('secret', secret);
+    assertNotMissingOrEmpty('githubToken', githubToken);
+    assertNotMissingOrEmpty('repoSlug', repoSlug);
+    assertNotMissingOrEmpty('organization', organization);
+    assertNotMissingOrEmpty('allowedTeamSlugs', allowedTeamSlugs && allowedTeamSlugs.join(''));
+    assertNotMissingOrEmpty('trustedPrLabel', trustedPrLabel);
+
+    this.githubPullRequests = new GithubPullRequests(githubToken, repoSlug);
+    this.githubTeams = new GithubTeams(githubToken, organization);
+  }
+
+  // Methods - Public
+  public getPrIsTrusted(pr: number): Promise<boolean> {
+    return Promise.resolve().
+      then(() => this.githubPullRequests.fetch(pr)).
+      then(prInfo => this.hasLabel(prInfo, this.trustedPrLabel) ||
+                     this.githubTeams.isMemberBySlug(prInfo.user.login, this.allowedTeamSlugs));
+  }
+
+  public verify(expectedPr: number, authHeader: string): Promise<BUILD_VERIFICATION_STATUS> {
+    return Promise.resolve().
+      then(() => this.extractJwtString(authHeader)).
+      then(jwtString => this.verifyJwt(expectedPr, jwtString)).
+      then(jwtPayload => this.verifyPr(jwtPayload['pull-request'])).
+      catch(err => { throw new UploadError(403, `Error while verifying upload for PR ${expectedPr}: ${err}`); });
+  }
+
+  // Methods - Protected
+  protected extractJwtString(input: string): string {
+    return input.replace(/^token +/i, '');
+  }
+
+  protected hasLabel(prInfo: PullRequest, label: string) {
+    return prInfo.labels.some(labelObj => labelObj.name === label);
+  }
+
+  protected verifyJwt(expectedPr: number, token: string): Promise<JwtPayload> {
+    return new Promise((resolve, reject) => {
+      jwt.verify(token, this.secret, {issuer: 'Travis CI, GmbH'}, (err, payload: JwtPayload) => {
+        if (err) {
+          reject(err.message || err);
+        } else if (payload.slug !== this.repoSlug) {
+          reject(`jwt slug invalid. expected: ${this.repoSlug}`);
+        } else if (payload['pull-request'] !== expectedPr) {
+          reject(`jwt pull-request invalid. expected: ${expectedPr}`);
+        } else {
+          resolve(payload);
+        }
+      });
+    });
+  }
+
+  protected verifyPr(pr: number): Promise<BUILD_VERIFICATION_STATUS> {
+    return this.getPrIsTrusted(pr).
+      then(isTrusted => Promise.resolve(isTrusted ?
+          BUILD_VERIFICATION_STATUS.verifiedAndTrusted :
+          BUILD_VERIFICATION_STATUS.verifiedNotTrusted));
+  }
+}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-preverify-pr.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-preverify-pr.ts
@ -0,0 +1,39 @@
+// Imports
+import {getEnvVar} from '../common/utils';
+import {BuildVerifier} from './build-verifier';
+
+// Run
+_main();
+
+// Functions
+function _main() {
+  const secret = 'unused';
+  const githubToken = getEnvVar('AIO_GITHUB_TOKEN');
+  const repoSlug = getEnvVar('AIO_REPO_SLUG');
+  const organization = getEnvVar('AIO_GITHUB_ORGANIZATION');
+  const allowedTeamSlugs = getEnvVar('AIO_GITHUB_TEAM_SLUGS').split(',');
+  const trustedPrLabel = getEnvVar('AIO_TRUSTED_PR_LABEL');
+  const pr = +getEnvVar('AIO_PREVERIFY_PR');
+
+  const buildVerifier = new BuildVerifier(secret, githubToken, repoSlug, organization, allowedTeamSlugs,
+                                          trustedPrLabel);
+
+  // Exit codes:
+  // - 0: The PR can be automatically trusted (i.e. author belongs to trusted team or PR has the "trusted PR" label).
+  // - 1: An error occurred.
+  // - 2: The PR cannot be automatically trusted.
+  buildVerifier.getPrIsTrusted(pr).
+    then(isTrusted => {
+      if (!isTrusted) {
+        console.warn(
+            `The PR cannot be automatically verified, because it doesn't have the "${trustedPrLabel}" label and the ` +
+            `the author is not an active member of any of the following teams: ${allowedTeamSlugs.join(', ')}`);
+      }
+
+      process.exit(isTrusted ? 0 : 2);
+    }).
+    catch(err => {
+      console.error(err);
+      process.exit(1);
+    });
+}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index.ts
@ -0,0 +1,34 @@
+// Imports
+import {getEnvVar} from '../common/utils';
+import {uploadServerFactory} from './upload-server-factory';
+
+// Constants
+const AIO_BUILDS_DIR = getEnvVar('AIO_BUILDS_DIR');
+const AIO_DOMAIN_NAME = getEnvVar('AIO_DOMAIN_NAME');
+const AIO_GITHUB_ORGANIZATION = getEnvVar('AIO_GITHUB_ORGANIZATION');
+const AIO_GITHUB_TEAM_SLUGS = getEnvVar('AIO_GITHUB_TEAM_SLUGS');
+const AIO_GITHUB_TOKEN = getEnvVar('AIO_GITHUB_TOKEN');
+const AIO_PREVIEW_DEPLOYMENT_TOKEN = getEnvVar('AIO_PREVIEW_DEPLOYMENT_TOKEN');
+const AIO_REPO_SLUG = getEnvVar('AIO_REPO_SLUG');
+const AIO_TRUSTED_PR_LABEL = getEnvVar('AIO_TRUSTED_PR_LABEL');
+const AIO_UPLOAD_HOSTNAME = getEnvVar('AIO_UPLOAD_HOSTNAME');
+const AIO_UPLOAD_PORT = +getEnvVar('AIO_UPLOAD_PORT');
+
+// Run
+_main();
+
+// Functions
+function _main() {
+  uploadServerFactory.
+    create({
+      buildsDir: AIO_BUILDS_DIR,
+      domainName: AIO_DOMAIN_NAME,
+      githubOrganization: AIO_GITHUB_ORGANIZATION,
+      githubTeamSlugs: AIO_GITHUB_TEAM_SLUGS.split(','),
+      githubToken: AIO_GITHUB_TOKEN,
+      repoSlug: AIO_REPO_SLUG,
+      secret: AIO_PREVIEW_DEPLOYMENT_TOKEN,
+      trustedPrLabel: AIO_TRUSTED_PR_LABEL,
+    }).
+    listen(AIO_UPLOAD_PORT, AIO_UPLOAD_HOSTNAME);
+}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/preview-error.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/preview-server/preview-error.ts
@ -1,8 +1,8 @@
 // Classes
-export class PreviewServerError extends Error {
+export class UploadError extends Error {
  // Constructor
  constructor(public status: number = 500, message?: string) {
    super(message);
-    Object.setPrototypeOf(this, PreviewServerError.prototype);
+    Object.setPrototypeOf(this, UploadError.prototype);
  }
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/upload-server-factory.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/upload-server-factory.ts
@ -0,0 +1,153 @@
+// Imports
+import * as bodyParser from 'body-parser';
+import * as express from 'express';
+import * as http from 'http';
+import {GithubPullRequests} from '../common/github-pull-requests';
+import {assertNotMissingOrEmpty} from '../common/utils';
+import {BuildCreator} from './build-creator';
+import {ChangedPrVisibilityEvent, CreatedBuildEvent} from './build-events';
+import {BUILD_VERIFICATION_STATUS, BuildVerifier} from './build-verifier';
+import {UploadError} from './upload-error';
+
+// Constants
+const AUTHORIZATION_HEADER = 'AUTHORIZATION';
+const X_FILE_HEADER = 'X-FILE';
+
+// Interfaces - Types
+interface UploadServerConfig {
+  buildsDir: string;
+  domainName: string;
+  githubOrganization: string;
+  githubTeamSlugs: string[];
+  githubToken: string;
+  repoSlug: string;
+  secret: string;
+  trustedPrLabel: string;
+}
+
+// Classes
+class UploadServerFactory {
+  // Methods - Public
+  public create({
+    buildsDir,
+    domainName,
+    githubOrganization,
+    githubTeamSlugs,
+    githubToken,
+    repoSlug,
+    secret,
+    trustedPrLabel,
+  }: UploadServerConfig): http.Server {
+    assertNotMissingOrEmpty('domainName', domainName);
+
+    const buildVerifier = new BuildVerifier(secret, githubToken, repoSlug, githubOrganization, githubTeamSlugs,
+                                            trustedPrLabel);
+    const buildCreator = this.createBuildCreator(buildsDir, githubToken, repoSlug, domainName);
+
+    const middleware = this.createMiddleware(buildVerifier, buildCreator);
+    const httpServer = http.createServer(middleware as any);
+
+    httpServer.on('listening', () => {
+      const info = httpServer.address();
+      console.info(`Up and running (and listening on ${info.address}:${info.port})...`);
+    });
+
+    return httpServer;
+  }
+
+  // Methods - Protected
+  protected createBuildCreator(buildsDir: string, githubToken: string, repoSlug: string,
+                               domainName: string): BuildCreator {
+    const buildCreator = new BuildCreator(buildsDir);
+    const githubPullRequests = new GithubPullRequests(githubToken, repoSlug);
+    const postPreviewsComment = (pr: number, shas: string[]) => {
+      const body = shas.
+        map(sha => `You can preview ${sha} at https://pr${pr}-${sha}.${domainName}/.`).
+        join('\n');
+
+      return githubPullRequests.addComment(pr, body);
+    };
+
+    buildCreator.on(CreatedBuildEvent.type, ({pr, sha, isPublic}: CreatedBuildEvent) => {
+      if (isPublic) {
+        postPreviewsComment(pr, [sha]);
+      }
+    });
+
+    buildCreator.on(ChangedPrVisibilityEvent.type, ({pr, shas, isPublic}: ChangedPrVisibilityEvent) => {
+      if (isPublic && shas.length) {
+        postPreviewsComment(pr, shas);
+      }
+    });
+
+    return buildCreator;
+  }
+
+  protected createMiddleware(buildVerifier: BuildVerifier, buildCreator: BuildCreator): express.Express {
+    const middleware = express();
+    const jsonParser = bodyParser.json();
+
+    middleware.get(/^\/create-build\/([1-9][0-9]*)\/([0-9a-f]{40})\/?$/, (req, res) => {
+      const pr = req.params[0];
+      const sha = req.params[1];
+      const archive = req.header(X_FILE_HEADER);
+      const authHeader = req.header(AUTHORIZATION_HEADER);
+
+      if (!authHeader) {
+        this.throwRequestError(401, `Missing or empty '${AUTHORIZATION_HEADER}' header`, req);
+      } else if (!archive) {
+        this.throwRequestError(400, `Missing or empty '${X_FILE_HEADER}' header`, req);
+      } else {
+        Promise.resolve().
+          then(() => buildVerifier.verify(+pr, authHeader)).
+          then(verStatus => verStatus === BUILD_VERIFICATION_STATUS.verifiedAndTrusted).
+          then(isPublic => buildCreator.create(pr, sha, archive, isPublic).
+            then(() => res.sendStatus(isPublic ? 201 : 202))).
+          catch(err => this.respondWithError(res, err));
+      }
+    });
+    middleware.get(/^\/health-check\/?$/, (_req, res) => res.sendStatus(200));
+    middleware.post(/^\/pr-updated\/?$/, jsonParser, (req, res) => {
+      const {action, number: prNo}: {action?: string, number?: number} = req.body;
+      const visMayHaveChanged = !action || (action === 'labeled') || (action === 'unlabeled');
+
+      if (!visMayHaveChanged) {
+        res.sendStatus(200);
+      } else if (!prNo) {
+        this.throwRequestError(400, `Missing or empty 'number' field`, req);
+      } else {
+        Promise.resolve().
+          then(() => buildVerifier.getPrIsTrusted(prNo)).
+          then(isPublic => buildCreator.updatePrVisibility(String(prNo), isPublic)).
+          then(() => res.sendStatus(200)).
+          catch(err => this.respondWithError(res, err));
+      }
+    });
+    middleware.all('*', req => this.throwRequestError(404, 'Unknown resource', req));
+    middleware.use((err: any, _req: any, res: express.Response, _next: any) => this.respondWithError(res, err));
+
+    return middleware;
+  }
+
+  protected respondWithError(res: express.Response, err: any) {
+    if (!(err instanceof UploadError)) {
+      err = new UploadError(500, String((err && err.message) || err));
+    }
+
+    const statusText = http.STATUS_CODES[err.status] || '???';
+    console.error(`Upload error: ${err.status} - ${statusText}`);
+    console.error(err.message);
+
+    res.status(err.status).end(err.message);
+  }
+
+  protected throwRequestError(status: number, error: string, req: express.Request) {
+    const message = `${error} in request: ${req.method} ${req.originalUrl}` +
+                    (!req.body ? '' : ` ${JSON.stringify(req.body)}`);
+
+    throw new UploadError(status, message);
+  }
+}
+
+// Exports
+export const uploadServerFactory = new UploadServerFactory();
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/constants.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/constants.ts
@ -1,37 +1,16 @@
-export const enum BuildNums {
-  BUILD_INFO_ERROR = 1,
-  BUILD_INFO_404,
-  BUILD_INFO_BUILD_FAILED,
-  BUILD_INFO_INVALID_GH_ORG,
-  BUILD_INFO_INVALID_GH_REPO,
-  CHANGED_FILES_ERROR,
-  CHANGED_FILES_404,
-  CHANGED_FILES_NONE,
-  BUILD_ARTIFACTS_ERROR,
-  BUILD_ARTIFACTS_404,
-  BUILD_ARTIFACTS_EMPTY,
-  BUILD_ARTIFACTS_MISSING,
-  DOWNLOAD_ARTIFACT_ERROR,
-  DOWNLOAD_ARTIFACT_404,
-  DOWNLOAD_ARTIFACT_TOO_BIG,
-  TRUST_CHECK_ERROR,
-  TRUST_CHECK_UNTRUSTED,
-  TRUST_CHECK_TRUSTED_LABEL,
-  TRUST_CHECK_ACTIVE_TRUSTED_USER,
-  TRUST_CHECK_INACTIVE_TRUSTED_USER,
-}
+// Using the values below, we can fake the response of the corresponding methods in tests. This is
+// necessary, because the test upload-server will be running as a separate node process, so we will
+// not have direct access to the code (e.g. for mocking).
+// (See also 'lib/verify-setup/start-test-upload-server.ts'.)

-export const enum PrNums {
-  CHANGED_FILES_ERROR = 1,
-  CHANGED_FILES_404,
-  CHANGED_FILES_NONE,
-  TRUST_CHECK_ERROR,
-  TRUST_CHECK_UNTRUSTED,
-  TRUST_CHECK_TRUSTED_LABEL,
-  TRUST_CHECK_ACTIVE_TRUSTED_USER,
-  TRUST_CHECK_INACTIVE_TRUSTED_USER,
-}
+/* tslint:disable: variable-name */

-export const SHA = '1234567890'.repeat(4);
-export const ALT_SHA = 'abcde'.repeat(8);
-export const SIMILAR_SHA = SHA.slice(0, -1) + 'A';
+// Special values to be used as `authHeader` in `BuildVerifier#verify()`.
+export const BV_verify_error = 'FAKE_VERIFICATION_ERROR';
+export const BV_verify_verifiedNotTrusted = 'FAKE_VERIFIED_NOT_TRUSTED';
+
+// Special values to be used as `pr` in `BuildVerifier#getPrIsTrusted()`.
+export const BV_getPrIsTrusted_error = 32203;
+export const BV_getPrIsTrusted_notTrusted = 72457;
+
+/* tslint:enable: variable-name */
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/delete-empty.d.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/delete-empty.d.ts
@ -1,10 +0,0 @@
-declare module 'delete-empty' {
-  interface Options {
-    dryRun: boolean;
-    verbose: boolean;
-    filter: (filePath: string) => boolean;
-  }
-  export default function deleteEmpty(cwd: string, options?: Options): Promise<string[]>;
-  export default function deleteEmpty(cwd: string, options?: Options, callback?: (err: any, deleted: string[]) => void): void;
-  export function sync(cwd: string, options?: Options): string[];
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/helper.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/helper.ts
@ -4,14 +4,18 @@ import * as fs from 'fs';
 import * as http from 'http';
 import * as path from 'path';
 import * as shell from 'shelljs';
-import {AIO_DOWNLOADS_DIR, HIDDEN_DIR_PREFIX} from '../common/constants';
-import {
-  AIO_BUILDS_DIR,
-  AIO_NGINX_PORT_HTTP,
-  AIO_NGINX_PORT_HTTPS,
-  AIO_WWW_USER,
-} from '../common/env-variables';
-import {computeShortSha, Logger} from '../common/utils';
+import {HIDDEN_DIR_PREFIX, SHORT_SHA_LEN} from '../common/constants';
+import {getEnvVar} from '../common/utils';
+
+// Constans
+const TEST_AIO_BUILDS_DIR = getEnvVar('TEST_AIO_BUILDS_DIR');
+const TEST_AIO_NGINX_HOSTNAME = getEnvVar('TEST_AIO_NGINX_HOSTNAME');
+const TEST_AIO_NGINX_PORT_HTTP = +getEnvVar('TEST_AIO_NGINX_PORT_HTTP');
+const TEST_AIO_NGINX_PORT_HTTPS = +getEnvVar('TEST_AIO_NGINX_PORT_HTTPS');
+const TEST_AIO_UPLOAD_HOSTNAME = getEnvVar('TEST_AIO_UPLOAD_HOSTNAME');
+const TEST_AIO_UPLOAD_MAX_SIZE = +getEnvVar('TEST_AIO_UPLOAD_MAX_SIZE');
+const TEST_AIO_UPLOAD_PORT = +getEnvVar('TEST_AIO_UPLOAD_PORT');
+const WWW_USER = getEnvVar('AIO_WWW_USER');

 // Interfaces - Types
 export interface CmdResult { success: boolean; err: Error | null; stdout: string; stderr: string; }
@ -23,50 +27,61 @@ export type VerifyCmdResultFn = (result: CmdResult) => void;

 // Classes
 class Helper {
+  // Properties - Public
+  public get buildsDir() { return TEST_AIO_BUILDS_DIR; }
+  public get nginxHostname() { return TEST_AIO_NGINX_HOSTNAME; }
+  public get nginxPortHttp() { return TEST_AIO_NGINX_PORT_HTTP; }
+  public get nginxPortHttps() { return TEST_AIO_NGINX_PORT_HTTPS; }
+  public get uploadHostname() { return TEST_AIO_UPLOAD_HOSTNAME; }
+  public get uploadPort() { return TEST_AIO_UPLOAD_PORT; }
+  public get uploadMaxSize() { return TEST_AIO_UPLOAD_MAX_SIZE; }
+  public get wwwUser() { return WWW_USER; }

  // Properties - Protected
  protected cleanUpFns: CleanUpFn[] = [];
  protected portPerScheme: {[scheme: string]: number} = {
-    http: AIO_NGINX_PORT_HTTP,
-    https: AIO_NGINX_PORT_HTTPS,
+    http: this.nginxPortHttp,
+    https: this.nginxPortHttps,
  };

-  private logger = new Logger('TestHelper');
-
  // Constructor
  constructor() {
-    shell.mkdir('-p', AIO_BUILDS_DIR);
-    shell.exec(`chown -R ${AIO_WWW_USER} ${AIO_BUILDS_DIR}`);
-    shell.mkdir('-p', AIO_DOWNLOADS_DIR);
-    shell.exec(`chown -R ${AIO_WWW_USER} ${AIO_DOWNLOADS_DIR}`);
+    shell.mkdir('-p', this.buildsDir);
+    shell.exec(`chown -R ${this.wwwUser} ${this.buildsDir}`);
  }

  // Methods - Public
-  public cleanUp(): void {
+  public buildExists(pr: string, sha = '', isPublic = true, legacy = false): boolean {
+    const prDir = this.getPrDir(pr, isPublic);
+    const dir = !sha ? prDir : this.getShaDir(prDir, sha, legacy);
+    return fs.existsSync(dir);
+  }
+
+  public cleanUp() {
    while (this.cleanUpFns.length) {
      // Clean-up fns remove themselves from the list.
      this.cleanUpFns[0]();
    }

-    const leftoverDownloads = fs.readdirSync(AIO_DOWNLOADS_DIR);
-    const leftoverBuilds = fs.readdirSync(AIO_BUILDS_DIR);
-
-    if (leftoverDownloads.length) {
-      this.logger.log(`Downloads directory '${AIO_DOWNLOADS_DIR}' is not empty after clean-up.`, leftoverDownloads);
-      shell.rm('-rf', `${AIO_DOWNLOADS_DIR}/*`);
-    }
-
-    if (leftoverBuilds.length) {
-      this.logger.log(`Builds directory '${AIO_BUILDS_DIR}' is not empty after clean-up.`, leftoverBuilds);
-      shell.rm('-rf', `${AIO_BUILDS_DIR}/*`);
-    }
-
-    if (leftoverBuilds.length || leftoverDownloads.length) {
-      throw new Error(`Unexpected test files not cleaned up.`);
+    if (fs.readdirSync(this.buildsDir).length) {
+      throw new Error(`Directory '${this.buildsDir}' is not empty after clean-up.`);
    }
  }

-  public createDummyBuild(pr: number, sha: string, isPublic = true, force = false, legacy = false): CleanUpFn {
+  public createDummyArchive(pr: string, sha: string, archivePath: string): CleanUpFn {
+    const inputDir = this.getShaDir(this.getPrDir(`uploaded/${pr}`, true), sha);
+    const cmd1 = `tar --create --gzip --directory "${inputDir}" --file "${archivePath}" .`;
+    const cmd2 = `chown ${this.wwwUser} ${archivePath}`;
+
+    const cleanUpTemp = this.createDummyBuild(`uploaded/${pr}`, sha, true, true);
+    shell.exec(cmd1);
+    shell.exec(cmd2);
+    cleanUpTemp();
+
+    return this.createCleanUpFn(() => shell.rm('-rf', archivePath));
+  }
+
+  public createDummyBuild(pr: string, sha: string, isPublic = true, force = false, legacy = false): CleanUpFn {
    const prDir = this.getPrDir(pr, isPublic);
    const shaDir = this.getShaDir(prDir, sha, legacy);
    const idxPath = path.join(shaDir, 'index.html');
@ -74,21 +89,35 @@ class Helper {

    this.writeFile(idxPath, {content: `PR: ${pr} | SHA: ${sha} | File: /index.html`}, force);
    this.writeFile(barPath, {content: `PR: ${pr} | SHA: ${sha} | File: /foo/bar.js`}, force);
-    shell.exec(`chown -R ${AIO_WWW_USER} ${prDir}`);
+    shell.exec(`chown -R ${this.wwwUser} ${prDir}`);

    return this.createCleanUpFn(() => shell.rm('-rf', prDir));
  }

-  public getPrDir(pr: number, isPublic: boolean): string {
-    const prDirName = isPublic ? '' + pr : HIDDEN_DIR_PREFIX + pr;
-    return path.join(AIO_BUILDS_DIR, prDirName);
+  public deletePrDir(pr: string, isPublic = true) {
+    const prDir = this.getPrDir(pr, isPublic);
+
+    if (fs.existsSync(prDir)) {
+      // Undocumented signature (see https://github.com/shelljs/shelljs/pull/663).
+      (shell as any).chmod('-R', 'a+w', prDir);
+      shell.rm('-rf', prDir);
+    }
+  }
+
+  public getPrDir(pr: string, isPublic: boolean): string {
+    const prDirName = isPublic ? pr : HIDDEN_DIR_PREFIX + pr;
+    return path.join(this.buildsDir, prDirName);
  }

  public getShaDir(prDir: string, sha: string, legacy = false): string {
-    return path.join(prDir, legacy ? sha : computeShortSha(sha));
+    return path.join(prDir, legacy ? sha : this.getShordSha(sha));
  }

-  public readBuildFile(pr: number, sha: string, relFilePath: string, isPublic = true, legacy = false): string {
+  public getShordSha(sha: string): string {
+    return sha.substr(0, SHORT_SHA_LEN);
+  }
+
+  public readBuildFile(pr: string, sha: string, relFilePath: string, isPublic = true, legacy = false): string {
    const shaDir = this.getShaDir(this.getPrDir(pr, isPublic), sha, legacy);
    const absFilePath = path.join(shaDir, relFilePath);
    return fs.readFileSync(absFilePath, 'utf8');
@ -101,11 +130,11 @@ class Helper {
    });
  }

-  public runForAllSupportedSchemes(suiteFactory: TestSuiteFactory): void {
+  public runForAllSupportedSchemes(suiteFactory: TestSuiteFactory) {
    Object.keys(this.portPerScheme).forEach(scheme => suiteFactory(scheme, this.portPerScheme[scheme]));
  }

-  public verifyResponse(status: number | [number, string], regex: string | RegExp = /^/): VerifyCmdResultFn {
+  public verifyResponse(status: number | [number, string], regex = /^/): VerifyCmdResultFn {
    let statusCode: number;
    let statusText: string;

@ -125,9 +154,9 @@ class Helper {
                     // Only keep the last to sections (final headers and body).

      if (!result.success) {
-        this.logger.log('Stdout:', result.stdout);
-        this.logger.error('Stderr:', result.stderr);
-        this.logger.error('Error:', result.err);
+        console.log('Stdout:', result.stdout);
+        console.log('Stderr:', result.stderr);
+        console.log('Error:', result.err);
      }

      expect(result.success).toBe(true);
@ -136,14 +165,14 @@ class Helper {
    };
  }

-  public writeBuildFile(pr: number, sha: string, relFilePath: string, content: string, isPublic = true,
-                        legacy = false): void {
+  public writeBuildFile(pr: string, sha: string, relFilePath: string, content: string, isPublic = true,
+                        legacy = false): CleanUpFn {
    const shaDir = this.getShaDir(this.getPrDir(pr, isPublic), sha, legacy);
    const absFilePath = path.join(shaDir, relFilePath);
-    this.writeFile(absFilePath, {content}, true);
+    return this.writeFile(absFilePath, {content}, true);
  }

-  public writeFile(filePath: string, {content, size}: FileSpecs, force = false): void {
+  public writeFile(filePath: string, {content, size}: FileSpecs, force = false): CleanUpFn {
    if (!force && fs.existsSync(filePath)) {
      throw new Error(`Refusing to overwrite existing file '${filePath}'.`);
    }
@ -161,7 +190,9 @@ class Helper {
      // Create a file with the specified content.
      fs.writeFileSync(filePath, content || '');
    }
-    shell.exec(`chown ${AIO_WWW_USER} ${filePath}`);
+    shell.exec(`chown ${this.wwwUser} ${filePath}`);
+
+    return this.createCleanUpFn(() => shell.rm('-rf', cleanUpTarget));
  }

  // Methods - Protected
@ -180,70 +211,5 @@ class Helper {
  }
 }

-interface DefaultCurlOptions {
-  defaultMethod?: CurlOptions['method'];
-  defaultOptions?: CurlOptions['options'];
-  defaultHeaders?: CurlOptions['headers'];
-  defaultData?: CurlOptions['data'];
-  defaultExtraPath?: CurlOptions['extraPath'];
-}
-
-interface CurlOptions {
-  method?: string;
-  options?: string;
-  headers?: string[];
-  data?: any;
-  url?: string;
-  extraPath?: string;
-}
-
-export function makeCurl(baseUrl: string, {
-  defaultMethod = 'POST',
-  defaultOptions = '',
-  defaultHeaders = ['Content-Type: application/json'],
-  defaultData = {},
-  defaultExtraPath = '',
-}: DefaultCurlOptions = {}) {
-  return function curl({
-    method = defaultMethod,
-    options = defaultOptions,
-    headers = defaultHeaders,
-    data = defaultData,
-    url = baseUrl,
-    extraPath = defaultExtraPath,
-  }: CurlOptions) {
-    const dataString = data ? JSON.stringify(data) : '';
-    const cmd = `curl -iLX ${method} ` +
-                `${options} ` +
-                headers.map(header => `--header "${header}" `).join('') +
-                `--data '${dataString}' ` +
-                `${url}${extraPath}`;
-    return helper.runCmd(cmd);
-  };
-}
-
-export interface PayloadData {
-  data: {
-    payload: {
-      build_num: number,
-      build_parameters: {
-        CIRCLE_JOB: string;
-      };
-    };
-  };
-}
-
-export function payload(buildNum: number): PayloadData {
-  return {
-    data: {
-      payload: {
-        build_num: buildNum,
-        build_parameters: { CIRCLE_JOB: 'aio_preview' },
-      },
-    },
-  };
-}
-
-
 // Exports
 export const helper = new Helper();
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/jasmine-custom-matchers-types.d.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/jasmine-custom-matchers-types.d.ts
@ -1,7 +0,0 @@
-declare module jasmine {
-  interface Matchers {
-    toExistAsAFile(remove = true): boolean;
-    toExistAsABuild(remove = true): boolean;
-    toExistAsAnArtifact(remove = true): boolean;
-  }
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/jasmine-custom-matchers.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/jasmine-custom-matchers.ts
@ -1,88 +0,0 @@
-import {sync as deleteEmpty} from 'delete-empty';
-import {existsSync, unlinkSync} from 'fs';
-import {join} from 'path';
-import {AIO_DOWNLOADS_DIR} from '../common/constants';
-import {computeShortSha} from '../common/utils';
-import {SHA} from './constants';
-import {helper} from './helper';
-
-function checkFile(filePath: string, remove: boolean): boolean {
-  const exists = existsSync(filePath);
-  if (exists && remove) {
-    // if we expected the file to exist then we remove it to prevent leftover file errors
-    unlinkSync(filePath);
-  }
-  return exists;
-}
-
-function getArtifactPath(prNum: number, sha: string = SHA): string {
-  return `${AIO_DOWNLOADS_DIR}/${prNum}-${computeShortSha(sha)}-aio-snapshot.tgz`;
-}
-
-function checkFiles(prNum: number, isPublic: boolean, sha: string, isLegacy: boolean, remove: boolean) {
-  const files = ['/index.html', '/foo/bar.js'];
-  const prPath = helper.getPrDir(prNum, isPublic);
-  const shaPath = helper.getShaDir(prPath, sha, isLegacy);
-
-  const existingFiles: string[] = [];
-  const missingFiles: string[] = [];
-  files
-    .map(file => join(shaPath, file))
-    .forEach(file => (checkFile(file, remove) ? existingFiles : missingFiles).push(file));
-
-  deleteEmpty(prPath);
-
-  return { existingFiles, missingFiles };
-}
-
-class ToExistAsAFile implements jasmine.CustomMatcher {
-  public compare(actual: string, remove = true): jasmine.CustomMatcherResult {
-    const pass = checkFile(actual, remove);
-    return {
-      message: `Expected file at "${actual}" ${pass ? 'not' : ''} to exist`,
-      pass,
-    };
-  }
-}
-
-class ToExistAsAnArtifact implements jasmine.CustomMatcher {
-  public compare(actual: {prNum: number, sha?: string}, remove = true): jasmine.CustomMatcherResult {
-    const { prNum, sha = SHA } = actual;
-    const filePath = getArtifactPath(prNum, sha);
-    const pass = checkFile(filePath, remove);
-    return {
-      message: `Expected artifact "PR:${prNum}, SHA:${sha}, FILE:${filePath}" ${pass ? 'not' : '\b'} to exist`,
-      pass,
-    };
-  }
-}
-
-class ToExistAsABuild implements jasmine.CustomMatcher {
-  public compare(actual: {prNum: number, isPublic?: boolean, sha?: string, isLegacy?: boolean}, remove = true):
-      jasmine.CustomMatcherResult  {
-    const {prNum, isPublic = true, sha = SHA, isLegacy = false} = actual;
-    const {missingFiles} = checkFiles(prNum, isPublic, sha, isLegacy, remove);
-    return {
-      message: `Expected files for build "PR:${prNum}, SHA:${sha}" to exist:\n` +
-                missingFiles.map(file => ` - ${file}`).join('\n'),
-      pass: missingFiles.length === 0,
-    };
-  }
-  public negativeCompare(actual: {prNum: number, isPublic?: boolean, sha?: string, isLegacy?: boolean}):
-      jasmine.CustomMatcherResult  {
-    const {prNum, isPublic = true, sha = SHA, isLegacy = false} = actual;
-    const { existingFiles } = checkFiles(prNum, isPublic, sha, isLegacy, false);
-    return {
-      message: `Expected files for build "PR:${prNum}, SHA:${sha}" not to exist:\n` +
-                existingFiles.map(file => ` - ${file}`).join('\n'),
-      pass: existingFiles.length === 0,
-    };
-  }
-
-}
-
-export const customMatchers = {
-  toExistAsABuild: () => new ToExistAsABuild(),
-  toExistAsAFile: () => new ToExistAsAFile(),
-  toExistAsAnArtifact: () => new ToExistAsAnArtifact(),
-};
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/mock-external-apis.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/mock-external-apis.ts
@ -1,171 +0,0 @@
-/* tslint:disable:max-line-length */
-import * as nock from 'nock';
-import * as tar from 'tar-stream';
-import {gzipSync} from 'zlib';
-import {getEnvVar, Logger} from '../common/utils';
-import {BuildNums, PrNums, SHA} from './constants';
-
-// We are using the `nock` library to fake responses from REST requests, when testing.
-// This is necessary, because the test preview-server runs as a separate node process to
-// the test harness, so we do not have direct access to the code (e.g. for mocking).
-// (See also 'lib/verify-setup/start-test-preview-server.ts'.)
-
-// Each of the potential requests to an external API (e.g. Github or CircleCI) are mocked
-// below and return a suitable response. This is quite complicated to setup since the
-// response from, say, CircleCI will affect what request is made to, say, Github.
-
-const logger = new Logger('mock-external-apis');
-
-const log = (...args: any[]) => {
-  // Filter out non-matching URL checks
-  if (!/^matching.+: false$/.test(args[0])) {
-    logger.log(...args);
-  }
-};
-
-const AIO_CIRCLE_CI_TOKEN = getEnvVar('AIO_CIRCLE_CI_TOKEN');
-const AIO_GITHUB_TOKEN = getEnvVar('AIO_GITHUB_TOKEN');
-
-const AIO_ARTIFACT_PATH = getEnvVar('AIO_ARTIFACT_PATH');
-const AIO_GITHUB_ORGANIZATION = getEnvVar('AIO_GITHUB_ORGANIZATION');
-const AIO_GITHUB_REPO = getEnvVar('AIO_GITHUB_REPO');
-const AIO_TRUSTED_PR_LABEL = getEnvVar('AIO_TRUSTED_PR_LABEL');
-const AIO_GITHUB_TEAM_SLUGS = getEnvVar('AIO_GITHUB_TEAM_SLUGS').split(',');
-
-const ACTIVE_TRUSTED_USER = 'active-trusted-user';
-const INACTIVE_TRUSTED_USER = 'inactive-trusted-user';
-const UNTRUSTED_USER = 'untrusted-user';
-
-const BASIC_BUILD_INFO = {
-  branch: `pull/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`,
-  failed: false,
-  reponame: AIO_GITHUB_REPO,
-  username: AIO_GITHUB_ORGANIZATION,
-  vcs_revision: SHA,
-};
-
-const ISSUE_INFO_TRUSTED_LABEL = { labels: [{ name: AIO_TRUSTED_PR_LABEL }], user: { login: UNTRUSTED_USER } };
-const ISSUE_INFO_ACTIVE_TRUSTED_USER = { labels: [], user: { login: ACTIVE_TRUSTED_USER } };
-const ISSUE_INFO_INACTIVE_TRUSTED_USER = { labels: [], user: { login: INACTIVE_TRUSTED_USER } };
-const ISSUE_INFO_UNTRUSTED = { labels: [], user: { login: UNTRUSTED_USER } };
-const ACTIVE_STATE = { state: 'active' };
-const INACTIVE_STATE = { state: 'inactive' };
-
-const TEST_TEAM_INFO = AIO_GITHUB_TEAM_SLUGS.map((slug, index) => ({ slug, id: index }));
-
-const CIRCLE_CI_API_HOST = 'https://circleci.com';
-const CIRCLE_CI_TOKEN_PARAM = `circle-token=${AIO_CIRCLE_CI_TOKEN}`;
-const ARTIFACT_1 = { path: 'artifact-1', url: `${CIRCLE_CI_API_HOST}/artifacts/artifact-1`, _urlPath: '/artifacts/artifact-1' };
-const ARTIFACT_2 = { path: 'artifact-2', url: `${CIRCLE_CI_API_HOST}/artifacts/artifact-2`, _urlPath: '/artifacts/artifact-2' };
-const ARTIFACT_3 = { path: 'artifact-3', url: `${CIRCLE_CI_API_HOST}/artifacts/artifact-3`, _urlPath: '/artifacts/artifact-3' };
-const ARTIFACT_ERROR = { path: AIO_ARTIFACT_PATH, url: `${CIRCLE_CI_API_HOST}/artifacts/error`, _urlPath: '/artifacts/error' };
-const ARTIFACT_404 = { path: AIO_ARTIFACT_PATH, url: `${CIRCLE_CI_API_HOST}/artifacts/404`, _urlPath: '/artifacts/404' };
-const ARTIFACT_VALID_TRUSTED_USER = { path: AIO_ARTIFACT_PATH, url: `${CIRCLE_CI_API_HOST}/artifacts/valid/user`, _urlPath: '/artifacts/valid/user' };
-const ARTIFACT_VALID_TRUSTED_LABEL = { path: AIO_ARTIFACT_PATH, url: `${CIRCLE_CI_API_HOST}/artifacts/valid/label`, _urlPath: '/artifacts/valid/label' };
-const ARTIFACT_VALID_UNTRUSTED = { path: AIO_ARTIFACT_PATH, url: `${CIRCLE_CI_API_HOST}/artifacts/valid/untrusted`, _urlPath: '/artifacts/valid/untrusted' };
-
-const CIRCLE_CI_BUILD_INFO_URL = `/api/v1.1/project/github/${AIO_GITHUB_ORGANIZATION}/${AIO_GITHUB_REPO}`;
-
-const buildInfoUrl = (buildNum: number) => `${CIRCLE_CI_BUILD_INFO_URL}/${buildNum}?${CIRCLE_CI_TOKEN_PARAM}`;
-const buildArtifactsUrl = (buildNum: number) => `${CIRCLE_CI_BUILD_INFO_URL}/${buildNum}/artifacts?${CIRCLE_CI_TOKEN_PARAM}`;
-const buildInfo = (prNum: number) => ({ ...BASIC_BUILD_INFO, branch: `pull/${prNum}` });
-
-const GITHUB_API_HOST = 'https://api.github.com';
-const GITHUB_ISSUES_URL = `/repos/${AIO_GITHUB_ORGANIZATION}/${AIO_GITHUB_REPO}/issues`;
-const GITHUB_PULLS_URL = `/repos/${AIO_GITHUB_ORGANIZATION}/${AIO_GITHUB_REPO}/pulls`;
-const GITHUB_TEAMS_URL = `/orgs/${AIO_GITHUB_ORGANIZATION}/teams`;
-
-const getIssueUrl = (prNum: number) => `${GITHUB_ISSUES_URL}/${prNum}`;
-const getFilesUrl = (prNum: number, pageNum = 1) => `${GITHUB_PULLS_URL}/${prNum}/files?page=${pageNum}&per_page=100`;
-const getCommentUrl = (prNum: number) => `${getIssueUrl(prNum)}/comments`;
-const getTeamMembershipUrl = (teamId: number, username: string) => `/teams/${teamId}/memberships/${username}`;
-
-const createArchive = (buildNum: number, prNum: number, sha: string) => {
-  logger.log('createArchive', buildNum, prNum, sha);
-  const pack = tar.pack();
-  pack.entry({name: 'index.html'}, `BUILD: ${buildNum} | PR: ${prNum} | SHA: ${sha} | File: /index.html`);
-  pack.entry({name: 'foo/bar.js'}, `BUILD: ${buildNum} | PR: ${prNum} | SHA: ${sha} | File: /foo/bar.js`);
-  pack.finalize();
-  const zip = gzipSync(pack.read());
-  return zip;
-};
-
-// Create request scopes
-const circleCiApi = nock(CIRCLE_CI_API_HOST).log(log).persist();
-const githubApi = nock(GITHUB_API_HOST).log(log).persist().matchHeader('Authorization', `token ${AIO_GITHUB_TOKEN}`);
-
-//////////////////////////////
-
-// GENERAL responses
-githubApi.get(GITHUB_TEAMS_URL + '?page=1&per_page=100').reply(200, TEST_TEAM_INFO);
-githubApi.post(getCommentUrl(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER)).reply(200);
-
-// BUILD_INFO errors
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_INFO_ERROR)).replyWithError('BUILD_INFO_ERROR');
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_INFO_404)).reply(404, 'BUILD_INFO_404');
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_INFO_BUILD_FAILED)).reply(200, { ...BASIC_BUILD_INFO, failed: true });
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_INFO_INVALID_GH_ORG)).reply(200, { ...BASIC_BUILD_INFO, username: 'bad' });
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_INFO_INVALID_GH_REPO)).reply(200, { ...BASIC_BUILD_INFO, reponame: 'bad' });
-
-// CHANGED FILE errors
-circleCiApi.get(buildInfoUrl(BuildNums.CHANGED_FILES_ERROR)).reply(200, buildInfo(PrNums.CHANGED_FILES_ERROR));
-githubApi.get(getFilesUrl(PrNums.CHANGED_FILES_ERROR)).replyWithError('CHANGED_FILES_ERROR');
-circleCiApi.get(buildInfoUrl(BuildNums.CHANGED_FILES_404)).reply(200, buildInfo(PrNums.CHANGED_FILES_404));
-githubApi.get(getFilesUrl(PrNums.CHANGED_FILES_404)).reply(404, 'CHANGED_FILES_404');
-circleCiApi.get(buildInfoUrl(BuildNums.CHANGED_FILES_NONE)).reply(200, buildInfo(PrNums.CHANGED_FILES_NONE));
-githubApi.get(getFilesUrl(PrNums.CHANGED_FILES_NONE)).reply(200, []);
-
-// ARTIFACT URL errors
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_ARTIFACTS_ERROR)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.BUILD_ARTIFACTS_ERROR)).replyWithError('BUILD_ARTIFACTS_ERROR');
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_ARTIFACTS_404)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.BUILD_ARTIFACTS_404)).reply(404, 'BUILD_ARTIFACTS_ERROR');
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_ARTIFACTS_EMPTY)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.BUILD_ARTIFACTS_EMPTY)).reply(200, []);
-circleCiApi.get(buildInfoUrl(BuildNums.BUILD_ARTIFACTS_MISSING)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.BUILD_ARTIFACTS_MISSING)).reply(200, [ARTIFACT_1, ARTIFACT_2, ARTIFACT_3]);
-
-// ARTIFACT DOWNLOAD errors
-circleCiApi.get(buildInfoUrl(BuildNums.DOWNLOAD_ARTIFACT_ERROR)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.DOWNLOAD_ARTIFACT_ERROR)).reply(200, [ARTIFACT_ERROR]);
-circleCiApi.get(ARTIFACT_ERROR._urlPath).replyWithError(ARTIFACT_ERROR._urlPath);
-circleCiApi.get(buildInfoUrl(BuildNums.DOWNLOAD_ARTIFACT_404)).reply(200, buildInfo(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER));
-circleCiApi.get(buildArtifactsUrl(BuildNums.DOWNLOAD_ARTIFACT_404)).reply(200, [ARTIFACT_404]);
-circleCiApi.get(ARTIFACT_ERROR._urlPath).reply(404, ARTIFACT_ERROR._urlPath);
-
-// TRUST CHECK errors
-circleCiApi.get(buildInfoUrl(BuildNums.TRUST_CHECK_ERROR)).reply(200, buildInfo(PrNums.TRUST_CHECK_ERROR));
-githubApi.get(getFilesUrl(PrNums.TRUST_CHECK_ERROR)).reply(200, [{ filename: 'aio/a' }]);
-circleCiApi.get(buildArtifactsUrl(BuildNums.TRUST_CHECK_ERROR)).reply(200, [ARTIFACT_VALID_TRUSTED_USER]);
-githubApi.get(getIssueUrl(PrNums.TRUST_CHECK_ERROR)).replyWithError('TRUST_CHECK_ERROR');
-
-// ACTIVE TRUSTED USER response
-circleCiApi.get(buildInfoUrl(BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER)).reply(200, BASIC_BUILD_INFO);
-githubApi.get(getFilesUrl(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER)).reply(200, [{ filename: 'aio/a' }]);
-circleCiApi.get(buildArtifactsUrl(BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER)).reply(200, [ARTIFACT_VALID_TRUSTED_USER]);
-circleCiApi.get(ARTIFACT_VALID_TRUSTED_USER._urlPath).reply(200, createArchive(BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, SHA));
-githubApi.get(getIssueUrl(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER)).reply(200, ISSUE_INFO_ACTIVE_TRUSTED_USER);
-githubApi.get(getTeamMembershipUrl(0, ACTIVE_TRUSTED_USER)).reply(200, ACTIVE_STATE);
-
-// TRUSTED LABEL response
-circleCiApi.get(buildInfoUrl(BuildNums.TRUST_CHECK_TRUSTED_LABEL)).reply(200, BASIC_BUILD_INFO);
-githubApi.get(getFilesUrl(PrNums.TRUST_CHECK_TRUSTED_LABEL)).reply(200, [{ filename: 'aio/a' }]);
-circleCiApi.get(buildArtifactsUrl(BuildNums.TRUST_CHECK_TRUSTED_LABEL)).reply(200, [ARTIFACT_VALID_TRUSTED_LABEL]);
-circleCiApi.get(ARTIFACT_VALID_TRUSTED_LABEL._urlPath).reply(200, createArchive(BuildNums.TRUST_CHECK_TRUSTED_LABEL, PrNums.TRUST_CHECK_TRUSTED_LABEL, SHA));
-githubApi.get(getIssueUrl(PrNums.TRUST_CHECK_TRUSTED_LABEL)).reply(200, ISSUE_INFO_TRUSTED_LABEL);
-githubApi.get(getTeamMembershipUrl(0, ACTIVE_TRUSTED_USER)).reply(200, ACTIVE_STATE);
-
-// INACTIVE TRUSTED USER response
-circleCiApi.get(buildInfoUrl(BuildNums.TRUST_CHECK_INACTIVE_TRUSTED_USER)).reply(200, BASIC_BUILD_INFO);
-githubApi.get(getFilesUrl(PrNums.TRUST_CHECK_INACTIVE_TRUSTED_USER)).reply(200, [{ filename: 'aio/a' }]);
-circleCiApi.get(buildArtifactsUrl(BuildNums.TRUST_CHECK_INACTIVE_TRUSTED_USER)).reply(200, [ARTIFACT_VALID_TRUSTED_USER]);
-githubApi.get(getIssueUrl(PrNums.TRUST_CHECK_INACTIVE_TRUSTED_USER)).reply(200, ISSUE_INFO_INACTIVE_TRUSTED_USER);
-githubApi.get(getTeamMembershipUrl(0, INACTIVE_TRUSTED_USER)).reply(200, INACTIVE_STATE);
-
-// UNTRUSTED reponse
-circleCiApi.get(buildInfoUrl(BuildNums.TRUST_CHECK_UNTRUSTED)).reply(200, buildInfo(PrNums.TRUST_CHECK_UNTRUSTED));
-githubApi.get(getFilesUrl(PrNums.TRUST_CHECK_UNTRUSTED)).reply(200, [{ filename: 'aio/a' }]);
-circleCiApi.get(buildArtifactsUrl(BuildNums.TRUST_CHECK_UNTRUSTED)).reply(200, [ARTIFACT_VALID_UNTRUSTED]);
-circleCiApi.get(ARTIFACT_VALID_UNTRUSTED._urlPath).reply(200, createArchive(BuildNums.TRUST_CHECK_UNTRUSTED, PrNums.TRUST_CHECK_UNTRUSTED, SHA));
-githubApi.get(getIssueUrl(PrNums.TRUST_CHECK_UNTRUSTED)).reply(200, ISSUE_INFO_UNTRUSTED);
-githubApi.get(getTeamMembershipUrl(0, UNTRUSTED_USER)).reply(404);
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts
@ -1,23 +1,17 @@
 // Imports
 import * as path from 'path';
-import {rm} from 'shelljs';
-import {AIO_BUILDS_DIR, AIO_NGINX_HOSTNAME, AIO_NGINX_PORT_HTTP, AIO_NGINX_PORT_HTTPS} from '../common/env-variables';
-import {computeShortSha} from '../common/utils';
-import {PrNums} from './constants';
 import {helper as h} from './helper';
-import {customMatchers} from './jasmine-custom-matchers';

 // Tests
 describe(`nginx`, () => {

-  beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 5000);
-  beforeEach(() => jasmine.addMatchers(customMatchers));
+  beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 10000);
  afterEach(() => h.cleanUp());


  it('should redirect HTTP to HTTPS', done => {
-    const httpHost = `${AIO_NGINX_HOSTNAME}:${AIO_NGINX_PORT_HTTP}`;
-    const httpsHost = `${AIO_NGINX_HOSTNAME}:${AIO_NGINX_PORT_HTTPS}`;
+    const httpHost = `${h.nginxHostname}:${h.nginxPortHttp}`;
+    const httpsHost = `${h.nginxHostname}:${h.nginxPortHttps}`;
    const urlMap = {
      [`http://${httpHost}/`]: `https://${httpsHost}/`,
      [`http://${httpHost}/foo`]: `https://${httpsHost}/foo`,
@ -38,13 +32,13 @@ describe(`nginx`, () => {


  h.runForAllSupportedSchemes((scheme, port) => describe(`(on ${scheme.toUpperCase()})`, () => {
-    const hostname = AIO_NGINX_HOSTNAME;
+    const hostname = h.nginxHostname;
    const host = `${hostname}:${port}`;
-    const pr = 9;
+    const pr = '9';
    const sha9 = '9'.repeat(40);
    const sha0 = '0'.repeat(40);
-    const shortSha9 = computeShortSha(sha9);
-    const shortSha0 = computeShortSha(sha0);
+    const shortSha9 = h.getShordSha(sha9);
+    const shortSha0 = h.getShordSha(sha0);


    describe(`pr<pr>-<sha>.${host}/*`, () => {
@ -56,11 +50,6 @@ describe(`nginx`, () => {
          h.createDummyBuild(pr, sha0);
        });

-        afterEach(() => {
-          expect({ prNum: pr, sha: sha9 }).toExistAsABuild();
-          expect({ prNum: pr, sha: sha0 }).toExistAsABuild();
-        });
-

        it('should return /index.html', done => {
          const origin = `${scheme}://pr${pr}-${shortSha9}.${host}`;
@ -74,19 +63,17 @@ describe(`nginx`, () => {
        });


-        it('should return /index.html (for legacy builds)', async () => {
+        it('should return /index.html (for legacy builds)', done => {
          const origin = `${scheme}://pr${pr}-${sha9}.${host}`;
          const bodyRegex = new RegExp(`^PR: ${pr} | SHA: ${sha9} | File: /index\\.html$`);

          h.createDummyBuild(pr, sha9, true, false, true);

-          await Promise.all([
+          Promise.all([
            h.runCmd(`curl -iL ${origin}/index.html`).then(h.verifyResponse(200, bodyRegex)),
            h.runCmd(`curl -iL ${origin}/`).then(h.verifyResponse(200, bodyRegex)),
            h.runCmd(`curl -iL ${origin}`).then(h.verifyResponse(200, bodyRegex)),
-          ]);
-
-          expect({ prNum: pr, sha: sha9, isLegacy: true }).toExistAsABuild();
+          ]).then(done);
        });


@ -99,15 +86,15 @@ describe(`nginx`, () => {
        });


-        it('should return /foo/bar.js (for legacy builds)', async () => {
+        it('should return /foo/bar.js (for legacy builds)', done => {
          const origin = `${scheme}://pr${pr}-${sha9}.${host}`;
          const bodyRegex = new RegExp(`^PR: ${pr} | SHA: ${sha9} | File: /foo/bar\\.js$`);

          h.createDummyBuild(pr, sha9, true, false, true);

-          await h.runCmd(`curl -iL ${origin}/foo/bar.js`).then(h.verifyResponse(200, bodyRegex));
-
-          expect({ prNum: pr, sha: sha9, isLegacy: true }).toExistAsABuild();
+          h.runCmd(`curl -iL ${origin}/foo/bar.js`).
+            then(h.verifyResponse(200, bodyRegex)).
+            then(done);
        });


@ -139,7 +126,7 @@ describe(`nginx`, () => {

        it('should respond with 404 for unknown PRs/SHAs', done => {
          const otherPr = 54321;
-          const otherShortSha = computeShortSha('8'.repeat(40));
+          const otherShortSha = h.getShordSha('8'.repeat(40));

          Promise.all([
            h.runCmd(`curl -iL ${scheme}://pr${pr}9-${shortSha9}.${host}`).then(h.verifyResponse(404)),
@ -187,41 +174,39 @@ describe(`nginx`, () => {

      describe('(for hidden builds)', () => {

-        it('should respond with 404 for any file or directory', async () => {
+        it('should respond with 404 for any file or directory', done => {
          const origin = `${scheme}://pr${pr}-${shortSha9}.${host}`;
          const assert404 = h.verifyResponse(404);

          h.createDummyBuild(pr, sha9, false);
+          expect(h.buildExists(pr, sha9, false)).toBe(true);

-          await Promise.all([
+          Promise.all([
            h.runCmd(`curl -iL ${origin}/index.html`).then(assert404),
            h.runCmd(`curl -iL ${origin}/`).then(assert404),
            h.runCmd(`curl -iL ${origin}`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo/bar.js`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo/`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo`).then(assert404),
-          ]);
-
-          expect({ prNum: pr, sha: sha9, isPublic: false }).toExistAsABuild();
+          ]).then(done);
        });


-        it('should respond with 404 for any file or directory (for legacy builds)', async () => {
+        it('should respond with 404 for any file or directory (for legacy builds)', done => {
          const origin = `${scheme}://pr${pr}-${sha9}.${host}`;
          const assert404 = h.verifyResponse(404);

          h.createDummyBuild(pr, sha9, false, false, true);
+          expect(h.buildExists(pr, sha9, false, true)).toBe(true);

-          await Promise.all([
+          Promise.all([
            h.runCmd(`curl -iL ${origin}/index.html`).then(assert404),
            h.runCmd(`curl -iL ${origin}/`).then(assert404),
            h.runCmd(`curl -iL ${origin}`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo/bar.js`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo/`).then(assert404),
            h.runCmd(`curl -iL ${origin}/foo`).then(assert404),
-          ]);
-
-          expect({ prNum: pr, sha: sha9, isPublic: false, isLegacy: true }).toExistAsABuild();
+          ]).then(done);
        });

      });
@ -253,46 +238,10 @@ describe(`nginx`, () => {
    });


-    describe(`${host}/can-have-public-preview`, () => {
-      const baseUrl = `${scheme}://${host}/can-have-public-preview`;
-
-
-      it('should disallow non-GET requests', async () => {
-        await Promise.all([
-          h.runCmd(`curl -iLX POST ${baseUrl}/42`).then(h.verifyResponse([405, 'Not Allowed'])),
-          h.runCmd(`curl -iLX PUT ${baseUrl}/42`).then(h.verifyResponse([405, 'Not Allowed'])),
-          h.runCmd(`curl -iLX PATCH ${baseUrl}/42`).then(h.verifyResponse([405, 'Not Allowed'])),
-          h.runCmd(`curl -iLX DELETE ${baseUrl}/42`).then(h.verifyResponse([405, 'Not Allowed'])),
-        ]);
-      });
-
-
-      it('should pass requests through to the preview server', async () => {
-        await h.runCmd(`curl -iLX GET ${baseUrl}/${PrNums.CHANGED_FILES_ERROR}`).
-          then(h.verifyResponse(500, /CHANGED_FILES_ERROR/));
-      });
-
-
-      it('should respond with 404 for unknown paths', async () => {
-        const cmdPrefix = `curl -iLX GET ${baseUrl}`;
-
-        await Promise.all([
-          h.runCmd(`${cmdPrefix}/foo/42`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}-foo/42`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}nfoo/42`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/42/foo`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/f00`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/`).then(h.verifyResponse(404)),
-        ]);
-      });
-
-    });
-
-
-    describe(`${host}/circle-build`, () => {
+    describe(`${host}/create-build/<pr>/<sha>`, () => {

      it('should disallow non-POST requests', done => {
-        const url = `${scheme}://${host}/circle-build`;
+        const url = `${scheme}://${host}/create-build/${pr}/${sha9}`;

        Promise.all([
          h.runCmd(`curl -iLX GET ${url}`).then(h.verifyResponse([405, 'Not Allowed'])),
@ -303,9 +252,31 @@ describe(`nginx`, () => {
      });


-      it('should pass requests through to the preview server', done => {
-        h.runCmd(`curl -iLX POST ${scheme}://${host}/circle-build`).
-          then(h.verifyResponse(400, /Incorrect body content. Expected JSON/)).
+      it(`should reject files larger than ${h.uploadMaxSize}B (according to header)`, done => {
+        const headers = `--header "Content-Length: ${1.5 * h.uploadMaxSize}"`;
+        const url = `${scheme}://${host}/create-build/${pr}/${sha9}`;
+
+        h.runCmd(`curl -iLX POST ${headers} ${url}`).
+          then(h.verifyResponse([413, 'Request Entity Too Large'])).
+          then(done);
+      });
+
+
+      it(`should reject files larger than ${h.uploadMaxSize}B (without header)`, done => {
+        const filePath = path.join(h.buildsDir, 'snapshot.tar.gz');
+        const url = `${scheme}://${host}/create-build/${pr}/${sha9}`;
+
+        h.writeFile(filePath, {size: 1.5 * h.uploadMaxSize});
+
+        h.runCmd(`curl -iLX POST --data-binary "@${filePath}" ${url}`).
+          then(h.verifyResponse([413, 'Request Entity Too Large'])).
+          then(done);
+      });
+
+
+      it('should pass requests through to the upload server', done => {
+        h.runCmd(`curl -iLX POST ${scheme}://${host}/create-build/${pr}/${sha9}`).
+          then(h.verifyResponse(401, /Missing or empty 'AUTHORIZATION' header/)).
          then(done);
      });

@ -314,14 +285,32 @@ describe(`nginx`, () => {
        const cmdPrefix = `curl -iLX POST ${scheme}://${host}`;

        Promise.all([
-          h.runCmd(`${cmdPrefix}/foo/circle-build/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/foo-circle-build/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/fooncircle-build/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/circle-build/foo/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/circle-build-foo/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/circle-buildnfoo/`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/circle-build/pr`).then(h.verifyResponse(404)),
-          h.runCmd(`${cmdPrefix}/circle-build/42`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/foo/create-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/foo-create-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/fooncreate-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/create-build/foo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/create-build-foo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/create-buildnfoo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/create-build/pr${pr}/${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/create-build/${pr}/${sha9}42`).then(h.verifyResponse(404)),
+        ]).then(done);
+      });
+
+
+      it('should reject PRs with leading zeros', done => {
+        h.runCmd(`curl -iLX POST ${scheme}://${host}/create-build/0${pr}/${sha9}`).
+          then(h.verifyResponse(404)).
+          then(done);
+      });
+
+
+      it('should accept SHAs with leading zeros (but not trim the zeros)', done => {
+        const cmdPrefix = `curl -iLX POST  ${scheme}://${host}/create-build/${pr}`;
+        const bodyRegex = /Missing or empty 'AUTHORIZATION' header/;
+
+        Promise.all([
+          h.runCmd(`${cmdPrefix}/0${sha9}`).then(h.verifyResponse(404)),
+          h.runCmd(`${cmdPrefix}/${sha0}`).then(h.verifyResponse(401, bodyRegex)),
        ]).then(done);
      });

@ -342,13 +331,17 @@ describe(`nginx`, () => {
      });


-      it('should pass requests through to the preview server', done => {
+      it('should pass requests through to the upload server', done => {
        const cmdPrefix = `curl -iLX POST --header "Content-Type: application/json"`;

        const cmd1 = `${cmdPrefix} ${url}`;
+        const cmd2 = `${cmdPrefix} --data '{"number":${pr}}' ${url}`;
+        const cmd3 = `${cmdPrefix} --data '{"number":${pr},"action":"foo"}' ${url}`;

        Promise.all([
          h.runCmd(cmd1).then(h.verifyResponse(400, /Missing or empty 'number' field/)),
+          h.runCmd(cmd2).then(h.verifyResponse(200)),
+          h.runCmd(cmd3).then(h.verifyResponse(200)),
        ]).then(done);
      });

@ -371,15 +364,13 @@ describe(`nginx`, () => {

    describe(`${host}/*`, () => {

-      beforeEach(() => {
+      it('should respond with 404 for unknown URLs (even if the resource exists)', done => {
        ['index.html', 'foo.js', 'foo/index.html'].forEach(relFilePath => {
-          const absFilePath = path.join(AIO_BUILDS_DIR, relFilePath);
-          return h.writeFile(absFilePath, {content: `File: /${relFilePath}`});
+          const absFilePath = path.join(h.buildsDir, relFilePath);
+          h.writeFile(absFilePath, {content: `File: /${relFilePath}`});
        });
-      });

-      it('should respond with 404 for unknown URLs (even if the resource exists)', async () => {
-        await Promise.all([
+        Promise.all([
          h.runCmd(`curl -iL ${scheme}://${host}/index.html`).then(h.verifyResponse(404)),
          h.runCmd(`curl -iL ${scheme}://${host}/`).then(h.verifyResponse(404)),
          h.runCmd(`curl -iL ${scheme}://${host}`).then(h.verifyResponse(404)),
@ -388,14 +379,7 @@ describe(`nginx`, () => {
          h.runCmd(`curl -iL ${scheme}://foo.${host}`).then(h.verifyResponse(404)),
          h.runCmd(`curl -iL ${scheme}://${host}/foo.js`).then(h.verifyResponse(404)),
          h.runCmd(`curl -iL ${scheme}://${host}/foo/index.html`).then(h.verifyResponse(404)),
-        ]);
-      });
-
-      afterEach(() => {
-        ['index.html', 'foo.js', 'foo/index.html', 'foo'].forEach(relFilePath => {
-          const absFilePath = path.join(AIO_BUILDS_DIR, relFilePath);
-          rm('-r', absFilePath);
-        });
+        ]).then(done);
      });

    });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/preview-server.e2e.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/preview-server.e2e.ts
@ -1,569 +0,0 @@
-// Imports
-import * as fs from 'fs';
-import {join} from 'path';
-import {AIO_PREVIEW_SERVER_HOSTNAME, AIO_PREVIEW_SERVER_PORT, AIO_WWW_USER} from '../common/env-variables';
-import {computeShortSha} from '../common/utils';
-import {ALT_SHA, BuildNums, PrNums, SHA, SIMILAR_SHA} from './constants';
-import {helper as h, makeCurl, payload} from './helper';
-import {customMatchers} from './jasmine-custom-matchers';
-
-// Tests
-describe('preview-server', () => {
-  const hostname = AIO_PREVIEW_SERVER_HOSTNAME;
-  const port = AIO_PREVIEW_SERVER_PORT;
-  const host = `http://${hostname}:${port}`;
-
-  beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 5000);
-  beforeEach(() => jasmine.addMatchers(customMatchers));
-  afterEach(() => h.cleanUp());
-
-
-  describe(`${host}/can-have-public-preview`, () => {
-    const curl = makeCurl(`${host}/can-have-public-preview`, {
-      defaultData: null,
-      defaultExtraPath: `/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`,
-      defaultHeaders: [],
-      defaultMethod: 'GET',
-    });
-
-
-    it('should disallow non-GET requests', async () => {
-      const bodyRegex = /^Unknown resource in request/;
-
-      await Promise.all([
-        curl({method: 'POST'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PUT'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PATCH'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'DELETE'}).then(h.verifyResponse(404, bodyRegex)),
-      ]);
-    });
-
-
-    it('should respond with 404 for unknown paths', async () => {
-      const bodyRegex = /^Unknown resource in request/;
-
-      await Promise.all([
-        curl({extraPath: `/foo/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`}).then(h.verifyResponse(404, bodyRegex)),
-        curl({extraPath: `-foo/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`}).then(h.verifyResponse(404, bodyRegex)),
-        curl({extraPath: `nfoo/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`}).then(h.verifyResponse(404, bodyRegex)),
-        curl({extraPath: `/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}/foo`}).then(h.verifyResponse(404, bodyRegex)),
-        curl({extraPath: '/f00'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({extraPath: '/'}).then(h.verifyResponse(404, bodyRegex)),
-      ]);
-    });
-
-
-    it('should respond with 500 if checking for significant file changes fails', async () => {
-      await Promise.all([
-        curl({extraPath: `/${PrNums.CHANGED_FILES_404}`}).then(h.verifyResponse(500, /CHANGED_FILES_404/)),
-        curl({extraPath: `/${PrNums.CHANGED_FILES_ERROR}`}).then(h.verifyResponse(500, /CHANGED_FILES_ERROR/)),
-      ]);
-    });
-
-
-    it('should respond with 200 (false) if no significant files were touched', async () => {
-      const expectedResponse = JSON.stringify({
-        canHavePublicPreview: false,
-        reason: 'No significant files touched.',
-      });
-
-      await curl({extraPath: `/${PrNums.CHANGED_FILES_NONE}`}).then(h.verifyResponse(200, expectedResponse));
-    });
-
-
-    it('should respond with 500 if checking "trusted" status fails', async () => {
-      await curl({extraPath: `/${PrNums.TRUST_CHECK_ERROR}`}).then(h.verifyResponse(500, 'TRUST_CHECK_ERROR'));
-    });
-
-
-    it('should respond with 200 (false) if the PR is not automatically verifiable as "trusted"', async () => {
-      const expectedResponse = JSON.stringify({
-        canHavePublicPreview: false,
-        reason: 'Not automatically verifiable as \\"trusted\\".',
-      });
-
-      await Promise.all([
-        curl({extraPath: `/${PrNums.TRUST_CHECK_INACTIVE_TRUSTED_USER}`}).then(h.verifyResponse(200, expectedResponse)),
-        curl({extraPath: `/${PrNums.TRUST_CHECK_UNTRUSTED}`}).then(h.verifyResponse(200, expectedResponse)),
-      ]);
-    });
-
-
-    it('should respond with 200 (true) if the PR can have a public preview', async () => {
-      const expectedResponse = JSON.stringify({
-        canHavePublicPreview: true,
-        reason: null,
-      });
-
-      await Promise.all([
-        curl({extraPath: `/${PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER}`}).then(h.verifyResponse(200, expectedResponse)),
-        curl({extraPath: `/${PrNums.TRUST_CHECK_TRUSTED_LABEL}`}).then(h.verifyResponse(200, expectedResponse)),
-      ]);
-    });
-
-  });
-
-
-  describe(`${host}/circle-build`, () => {
-
-    const curl = makeCurl(`${host}/circle-build`);
-
-    it('should disallow non-POST requests', async () => {
-      const bodyRegex = /^Unknown resource/;
-
-      await Promise.all([
-        curl({method: 'GET'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PUT'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PATCH'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'DELETE'}).then(h.verifyResponse(404, bodyRegex)),
-      ]);
-    });
-
-
-    it('should respond with 404 for unknown paths', async () => {
-      await Promise.all([
-        curl({url: `${host}/foo/circle-build`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/foo-circle-build`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/fooncircle-build`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/circle-build/foo`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/circle-build-foo`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/circle-buildnfoo`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/circle-build/pr`}).then(h.verifyResponse(404)),
-        curl({url: `${host}/circle-build42`}).then(h.verifyResponse(404)),
-      ]);
-    });
-
-    it('should respond with 400 if the body is not valid', async () => {
-      await Promise.all([
-        curl({ data: '' }).then(h.verifyResponse(400)),
-        curl({ data: {} }).then(h.verifyResponse(400)),
-        curl({ data: { payload: {} } }).then(h.verifyResponse(400)),
-        curl({ data: { payload: { build_num: 1 } } }).then(h.verifyResponse(400)),
-        curl({ data: { payload: { build_num: 1, build_parameters: {} } } }).then(h.verifyResponse(400)),
-        curl(payload(0)).then(h.verifyResponse(400)),
-        curl(payload(-1)).then(h.verifyResponse(400)),
-      ]);
-    });
-
-    it('should respond with 500 if the CircleCI API request errors', async () => {
-      await curl(payload(BuildNums.BUILD_INFO_ERROR)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.BUILD_INFO_404)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 204 if the build on CircleCI failed', async () => {
-      await curl(payload(BuildNums.BUILD_INFO_BUILD_FAILED)).then(h.verifyResponse(204));
-    });
-
-    it('should respond with 500 if the github org from CircleCI does not match what is configured', async () => {
-      await curl(payload(BuildNums.BUILD_INFO_INVALID_GH_ORG)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 500 if the github repo from CircleCI does not match what is configured', async () => {
-      await curl(payload(BuildNums.BUILD_INFO_INVALID_GH_REPO)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 500 if the github files API errors', async () => {
-      await curl(payload(BuildNums.CHANGED_FILES_ERROR)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.CHANGED_FILES_404)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 204 if no significant files are changed by the PR', async () => {
-      await curl(payload(BuildNums.CHANGED_FILES_NONE)).then(h.verifyResponse(204));
-    });
-
-    it('should respond with 500 if the CircleCI artifact API fails', async () => {
-      await curl(payload(BuildNums.BUILD_ARTIFACTS_ERROR)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.BUILD_ARTIFACTS_404)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.BUILD_ARTIFACTS_EMPTY)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.BUILD_ARTIFACTS_MISSING)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 500 if fetching the artifact errors', async () => {
-      await curl(payload(BuildNums.DOWNLOAD_ARTIFACT_ERROR)).then(h.verifyResponse(500));
-      await curl(payload(BuildNums.DOWNLOAD_ARTIFACT_404)).then(h.verifyResponse(500));
-    });
-
-    it('should respond with 500 if the GH trusted API fails', async () => {
-      await curl(payload(BuildNums.TRUST_CHECK_ERROR)).then(h.verifyResponse(500));
-      expect({ prNum: PrNums.TRUST_CHECK_ERROR }).toExistAsAnArtifact();
-    });
-
-    it('should respond with 201 if a new public build is created', async () => {
-      await curl(payload(BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER))
-        .then(h.verifyResponse(201));
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER }).toExistAsABuild();
-    });
-
-    it('should respond with 202 if a new private build is created', async () => {
-      await curl(payload(BuildNums.TRUST_CHECK_UNTRUSTED)).then(h.verifyResponse(202));
-      expect({ prNum: PrNums.TRUST_CHECK_UNTRUSTED, isPublic: false }).toExistAsABuild();
-    });
-
-    [true].forEach(isPublic => {
-      const build = isPublic ? BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER : BuildNums.TRUST_CHECK_UNTRUSTED;
-      const prNum = isPublic ? PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER : PrNums.TRUST_CHECK_UNTRUSTED;
-      const label = isPublic ? 'public' : 'non-public';
-      const overwriteRe = RegExp(`^Request to overwrite existing ${label} directory`);
-      const statusCode = isPublic ? 201 : 202;
-
-      describe(`for ${label} builds`, () => {
-
-        it('should extract the contents of the build artifact', async () => {
-          await curl(payload(build))
-            .then(h.verifyResponse(statusCode));
-          expect(h.readBuildFile(prNum, SHA, 'index.html', isPublic))
-            .toContain(`PR: ${prNum} | SHA: ${SHA} | File: /index.html`);
-          expect(h.readBuildFile(prNum, SHA, 'foo/bar.js', isPublic))
-            .toContain(`PR: ${prNum} | SHA: ${SHA} | File: /foo/bar.js`);
-          expect({ prNum, isPublic }).toExistAsABuild();
-        });
-
-        it(`should create files/directories owned by '${AIO_WWW_USER}'`, async () => {
-          await curl(payload(build))
-            .then(h.verifyResponse(statusCode));
-
-          const shaDir = h.getShaDir(h.getPrDir(prNum, isPublic), SHA);
-          const { stdout: allFiles } = await h.runCmd(`find ${shaDir}`);
-          const { stdout: userFiles } = await h.runCmd(`find ${shaDir} -user ${AIO_WWW_USER}`);
-
-          expect(userFiles).toBe(allFiles);
-          expect(userFiles).toContain(shaDir);
-          expect(userFiles).toContain(join(shaDir, 'index.html'));
-          expect(userFiles).toContain(join(shaDir, 'foo', 'bar.js'));
-
-          expect({ prNum, isPublic }).toExistAsABuild();
-        });
-
-        it('should delete the build artifact file', async () => {
-          await curl(payload(build))
-            .then(h.verifyResponse(statusCode));
-          expect({ prNum, SHA }).not.toExistAsAnArtifact();
-          expect({ prNum, isPublic }).toExistAsABuild();
-        });
-
-        it('should make the build directory non-writable', async () => {
-          await curl(payload(build))
-            .then(h.verifyResponse(statusCode));
-
-          // See https://github.com/nodejs/node-v0.x-archive/issues/3045#issuecomment-4862588.
-          const isNotWritable = (fileOrDir: string) => {
-            const mode = fs.statSync(fileOrDir).mode;
-            // tslint:disable-next-line: no-bitwise
-            return !(mode & parseInt('222', 8));
-          };
-
-          const shaDir = h.getShaDir(h.getPrDir(prNum, isPublic), SHA);
-          expect(isNotWritable(shaDir)).toBe(true);
-          expect(isNotWritable(join(shaDir, 'index.html'))).toBe(true);
-          expect(isNotWritable(join(shaDir, 'foo', 'bar.js'))).toBe(true);
-
-          expect({ prNum, isPublic }).toExistAsABuild();
-        });
-
-        it('should ignore a legacy 40-chars long build directory (even if it starts with the same chars)',
-          async () => {
-          // It is possible that 40-chars long build directories exist, if they had been deployed
-          // before implementing the shorter build directory names. In that case, we don't want the
-          // second (shorter) name to be considered the same as the old one (even if they originate
-          // from the same SHA).
-
-          h.createDummyBuild(prNum, SHA, isPublic, false, true);
-          h.writeBuildFile(prNum, SHA, 'index.html', 'My content', isPublic, true);
-          expect(h.readBuildFile(prNum, SHA, 'index.html', isPublic, true)).toBe('My content');
-
-          await curl(payload(build))
-            .then(h.verifyResponse(statusCode));
-
-          expect(h.readBuildFile(prNum, SHA, 'index.html', isPublic, false)).toContain('index.html');
-          expect(h.readBuildFile(prNum, SHA, 'index.html', isPublic, true)).toBe('My content');
-
-          expect({ prNum, isPublic, sha: SHA, isLegacy: false }).toExistAsABuild();
-          expect({ prNum, isPublic, sha: SHA, isLegacy: true }).toExistAsABuild();
-        });
-
-        it(`should not overwrite existing builds`, async () => {
-          // setup a build already in place
-          h.createDummyBuild(prNum, SHA, isPublic);
-          // distinguish this build from the downloaded one
-          h.writeBuildFile(prNum, SHA, 'index.html', 'My content', isPublic);
-          await curl(payload(build)).then(h.verifyResponse(409, overwriteRe));
-          expect(h.readBuildFile(prNum, SHA, 'index.html', isPublic)).toBe('My content');
-          expect({ prNum, isPublic }).toExistAsABuild();
-          expect({ prNum }).toExistAsAnArtifact();
-        });
-
-        it(`should not overwrite existing builds (even if the SHA is different)`, async () => {
-          // Since only the first few characters of the SHA are used, it is possible for two different
-          // SHAs to correspond to the same directory. In that case, we don't want the second SHA to
-          // overwrite the first.
-          expect(SIMILAR_SHA).not.toEqual(SHA);
-          expect(computeShortSha(SIMILAR_SHA)).toEqual(computeShortSha(SHA));
-          h.createDummyBuild(prNum, SIMILAR_SHA, isPublic);
-          expect(h.readBuildFile(prNum, SIMILAR_SHA, 'index.html', isPublic)).toContain('index.html');
-          h.writeBuildFile(prNum, SIMILAR_SHA, 'index.html', 'My content', isPublic);
-          expect(h.readBuildFile(prNum, SIMILAR_SHA, 'index.html', isPublic)).toBe('My content');
-
-          await curl(payload(build)).then(h.verifyResponse(409, overwriteRe));
-          expect(h.readBuildFile(prNum, SIMILAR_SHA, 'index.html', isPublic)).toBe('My content');
-          expect({ prNum, isPublic, sha: SIMILAR_SHA }).toExistAsABuild();
-          expect({ prNum, sha: SIMILAR_SHA }).toExistAsAnArtifact();
-        });
-
-        it('should only delete the SHA directory on error (for existing PR)', async () => {
-          h.createDummyBuild(prNum, ALT_SHA, isPublic);
-          await curl(payload(BuildNums.TRUST_CHECK_ERROR)).then(h.verifyResponse(500));
-          expect({ prNum: PrNums.TRUST_CHECK_ERROR }).toExistAsAnArtifact();
-          expect({ prNum, isPublic, sha: SHA }).not.toExistAsABuild();
-          expect({ prNum, isPublic, sha: ALT_SHA }).toExistAsABuild();
-        });
-
-        describe('when the PR\'s visibility has changed', () => {
-
-          it('should update the PR\'s visibility', async () => {
-            h.createDummyBuild(prNum, ALT_SHA, !isPublic);
-            await curl(payload(build)).then(h.verifyResponse(statusCode));
-            expect({ prNum, isPublic }).toExistAsABuild();
-            expect({ prNum, isPublic, sha: ALT_SHA }).toExistAsABuild();
-          });
-
-
-          it('should not overwrite existing builds (but keep the updated visibility)', async () => {
-            h.createDummyBuild(prNum, SHA, !isPublic);
-            await curl(payload(build)).then(h.verifyResponse(409));
-            expect({ prNum, isPublic }).toExistAsABuild();
-            expect({ prNum, isPublic: !isPublic }).not.toExistAsABuild();
-            // since it errored we didn't clear up the downloaded artifact - perhaps we should?
-            expect({ prNum }).toExistAsAnArtifact();
-          });
-
-
-          it('should reject the request if it fails to update the PR\'s visibility', async () => {
-            // One way to cause an error is to have both a public and a hidden directory for the same PR.
-            h.createDummyBuild(prNum, ALT_SHA, isPublic);
-            h.createDummyBuild(prNum, ALT_SHA, !isPublic);
-
-            const errorRegex = new RegExp(`^Request to move '${h.getPrDir(prNum, !isPublic)}' ` +
-                                          `to existing directory '${h.getPrDir(prNum, isPublic)}'.`);
-
-            await curl(payload(build)).then(h.verifyResponse(409, errorRegex));
-
-            expect({ prNum, isPublic }).not.toExistAsABuild();
-
-            // The bad folders should have been deleted
-            expect({ prNum, sha: ALT_SHA, isPublic }).toExistAsABuild();
-            expect({ prNum, sha: ALT_SHA, isPublic: !isPublic }).toExistAsABuild();
-
-            // since it errored we didn't clear up the downloaded artifact - perhaps we should?
-            expect({ prNum }).toExistAsAnArtifact();
-          });
-        });
-      });
-    });
-  });
-
-
-  describe(`${host}/health-check`, () => {
-
-    it('should respond with 200', done => {
-      Promise.all([
-        h.runCmd(`curl -iL ${host}/health-check`).then(h.verifyResponse(200)),
-        h.runCmd(`curl -iL ${host}/health-check/`).then(h.verifyResponse(200)),
-      ]).then(done);
-    });
-
-
-    it('should respond with 404 if the path does not match exactly', done => {
-      Promise.all([
-        h.runCmd(`curl -iL ${host}/health-check/foo`).then(h.verifyResponse(404)),
-        h.runCmd(`curl -iL ${host}/health-check-foo`).then(h.verifyResponse(404)),
-        h.runCmd(`curl -iL ${host}/health-checknfoo`).then(h.verifyResponse(404)),
-        h.runCmd(`curl -iL ${host}/foo/health-check`).then(h.verifyResponse(404)),
-        h.runCmd(`curl -iL ${host}/foo-health-check`).then(h.verifyResponse(404)),
-        h.runCmd(`curl -iL ${host}/foonhealth-check`).then(h.verifyResponse(404)),
-      ]).then(done);
-    });
-
-  });
-
-
-  describe(`${host}/pr-updated`, () => {
-    const curl = makeCurl(`${host}/pr-updated`);
-
-    it('should disallow non-POST requests', async () => {
-      const bodyRegex = /^Unknown resource in request/;
-
-      await Promise.all([
-        curl({method: 'GET'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PUT'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'PATCH'}).then(h.verifyResponse(404, bodyRegex)),
-        curl({method: 'DELETE'}).then(h.verifyResponse(404, bodyRegex)),
-      ]);
-    });
-
-
-    it('should respond with 400 for requests without a payload', async () => {
-      const bodyRegex = /^Missing or empty 'number' field in request/;
-
-      await Promise.all([
-        curl({ data: '' }).then(h.verifyResponse(400, bodyRegex)),
-        curl({ data: {} }).then(h.verifyResponse(400, bodyRegex)),
-      ]);
-    });
-
-
-    it('should respond with 400 for requests without a \'number\' field', async () => {
-      const bodyRegex = /^Missing or empty 'number' field in request/;
-
-      await Promise.all([
-        curl({ data: {} }).then(h.verifyResponse(400, bodyRegex)),
-        curl({ data: { number: null} }).then(h.verifyResponse(400, bodyRegex)),
-      ]);
-    });
-
-
-    it('should reject requests for which checking the PR visibility fails', async () => {
-       await curl({ data: { number: PrNums.TRUST_CHECK_ERROR } }).then(h.verifyResponse(500, /TRUST_CHECK_ERROR/));
-    });
-
-
-    it('should respond with 404 for unknown paths', done => {
-      const mockPayload = JSON.stringify({number: 1}); // MockExternalApiFlags.TRUST_CHECK_ACTIVE_TRUSTED_USER });
-      const cmdPrefix = `curl -iLX POST --data "${mockPayload}" ${host}`;
-
-      Promise.all([
-        h.runCmd(`${cmdPrefix}/foo/pr-updated`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/foo-pr-updated`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/foonpr-updated`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/pr-updated/foo`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/pr-updated-foo`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/pr-updatednfoo`).then(h.verifyResponse(404)),
-      ]).then(done);
-    });
-
-
-    it('should do nothing if PR\'s visibility is already up-to-date', async () => {
-      const publicPr = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const hiddenPr = PrNums.TRUST_CHECK_UNTRUSTED;
-
-      const checkVisibilities = (remove: boolean) => {
-        // Public build is already public.
-        expect({ prNum: publicPr, isPublic: false }).not.toExistAsABuild(remove);
-        expect({ prNum: publicPr, isPublic: true }).toExistAsABuild(remove);
-        // Hidden build is already hidden.
-        expect({ prNum: hiddenPr, isPublic: false }).toExistAsABuild(remove);
-        expect({ prNum: hiddenPr, isPublic: true }).not.toExistAsABuild(remove);
-      };
-
-      h.createDummyBuild(publicPr, SHA, true);
-      h.createDummyBuild(hiddenPr, SHA, false);
-      checkVisibilities(false);
-
-      await Promise.all([
-        curl({ data: {number: +publicPr, action: 'foo' } }).then(h.verifyResponse(200)),
-        curl({ data: {number: +hiddenPr, action: 'foo' } }).then(h.verifyResponse(200)),
-      ]);
-
-      // Visibilities should not have changed, because the specified action could not have triggered a change.
-      checkVisibilities(true);
-    });
-
-
-    it('should do nothing if \'action\' implies no visibility change', async () => {
-      const publicPr = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const hiddenPr = PrNums.TRUST_CHECK_UNTRUSTED;
-
-      const checkVisibilities = (remove: boolean) => {
-        // Public build is hidden atm.
-        expect({ prNum: publicPr, isPublic: false }).toExistAsABuild(remove);
-        expect({ prNum: publicPr, isPublic: true }).not.toExistAsABuild(remove);
-        // Hidden build is public atm.
-        expect({ prNum: hiddenPr, isPublic: false }).not.toExistAsABuild(remove);
-        expect({ prNum: hiddenPr, isPublic: true }).toExistAsABuild(remove);
-      };
-
-      h.createDummyBuild(publicPr, SHA, false);
-      h.createDummyBuild(hiddenPr, SHA, true);
-      checkVisibilities(false);
-
-      await Promise.all([
-        curl({ data: {number: +publicPr, action: 'foo' } }).then(h.verifyResponse(200)),
-        curl({ data: {number: +hiddenPr, action: 'foo' } }).then(h.verifyResponse(200)),
-      ]);
-      // Visibilities should not have changed, because the specified action could not have triggered a change.
-      checkVisibilities(true);
-    });
-
-
-    describe('when the visiblity has changed', () => {
-      const publicPr = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const hiddenPr = PrNums.TRUST_CHECK_UNTRUSTED;
-
-      beforeEach(() => {
-        // Create initial PR builds with opposite visibilities as the ones that will be reported:
-        // - The now public PR was previously hidden.
-        // - The now hidden PR was previously public.
-        h.createDummyBuild(publicPr, SHA, false);
-        h.createDummyBuild(hiddenPr, SHA, true);
-
-        expect({ prNum: publicPr, isPublic: false }).toExistAsABuild(false);
-        expect({ prNum: publicPr, isPublic: true }).not.toExistAsABuild(false);
-        expect({ prNum: hiddenPr, isPublic: false }).not.toExistAsABuild(false);
-        expect({ prNum: hiddenPr, isPublic: true }).toExistAsABuild(false);
-      });
-      afterEach(() => {
-        // Expect PRs' visibility to have been updated:
-        // - The public PR should be actually public (previously it was hidden).
-        // - The hidden PR should be actually hidden (previously it was public).
-        expect({ prNum: publicPr, isPublic: false }).not.toExistAsABuild();
-        expect({ prNum: publicPr, isPublic: true }).toExistAsABuild();
-        expect({ prNum: hiddenPr, isPublic: false }).toExistAsABuild();
-        expect({ prNum: hiddenPr, isPublic: true }).not.toExistAsABuild();
-      });
-
-
-      it('should update the PR\'s visibility (action: undefined)', async () => {
-        await Promise.all([
-          curl({ data: {number: +publicPr } }).then(h.verifyResponse(200)),
-          curl({ data: {number: +hiddenPr } }).then(h.verifyResponse(200)),
-        ]);
-      });
-
-
-      it('should update the PR\'s visibility (action: labeled)', async () => {
-        await Promise.all([
-          curl({ data: {number: +publicPr, action: 'labeled' } }).then(h.verifyResponse(200)),
-          curl({ data: {number: +hiddenPr, action: 'labeled' } }).then(h.verifyResponse(200)),
-        ]);
-      });
-
-
-      it('should update the PR\'s visibility (action: unlabeled)', async () => {
-        await Promise.all([
-          curl({ data: {number: +publicPr, action: 'unlabeled' } }).then(h.verifyResponse(200)),
-          curl({ data: {number: +hiddenPr, action: 'unlabeled' } }).then(h.verifyResponse(200)),
-        ]);
-      });
-
-    });
-
-  });
-
-
-  describe(`${host}/*`, () => {
-
-    it('should respond with 404 for requests to unknown URLs', done => {
-      const bodyRegex = /^Unknown resource/;
-
-      Promise.all([
-        h.runCmd(`curl -iL ${host}/index.html`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iL ${host}/`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iL ${host}`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iLX PUT ${host}`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iLX POST ${host}`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iLX PATCH ${host}`).then(h.verifyResponse(404, bodyRegex)),
-        h.runCmd(`curl -iLX DELETE ${host}`).then(h.verifyResponse(404, bodyRegex)),
-      ]).then(done);
-    });
-
-  });
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts
@ -1,80 +1,101 @@
 // Imports
-import {AIO_NGINX_HOSTNAME} from '../common/env-variables';
-import {computeShortSha} from '../common/utils';
-import {ALT_SHA, BuildNums, PrNums, SHA} from './constants';
-import {helper as h, makeCurl, payload} from './helper';
-import {customMatchers} from './jasmine-custom-matchers';
+import * as path from 'path';
+import * as c from './constants';
+import {helper as h} from './helper';

 // Tests
 h.runForAllSupportedSchemes((scheme, port) => describe(`integration (on ${scheme.toUpperCase()})`, () => {
-  const hostname = AIO_NGINX_HOSTNAME;
+  const hostname = h.nginxHostname;
  const host = `${hostname}:${port}`;
-  const curlPrUpdated = makeCurl(`${scheme}://${host}/pr-updated`);
+  const pr9 = '9';
+  const sha9 = '9'.repeat(40);
+  const sha0 = '0'.repeat(40);
+  const archivePath = path.join(h.buildsDir, 'snapshot.tar.gz');

-  const getFile = (pr: number, sha: string, file: string) =>
-    h.runCmd(`curl -iL ${scheme}://pr${pr}-${computeShortSha(sha)}.${host}/${file}`);
-  const prUpdated = (prNum: number, action?: string) => curlPrUpdated({ data: { number: prNum, action } });
-  const circleBuild = makeCurl(`${scheme}://${host}/circle-build`);
+  const getFile = (pr: string, sha: string, file: string) =>
+    h.runCmd(`curl -iL ${scheme}://pr${pr}-${h.getShordSha(sha)}.${host}/${file}`);
+  const uploadBuild = (pr: string, sha: string, archive: string, authHeader = 'Token FOO') => {
+    const curlPost = `curl -iLX POST --header "Authorization: ${authHeader}"`;
+    return h.runCmd(`${curlPost} --data-binary "@${archive}" ${scheme}://${host}/create-build/${pr}/${sha}`);
+  };
+  const prUpdated = (pr: number, action?: string) => {
+    const url = `${scheme}://${host}/pr-updated`;
+    const payloadStr = JSON.stringify({number: pr, action});
+    return h.runCmd(`curl -iLX POST --header "Content-Type: application/json" --data '${payloadStr}' ${url}`);
+  };

-  beforeEach(() => {
-    jasmine.DEFAULT_TIMEOUT_INTERVAL = 5000;
-    jasmine.addMatchers(customMatchers);
+  beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 10000);
+  afterEach(() => {
+    h.deletePrDir(pr9);
+    h.deletePrDir(pr9, false);
+    h.cleanUp();
  });
-  afterEach(() => h.cleanUp());


  describe('for a new/non-existing PR', () => {

-    it('should be able to create and serve a public preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const PR = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
+    it('should be able to upload and serve a public build', done => {
+      const regexPrefix9 = `^PR: uploaded\\/${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      const regexPrefix = `^BUILD: ${BUILD} \\| PR: ${PR} \\| SHA: ${SHA} \\| File:`;
-      const idxContentRegex = new RegExp(`${regexPrefix} \\/index\\.html$`);
-      const barContentRegex = new RegExp(`${regexPrefix} \\/foo\\/bar\\.js$`);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      await circleBuild(payload(BUILD)).then(h.verifyResponse(201));
-      await Promise.all([
-        getFile(PR, SHA, 'index.html').then(h.verifyResponse(200, idxContentRegex)),
-        getFile(PR, SHA, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex)),
-      ]);
-
-      expect({ prNum: PR }).toExistAsABuild();
-      expect({ prNum: PR, isPublic: false }).not.toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath).
+        then(() => Promise.all([
+          getFile(pr9, sha9, 'index.html').then(h.verifyResponse(200, idxContentRegex9)),
+          getFile(pr9, sha9, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex9)),
+        ])).
+        then(done);
    });


-    it('should be able to create but not serve a hidden preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_UNTRUSTED;
-      const PR = PrNums.TRUST_CHECK_UNTRUSTED;
+    it('should be able to upload but not serve a hidden build', done => {
+      const regexPrefix9 = `^PR: uploaded\\/${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      await circleBuild(payload(BUILD)).then(h.verifyResponse(202));
-      await Promise.all([
-        getFile(PR, SHA, 'index.html').then(h.verifyResponse(404)),
-        getFile(PR, SHA, 'foo/bar.js').then(h.verifyResponse(404)),
-      ]);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      expect({ prNum: PR }).not.toExistAsABuild();
-      expect({ prNum: PR, isPublic: false }).toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath, c.BV_verify_verifiedNotTrusted).
+        then(() => Promise.all([
+          getFile(pr9, sha9, 'index.html').then(h.verifyResponse(404)),
+          getFile(pr9, sha9, 'foo/bar.js').then(h.verifyResponse(404)),
+        ])).
+        then(() => {
+          expect(h.buildExists(pr9, sha9)).toBe(false);
+          expect(h.buildExists(pr9, sha9, false)).toBe(true);
+          expect(h.readBuildFile(pr9, sha9, 'index.html', false)).toMatch(idxContentRegex9);
+          expect(h.readBuildFile(pr9, sha9, 'foo/bar.js', false)).toMatch(barContentRegex9);
+        }).
+        then(done);
    });


-    it('should reject if verification fails', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_ERROR;
-      const PR = PrNums.TRUST_CHECK_ERROR;
+    it('should reject an upload if verification fails', done => {
+      const errorRegex9 = new RegExp(`Error while verifying upload for PR ${pr9}: Test`);

-      await circleBuild(payload(BUILD)).then(h.verifyResponse(500));
-      expect({ prNum: PR }).toExistAsAnArtifact();
-      expect({ prNum: PR }).not.toExistAsABuild();
-      expect({ prNum: PR, isPublic: false }).not.toExistAsABuild();
+      h.createDummyArchive(pr9, sha9, archivePath);
+
+      uploadBuild(pr9, sha9, archivePath, c.BV_verify_error).
+        then(h.verifyResponse(403, errorRegex9)).
+        then(() => {
+          expect(h.buildExists(pr9)).toBe(false);
+          expect(h.buildExists(pr9, '', false)).toBe(false);
+        }).
+        then(done);
    });


-    it('should be able to notify that a PR has been updated (and do nothing)', async () => {
-      await prUpdated(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER).then(h.verifyResponse(200));
-      // The PR should still not exist.
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: false }).not.toExistAsABuild();
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: true }).not.toExistAsABuild();
+    it('should be able to notify that a PR has been updated (and do nothing)', done => {
+      prUpdated(+pr9).
+        then(h.verifyResponse(200)).
+        then(() => {
+          // The PR should still not exist.
+          expect(h.buildExists(pr9, '', false)).toBe(false);
+          expect(h.buildExists(pr9, '', true)).toBe(false);
+        }).
+        then(done);
    });

  });
@ -82,186 +103,215 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`integration (on ${scheme

  describe('for an existing PR', () => {

-    it('should be able to create and serve a public preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const PR = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
+    it('should be able to upload and serve a public build', done => {
+      const regexPrefix0 = `^PR: ${pr9} \\| SHA: ${sha0} \\| File:`;
+      const idxContentRegex0 = new RegExp(`${regexPrefix0} \\/index\\.html$`);
+      const barContentRegex0 = new RegExp(`${regexPrefix0} \\/foo\\/bar\\.js$`);

-      const regexPrefix1 = `^PR: ${PR} \\| SHA: ${ALT_SHA} \\| File:`;
-      const idxContentRegex1 = new RegExp(`${regexPrefix1} \\/index\\.html$`);
-      const barContentRegex1 = new RegExp(`${regexPrefix1} \\/foo\\/bar\\.js$`);
+      const regexPrefix9 = `^PR: uploaded\\/${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      const regexPrefix2 = `^BUILD: ${BUILD} \\| PR: ${PR} \\| SHA: ${SHA} \\| File:`;
-      const idxContentRegex2 = new RegExp(`${regexPrefix2} \\/index\\.html$`);
-      const barContentRegex2 = new RegExp(`${regexPrefix2} \\/foo\\/bar\\.js$`);
+      h.createDummyBuild(pr9, sha0);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      h.createDummyBuild(PR, ALT_SHA);
-      await circleBuild(payload(BUILD)).then(h.verifyResponse(201));
-      await Promise.all([
-        getFile(PR, ALT_SHA, 'index.html').then(h.verifyResponse(200, idxContentRegex1)),
-        getFile(PR, ALT_SHA, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex1)),
-        getFile(PR, SHA, 'index.html').then(h.verifyResponse(200, idxContentRegex2)),
-        getFile(PR, SHA, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex2)),
-      ]);
-
-      expect({ prNum: PR, sha: SHA }).toExistAsABuild();
-      expect({ prNum: PR, sha: ALT_SHA }).toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath).
+        then(() => Promise.all([
+          getFile(pr9, sha0, 'index.html').then(h.verifyResponse(200, idxContentRegex0)),
+          getFile(pr9, sha0, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex0)),
+          getFile(pr9, sha9, 'index.html').then(h.verifyResponse(200, idxContentRegex9)),
+          getFile(pr9, sha9, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex9)),
+        ])).
+        then(done);
    });


-    it('should be able to create but not serve a hidden preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_UNTRUSTED;
-      const PR = PrNums.TRUST_CHECK_UNTRUSTED;
+    it('should be able to upload but not serve a hidden build', done => {
+      const regexPrefix0 = `^PR: ${pr9} \\| SHA: ${sha0} \\| File:`;
+      const idxContentRegex0 = new RegExp(`${regexPrefix0} \\/index\\.html$`);
+      const barContentRegex0 = new RegExp(`${regexPrefix0} \\/foo\\/bar\\.js$`);

-      h.createDummyBuild(PR, ALT_SHA, false);
-      await circleBuild(payload(BUILD)).then(h.verifyResponse(202));
+      const regexPrefix9 = `^PR: uploaded\\/${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      await Promise.all([
-        getFile(PR, ALT_SHA, 'index.html').then(h.verifyResponse(404)),
-        getFile(PR, ALT_SHA, 'foo/bar.js').then(h.verifyResponse(404)),
-        getFile(PR, SHA, 'index.html').then(h.verifyResponse(404)),
-        getFile(PR, SHA, 'foo/bar.js').then(h.verifyResponse(404)),
-      ]);
+      h.createDummyBuild(pr9, sha0, false);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      expect({ prNum: PR, sha: SHA }).not.toExistAsABuild();
-      expect({ prNum: PR, sha: SHA, isPublic: false }).toExistAsABuild();
-      expect({ prNum: PR, sha: ALT_SHA }).not.toExistAsABuild();
-      expect({ prNum: PR, sha: ALT_SHA, isPublic: false }).toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath, c.BV_verify_verifiedNotTrusted).
+        then(() => Promise.all([
+          getFile(pr9, sha0, 'index.html').then(h.verifyResponse(404)),
+          getFile(pr9, sha0, 'foo/bar.js').then(h.verifyResponse(404)),
+          getFile(pr9, sha9, 'index.html').then(h.verifyResponse(404)),
+          getFile(pr9, sha9, 'foo/bar.js').then(h.verifyResponse(404)),
+        ])).
+        then(() => {
+          expect(h.buildExists(pr9, sha9)).toBe(false);
+          expect(h.buildExists(pr9, sha9, false)).toBe(true);
+          expect(h.readBuildFile(pr9, sha0, 'index.html', false)).toMatch(idxContentRegex0);
+          expect(h.readBuildFile(pr9, sha0, 'foo/bar.js', false)).toMatch(barContentRegex0);
+          expect(h.readBuildFile(pr9, sha9, 'index.html', false)).toMatch(idxContentRegex9);
+          expect(h.readBuildFile(pr9, sha9, 'foo/bar.js', false)).toMatch(barContentRegex9);
+        }).
+        then(done);
    });


-    it('should reject if verification fails', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_ERROR;
-      const PR = PrNums.TRUST_CHECK_ERROR;
+    it('should reject an upload if verification fails', done => {
+      const errorRegex9 = new RegExp(`Error while verifying upload for PR ${pr9}: Test`);

-      h.createDummyBuild(PR, ALT_SHA, false);
+      h.createDummyBuild(pr9, sha0);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      await circleBuild(payload(BUILD)).then(h.verifyResponse(500));
+      uploadBuild(pr9, sha9, archivePath, c.BV_verify_error).
+        then(h.verifyResponse(403, errorRegex9)).
+        then(() => {
+          expect(h.buildExists(pr9)).toBe(true);
+          expect(h.buildExists(pr9, sha0)).toBe(true);
+          expect(h.buildExists(pr9, sha9)).toBe(false);
+        }).
+        then(done);

-      expect({ prNum: PR }).toExistAsAnArtifact();
-      expect({ prNum: PR }).not.toExistAsABuild();
-      expect({ prNum: PR, isPublic: false }).not.toExistAsABuild();
-      expect({ prNum: PR, sha: ALT_SHA, isPublic: false }).toExistAsABuild();
    });


-    it('should not be able to overwrite an existing public preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const PR = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
+    it('should not be able to overwrite an existing public build', done => {
+      const regexPrefix9 = `^PR: ${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      const regexPrefix = `^PR: ${PR} \\| SHA: ${SHA} \\| File:`;
-      const idxContentRegex = new RegExp(`${regexPrefix} \\/index\\.html$`);
-      const barContentRegex = new RegExp(`${regexPrefix} \\/foo\\/bar\\.js$`);
+      h.createDummyBuild(pr9, sha9);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      h.createDummyBuild(PR, SHA);
-
-      await circleBuild(payload(BUILD)).then(h.verifyResponse(409));
-      await Promise.all([
-        getFile(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, SHA, 'index.html').then(h.verifyResponse(200, idxContentRegex)),
-        getFile(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, SHA, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex)),
-      ]);
-
-      expect({ prNum: PR }).toExistAsAnArtifact();
-      expect({ prNum: PR }).toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath).
+        then(h.verifyResponse(409)).
+        then(() => Promise.all([
+          getFile(pr9, sha9, 'index.html').then(h.verifyResponse(200, idxContentRegex9)),
+          getFile(pr9, sha9, 'foo/bar.js').then(h.verifyResponse(200, barContentRegex9)),
+        ])).
+        then(done);
    });


-    it('should not be able to overwrite an existing hidden preview', async () => {
-      const BUILD = BuildNums.TRUST_CHECK_UNTRUSTED;
-      const PR = PrNums.TRUST_CHECK_UNTRUSTED;
-      h.createDummyBuild(PR, SHA, false);
+    it('should not be able to overwrite an existing hidden build', done => {
+      const regexPrefix9 = `^PR: ${pr9} \\| SHA: ${sha9} \\| File:`;
+      const idxContentRegex9 = new RegExp(`${regexPrefix9} \\/index\\.html$`);
+      const barContentRegex9 = new RegExp(`${regexPrefix9} \\/foo\\/bar\\.js$`);

-      await circleBuild(payload(BUILD)).then(h.verifyResponse(409));
+      h.createDummyBuild(pr9, sha9, false);
+      h.createDummyArchive(pr9, sha9, archivePath);

-      expect({ prNum: PR }).toExistAsAnArtifact();
-      expect({ prNum: PR, isPublic: false }).toExistAsABuild();
+      uploadBuild(pr9, sha9, archivePath, c.BV_verify_verifiedNotTrusted).
+        then(h.verifyResponse(409)).
+        then(() => {
+          expect(h.readBuildFile(pr9, sha9, 'index.html', false)).toMatch(idxContentRegex9);
+          expect(h.readBuildFile(pr9, sha9, 'foo/bar.js', false)).toMatch(barContentRegex9);
+        }).
+        then(done);
    });


-    it('should be able to request re-checking visibility (if outdated)', async () => {
-      const publicPr = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const hiddenPr = PrNums.TRUST_CHECK_UNTRUSTED;
+    it('should be able to request re-checking visibility (if outdated)', done => {
+      const publicPr = pr9;
+      const hiddenPr = String(c.BV_getPrIsTrusted_notTrusted);

-      h.createDummyBuild(publicPr, SHA, false);
-      h.createDummyBuild(hiddenPr, SHA, true);
+      h.createDummyBuild(publicPr, sha9, false);
+      h.createDummyBuild(hiddenPr, sha9, true);

      // PR visibilities are outdated (i.e. the opposte of what the should).
-      expect({ prNum: publicPr, sha: SHA, isPublic: false }).toExistAsABuild(false);
-      expect({ prNum: publicPr, sha: SHA, isPublic: true }).not.toExistAsABuild(false);
-      expect({ prNum: hiddenPr, sha: SHA, isPublic: false }).not.toExistAsABuild(false);
-      expect({ prNum: hiddenPr, sha: SHA, isPublic: true }).toExistAsABuild(false);
+      expect(h.buildExists(publicPr, '', false)).toBe(true);
+      expect(h.buildExists(publicPr, '', true)).toBe(false);
+      expect(h.buildExists(hiddenPr, '', false)).toBe(false);
+      expect(h.buildExists(hiddenPr, '', true)).toBe(true);

-      await Promise.all([
-        prUpdated(publicPr).then(h.verifyResponse(200)),
-        prUpdated(hiddenPr).then(h.verifyResponse(200)),
-      ]);
-
-      // PR visibilities should have been updated.
-      expect({ prNum: publicPr, isPublic: false }).not.toExistAsABuild();
-      expect({ prNum: publicPr, isPublic: true }).toExistAsABuild();
-      expect({ prNum: hiddenPr, isPublic: false }).toExistAsABuild();
-      expect({ prNum: hiddenPr, isPublic: true }).not.toExistAsABuild();
+      Promise.
+        all([
+          prUpdated(+publicPr).then(h.verifyResponse(200)),
+          prUpdated(+hiddenPr).then(h.verifyResponse(200)),
+        ]).
+        then(() => {
+          // PR visibilities should have been updated.
+          expect(h.buildExists(publicPr, '', false)).toBe(false);
+          expect(h.buildExists(publicPr, '', true)).toBe(true);
+          expect(h.buildExists(hiddenPr, '', false)).toBe(true);
+          expect(h.buildExists(hiddenPr, '', true)).toBe(false);
+        }).
+        then(() => {
+          h.deletePrDir(publicPr, true);
+          h.deletePrDir(hiddenPr, false);
+        }).
+        then(done);
    });


-    it('should be able to request re-checking visibility (if up-to-date)', async () => {
-      const publicPr = PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER;
-      const hiddenPr = PrNums.TRUST_CHECK_UNTRUSTED;
+    it('should be able to request re-checking visibility (if up-to-date)', done => {
+      const publicPr = pr9;
+      const hiddenPr = String(c.BV_getPrIsTrusted_notTrusted);

-      h.createDummyBuild(publicPr, SHA, true);
-      h.createDummyBuild(hiddenPr, SHA, false);
+      h.createDummyBuild(publicPr, sha9, true);
+      h.createDummyBuild(hiddenPr, sha9, false);

      // PR visibilities are already up-to-date.
-      expect({ prNum: publicPr, sha: SHA, isPublic: false }).not.toExistAsABuild(false);
-      expect({ prNum: publicPr, sha: SHA, isPublic: true }).toExistAsABuild(false);
-      expect({ prNum: hiddenPr, sha: SHA, isPublic: false }).toExistAsABuild(false);
-      expect({ prNum: hiddenPr, sha: SHA, isPublic: true }).not.toExistAsABuild(false);
+      expect(h.buildExists(publicPr, '', false)).toBe(false);
+      expect(h.buildExists(publicPr, '', true)).toBe(true);
+      expect(h.buildExists(hiddenPr, '', false)).toBe(true);
+      expect(h.buildExists(hiddenPr, '', true)).toBe(false);

-      await Promise.all([
-        prUpdated(publicPr).then(h.verifyResponse(200)),
-        prUpdated(hiddenPr).then(h.verifyResponse(200)),
-      ]);
-
-      // PR visibilities are still up-to-date.
-      expect({ prNum: publicPr, isPublic: true }).toExistAsABuild();
-      expect({ prNum: publicPr, isPublic: false }).not.toExistAsABuild();
-      expect({ prNum: hiddenPr, isPublic: true }).not.toExistAsABuild();
-      expect({ prNum: hiddenPr, isPublic: false }).toExistAsABuild();
+      Promise.
+        all([
+          prUpdated(+publicPr).then(h.verifyResponse(200)),
+          prUpdated(+hiddenPr).then(h.verifyResponse(200)),
+        ]).
+        then(() => {
+          // PR visibilities are still up-to-date.
+          expect(h.buildExists(publicPr, '', false)).toBe(false);
+          expect(h.buildExists(publicPr, '', true)).toBe(true);
+          expect(h.buildExists(hiddenPr, '', false)).toBe(true);
+          expect(h.buildExists(hiddenPr, '', true)).toBe(false);
+        }).
+        then(done);
    });


-    it('should reject a request if re-checking visibility fails', async () => {
-      const errorPr = PrNums.TRUST_CHECK_ERROR;
+    it('should reject a request if re-checking visibility fails', done => {
+      const errorPr = String(c.BV_getPrIsTrusted_error);

-      h.createDummyBuild(errorPr, SHA, true);
+      h.createDummyBuild(errorPr, sha9, true);

-      expect({ prNum: errorPr, isPublic: false }).not.toExistAsABuild(false);
-      expect({ prNum: errorPr, isPublic: true }).toExistAsABuild(false);
+      expect(h.buildExists(errorPr, '', false)).toBe(false);
+      expect(h.buildExists(errorPr, '', true)).toBe(true);

-      await prUpdated(errorPr).then(h.verifyResponse(500, /TRUST_CHECK_ERROR/));
-
-      // PR visibility should not have been updated.
-      expect({ prNum: errorPr, isPublic: false }).not.toExistAsABuild();
-      expect({ prNum: errorPr, isPublic: true }).toExistAsABuild();
+      prUpdated(+errorPr).
+        then(h.verifyResponse(500, /Test/)).
+        then(() => {
+          // PR visibility should not have been updated.
+          expect(h.buildExists(errorPr, '', false)).toBe(false);
+          expect(h.buildExists(errorPr, '', true)).toBe(true);
+        }).
+        then(done);
    });


-    it('should reject a request if updating visibility fails', async () => {
+    it('should reject a request if updating visibility fails', done => {
      // One way to cause an error is to have both a public and a hidden directory for the same PR.
-      h.createDummyBuild(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, SHA, false);
-      h.createDummyBuild(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, SHA, true);
+      h.createDummyBuild(pr9, sha9, false);
+      h.createDummyBuild(pr9, sha9, true);

-      const hiddenPrDir = h.getPrDir(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, false);
-      const publicPrDir = h.getPrDir(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, true);
+      const hiddenPrDir = h.getPrDir(pr9, false);
+      const publicPrDir = h.getPrDir(pr9, true);
      const bodyRegex = new RegExp(`Request to move '${hiddenPrDir}' to existing directory '${publicPrDir}'`);

-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: false }).toExistAsABuild(false);
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: true }).toExistAsABuild(false);
+      expect(h.buildExists(pr9, '', false)).toBe(true);
+      expect(h.buildExists(pr9, '', true)).toBe(true);

-      await prUpdated(PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER).then(h.verifyResponse(409, bodyRegex));
-
-      // PR visibility should not have been updated.
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: false }).toExistAsABuild();
-      expect({ prNum: PrNums.TRUST_CHECK_ACTIVE_TRUSTED_USER, isPublic: true }).toExistAsABuild();
+      prUpdated(+pr9).
+        then(h.verifyResponse(409, bodyRegex)).
+        then(() => {
+          // PR visibility should not have been updated.
+          expect(h.buildExists(pr9, '', false)).toBe(true);
+          expect(h.buildExists(pr9, '', true)).toBe(true);
+        }).
+        then(done);
    });

  });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/start-test-preview-server.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/start-test-preview-server.ts
@ -1,2 +0,0 @@
-import '../preview-server';
-import './mock-external-apis';
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/start-test-upload-server.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/start-test-upload-server.ts
@ -0,0 +1,38 @@
+// Imports
+import {GithubPullRequests} from '../common/github-pull-requests';
+import {BUILD_VERIFICATION_STATUS, BuildVerifier} from '../upload-server/build-verifier';
+import {UploadError} from '../upload-server/upload-error';
+import * as c from './constants';
+
+// Run
+// TODO(gkalpak): Add e2e tests to cover these interactions as well.
+GithubPullRequests.prototype.addComment = () => Promise.resolve();
+BuildVerifier.prototype.getPrIsTrusted = (pr: number) => {
+  switch (pr) {
+    case c.BV_getPrIsTrusted_error:
+      // For e2e tests, fake an error.
+      return Promise.reject('Test');
+    case c.BV_getPrIsTrusted_notTrusted:
+      // For e2e tests, fake an untrusted PR (`false`).
+      return Promise.resolve(false);
+    default:
+      // For e2e tests, default to trusted PRs (`true`).
+      return Promise.resolve(true);
+  }
+};
+BuildVerifier.prototype.verify = (expectedPr: number, authHeader: string) => {
+  switch (authHeader) {
+    case c.BV_verify_error:
+      // For e2e tests, fake a verification error.
+      return Promise.reject(new UploadError(403, `Error while verifying upload for PR ${expectedPr}: Test`));
+    case c.BV_verify_verifiedNotTrusted:
+      // For e2e tests, fake a `verifiedNotTrusted` verification status.
+      return Promise.resolve(BUILD_VERIFICATION_STATUS.verifiedNotTrusted);
+    default:
+      // For e2e tests, default to `verifiedAndTrusted` verification status.
+      return Promise.resolve(BUILD_VERIFICATION_STATUS.verifiedAndTrusted);
+  }
+};
+
+// tslint:disable-next-line: no-var-requires
+require('../upload-server/index');
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/tar-stream.d.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/tar-stream.d.ts
@ -1,30 +0,0 @@
-declare module 'tar-stream' {
-
-  import {Readable, Writable} from 'stream';
-
-  export interface Pack extends Readable {
-    entry(header: Header, callback?: (err?: any) => {}): Writable;
-    entry(header: Header, contents: string, callback?: (err?: any) => {}): Writable;
-    entry(header: Header, buffer: Buffer, callback?: (err?: any) => {}): Writable;
-    entry(header: Header, buffer: string|Buffer, callback?: (err?: any) => {}): Writable;
-    finalize();
-    destroy(err: any);
-  }
-
-  export interface Header {
-    name: string;
-    mode?: number;
-    uid?: number;
-    gid?: number;
-    size?: number;
-    mtime?: Date;
-    type?: type;
-    linkname?: string;
-    uname?: string;
-    gname?: string;
-    devmajor?: number;
-    devminor?: number;
-  }
-
-  export function pack(): Pack;
-}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts
@ -0,0 +1,571 @@
+// Imports
+import * as fs from 'fs';
+import * as path from 'path';
+import * as c from './constants';
+import {CmdResult, helper as h} from './helper';
+
+// Tests
+describe('upload-server (on HTTP)', () => {
+  const hostname = h.uploadHostname;
+  const port = h.uploadPort;
+  const host = `${hostname}:${port}`;
+  const pr = '9';
+  const sha9 = '9'.repeat(40);
+  const sha0 = '0'.repeat(40);
+
+  beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 10000);
+  afterEach(() => h.cleanUp());
+
+
+  describe(`${host}/create-build/<pr>/<sha>`, () => {
+    const authorizationHeader = `--header "Authorization: Token FOO"`;
+    const xFileHeader = `--header "X-File: ${h.buildsDir}/snapshot.tar.gz"`;
+    const defaultHeaders = `${authorizationHeader} ${xFileHeader}`;
+    const curl = (url: string, headers = defaultHeaders) => `curl -iL ${headers} ${url}`;
+
+
+    it('should disallow non-GET requests', done => {
+      const url = `http://${host}/create-build/${pr}/${sha9}`;
+      const bodyRegex = /^Unknown resource/;
+
+      Promise.all([
+        h.runCmd(`curl -iLX PUT ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX POST ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX PATCH ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX DELETE ${url}`).then(h.verifyResponse(404, bodyRegex)),
+      ]).then(done);
+    });
+
+
+    it('should reject requests without an \'AUTHORIZATION\' header', done => {
+      const headers1 = '';
+      const headers2 = '--header "AUTHORIXATION: "';
+      const url = `http://${host}/create-build/${pr}/${sha9}`;
+      const bodyRegex = /^Missing or empty 'AUTHORIZATION' header/;
+
+      Promise.all([
+        h.runCmd(curl(url, headers1)).then(h.verifyResponse(401, bodyRegex)),
+        h.runCmd(curl(url, headers2)).then(h.verifyResponse(401, bodyRegex)),
+      ]).then(done);
+    });
+
+
+    it('should reject requests without an \'X-FILE\' header', done => {
+      const headers1 = authorizationHeader;
+      const headers2 = `${authorizationHeader} --header "X-FILE: "`;
+      const url = `http://${host}/create-build/${pr}/${sha9}`;
+      const bodyRegex = /^Missing or empty 'X-FILE' header/;
+
+      Promise.all([
+        h.runCmd(curl(url, headers1)).then(h.verifyResponse(400, bodyRegex)),
+        h.runCmd(curl(url, headers2)).then(h.verifyResponse(400, bodyRegex)),
+      ]).then(done);
+    });
+
+
+    it('should reject requests for which the PR verification fails', done => {
+      const headers = `--header "Authorization: ${c.BV_verify_error}" ${xFileHeader}`;
+      const url = `http://${host}/create-build/${pr}/${sha9}`;
+      const bodyRegex = new RegExp(`Error while verifying upload for PR ${pr}: Test`);
+
+      h.runCmd(curl(url, headers)).
+        then(h.verifyResponse(403, bodyRegex)).
+        then(done);
+    });
+
+
+    it('should respond with 404 for unknown paths', done => {
+      const cmdPrefix = curl(`http://${host}`);
+
+      Promise.all([
+        h.runCmd(`${cmdPrefix}/foo/create-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/foo-create-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/fooncreate-build/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/create-build/foo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/create-build-foo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/create-buildnfoo/${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/create-build/pr${pr}/${sha9}`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/create-build/${pr}/${sha9}42`).then(h.verifyResponse(404)),
+      ]).then(done);
+    });
+
+
+    it('should reject PRs with leading zeros', done => {
+      h.runCmd(curl(`http://${host}/create-build/0${pr}/${sha9}`)).
+        then(h.verifyResponse(404)).
+        then(done);
+    });
+
+
+    it('should accept SHAs with leading zeros (but not trim the zeros)', done => {
+      Promise.all([
+        h.runCmd(curl(`http://${host}/create-build/${pr}/0${sha9}`)).then(h.verifyResponse(404)),
+        h.runCmd(curl(`http://${host}/create-build/${pr}/${sha9}`)).then(h.verifyResponse(500)),
+        h.runCmd(curl(`http://${host}/create-build/${pr}/${sha0}`)).then(h.verifyResponse(500)),
+      ]).then(done);
+    });
+
+
+    [true, false].forEach(isPublic => describe(`(for ${isPublic ? 'public' : 'hidden'} builds)`, () => {
+      const authorizationHeader2 = isPublic ?
+        authorizationHeader : `--header "Authorization: ${c.BV_verify_verifiedNotTrusted}"`;
+      const cmdPrefix = curl('', `${authorizationHeader2} ${xFileHeader}`);
+      const overwriteRe = RegExp(`^Request to overwrite existing ${isPublic ? 'public' : 'non-public'} directory`);
+
+
+      it('should not overwrite existing builds', done => {
+        h.createDummyBuild(pr, sha9, isPublic);
+        expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain('index.html');
+
+        h.writeBuildFile(pr, sha9, 'index.html', 'My content', isPublic);
+        expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toBe('My content');
+
+        h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9}`).
+          then(h.verifyResponse(409, overwriteRe)).
+          then(() => expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toBe('My content')).
+          then(done);
+      });
+
+
+      it('should not overwrite existing builds (even if the SHA is different)', done => {
+        // Since only the first few characters of the SHA are used, it is possible for two different
+        // SHAs to correspond to the same directory. In that case, we don't want the second SHA to
+        // overwrite the first.
+
+        const sha9Almost = sha9.replace(/.$/, '8');
+        expect(sha9Almost).not.toBe(sha9);
+
+        h.createDummyBuild(pr, sha9, isPublic);
+        expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain('index.html');
+
+        h.writeBuildFile(pr, sha9, 'index.html', 'My content', isPublic);
+        expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toBe('My content');
+
+        h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9Almost}`).
+          then(h.verifyResponse(409, overwriteRe)).
+          then(() => expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toBe('My content')).
+          then(done);
+      });
+
+
+      it('should delete the PR directory on error (for new PR)', done => {
+        h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9}`).
+          then(h.verifyResponse(500)).
+          then(() => expect(h.buildExists(pr, '', isPublic)).toBe(false)).
+          then(done);
+      });
+
+
+      it('should only delete the SHA directory on error (for existing PR)', done => {
+        h.createDummyBuild(pr, sha0, isPublic);
+
+        h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9}`).
+          then(h.verifyResponse(500)).
+          then(() => {
+            expect(h.buildExists(pr, sha9, isPublic)).toBe(false);
+            expect(h.buildExists(pr, '', isPublic)).toBe(true);
+          }).
+          then(done);
+      });
+
+
+      describe('on successful upload', () => {
+        const archivePath = path.join(h.buildsDir, 'snapshot.tar.gz');
+        const statusCode = isPublic ? 201 : 202;
+        let uploadPromise: Promise<CmdResult>;
+
+        beforeEach(() => {
+          h.createDummyArchive(pr, sha9, archivePath);
+          uploadPromise = h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9}`);
+        });
+        afterEach(() => h.deletePrDir(pr, isPublic));
+
+
+        it(`should respond with ${statusCode}`, done => {
+          uploadPromise.then(h.verifyResponse(statusCode)).then(done);
+        });
+
+
+        it('should extract the contents of the uploaded file', done => {
+          uploadPromise.
+            then(() => {
+              expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain(`uploaded/${pr}`);
+              expect(h.readBuildFile(pr, sha9, 'foo/bar.js', isPublic)).toContain(`uploaded/${pr}`);
+            }).
+            then(done);
+        });
+
+
+        it(`should create files/directories owned by '${h.wwwUser}'`, done => {
+          const prDir = h.getPrDir(pr, isPublic);
+          const shaDir = h.getShaDir(prDir, sha9);
+          const idxPath = path.join(shaDir, 'index.html');
+          const barPath = path.join(shaDir, 'foo', 'bar.js');
+
+          uploadPromise.
+            then(() => Promise.all([
+              h.runCmd(`find ${shaDir}`),
+              h.runCmd(`find ${shaDir} -user ${h.wwwUser}`),
+            ])).
+            then(([{stdout: allFiles}, {stdout: userFiles}]) => {
+              expect(userFiles).toBe(allFiles);
+              expect(userFiles).toContain(shaDir);
+              expect(userFiles).toContain(idxPath);
+              expect(userFiles).toContain(barPath);
+            }).
+            then(done);
+        });
+
+
+        it('should delete the uploaded file', done => {
+          expect(fs.existsSync(archivePath)).toBe(true);
+          uploadPromise.
+            then(() => expect(fs.existsSync(archivePath)).toBe(false)).
+            then(done);
+        });
+
+
+        it('should make the build directory non-writable', done => {
+          const prDir = h.getPrDir(pr, isPublic);
+          const shaDir = h.getShaDir(prDir, sha9);
+          const idxPath = path.join(shaDir, 'index.html');
+          const barPath = path.join(shaDir, 'foo', 'bar.js');
+
+          // See https://github.com/nodejs/node-v0.x-archive/issues/3045#issuecomment-4862588.
+          const isNotWritable = (fileOrDir: string) => {
+            const mode = fs.statSync(fileOrDir).mode;
+            // tslint:disable-next-line: no-bitwise
+            return !(mode & parseInt('222', 8));
+          };
+
+          uploadPromise.
+            then(() => {
+              expect(isNotWritable(shaDir)).toBe(true);
+              expect(isNotWritable(idxPath)).toBe(true);
+              expect(isNotWritable(barPath)).toBe(true);
+            }).
+            then(done);
+        });
+
+
+        it('should ignore a legacy 40-chars long build directory (even if it starts with the same chars)', done => {
+          // It is possible that 40-chars long build directories exist, if they had been deployed
+          // before implementing the shorter build directory names. In that case, we don't want the
+          // second (shorter) name to be considered the same as the old one (even if they originate
+          // from the same SHA).
+
+          h.createDummyBuild(pr, sha9, isPublic, false, true);
+          expect(h.readBuildFile(pr, sha9, 'index.html', isPublic, true)).toContain('index.html');
+
+          h.writeBuildFile(pr, sha9, 'index.html', 'My content', isPublic, true);
+          expect(h.readBuildFile(pr, sha9, 'index.html', isPublic, true)).toBe('My content');
+
+          h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha9}`).
+            then(h.verifyResponse(statusCode)).
+            then(() => {
+              expect(h.buildExists(pr, sha9, isPublic)).toBe(true);
+              expect(h.buildExists(pr, sha9, isPublic, true)).toBe(true);
+              expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain('index.html');
+              expect(h.readBuildFile(pr, sha9, 'index.html', isPublic, true)).toBe('My content');
+            }).
+            then(done);
+        });
+
+      });
+
+
+      describe('when the PR\'s visibility has changed', () => {
+        const archivePath = path.join(h.buildsDir, 'snapshot.tar.gz');
+        const statusCode = isPublic ? 201 : 202;
+
+        const checkPrVisibility = (isPublic2: boolean) => {
+          expect(h.buildExists(pr, '', isPublic2)).toBe(true);
+          expect(h.buildExists(pr, '', !isPublic2)).toBe(false);
+          expect(h.buildExists(pr, sha0, isPublic2)).toBe(true);
+          expect(h.buildExists(pr, sha0, !isPublic2)).toBe(false);
+        };
+        const uploadBuild = (sha: string) => h.runCmd(`${cmdPrefix} http://${host}/create-build/${pr}/${sha}`);
+
+        beforeEach(() => {
+          h.createDummyBuild(pr, sha0, !isPublic);
+          h.createDummyArchive(pr, sha9, archivePath);
+          checkPrVisibility(!isPublic);
+        });
+        afterEach(() => h.deletePrDir(pr, isPublic));
+
+
+        it('should update the PR\'s visibility', done => {
+          uploadBuild(sha9).
+            then(h.verifyResponse(statusCode)).
+            then(() => {
+              checkPrVisibility(isPublic);
+              expect(h.buildExists(pr, sha9, isPublic)).toBe(true);
+              expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain(`uploaded/${pr}`);
+              expect(h.readBuildFile(pr, sha9, 'index.html', isPublic)).toContain(sha9);
+            }).
+            then(done);
+        });
+
+
+        it('should not overwrite existing builds (but keep the updated visibility)', done => {
+          expect(h.buildExists(pr, sha0, isPublic)).toBe(false);
+
+          uploadBuild(sha0).
+            then(h.verifyResponse(409, overwriteRe)).
+            then(() => {
+              checkPrVisibility(isPublic);
+              expect(h.readBuildFile(pr, sha0, 'index.html', isPublic)).toContain(pr);
+              expect(h.readBuildFile(pr, sha0, 'index.html', isPublic)).not.toContain(`uploaded/${pr}`);
+              expect(h.readBuildFile(pr, sha0, 'index.html', isPublic)).toContain(sha0);
+              expect(h.readBuildFile(pr, sha0, 'index.html', isPublic)).not.toContain(sha9);
+            }).
+            then(done);
+        });
+
+
+        it('should reject the request if it fails to update the PR\'s visibility', done => {
+          // One way to cause an error is to have both a public and a hidden directory for the same PR.
+          h.createDummyBuild(pr, sha0, isPublic);
+
+          expect(h.buildExists(pr, sha0, isPublic)).toBe(true);
+          expect(h.buildExists(pr, sha0, !isPublic)).toBe(true);
+
+          const errorRegex = new RegExp(`^Request to move '${h.getPrDir(pr, !isPublic)}' ` +
+                                        `to existing directory '${h.getPrDir(pr, isPublic)}'.`);
+
+          uploadBuild(sha9).
+            then(h.verifyResponse(409, errorRegex)).
+            then(() => {
+              expect(h.buildExists(pr, sha0, isPublic)).toBe(true);
+              expect(h.buildExists(pr, sha0, !isPublic)).toBe(true);
+              expect(h.buildExists(pr, sha9, isPublic)).toBe(false);
+              expect(h.buildExists(pr, sha9, !isPublic)).toBe(false);
+            }).
+            then(done);
+        });
+
+      });
+
+    }));
+
+  });
+
+
+  describe(`${host}/health-check`, () => {
+
+    it('should respond with 200', done => {
+      Promise.all([
+        h.runCmd(`curl -iL http://${host}/health-check`).then(h.verifyResponse(200)),
+        h.runCmd(`curl -iL http://${host}/health-check/`).then(h.verifyResponse(200)),
+      ]).then(done);
+    });
+
+
+    it('should respond with 404 if the path does not match exactly', done => {
+      Promise.all([
+        h.runCmd(`curl -iL http://${host}/health-check/foo`).then(h.verifyResponse(404)),
+        h.runCmd(`curl -iL http://${host}/health-check-foo`).then(h.verifyResponse(404)),
+        h.runCmd(`curl -iL http://${host}/health-checknfoo`).then(h.verifyResponse(404)),
+        h.runCmd(`curl -iL http://${host}/foo/health-check`).then(h.verifyResponse(404)),
+        h.runCmd(`curl -iL http://${host}/foo-health-check`).then(h.verifyResponse(404)),
+        h.runCmd(`curl -iL http://${host}/foonhealth-check`).then(h.verifyResponse(404)),
+      ]).then(done);
+    });
+
+  });
+
+
+  describe(`${host}/pr-updated`, () => {
+    const url = `http://${host}/pr-updated`;
+
+    // Helpers
+    const curl = (payload?: {number: number, action?: string}) => {
+      const payloadStr = payload && JSON.stringify(payload) || '';
+      return `curl -iLX POST --header "Content-Type: application/json" --data '${payloadStr}' ${url}`;
+    };
+
+
+    it('should disallow non-POST requests', done => {
+      const bodyRegex = /^Unknown resource in request/;
+
+      Promise.all([
+        h.runCmd(`curl -iLX GET ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX PUT ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX PATCH ${url}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX DELETE ${url}`).then(h.verifyResponse(404, bodyRegex)),
+      ]).then(done);
+    });
+
+
+    it('should respond with 400 for requests without a payload', done => {
+      const bodyRegex = /^Missing or empty 'number' field in request/;
+
+      h.runCmd(curl()).
+        then(h.verifyResponse(400, bodyRegex)).
+        then(done);
+    });
+
+
+    it('should respond with 400 for requests without a \'number\' field', done => {
+      const bodyRegex = /^Missing or empty 'number' field in request/;
+
+      Promise.all([
+        h.runCmd(curl({} as any)).then(h.verifyResponse(400, bodyRegex)),
+        h.runCmd(curl({number: null} as any)).then(h.verifyResponse(400, bodyRegex)),
+      ]).then(done);
+    });
+
+
+    it('should reject requests for which checking the PR visibility fails', done => {
+      h.runCmd(curl({number: c.BV_getPrIsTrusted_error})).
+        then(h.verifyResponse(500, /Test/)).
+        then(done);
+    });
+
+
+    it('should respond with 404 for unknown paths', done => {
+      const mockPayload = JSON.stringify({number: +pr});
+      const cmdPrefix = `curl -iLX POST --data "${mockPayload}" http://${host}`;
+
+      Promise.all([
+        h.runCmd(`${cmdPrefix}/foo/pr-updated`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/foo-pr-updated`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/foonpr-updated`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/pr-updated/foo`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/pr-updated-foo`).then(h.verifyResponse(404)),
+        h.runCmd(`${cmdPrefix}/pr-updatednfoo`).then(h.verifyResponse(404)),
+      ]).then(done);
+    });
+
+
+    it('should do nothing if PR\'s visibility is already up-to-date', done => {
+      const publicPr = pr;
+      const hiddenPr = String(c.BV_getPrIsTrusted_notTrusted);
+      const checkVisibilities = () => {
+        // Public build is already public.
+        expect(h.buildExists(publicPr, '', false)).toBe(false);
+        expect(h.buildExists(publicPr, '', true)).toBe(true);
+        // Hidden build is already hidden.
+        expect(h.buildExists(hiddenPr, '', false)).toBe(true);
+        expect(h.buildExists(hiddenPr, '', true)).toBe(false);
+      };
+
+      h.createDummyBuild(publicPr, sha9, true);
+      h.createDummyBuild(hiddenPr, sha9, false);
+      checkVisibilities();
+
+      Promise.
+        all([
+          h.runCmd(curl({number: +publicPr, action: 'foo'})).then(h.verifyResponse(200)),
+          h.runCmd(curl({number: +hiddenPr, action: 'foo'})).then(h.verifyResponse(200)),
+        ]).
+        // Visibilities should not have changed, because the specified action could not have triggered a change.
+        then(checkVisibilities).
+        then(done);
+    });
+
+
+    it('should do nothing if \'action\' implies no visibility change', done => {
+      const publicPr = pr;
+      const hiddenPr = String(c.BV_getPrIsTrusted_notTrusted);
+      const checkVisibilities = () => {
+        // Public build is hidden atm.
+        expect(h.buildExists(publicPr, '', false)).toBe(true);
+        expect(h.buildExists(publicPr, '', true)).toBe(false);
+        // Hidden build is public atm.
+        expect(h.buildExists(hiddenPr, '', false)).toBe(false);
+        expect(h.buildExists(hiddenPr, '', true)).toBe(true);
+      };
+
+      h.createDummyBuild(publicPr, sha9, false);
+      h.createDummyBuild(hiddenPr, sha9, true);
+      checkVisibilities();
+
+      Promise.
+        all([
+          h.runCmd(curl({number: +publicPr, action: 'foo'})).then(h.verifyResponse(200)),
+          h.runCmd(curl({number: +hiddenPr, action: 'foo'})).then(h.verifyResponse(200)),
+        ]).
+        // Visibilities should not have changed, because the specified action could not have triggered a change.
+        then(checkVisibilities).
+        then(done);
+    });
+
+
+    describe('when the visiblity has changed', () => {
+      const publicPr = pr;
+      const hiddenPr = String(c.BV_getPrIsTrusted_notTrusted);
+
+      beforeEach(() => {
+        // Create initial PR builds with opposite visibilities as the ones that will be reported:
+        // - The now public PR was previously hidden.
+        // - The now hidden PR was previously public.
+        h.createDummyBuild(publicPr, sha9, false);
+        h.createDummyBuild(hiddenPr, sha9, true);
+
+        expect(h.buildExists(publicPr, '', false)).toBe(true);
+        expect(h.buildExists(publicPr, '', true)).toBe(false);
+        expect(h.buildExists(hiddenPr, '', false)).toBe(false);
+        expect(h.buildExists(hiddenPr, '', true)).toBe(true);
+      });
+      afterEach(() => {
+        // Expect PRs' visibility to have been updated:
+        // - The public PR should be actually public (previously it was hidden).
+        // - The hidden PR should be actually hidden (previously it was public).
+        expect(h.buildExists(publicPr, '', false)).toBe(false);
+        expect(h.buildExists(publicPr, '', true)).toBe(true);
+        expect(h.buildExists(hiddenPr, '', false)).toBe(true);
+        expect(h.buildExists(hiddenPr, '', true)).toBe(false);
+
+        h.deletePrDir(publicPr, true);
+        h.deletePrDir(hiddenPr, false);
+      });
+
+
+      it('should update the PR\'s visibility (action: undefined)', done => {
+        Promise.all([
+          h.runCmd(curl({number: +publicPr})).then(h.verifyResponse(200)),
+          h.runCmd(curl({number: +hiddenPr})).then(h.verifyResponse(200)),
+        ]).then(done);
+      });
+
+
+      it('should update the PR\'s visibility (action: labeled)', done => {
+        Promise.all([
+          h.runCmd(curl({number: +publicPr, action: 'labeled'})).then(h.verifyResponse(200)),
+          h.runCmd(curl({number: +hiddenPr, action: 'labeled'})).then(h.verifyResponse(200)),
+        ]).then(done);
+      });
+
+
+      it('should update the PR\'s visibility (action: unlabeled)', done => {
+        Promise.all([
+          h.runCmd(curl({number: +publicPr, action: 'unlabeled'})).then(h.verifyResponse(200)),
+          h.runCmd(curl({number: +hiddenPr, action: 'unlabeled'})).then(h.verifyResponse(200)),
+        ]).then(done);
+      });
+
+    });
+
+  });
+
+
+  describe(`${host}/*`, () => {
+
+    it('should respond with 404 for requests to unknown URLs', done => {
+      const bodyRegex = /^Unknown resource/;
+
+      Promise.all([
+        h.runCmd(`curl -iL http://${host}/index.html`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iL http://${host}/`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iL http://${host}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX PUT http://${host}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX POST http://${host}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX PATCH http://${host}`).then(h.verifyResponse(404, bodyRegex)),
+        h.runCmd(`curl -iLX DELETE http://${host}`).then(h.verifyResponse(404, bodyRegex)),
+      ]).then(done);
+    });
+
+  });
+
+});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/package.json
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/package.json
@ -7,49 +7,39 @@
  "license": "MIT",
  "scripts": {
    "prebuild": "yarn clean-dist",
-    "build": "yarn ~~build",
-    "prebuild-watch": "yarn prebuild",
-    "build-watch": "yarn ~~build-watch",
+    "build": "tsc",
+    "build-watch": "yarn tsc --watch",
    "clean-dist": "node --eval \"require('shelljs').rm('-rf', 'dist')\"",
-    "predev": "yarn build || true",
-    "dev": "run-p ~~build-watch ~~test-watch",
+    "dev": "concurrently --kill-others --raw --success first \"yarn build-watch\" \"yarn test-watch\"",
    "lint": "tslint --project tsconfig.json",
-    "pretest": "yarn build",
-    "test": "yarn ~~test-only",
-    "pretest-watch": "yarn pretest",
-    "test-watch": "yarn ~~test-watch",
-    "~~build": "tsc",
-    "~~build-watch": "yarn ~~build --watch",
    "pre~~test-only": "yarn lint",
    "~~test-only": "node dist/test",
-    "~~test-watch": "nodemon --delay 1 --exec \"yarn ~~test-only\" --watch dist"
+    "pretest": "yarn build",
+    "test": "yarn ~~test-only",
+    "pretest-watch": "yarn build",
+    "test-watch": "nodemon --exec \"yarn ~~test-only\" --watch dist"
  },
  "dependencies": {
-    "body-parser": "^1.18.3",
-    "delete-empty": "^2.0.0",
-    "express": "^4.16.3",
-    "jasmine": "^3.2.0",
-    "nock": "^9.6.1",
-    "node-fetch": "^2.2.0",
-    "shelljs": "^0.8.2",
-    "source-map-support": "^0.5.9",
-    "tar-stream": "^1.6.1",
-    "tslib": "^1.9.3"
+    "body-parser": "^1.18.2",
+    "express": "^4.15.4",
+    "jasmine": "^2.8.0",
+    "jsonwebtoken": "^8.0.1",
+    "shelljs": "^0.7.8",
+    "tslib": "^1.7.1"
  },
  "devDependencies": {
-    "@types/body-parser": "^1.17.0",
-    "@types/express": "^4.16.0",
-    "@types/jasmine": "^2.8.8",
-    "@types/nock": "^9.3.0",
-    "@types/node": "^10.9.2",
-    "@types/node-fetch": "^2.1.2",
-    "@types/shelljs": "^0.8.0",
-    "@types/supertest": "^2.0.5",
-    "nodemon": "^1.18.3",
-    "npm-run-all": "^4.1.5",
-    "supertest": "^3.1.0",
-    "tslint": "^5.11.0",
-    "tslint-jasmine-noSkipOrFocus": "^1.0.9",
-    "typescript": "^3.0.1"
+    "@types/body-parser": "^1.16.5",
+    "@types/express": "^4.0.37",
+    "@types/jasmine": "^2.6.0",
+    "@types/jsonwebtoken": "^7.2.3",
+    "@types/node": "^8.0.30",
+    "@types/shelljs": "^0.7.4",
+    "@types/supertest": "^2.0.3",
+    "concurrently": "^3.5.0",
+    "nodemon": "^1.12.1",
+    "supertest": "^3.0.0",
+    "tslint": "^5.7.0",
+    "tslint-jasmine-noSkipOrFocus": "^1.0.8",
+    "typescript": "^2.5.2"
  }
 }
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/clean-up/build-cleaner.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/clean-up/build-cleaner.spec.ts
@ -1,186 +1,135 @@
 // Imports
 import * as fs from 'fs';
-import {normalize} from 'path';
+import * as path from 'path';
 import * as shell from 'shelljs';
 import {BuildCleaner} from '../../lib/clean-up/build-cleaner';
 import {HIDDEN_DIR_PREFIX} from '../../lib/common/constants';
 import {GithubPullRequests} from '../../lib/common/github-pull-requests';
-import {Logger} from '../../lib/common/utils';
-
-const EXISTING_BUILDS = [10, 20, 30, 40];
-const EXISTING_DOWNLOADS = [
-  '10-ABCDEF0-build.zip',
-  '10-1234567-build.zip',
-  '20-ABCDEF0-build.zip',
-  '20-1234567-build.zip',
-];
-const OPEN_PRS = [10, 40];
-const ANY_DATE = jasmine.any(String);

 // Tests
 describe('BuildCleaner', () => {
-  let loggerErrorSpy: jasmine.Spy;
-  let loggerLogSpy: jasmine.Spy;
  let cleaner: BuildCleaner;

-  beforeEach(() => {
-    loggerErrorSpy = spyOn(Logger.prototype, 'error');
-    loggerLogSpy = spyOn(Logger.prototype, 'log');
-    cleaner = new BuildCleaner('/foo/bar', 'baz', 'qux', '12345', '/downloads', 'build.zip');
-  });
+  beforeEach(() => cleaner = new BuildCleaner('/foo/bar', 'baz/qux', '12345'));
+

  describe('constructor()', () => {

    it('should throw if \'buildsDir\' is empty', () => {
-      expect(() => new BuildCleaner('', 'baz', 'qux', '12345', 'downloads', 'build.zip')).
+      expect(() => new BuildCleaner('', '/baz/qux', '12345')).
        toThrowError('Missing or empty required parameter \'buildsDir\'!');
    });


-    it('should throw if \'githubOrg\' is empty', () => {
-      expect(() => new BuildCleaner('/foo/bar', '', 'qux', '12345', 'downloads', 'build.zip')).
-        toThrowError('Missing or empty required parameter \'githubOrg\'!');
-    });
-
-
-    it('should throw if \'githubRepo\' is empty', () => {
-      expect(() => new BuildCleaner('/foo/bar', 'baz', '', '12345', 'downloads', 'build.zip')).
-        toThrowError('Missing or empty required parameter \'githubRepo\'!');
+    it('should throw if \'repoSlug\' is empty', () => {
+      expect(() => new BuildCleaner('/foo/bar', '', '12345')).
+        toThrowError('Missing or empty required parameter \'repoSlug\'!');
    });


    it('should throw if \'githubToken\' is empty', () => {
-      expect(() => new BuildCleaner('/foo/bar', 'baz', 'qux', '', 'downloads', 'build.zip')).
+      expect(() => new BuildCleaner('/foo/bar', 'baz/qux', '')).
        toThrowError('Missing or empty required parameter \'githubToken\'!');
    });

-
-    it('should throw if \'downloadsDir\' is empty', () => {
-      expect(() => new BuildCleaner('/foo/bar', 'baz', 'qux', '12345', '', 'build.zip')).
-        toThrowError('Missing or empty required parameter \'downloadsDir\'!');
-    });
-
-
-    it('should throw if \'artifactPath\' is empty', () => {
-      expect(() => new BuildCleaner('/foo/bar', 'baz', 'qux', '12345', 'downloads', '')).
-        toThrowError('Missing or empty required parameter \'artifactPath\'!');
-    });
-
  });


  describe('cleanUp()', () => {
    let cleanerGetExistingBuildNumbersSpy: jasmine.Spy;
    let cleanerGetOpenPrNumbersSpy: jasmine.Spy;
-    let cleanerGetExistingDownloadsSpy: jasmine.Spy;
    let cleanerRemoveUnnecessaryBuildsSpy: jasmine.Spy;
-    let cleanerRemoveUnnecessaryDownloadsSpy: jasmine.Spy;
+    let existingBuildsDeferred: {resolve: (v?: any) => void, reject: (e?: any) => void};
+    let openPrsDeferred: {resolve: (v?: any) => void, reject: (e?: any) => void};
+    let promise: Promise<void>;

    beforeEach(() => {
-      cleanerGetExistingBuildNumbersSpy = spyOn(cleaner, 'getExistingBuildNumbers')
-        .and.callFake(() => Promise.resolve(EXISTING_BUILDS));
-      cleanerGetOpenPrNumbersSpy = spyOn(cleaner, 'getOpenPrNumbers')
-        .and.callFake(() => Promise.resolve(OPEN_PRS));
-      cleanerGetExistingDownloadsSpy = spyOn(cleaner, 'getExistingDownloads')
-        .and.callFake(() => Promise.resolve(EXISTING_DOWNLOADS));
-
-      cleanerRemoveUnnecessaryBuildsSpy = spyOn(cleaner, 'removeUnnecessaryBuilds');
-      cleanerRemoveUnnecessaryDownloadsSpy = spyOn(cleaner, 'removeUnnecessaryDownloads');
+      cleanerGetExistingBuildNumbersSpy = spyOn(cleaner as any, 'getExistingBuildNumbers').and.callFake(() => {
+        return new Promise((resolve, reject) => existingBuildsDeferred = {resolve, reject});
+      });
+      cleanerGetOpenPrNumbersSpy = spyOn(cleaner as any, 'getOpenPrNumbers').and.callFake(() => {
+        return new Promise((resolve, reject) => openPrsDeferred = {resolve, reject});
+      });
+      cleanerRemoveUnnecessaryBuildsSpy = spyOn(cleaner as any, 'removeUnnecessaryBuilds');

+      promise = cleaner.cleanUp();
    });


-    it('should return a promise', async () => {
-      const promise = cleaner.cleanUp();
+    it('should return a promise', () => {
      expect(promise).toEqual(jasmine.any(Promise));
-
-      // Do not complete the test and release the spies synchronously, to avoid running the actual implementations.
-      await promise;
    });


-    it('should get the open PRs', async () => {
-      await cleaner.cleanUp();
-      expect(cleanerGetOpenPrNumbersSpy).toHaveBeenCalled();
-    });
-
-
-    it('should get the existing builds', async () => {
-      await cleaner.cleanUp();
+    it('should get the existing builds', () => {
      expect(cleanerGetExistingBuildNumbersSpy).toHaveBeenCalled();
    });


-    it('should get the existing downloads', async () => {
-      await cleaner.cleanUp();
-      expect(cleanerGetExistingDownloadsSpy).toHaveBeenCalled();
+    it('should get the open PRs', () => {
+      expect(cleanerGetOpenPrNumbersSpy).toHaveBeenCalled();
    });


-    it('should pass existing builds and open PRs to \'removeUnnecessaryBuilds()\'', async () => {
-      await cleaner.cleanUp();
-      expect(cleanerRemoveUnnecessaryBuildsSpy).toHaveBeenCalledWith(EXISTING_BUILDS, OPEN_PRS);
-    });
-
-
-    it('should pass existing downloads and open PRs to \'removeUnnecessaryDownloads()\'', async () => {
-      await cleaner.cleanUp();
-      expect(cleanerRemoveUnnecessaryDownloadsSpy).toHaveBeenCalledWith(EXISTING_DOWNLOADS, OPEN_PRS);
-    });
-
-
-    it('should reject if \'getOpenPrNumbers()\' rejects', async () => {
-      try {
-        cleanerGetOpenPrNumbersSpy.and.callFake(() => Promise.reject('Test'));
-        await cleaner.cleanUp();
-      } catch (err) {
+    it('should reject if \'getExistingBuildNumbers()\' rejects', done => {
+      promise.catch(err => {
        expect(err).toBe('Test');
-      }
+        done();
+      });
+
+      existingBuildsDeferred.reject('Test');
    });


-    it('should reject if \'getExistingBuildNumbers()\' rejects', async () => {
-      try {
-        cleanerGetExistingBuildNumbersSpy.and.callFake(() => Promise.reject('Test'));
-        await cleaner.cleanUp();
-      } catch (err) {
+    it('should reject if \'getOpenPrNumbers()\' rejects', done => {
+      promise.catch(err => {
        expect(err).toBe('Test');
-      }
+        done();
+      });
+
+      openPrsDeferred.reject('Test');
    });


-    it('should reject if \'getExistingDownloads()\' rejects', async () => {
-      try {
-        cleanerGetExistingDownloadsSpy.and.callFake(() => Promise.reject('Test'));
-        await cleaner.cleanUp();
-      } catch (err) {
+    it('should reject if \'removeUnnecessaryBuilds()\' rejects', done => {
+      promise.catch(err => {
        expect(err).toBe('Test');
-      }
+        done();
+      });
+
+      cleanerRemoveUnnecessaryBuildsSpy.and.returnValue(Promise.reject('Test'));
+      existingBuildsDeferred.resolve();
+      openPrsDeferred.resolve();
    });


-    it('should reject if \'removeUnnecessaryBuilds()\' rejects', async () => {
-      try {
-        cleanerRemoveUnnecessaryBuildsSpy.and.callFake(() => Promise.reject('Test'));
-        await cleaner.cleanUp();
-      } catch (err) {
-        expect(err).toBe('Test');
-      }
+    it('should pass existing builds and open PRs to \'removeUnnecessaryBuilds()\'', done => {
+      promise.then(() => {
+        expect(cleanerRemoveUnnecessaryBuildsSpy).toHaveBeenCalledWith('foo', 'bar');
+        done();
+      });
+
+      existingBuildsDeferred.resolve('foo');
+      openPrsDeferred.resolve('bar');
    });


-    it('should reject if \'removeUnnecessaryDownloads()\' rejects', async () => {
-      try {
-        cleanerRemoveUnnecessaryDownloadsSpy.and.callFake(() => Promise.reject('Test'));
-        await cleaner.cleanUp();
-      } catch (err) {
-        expect(err).toBe('Test');
-      }
+    it('should resolve with the value returned by \'removeUnnecessaryBuilds()\'', done => {
+      promise.then(result => {
+        expect(result as any).toBe('Test');
+        done();
+      });
+
+      cleanerRemoveUnnecessaryBuildsSpy.and.returnValue(Promise.resolve('Test'));
+      existingBuildsDeferred.resolve();
+      openPrsDeferred.resolve();
    });

  });


+  // Protected methods
+
  describe('getExistingBuildNumbers()', () => {
    let fsReaddirSpy: jasmine.Spy;
    let readdirCb: (err: any, files?: string[]) => void;
@ -188,7 +137,7 @@ describe('BuildCleaner', () => {

    beforeEach(() => {
      fsReaddirSpy = spyOn(fs, 'readdir').and.callFake((_: string, cb: typeof readdirCb) => readdirCb = cb);
-      promise = cleaner.getExistingBuildNumbers();
+      promise = (cleaner as any).getExistingBuildNumbers();
    });


@ -254,7 +203,7 @@ describe('BuildCleaner', () => {
        return new Promise((resolve, reject) => prDeferred = {resolve, reject});
      });

-      promise = cleaner.getOpenPrNumbers();
+      promise = (cleaner as any).getOpenPrNumbers();
    });


@ -287,68 +236,6 @@ describe('BuildCleaner', () => {
      prDeferred.resolve([{id: 0, number: 1}, {id: 1, number: 2}, {id: 2, number: 3}]);
    });

-
-    it('should log the number of open PRs', () => {
-      promise.then(prNumbers => {
-        expect(loggerLogSpy).toHaveBeenCalledWith(
-          ANY_DATE, 'BuildCleaner:        ', `Open pull requests: ${prNumbers}`);
-      });
-    });
-
-  });
-
-
-  describe('getExistingDownloads()', () => {
-    let fsReaddirSpy: jasmine.Spy;
-    let readdirCb: (err: any, files?: string[]) => void;
-    let promise: Promise<string[]>;
-
-    beforeEach(() => {
-      fsReaddirSpy = spyOn(fs, 'readdir').and.callFake((_: string, cb: typeof readdirCb) => readdirCb = cb);
-      promise = cleaner.getExistingDownloads();
-    });
-
-
-    it('should return a promise', () => {
-      expect(promise).toEqual(jasmine.any(Promise));
-    });
-
-
-    it('should get the contents of the downloads directory', () => {
-      expect(fsReaddirSpy).toHaveBeenCalled();
-      expect(fsReaddirSpy.calls.argsFor(0)[0]).toBe('/downloads');
-    });
-
-
-    it('should reject if an error occurs while getting the files', done => {
-      promise.catch(err => {
-        expect(err).toBe('Test');
-        done();
-      });
-
-      readdirCb('Test');
-    });
-
-
-    it('should resolve with the returned file names', done => {
-      promise.then(result => {
-        expect(result).toEqual(EXISTING_DOWNLOADS);
-        done();
-      });
-
-      readdirCb(null, EXISTING_DOWNLOADS);
-    });
-
-
-    it('should ignore files that do not match the artifactPath', done => {
-      promise.then(result => {
-        expect(result).toEqual(['10-ABCDEF-build.zip', '30-FFFFFFF-build.zip']);
-        done();
-      });
-
-      readdirCb(null, ['10-ABCDEF-build.zip', '20-AAAAAAA-otherfile.zip', '30-FFFFFFF-build.zip']);
-    });
-
  });


@ -366,7 +253,7 @@ describe('BuildCleaner', () => {

    it('should test if the directory exists (and return if is does not)', () => {
      shellTestSpy.and.returnValue(false);
-      cleaner.removeDir('/foo/bar');
+      (cleaner as any).removeDir('/foo/bar');

      expect(shellTestSpy).toHaveBeenCalledWith('-d', '/foo/bar');
      expect(shellChmodSpy).not.toHaveBeenCalled();
@ -375,127 +262,99 @@ describe('BuildCleaner', () => {


    it('should remove the specified directory and its content', () => {
-      cleaner.removeDir('/foo/bar');
+      (cleaner as any).removeDir('/foo/bar');
      expect(shellRmSpy).toHaveBeenCalledWith('-rf', '/foo/bar');
    });


    it('should make the directory and its content writable before removing', () => {
      shellRmSpy.and.callFake(() => expect(shellChmodSpy).toHaveBeenCalledWith('-R', 'a+w', '/foo/bar'));
-      cleaner.removeDir('/foo/bar');
+      (cleaner as any).removeDir('/foo/bar');

      expect(shellRmSpy).toHaveBeenCalled();
    });


    it('should catch errors and log them', () => {
+      const consoleErrorSpy = spyOn(console, 'error');
      shellRmSpy.and.callFake(() => {
        // tslint:disable-next-line: no-string-throw
        throw 'Test';
      });

-      cleaner.removeDir('/foo/bar');
+      (cleaner as any).removeDir('/foo/bar');

-      expect(loggerErrorSpy).toHaveBeenCalledWith('ERROR: Unable to remove \'/foo/bar\' due to:', 'Test');
+      expect(consoleErrorSpy).toHaveBeenCalled();
+      expect(consoleErrorSpy.calls.argsFor(0)[0]).toContain('Unable to remove \'/foo/bar\'');
+      expect(consoleErrorSpy.calls.argsFor(0)[1]).toBe('Test');
    });

  });


  describe('removeUnnecessaryBuilds()', () => {
+    let consoleLogSpy: jasmine.Spy;
    let cleanerRemoveDirSpy: jasmine.Spy;

    beforeEach(() => {
-      cleanerRemoveDirSpy = spyOn(cleaner, 'removeDir');
+      consoleLogSpy = spyOn(console, 'log');
+      cleanerRemoveDirSpy = spyOn(cleaner as any, 'removeDir');
    });


-    it('should log the number of existing builds and builds to be removed', () => {
-      cleaner.removeUnnecessaryBuilds([1, 2, 3], [3, 4, 5, 6]);
+    it('should log the number of existing builds, open PRs and builds to be removed', () => {
+      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3], [3, 4, 5, 6]);

-      expect(loggerLogSpy).toHaveBeenCalledWith('Existing builds: 3');
-      expect(loggerLogSpy).toHaveBeenCalledWith('Removing 2 build(s): 1, 2');
+      expect(console.log).toHaveBeenCalledWith('Existing builds: 3');
+      expect(console.log).toHaveBeenCalledWith('Open pull requests: 4');
+      expect(console.log).toHaveBeenCalledWith('Removing 2 build(s): 1, 2');
    });


    it('should construct full paths to directories (by prepending \'buildsDir\')', () => {
-      cleaner.removeUnnecessaryBuilds([1, 2, 3], []);
+      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3], []);

-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/1'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/2'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/3'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/1'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/2'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/3'));
    });


    it('should try removing hidden directories as well', () => {
-      cleaner.removeUnnecessaryBuilds([1, 2, 3], []);
+      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3], []);

-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}2`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}2`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
    });


    it('should remove the builds that do not correspond to open PRs', () => {
-      cleaner.removeUnnecessaryBuilds([1, 2, 3, 4], [2, 4]);
+      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3, 4], [2, 4]);
      expect(cleanerRemoveDirSpy).toHaveBeenCalledTimes(4);
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/1'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/3'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/1'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/3'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
      cleanerRemoveDirSpy.calls.reset();

-      cleaner.removeUnnecessaryBuilds([1, 2, 3, 4], [1, 2, 3, 4]);
+      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3, 4], [1, 2, 3, 4]);
      expect(cleanerRemoveDirSpy).toHaveBeenCalledTimes(0);
      cleanerRemoveDirSpy.calls.reset();

      (cleaner as any).removeUnnecessaryBuilds([1, 2, 3, 4], []);
      expect(cleanerRemoveDirSpy).toHaveBeenCalledTimes(8);
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/1'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/2'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/3'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize('/foo/bar/4'));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}2`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
-      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}4`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/1'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/2'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/3'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize('/foo/bar/4'));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}1`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}2`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}3`));
+      expect(cleanerRemoveDirSpy).toHaveBeenCalledWith(path.normalize(`/foo/bar/${HIDDEN_DIR_PREFIX}4`));
      cleanerRemoveDirSpy.calls.reset();
    });

  });

-
-  describe('removeUnnecessaryDownloads()', () => {
-    let shellRmSpy: jasmine.Spy;
-
-    beforeEach(() => {
-      shellRmSpy = spyOn(shell, 'rm');
-    });
-
-
-    it('should log the number of existing downloads and downloads to be removed', () => {
-      cleaner.removeUnnecessaryDownloads(EXISTING_DOWNLOADS, OPEN_PRS);
-
-      expect(loggerLogSpy).toHaveBeenCalledWith('Existing downloads: 4');
-      expect(loggerLogSpy).toHaveBeenCalledWith('Removing 2 download(s): 20-ABCDEF0-build.zip, 20-1234567-build.zip');
-    });
-
-
-    it('should construct full paths to directories (by prepending \'downloadsDir\')', () => {
-      cleaner.removeUnnecessaryDownloads(['dl-1', 'dl-2', 'dl-3'], []);
-
-      expect(shellRmSpy).toHaveBeenCalledWith(normalize('/downloads/dl-1'));
-      expect(shellRmSpy).toHaveBeenCalledWith(normalize('/downloads/dl-2'));
-      expect(shellRmSpy).toHaveBeenCalledWith(normalize('/downloads/dl-3'));
-    });
-
-
-    it('should remove the downloads that do not correspond to open PRs', () => {
-      cleaner.removeUnnecessaryDownloads(EXISTING_DOWNLOADS, OPEN_PRS);
-      expect(shellRmSpy).toHaveBeenCalledTimes(2);
-      expect(shellRmSpy).toHaveBeenCalledWith(normalize('/downloads/20-ABCDEF0-build.zip'));
-      expect(shellRmSpy).toHaveBeenCalledWith(normalize('/downloads/20-1234567-build.zip'));
-    });
-
-  });
 });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/circleci-api.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/circleci-api.spec.ts
@ -1,134 +0,0 @@
-import * as nock from 'nock';
-import {CircleCiApi} from '../../lib/common/circle-ci-api';
-
-const ORG = 'testorg';
-const REPO = 'testrepo';
-const TOKEN = 'xxxx';
-const BASE_URL = `https://circleci.com/api/v1.1/project/github/${ORG}/${REPO}`;
-
-describe('CircleCIApi', () => {
-  describe('constructor()', () => {
-    it('should throw if \'githubOrg\' is missing or empty', () => {
-      expect(() => new CircleCiApi('', REPO, TOKEN)).
-        toThrowError('Missing or empty required parameter \'githubOrg\'!');
-    });
-
-    it('should throw if \'githubRepo\' is missing or empty', () => {
-      expect(() => new CircleCiApi(ORG, '', TOKEN)).
-        toThrowError('Missing or empty required parameter \'githubRepo\'!');
-    });
-
-    it('should throw if \'circleCiToken\' is missing or empty', () => {
-      expect(() => new CircleCiApi(ORG, REPO, '')).
-        toThrowError('Missing or empty required parameter \'circleCiToken\'!');
-    });
-  });
-
-  describe('getBuildInfo', () => {
-    it('should make a request to the CircleCI API for the given build number', async () => {
-      const api = new CircleCiApi(ORG, REPO, TOKEN);
-      const buildNum = 12345;
-      const expectedBuildInfo: any = { org: ORG, repo: REPO, build_num: buildNum };
-
-      const request = nock(BASE_URL)
-        .get(`/${buildNum}?circle-token=${TOKEN}`)
-        .reply(200, expectedBuildInfo);
-
-      const buildInfo = await api.getBuildInfo(buildNum);
-      expect(buildInfo).toEqual(expectedBuildInfo);
-      request.done();
-    });
-
-    it('should throw an error if the request fails', async () => {
-      const api = new CircleCiApi(ORG, REPO, TOKEN);
-      const buildNum = 12345;
-      const errorMessage = 'Invalid request';
-      const request = nock(BASE_URL).get(`/${buildNum}?circle-token=${TOKEN}`);
-
-      try {
-        request.replyWithError(errorMessage);
-        await api.getBuildInfo(buildNum);
-        throw new Error('Exception Expected');
-      } catch (err) {
-        expect(err.message).toEqual(
-          `CircleCI build info request failed ` +
-          `(request to ${BASE_URL}/${buildNum}?circle-token=${TOKEN} failed, reason: ${errorMessage})`);
-      }
-
-      try {
-        request.reply(404, errorMessage);
-        await api.getBuildInfo(buildNum);
-        throw new Error('Exception Expected');
-      } catch (err) {
-        expect(err.message).toEqual(
-          `CircleCI build info request failed ` +
-          `(request to ${BASE_URL}/${buildNum}?circle-token=${TOKEN} failed, reason: ${errorMessage})`);
-      }
-    });
-  });
-
-  describe('getBuildArtifactUrl', () => {
-    it('should make a request to the CircleCI API for the given build number', async () => {
-      const api = new CircleCiApi(ORG, REPO, TOKEN);
-      const buildNum = 12345;
-      const artifact0: any = { path: 'some/path/0', url: 'https://url/0' };
-      const artifact1: any = { path: 'some/path/1', url: 'https://url/1' };
-      const artifact2: any = { path: 'some/path/2', url: 'https://url/2' };
-      const request = nock(BASE_URL)
-        .get(`/${buildNum}/artifacts?circle-token=${TOKEN}`)
-        .reply(200, [artifact0, artifact1, artifact2]);
-
-      const artifactUrl = await api.getBuildArtifactUrl(buildNum, 'some/path/1');
-      expect(artifactUrl).toEqual('https://url/1');
-      request.done();
-    });
-
-
-    it('should throw an error if the request fails', async () => {
-      const api = new CircleCiApi(ORG, REPO, TOKEN);
-      const buildNum = 12345;
-      const errorMessage = 'Invalid request';
-      const request = nock(BASE_URL).get(`/${buildNum}/artifacts?circle-token=${TOKEN}`);
-
-      try {
-        request.replyWithError(errorMessage);
-        await api.getBuildArtifactUrl(buildNum, 'some/path/1');
-        throw new Error('Exception Expected');
-      } catch (err) {
-        expect(err.message).toEqual(
-          `CircleCI artifact URL request failed ` +
-          `(request to ${BASE_URL}/${buildNum}/artifacts?circle-token=${TOKEN} failed, reason: ${errorMessage})`);
-      }
-
-      try {
-        request.reply(404, errorMessage);
-        await api.getBuildArtifactUrl(buildNum, 'some/path/1');
-        throw new Error('Exception Expected');
-      } catch (err) {
-        expect(err.message).toEqual(
-          `CircleCI artifact URL request failed ` +
-          `(request to ${BASE_URL}/${buildNum}/artifacts?circle-token=${TOKEN} failed, reason: ${errorMessage})`);
-      }
-    });
-
-    it('should throw an error if the response does not contain the specified artifact', async () => {
-      const api = new CircleCiApi(ORG, REPO, TOKEN);
-      const buildNum = 12345;
-      const artifact0: any = { path: 'some/path/0', url: 'https://url/0' };
-      const artifact1: any = { path: 'some/path/1', url: 'https://url/1' };
-      const artifact2: any = { path: 'some/path/2', url: 'https://url/2' };
-      nock(BASE_URL)
-        .get(`/${buildNum}/artifacts?circle-token=${TOKEN}`)
-        .reply(200, [artifact0, artifact1, artifact2]);
-
-      try {
-        await api.getBuildArtifactUrl(buildNum, 'some/path/3');
-        throw new Error('Exception Expected');
-      } catch (err) {
-        expect(err.message).toEqual(
-          `CircleCI artifact URL request failed ` +
-          `(Missing artifact (some/path/3) for CircleCI build: ${buildNum})`);
-      }
-    });
-  });
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-api.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-api.spec.ts
@ -1,5 +1,7 @@
 // Imports
-import * as nock from 'nock';
+import {EventEmitter} from 'events';
+import {ClientRequest, IncomingMessage} from 'http';
+import * as https from 'https';
 import {GithubApi} from '../../lib/common/github-api';

 // Tests
@ -108,6 +110,39 @@ describe('GithubApi', () => {
  });


+  // Protected methods
+
+  describe('buildPath()', () => {
+
+    it('should return the pathname if no params', () => {
+      expect((api as any).buildPath('/foo')).toBe('/foo');
+      expect((api as any).buildPath('/foo', undefined)).toBe('/foo');
+      expect((api as any).buildPath('/foo', null)).toBe('/foo');
+    });
+
+
+    it('should append the params to the pathname', () => {
+      expect((api as any).buildPath('/foo', {bar: 'baz'})).toBe('/foo?bar=baz');
+    });
+
+
+    it('should join the params with \'&\'', () => {
+      expect((api as any).buildPath('/foo', {bar: 1, baz: 2})).toBe('/foo?bar=1&baz=2');
+    });
+
+
+    it('should ignore undefined/null params', () => {
+      expect((api as any).buildPath('/foo', {bar: undefined, baz: null})).toBe('/foo');
+    });
+
+
+    it('should encode param values as URI components', () => {
+      expect((api as any).buildPath('/foo', {bar: 'b a&z'})).toBe('/foo?bar=b%20a%26z');
+    });
+
+  });
+
+
  describe('getPaginated()', () => {
    let deferreds: {resolve: (v: any) => void, reject: (v: any) => void}[];

@ -126,8 +161,8 @@ describe('GithubApi', () => {
      (api as any).getPaginated('/foo/bar');
      (api as any).getPaginated('/foo/bar', {baz: 'qux'});

-      expect(api.get).toHaveBeenCalledWith('/foo/bar', {page: 1, per_page: 100});
-      expect(api.get).toHaveBeenCalledWith('/foo/bar', {baz: 'qux', page: 1, per_page: 100});
+      expect(api.get).toHaveBeenCalledWith('/foo/bar', {page: 0, per_page: 100});
+      expect(api.get).toHaveBeenCalledWith('/foo/bar', {baz: 'qux', page: 0, per_page: 100});
    });


@ -162,9 +197,9 @@ describe('GithubApi', () => {
        const paramsForPage = (page: number) => ({baz: 'qux', page, per_page: 100});

        expect(apiGetSpy).toHaveBeenCalledTimes(3);
-        expect(apiGetSpy.calls.argsFor(0)).toEqual(['/foo/bar', paramsForPage(1)]);
-        expect(apiGetSpy.calls.argsFor(1)).toEqual(['/foo/bar', paramsForPage(2)]);
-        expect(apiGetSpy.calls.argsFor(2)).toEqual(['/foo/bar', paramsForPage(3)]);
+        expect(apiGetSpy.calls.argsFor(0)).toEqual(['/foo/bar', paramsForPage(0)]);
+        expect(apiGetSpy.calls.argsFor(1)).toEqual(['/foo/bar', paramsForPage(1)]);
+        expect(apiGetSpy.calls.argsFor(2)).toEqual(['/foo/bar', paramsForPage(2)]);

        expect(data).toEqual(allItems);

@ -183,162 +218,191 @@ describe('GithubApi', () => {
  });


-  // Protected methods
-
-  describe('buildPath()', () => {
-
-    it('should return the pathname if no params', () => {
-      expect((api as any).buildPath('/foo')).toBe('/foo');
-      expect((api as any).buildPath('/foo', undefined)).toBe('/foo');
-      expect((api as any).buildPath('/foo', null)).toBe('/foo');
-    });
-
-
-    it('should append the params to the pathname', () => {
-      expect((api as any).buildPath('/foo', {bar: 'baz'})).toBe('/foo?bar=baz');
-    });
-
-
-    it('should join the params with \'&\'', () => {
-      expect((api as any).buildPath('/foo', {bar: 1, baz: 2})).toBe('/foo?bar=1&baz=2');
-    });
-
-
-    it('should ignore undefined/null params', () => {
-      expect((api as any).buildPath('/foo', {bar: undefined, baz: null})).toBe('/foo');
-    });
-
-
-    it('should encode param values as URI components', () => {
-      expect((api as any).buildPath('/foo', {bar: 'b a&z'})).toBe('/foo?bar=b%20a%26z');
-    });
-
-  });
-
  describe('request()', () => {
+    let httpsRequestSpy: jasmine.Spy;
+    let latestRequest: ClientRequest;
+
+    beforeEach(() => {
+      const originalRequest = https.request;
+
+      httpsRequestSpy = spyOn(https, 'request').and.callFake((...args: any[]) => {
+        latestRequest = originalRequest.apply(https, args);
+
+        spyOn(latestRequest, 'on').and.callThrough();
+        spyOn(latestRequest, 'end');
+
+        return latestRequest;
+      });
+    });
+
+
    it('should return a promise', () => {
-      nock('https://api.github.com').get('').reply(200);
      expect((api as any).request()).toEqual(jasmine.any(Promise));
    });


    it('should call \'https.request()\' with the correct options', () => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(200);
+      (api as any).request('method', 'path');

-      (api as any).request('method', '/path');
-      requestHandler.done();
+      expect(httpsRequestSpy).toHaveBeenCalled();
+      expect(httpsRequestSpy.calls.argsFor(0)[0]).toEqual(jasmine.objectContaining({
+        headers: jasmine.objectContaining({
+          'User-Agent': `Node/${process.versions.node}`,
+        }),
+        host: 'api.github.com',
+        method: 'method',
+        path: 'path',
+      }));
    });


-    it('should add the \'Authorization\' header containing the \'githubToken\'', () => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method', undefined, {
-          reqheaders: {Authorization: 'token 12345'},
-        })
-        .reply(200);
-      (api as any).request('method', '/path');
-      requestHandler.done();
+    it('should call specify an \'Authorization\' header if \'githubToken\' is present', () => {
+      (api as any).request('method', 'path');
+
+      expect(httpsRequestSpy).toHaveBeenCalled();
+      expect(httpsRequestSpy.calls.argsFor(0)[0].headers).toEqual(jasmine.objectContaining({
+        Authorization: 'token 12345',
+      }));
    });


-    it('should reject on request error', async () => {
-      nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .replyWithError('Test');
-      let message = 'Failed to reject error';
-      await (api as any).request('method', '/path').catch((err: any) => message = err.message);
-      expect(message).toEqual('Test');
+    it('should reject on request error', done => {
+      (api as any).request('method', 'path').catch((err: any) => {
+        expect(err).toBe('Test');
+        done();
+      });
+
+      latestRequest.emit('error', 'Test');
+    });
+
+
+    it('should send the request (i.e. call \'end()\')', () => {
+      (api as any).request('method', 'path');
+      expect(latestRequest.end).toHaveBeenCalled();
    });


    it('should \'JSON.stringify\' and send the data along with the request', () => {
-      const data = {key: 'value'};
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method', JSON.stringify(data))
-        .reply(200);
-      (api as any).request('method', '/path', data);
-      requestHandler.done();
+      (api as any).request('method', 'path');
+      expect(latestRequest.end).toHaveBeenCalledWith(null);
+
+      (api as any).request('method', 'path', {key: 'value'});
+      expect(latestRequest.end).toHaveBeenCalledWith('{"key":"value"}');
    });


-    it('should reject if response statusCode is <200', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(199);
+    describe('onResponse', () => {
+      let promise: Promise<object>;
+      let respond: (statusCode: number) => IncomingMessage;

-      (api as any).request('method', '/path')
-        .catch((err: string) => {
+      beforeEach(() => {
+        promise = (api as any).request('method', 'path');
+
+        respond = (statusCode: number) => {
+          const mockResponse = new EventEmitter() as IncomingMessage;
+          mockResponse.statusCode = statusCode;
+
+          const onResponse = httpsRequestSpy.calls.argsFor(0)[1];
+          onResponse(mockResponse);
+
+          return mockResponse;
+        };
+      });
+
+
+      it('should reject on response error', done => {
+        promise.catch(err => {
+          expect(err).toBe('Test');
+          done();
+        });
+
+        const res = respond(200);
+        res.emit('error', 'Test');
+      });
+
+
+      it('should reject if returned statusCode is <200', done => {
+        promise.catch(err => {
          expect(err).toContain('failed');
          expect(err).toContain('status: 199');
          done();
        });
-      requestHandler.done();
-    });
+
+        const res = respond(199);
+        res.emit('end');
+      });


-    it('should reject if response statusCode is >=400', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(400);
-
-      (api as any).request('method', '/path')
-        .catch((err: string) => {
+      it('should reject if returned statusCode is >=400', done => {
+        promise.catch(err => {
          expect(err).toContain('failed');
          expect(err).toContain('status: 400');
          done();
        });
-      requestHandler.done();
-    });
+
+        const res = respond(400);
+        res.emit('end');
+      });


-    it('should include the response text in the rejection message', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(500, 'Test');
-
-      (api as any).request('method', '/path')
-        .catch((err: string) => {
+      it('should include the response text in the rejection message', done => {
+        promise.catch(err => {
          expect(err).toContain('Test');
          done();
        });
-      requestHandler.done();
-     });

-
-    it('should resolve if returned statusCode is >=200 and <400', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(200);
-
-      (api as any).request('method', '/path').then(done);
-      requestHandler.done();
-    });
-
-
-    it('should parse the response body into an object using \'JSON.parse\'', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(300, '{"foo": "bar"}');
-
-      (api as any).request('method', '/path').then((data: any) => {
-        expect(data).toEqual({foo: 'bar'});
-        done();
+        const res = respond(500);
+        res.emit('data', 'Test');
+        res.emit('end');
      });
-      requestHandler.done();
-    });

-    it('should reject if the response text is malformed JSON', done => {
-      const requestHandler = nock('https://api.github.com')
-        .intercept('/path', 'method')
-        .reply(300, '}');

-      (api as any).request('method', '/path').catch((err: any) => {
-        expect(err).toEqual(jasmine.any(SyntaxError));
-        done();
+      it('should resolve if returned statusCode is <=200 <400', done => {
+        promise.then(done);
+
+        const res = respond(200);
+        res.emit('data', '{}');
+        res.emit('end');
      });
-      requestHandler.done();
+
+
+      it('should resolve with the response text \'JSON.parsed\'', done => {
+        promise.then(data => {
+          expect(data).toEqual({foo: 'bar'});
+          done();
+        });
+
+        const res = respond(300);
+        res.emit('data', '{"foo":"bar"}');
+        res.emit('end');
+      });
+
+
+      it('should collect and concatenate the whole response text', done => {
+        promise.then(data => {
+          expect(data).toEqual({foo: 'bar', baz: 'qux'});
+          done();
+        });
+
+        const res = respond(300);
+        res.emit('data', '{"foo":');
+        res.emit('data', '"bar","baz"');
+        res.emit('data', ':"qux"}');
+        res.emit('end');
+      });
+
+
+      it('should reject if the response text is malformed JSON', done => {
+        promise.catch(err => {
+          expect(err).toEqual(jasmine.any(SyntaxError));
+          done();
+        });
+
+        const res = respond(300);
+        res.emit('data', '}');
+        res.emit('end');
+      });
+
    });

  });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-pull-requests.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-pull-requests.spec.ts
@ -1,27 +1,20 @@
 // Imports
-import {GithubApi} from '../../lib/common/github-api';
 import {GithubPullRequests} from '../../lib/common/github-pull-requests';

 // Tests
 describe('GithubPullRequests', () => {
-  let githubApi: jasmine.SpyObj<GithubApi>;
-
-  beforeEach(() => {
-    githubApi = jasmine.createSpyObj('githubApi', ['post', 'get', 'getPaginated']);
-  });
-

  describe('constructor()', () => {

-    it('should throw if \'githubOrg\' is missing or empty', () => {
-      expect(() => new GithubPullRequests(githubApi, '', 'bar')).
-        toThrowError('Missing or empty required parameter \'githubOrg\'!');
+    it('should throw if \'githubToken\' is missing or empty', () => {
+      expect(() => new GithubPullRequests('', 'foo/bar')).
+        toThrowError('Missing or empty required parameter \'githubToken\'!');
    });


-    it('should throw if \'githubRepo\' is missing or empty', () => {
-      expect(() => new GithubPullRequests(githubApi, 'foo', '')).
-        toThrowError('Missing or empty required parameter \'githubRepo\'!');
+    it('should throw if \'repoSlug\' is missing or empty', () => {
+      expect(() => new GithubPullRequests('12345', '')).
+        toThrowError('Missing or empty required parameter \'repoSlug\'!');
    });

  });
@ -29,9 +22,17 @@ describe('GithubPullRequests', () => {

  describe('addComment()', () => {
    let prs: GithubPullRequests;
+    let deferred: {resolve: (v: any) => void, reject: (v: any) => void};

    beforeEach(() => {
-      prs = new GithubPullRequests(githubApi, 'foo', 'bar');
+      prs = new GithubPullRequests('12345', 'foo/bar');
+
+      spyOn(prs, 'post').and.callFake(() => new Promise((resolve, reject) => deferred = {resolve, reject}));
+    });
+
+
+    it('should return a promise', () => {
+      expect(prs.addComment(42, 'body')).toEqual(jasmine.any(Promise));
    });


@ -46,28 +47,30 @@ describe('GithubPullRequests', () => {
    });


-    it('should make a POST request to Github with the correct pathname, params and data', () => {
-      githubApi.post.and.callFake(() => Promise.resolve());
+    it('should call \'post()\' with the correct pathname, params and data', () => {
      prs.addComment(42, 'body');
-      expect(githubApi.post).toHaveBeenCalledWith('/repos/foo/bar/issues/42/comments', null, {body: 'body'});
+
+      expect(prs.post).toHaveBeenCalledWith('/repos/foo/bar/issues/42/comments', null, {body: 'body'});
    });


    it('should reject if the request fails', done => {
-      githubApi.post.and.callFake(() => Promise.reject('Test'));
      prs.addComment(42, 'body').catch(err => {
        expect(err).toBe('Test');
        done();
      });
+
+      deferred.reject('Test');
    });


-    it('should resolve with the data from the Github POST', done => {
-      githubApi.post.and.callFake(() => Promise.resolve('Test'));
+    it('should resolve with the returned response', done => {
      prs.addComment(42, 'body').then(data => {
-        expect(data).toBe('Test');
+        expect(data as any).toBe('Test');
        done();
      });
+
+      deferred.resolve('Test');
    });

  });
@ -75,25 +78,23 @@ describe('GithubPullRequests', () => {

  describe('fetch()', () => {
    let prs: GithubPullRequests;
+    let prsGetSpy: jasmine.Spy;

    beforeEach(() => {
-      prs = new GithubPullRequests(githubApi, 'foo', 'bar');
+      prs = new GithubPullRequests('12345', 'foo/bar');
+      prsGetSpy = spyOn(prs as any, 'get');
    });


-    it('should make a GET request to GitHub with the correct pathname', () => {
+    it('should call \'get()\' with the correct pathname', () => {
      prs.fetch(42);
-      expect(githubApi.get).toHaveBeenCalledWith('/repos/foo/bar/issues/42');
+      expect(prsGetSpy).toHaveBeenCalledWith('/repos/foo/bar/issues/42');
    });


-    it('should resolve with the data returned from GitHub', done => {
-      const expected: any = {number: 42};
-      githubApi.get.and.callFake(() => Promise.resolve(expected));
-      prs.fetch(42).then(data => {
-        expect(data).toEqual(expected);
-        done();
-      });
+    it('should forward the value returned by \'get()\'', () => {
+      prsGetSpy.and.returnValue('Test');
+      expect(prs.fetch(42) as any).toBe('Test');
    });

  });
@ -101,8 +102,13 @@ describe('GithubPullRequests', () => {

  describe('fetchAll()', () => {
    let prs: GithubPullRequests;
+    let prsGetPaginatedSpy: jasmine.Spy;

-    beforeEach(() => prs = new GithubPullRequests(githubApi, 'foo', 'bar'));
+    beforeEach(() => {
+      prs = new GithubPullRequests('12345', 'foo/bar');
+      prsGetPaginatedSpy = spyOn(prs as any, 'getPaginated');
+      spyOn(console, 'log');
+    });


    it('should call \'getPaginated()\' with the correct pathname and params', () => {
@ -112,50 +118,24 @@ describe('GithubPullRequests', () => {
      prs.fetchAll('closed');
      prs.fetchAll('open');

-      expect(githubApi.getPaginated).toHaveBeenCalledTimes(3);
-      expect(githubApi.getPaginated.calls.argsFor(0)).toEqual([expectedPathname, {state: 'all'}]);
-      expect(githubApi.getPaginated.calls.argsFor(1)).toEqual([expectedPathname, {state: 'closed'}]);
-      expect(githubApi.getPaginated.calls.argsFor(2)).toEqual([expectedPathname, {state: 'open'}]);
+      expect(prsGetPaginatedSpy).toHaveBeenCalledTimes(3);
+      expect(prsGetPaginatedSpy.calls.argsFor(0)).toEqual([expectedPathname, {state: 'all'}]);
+      expect(prsGetPaginatedSpy.calls.argsFor(1)).toEqual([expectedPathname, {state: 'closed'}]);
+      expect(prsGetPaginatedSpy.calls.argsFor(2)).toEqual([expectedPathname, {state: 'open'}]);
    });


    it('should default to \'all\' if no state is specified', () => {
      prs.fetchAll();
-      expect(githubApi.getPaginated).toHaveBeenCalledWith('/repos/foo/bar/pulls', {state: 'all'});
+      expect(prsGetPaginatedSpy).toHaveBeenCalledWith('/repos/foo/bar/pulls', {state: 'all'});
    });


    it('should forward the value returned by \'getPaginated()\'', () => {
-      githubApi.getPaginated.and.returnValue('Test');
+      prsGetPaginatedSpy.and.returnValue('Test');
      expect(prs.fetchAll() as any).toBe('Test');
    });

  });

-
-  describe('fetchFiles()', () => {
-    let prs: GithubPullRequests;
-
-    beforeEach(() => {
-      prs = new GithubPullRequests(githubApi, 'foo', 'bar');
-    });
-
-
-    it('should make a paginated GET request to GitHub with the correct pathname', () => {
-      prs.fetchFiles(42);
-      expect(githubApi.getPaginated).toHaveBeenCalledWith('/repos/foo/bar/pulls/42/files');
-    });
-
-
-    it('should resolve with the data returned from GitHub', done => {
-      const expected: any = [{sha: 'ABCDE', filename: 'a/b/c'}, {sha: '12345', filename: 'x/y/z'}];
-      githubApi.getPaginated.and.callFake(() => Promise.resolve(expected));
-      prs.fetchFiles(42).then(data => {
-        expect(data).toEqual(expected);
-        done();
-      });
-    });
-
-  });
-
 });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-teams.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/github-teams.spec.ts
@ -1,40 +1,43 @@
-import {GithubApi} from '../../lib/common/github-api';
+// Imports
 import {GithubTeams} from '../../lib/common/github-teams';

 // Tests
 describe('GithubTeams', () => {

-  let githubApi: jasmine.SpyObj<GithubApi>;
-
-  beforeEach(() => {
-    githubApi = jasmine.createSpyObj('githubApi', ['post', 'get', 'getPaginated']);
-  });
-
  describe('constructor()', () => {

-    it('should throw if \'githubOrg\' is missing or empty', () => {
-      expect(() => new GithubTeams(githubApi, '')).
-        toThrowError('Missing or empty required parameter \'githubOrg\'!');
+    it('should throw if \'githubToken\' is missing or empty', () => {
+      expect(() => new GithubTeams('', 'org')).
+        toThrowError('Missing or empty required parameter \'githubToken\'!');
    });
+
+
+    it('should throw if \'organization\' is missing or empty', () => {
+      expect(() => new GithubTeams('12345', '')).
+        toThrowError('Missing or empty required parameter \'organization\'!');
+    });
+
  });


  describe('fetchAll()', () => {
    let teams: GithubTeams;
+    let teamsGetPaginatedSpy: jasmine.Spy;

    beforeEach(() => {
-      teams = new GithubTeams(githubApi, 'foo');
+      teams = new GithubTeams('12345', 'foo');
+      teamsGetPaginatedSpy = spyOn(teams as any, 'getPaginated');
    });


    it('should call \'getPaginated()\' with the correct pathname and params', () => {
      teams.fetchAll();
-      expect(githubApi.getPaginated).toHaveBeenCalledWith('/orgs/foo/teams');
+      expect(teamsGetPaginatedSpy).toHaveBeenCalledWith('/orgs/foo/teams');
    });


    it('should forward the value returned by \'getPaginated()\'', () => {
-      githubApi.getPaginated.and.returnValue('Test');
+      teamsGetPaginatedSpy.and.returnValue('Test');
      expect(teams.fetchAll() as any).toBe('Test');
    });

@ -43,15 +46,19 @@ describe('GithubTeams', () => {

  describe('isMemberById()', () => {
    let teams: GithubTeams;
+    let teamsGetSpy: jasmine.Spy;

    beforeEach(() => {
-      teams = new GithubTeams(githubApi, 'foo');
+      teams = new GithubTeams('12345', 'foo');
+      teamsGetSpy = spyOn(teams, 'get').and.returnValue(Promise.resolve(null));
    });


-    it('should return a promise', () => {
-      githubApi.get.and.callFake(() => Promise.resolve());
+    it('should return a promise', done => {
      const promise = teams.isMemberById('user', [1]);
+      promise.then(done);   // Do not complete the test (and release the spies) synchronously
+                            // to avoid running the actual `get()`.
+
      expect(promise).toEqual(jasmine.any(Promise));
    });

@ -59,43 +66,42 @@ describe('GithubTeams', () => {
    it('should resolve with false if called with an empty array', done => {
      teams.isMemberById('user', []).then(isMember => {
        expect(isMember).toBe(false);
-        expect(githubApi.get).not.toHaveBeenCalled();
+        expect(teamsGetSpy).not.toHaveBeenCalled();
        done();
      });
    });


    it('should call \'get()\' with the correct pathname', done => {
-      githubApi.get.and.callFake(() => Promise.resolve());
      teams.isMemberById('user', [1]).then(() => {
-        expect(githubApi.get).toHaveBeenCalledWith('/teams/1/memberships/user');
+        expect(teamsGetSpy).toHaveBeenCalledWith('/teams/1/memberships/user');
        done();
      });
    });


    it('should resolve with false if \'get()\' rejects', done => {
-      githubApi.get.and.callFake(() => Promise.reject(null));
+      teamsGetSpy.and.returnValue(Promise.reject(null));
      teams.isMemberById('user', [1]).then(isMember => {
        expect(isMember).toBe(false);
-        expect(githubApi.get).toHaveBeenCalled();
+        expect(teamsGetSpy).toHaveBeenCalled();
        done();
      });
    });


    it('should resolve with false if the membership is not active', done => {
-      githubApi.get.and.callFake(() => Promise.resolve({state: 'pending'}));
+      teamsGetSpy.and.returnValue(Promise.resolve({state: 'pending'}));
      teams.isMemberById('user', [1]).then(isMember => {
        expect(isMember).toBe(false);
-        expect(githubApi.get).toHaveBeenCalled();
+        expect(teamsGetSpy).toHaveBeenCalled();
        done();
      });
    });


    it('should resolve with true if the membership is active', done => {
-      githubApi.get.and.callFake(() => Promise.resolve({state: 'active'}));
+      teamsGetSpy.and.returnValue(Promise.resolve({state: 'active'}));
      teams.isMemberById('user', [1]).then(isMember => {
        expect(isMember).toBe(true);
        done();
@ -109,15 +115,15 @@ describe('GithubTeams', () => {
        '/teams/2/memberships/user': Promise.reject(null),
        '/teams/3/memberships/user': Promise.resolve({state: 'active'}),
      };
-      githubApi.get.and.callFake((pathname: string) => trainedResponses[pathname]);
+      teamsGetSpy.and.callFake((pathname: string) => trainedResponses[pathname]);

      teams.isMemberById('user', [1, 2, 3, 4]).then(isMember => {
        expect(isMember).toBe(true);

-        expect(githubApi.get).toHaveBeenCalledTimes(3);
-        expect(githubApi.get.calls.argsFor(0)[0]).toBe('/teams/1/memberships/user');
-        expect(githubApi.get.calls.argsFor(1)[0]).toBe('/teams/2/memberships/user');
-        expect(githubApi.get.calls.argsFor(2)[0]).toBe('/teams/3/memberships/user');
+        expect(teamsGetSpy).toHaveBeenCalledTimes(3);
+        expect(teamsGetSpy.calls.argsFor(0)[0]).toBe('/teams/1/memberships/user');
+        expect(teamsGetSpy.calls.argsFor(1)[0]).toBe('/teams/2/memberships/user');
+        expect(teamsGetSpy.calls.argsFor(2)[0]).toBe('/teams/3/memberships/user');

        done();
      });
@ -131,16 +137,16 @@ describe('GithubTeams', () => {
        '/teams/3/memberships/user': Promise.resolve({state: 'not active'}),
        '/teams/4/memberships/user':  Promise.reject(null),
      };
-      githubApi.get.and.callFake((pathname: string) => trainedResponses[pathname]);
+      teamsGetSpy.and.callFake((pathname: string) => trainedResponses[pathname]);

      teams.isMemberById('user', [1, 2, 3, 4]).then(isMember => {
        expect(isMember).toBe(false);

-        expect(githubApi.get).toHaveBeenCalledTimes(4);
-        expect(githubApi.get.calls.argsFor(0)[0]).toBe('/teams/1/memberships/user');
-        expect(githubApi.get.calls.argsFor(1)[0]).toBe('/teams/2/memberships/user');
-        expect(githubApi.get.calls.argsFor(2)[0]).toBe('/teams/3/memberships/user');
-        expect(githubApi.get.calls.argsFor(3)[0]).toBe('/teams/4/memberships/user');
+        expect(teamsGetSpy).toHaveBeenCalledTimes(4);
+        expect(teamsGetSpy.calls.argsFor(0)[0]).toBe('/teams/1/memberships/user');
+        expect(teamsGetSpy.calls.argsFor(1)[0]).toBe('/teams/2/memberships/user');
+        expect(teamsGetSpy.calls.argsFor(2)[0]).toBe('/teams/3/memberships/user');
+        expect(teamsGetSpy.calls.argsFor(3)[0]).toBe('/teams/4/memberships/user');

        done();
      });
@ -155,7 +161,7 @@ describe('GithubTeams', () => {
    let teamsIsMemberByIdSpy: jasmine.Spy;

    beforeEach(() => {
-      teams = new GithubTeams(githubApi, 'foo');
+      teams = new GithubTeams('12345', 'foo');

      const mockResponse = Promise.resolve([{id: 1, slug: 'team1'}, {id: 2, slug: 'team2'}]);
      teamsFetchAllSpy = spyOn(teams, 'fetchAll').and.returnValue(mockResponse);
@ -175,7 +181,7 @@ describe('GithubTeams', () => {


    it('should resolve with false if \'fetchAll()\' rejects', done => {
-      teamsFetchAllSpy.and.callFake(() => Promise.reject(null));
+      teamsFetchAllSpy.and.returnValue(Promise.reject(null));
      teams.isMemberBySlug('user', ['team-slug']).then(isMember => {
        expect(isMember).toBe(false);
        done();
@ -203,7 +209,7 @@ describe('GithubTeams', () => {


    it('should resolve with false if \'isMemberById()\' rejects', done => {
-      teamsIsMemberByIdSpy.and.callFake(() => Promise.reject(null));
+      teamsIsMemberByIdSpy.and.returnValue(Promise.reject(null));
      teams.isMemberBySlug('user', ['team1']).then(isMember => {
        expect(isMember).toBe(false);
        expect(teamsIsMemberByIdSpy).toHaveBeenCalled();
@ -212,17 +218,16 @@ describe('GithubTeams', () => {
    });


-    it('should resolve with the value \'isMemberById()\' resolves with', async () => {
+    it('should resolve with the value \'isMemberById()\' resolves with', done => {
+      teamsIsMemberByIdSpy.and.returnValues(Promise.resolve(false), Promise.resolve(true));

-      teamsIsMemberByIdSpy.and.callFake(() => Promise.resolve(true));
-      const isMember1 = await teams.isMemberBySlug('user', ['team1']);
-      expect(isMember1).toBe(true);
-      expect(teamsIsMemberByIdSpy).toHaveBeenCalledWith('user', [1]);
-
-      teamsIsMemberByIdSpy.and.callFake(() => Promise.resolve(false));
-      const isMember2 = await teams.isMemberBySlug('user', ['team1']);
-      expect(isMember2).toBe(false);
-      expect(teamsIsMemberByIdSpy).toHaveBeenCalledWith('user', [1]);
+      Promise.all([
+        teams.isMemberBySlug('user', ['team1']).then(isMember => expect(isMember).toBe(false)),
+        teams.isMemberBySlug('user', ['team1']).then(isMember => expect(isMember).toBe(true)),
+      ]).then(() => {
+        expect(teamsIsMemberByIdSpy).toHaveBeenCalledTimes(2);
+        done();
+      });
    });

  });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/utils.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/common/utils.spec.ts
@ -1,59 +1,9 @@
 // Imports
-import {resolve as resolvePath} from 'path';
-import {
-  assert,
-  assertNotMissingOrEmpty,
-  computeArtifactDownloadPath,
-  computeShortSha,
-  getEnvVar,
-  getPrInfoFromDownloadPath,
-  Logger,
-} from '../../lib/common/utils';
+import {assertNotMissingOrEmpty, getEnvVar} from '../../lib/common/utils';

 // Tests
 describe('utils', () => {

-  describe('computeShortSha', () => {
-    it('should return only the first SHORT_SHA_LEN characters of the SHA', () => {
-      expect(computeShortSha('0123456789')).toEqual('0123456');
-      expect(computeShortSha('ABC')).toEqual('ABC');
-      expect(computeShortSha('')).toEqual('');
-    });
-  });
-
-
-  describe('assert', () => {
-    it('should throw if passed a false value', () => {
-      expect(() => assert(false, 'error message')).toThrowError('error message');
-    });
-
-    it('should not throw if passed a true value', () => {
-      expect(() => assert(true, 'error message')).not.toThrow();
-    });
-  });
-
-
-  describe('computeArtifactDownloadPath', () => {
-    it('should compute an absolute path based on the artifact info provided', () => {
-      const downloadDir = '/a/b/c';
-      const pr = 123;
-      const sha = 'ABCDEF1234567';
-      const artifactPath = 'a/path/to/file.zip';
-      const path = computeArtifactDownloadPath(downloadDir, pr, sha, artifactPath);
-      expect(path).toBe(resolvePath('/a/b/c/123-ABCDEF1-file.zip'));
-    });
-  });
-
-
-  describe('getPrInfoFromDownloadPath', () => {
-    it('should extract the PR and SHA from the file path', () => {
-      const {pr, sha} = getPrInfoFromDownloadPath('a/b/c/12345-ABCDE-artifact.zip');
-      expect(pr).toEqual(12345);
-      expect(sha).toEqual('ABCDE');
-    });
-  });
-
-
  describe('assertNotMissingOrEmpty()', () => {

    it('should throw if passed an empty value', () => {
@ -128,79 +78,4 @@ describe('utils', () => {

  });

-
-  describe('Logger', () => {
-    let consoleErrorSpy: jasmine.Spy;
-    let consoleInfoSpy: jasmine.Spy;
-    let consoleLogSpy: jasmine.Spy;
-    let consoleWarnSpy: jasmine.Spy;
-    let logger: Logger;
-
-    beforeEach(() => {
-      consoleErrorSpy = spyOn(console, 'error');
-      consoleInfoSpy = spyOn(console, 'info');
-      consoleLogSpy = spyOn(console, 'log');
-      consoleWarnSpy = spyOn(console, 'warn');
-
-      logger = new Logger('TestScope');
-    });
-
-
-    it('should delegate to `console`', () => {
-      logger.error('foo');
-      expect(consoleErrorSpy).toHaveBeenCalledTimes(1);
-      expect(consoleErrorSpy.calls.argsFor(0)).toContain('foo');
-
-      logger.info('bar');
-      expect(consoleInfoSpy).toHaveBeenCalledTimes(1);
-      expect(consoleInfoSpy.calls.argsFor(0)).toContain('bar');
-
-      logger.log('baz');
-      expect(consoleLogSpy).toHaveBeenCalledTimes(1);
-      expect(consoleLogSpy.calls.argsFor(0)).toContain('baz');
-
-      logger.warn('qux');
-      expect(consoleWarnSpy).toHaveBeenCalledTimes(1);
-      expect(consoleWarnSpy.calls.argsFor(0)).toContain('qux');
-    });
-
-
-    it('should prepend messages with the current date and logger\'s scope', () => {
-      const mockDate = new Date(1337);
-      const expectedDateStr = `[${mockDate}]`;
-      const expectedScopeStr = 'TestScope:           ';
-
-      jasmine.clock().mockDate(mockDate);
-      jasmine.clock().withMock(() => {
-        logger.error();
-        logger.info();
-        logger.log();
-        logger.warn();
-      });
-
-      expect(consoleErrorSpy).toHaveBeenCalledWith(expectedDateStr, expectedScopeStr);
-      expect(consoleInfoSpy).toHaveBeenCalledWith(expectedDateStr, expectedScopeStr);
-      expect(consoleLogSpy).toHaveBeenCalledWith(expectedDateStr, expectedScopeStr);
-      expect(consoleWarnSpy).toHaveBeenCalledWith(expectedDateStr, expectedScopeStr);
-    });
-
-
-    it('should pass all arguments to `console`', () => {
-      const someString = jasmine.any(String);
-
-      logger.error('foo1', 'foo2');
-      expect(consoleErrorSpy).toHaveBeenCalledWith(someString, someString, 'foo1', 'foo2');
-
-      logger.info('bar1', 'bar2');
-      expect(consoleInfoSpy).toHaveBeenCalledWith(someString, someString, 'bar1', 'bar2');
-
-      logger.log('baz1', 'baz2');
-      expect(consoleLogSpy).toHaveBeenCalledWith(someString, someString, 'baz1', 'baz2');
-
-      logger.warn('qux1', 'qux2');
-      expect(consoleWarnSpy).toHaveBeenCalledWith(someString, someString, 'qux1', 'qux2');
-    });
-
-  });
-
 });
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/helpers.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/helpers.ts
@ -0,0 +1,6 @@
+declare namespace jasmine {
+  export interface DoneFn extends Function {
+    (): void;
+    fail: (message: Error | string) => void;
+  }
+}
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/index.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/index.ts
@ -3,4 +3,5 @@ import {runTests} from '../lib/common/run-tests';

 // Run
 const specFiles = [`${__dirname}/**/*.spec.js`];
-runTests(specFiles);
+const helpers = [`${__dirname}/helpers.js`];
+runTests(specFiles, helpers);
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-retriever.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-retriever.spec.ts
@ -1,193 +0,0 @@
-import * as fs from 'fs';
-import * as nock from 'nock';
-import {resolve as resolvePath} from 'path';
-import {BuildInfo, CircleCiApi} from '../../lib/common/circle-ci-api';
-import {Logger} from '../../lib/common/utils';
-import {BuildRetriever} from '../../lib/preview-server/build-retriever';
-
-describe('BuildRetriever', () => {
-  const MAX_DOWNLOAD_SIZE = 10000;
-  const DOWNLOAD_DIR = resolvePath('/DOWNLOAD/DIR');
-  const BASE_URL = 'http://test.com';
-  const ARTIFACT_PATH = '/some/path/build.zip';
-
-  let api: CircleCiApi;
-  let BUILD_INFO: BuildInfo;
-  let WRITEFILE_RESULT: any;
-  let writeFileSpy: jasmine.Spy;
-  let EXISTS_RESULT: boolean;
-  let existsSpy: jasmine.Spy;
-  let getBuildArtifactUrlSpy: jasmine.Spy;
-
-  beforeEach(() => {
-    BUILD_INFO = {
-      branch: 'pull/777',
-      build_num: 12345,
-      failed: false,
-      has_artifacts: true,
-      outcome: 'success',
-      reponame: 'REPO',
-      username: 'ORG',
-      vcs_revision: 'COMMIT',
-    };
-
-    api = new CircleCiApi('ORG', 'REPO', 'TOKEN');
-    spyOn(api, 'getBuildInfo').and.callFake(() => Promise.resolve(BUILD_INFO));
-    getBuildArtifactUrlSpy = spyOn(api, 'getBuildArtifactUrl')
-      .and.callFake(() => Promise.resolve(BASE_URL + ARTIFACT_PATH));
-
-    WRITEFILE_RESULT = undefined;
-    writeFileSpy = spyOn(fs, 'writeFile').and.callFake(
-      (_path: string, _buffer: Buffer, callback: (err?: any) => {}) => callback(WRITEFILE_RESULT),
-    );
-
-    EXISTS_RESULT = false;
-    existsSpy = spyOn(fs, 'exists').and.callFake(
-      (_path: string, callback: (exists: boolean) => {}) => callback(EXISTS_RESULT),
-    );
-  });
-
-  describe('constructor', () => {
-    it('should fail if the "downloadSizeLimit" is invalid', () => {
-      expect(() => new BuildRetriever(api, NaN, DOWNLOAD_DIR))
-        .toThrowError(`Invalid parameter "downloadSizeLimit" should be a number greater than 0.`);
-      expect(() => new BuildRetriever(api, 0, DOWNLOAD_DIR))
-        .toThrowError(`Invalid parameter "downloadSizeLimit" should be a number greater than 0.`);
-      expect(() => new BuildRetriever(api, -1, DOWNLOAD_DIR))
-        .toThrowError(`Invalid parameter "downloadSizeLimit" should be a number greater than 0.`);
-    });
-    it('should fail if the "downloadDir" is missing', () => {
-      expect(() => new BuildRetriever(api, MAX_DOWNLOAD_SIZE, ''))
-        .toThrowError(`Missing or empty required parameter 'downloadDir'!`);
-    });
-  });
-
-
-  describe('getGithubInfo', () => {
-    it('should request the info from CircleCI', async () => {
-      const retriever = new BuildRetriever(api, MAX_DOWNLOAD_SIZE, DOWNLOAD_DIR);
-      const info = await retriever.getGithubInfo(12345);
-      expect(api.getBuildInfo).toHaveBeenCalledWith(12345);
-      expect(info).toEqual({org: 'ORG', pr: 777, repo: 'REPO', sha: 'COMMIT', success: true});
-    });
-
-    it('should error if it is not possible to extract the PR number from the branch', async () => {
-      const retriever = new BuildRetriever(api, MAX_DOWNLOAD_SIZE, DOWNLOAD_DIR);
-      try {
-        BUILD_INFO.branch = 'master';
-        await retriever.getGithubInfo(12345);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.message).toEqual('No PR found in branch field: master');
-      }
-    });
-  });
-
-
-  describe('downloadBuildArtifact', () => {
-    const ARTIFACT_CONTENTS = 'ARTIFACT CONTENTS';
-    let retriever: BuildRetriever;
-
-    beforeEach(() => {
-      spyOn(Logger.prototype, 'warn');
-      retriever = new BuildRetriever(api, MAX_DOWNLOAD_SIZE, DOWNLOAD_DIR);
-    });
-
-    it('should get the artifact URL from the CircleCI API', async () => {
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(200, ARTIFACT_CONTENTS);
-      await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-      expect(api.getBuildArtifactUrl).toHaveBeenCalledWith(12345, ARTIFACT_PATH);
-      artifactRequest.done();
-    });
-
-    it('should download the artifact from its URL', async () => {
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(200, ARTIFACT_CONTENTS);
-      await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-      // The following line proves that the artifact URL fetch occurred.
-      artifactRequest.done();
-    });
-
-    it('should fail if the artifact is too large', async () => {
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(200, ARTIFACT_CONTENTS);
-      retriever = new BuildRetriever(api, 10, DOWNLOAD_DIR);
-      try {
-        await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.status).toEqual(413);
-      }
-      artifactRequest.done();
-    });
-
-    it('should not download the artifact if it already exists', async () => {
-      const artifactRequestInterceptor = nock(BASE_URL).get(ARTIFACT_PATH);
-      const artifactRequest = artifactRequestInterceptor.reply(200, ARTIFACT_CONTENTS);
-      EXISTS_RESULT = true;
-      await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-      expect(existsSpy).toHaveBeenCalled();
-      expect(getBuildArtifactUrlSpy).not.toHaveBeenCalled();
-      expect(artifactRequest.isDone()).toEqual(false);
-      nock.removeInterceptor(artifactRequestInterceptor);
-    });
-
-    it('should write the artifact file to disk', async () => {
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(200, ARTIFACT_CONTENTS);
-      const downloadPath = resolvePath(`${DOWNLOAD_DIR}/777-COMMIT-build.zip`);
-
-      await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-      expect(writeFileSpy).toHaveBeenCalledWith(downloadPath, jasmine.any(Buffer), jasmine.any(Function));
-
-      const buffer: Buffer = writeFileSpy.calls.mostRecent().args[1];
-      expect(buffer.toString()).toEqual(ARTIFACT_CONTENTS);
-
-      artifactRequest.done();
-    });
-
-    it('should fail if the CircleCI API fails',  async () => {
-      try {
-        getBuildArtifactUrlSpy.and.callFake(() => Promise.reject('getBuildArtifactUrl failed'));
-        await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.message).toEqual('CircleCI artifact download failed (getBuildArtifactUrl failed)');
-      }
-    });
-
-    it('should fail if the URL fetch errors',  async () => {
-      // create a new handler that errors
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).replyWithError('Artifact Request Failed');
-      try {
-        await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.message).toEqual('CircleCI artifact download failed ' +
-          '(request to http://test.com/some/path/build.zip failed, reason: Artifact Request Failed)');
-      }
-      artifactRequest.done();
-    });
-
-    it('should fail if the URL fetch 404s',  async () => {
-      // create a new handler that errors
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(404, 'No such artifact');
-      try {
-        await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.message).toEqual('CircleCI artifact download failed (Error 404 - Not Found)');
-      }
-      artifactRequest.done();
-    });
-
-    it('should fail if file write fails',  async () => {
-      const artifactRequest = nock(BASE_URL).get(ARTIFACT_PATH).reply(200, ARTIFACT_CONTENTS);
-      try {
-        WRITEFILE_RESULT = 'Test Error';
-        await retriever.downloadBuildArtifact(12345, 777, 'COMMIT', ARTIFACT_PATH);
-        throw new Error('Exception Expected');
-      } catch (error) {
-        expect(error.message).toEqual('CircleCI artifact download failed (Test Error)');
-      }
-      artifactRequest.done();
-    });
-  });
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-verifier.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-verifier.spec.ts
@ -1,180 +0,0 @@
-// Imports
-import {GithubApi} from '../../lib/common/github-api';
-import {GithubPullRequests, PullRequest} from '../../lib/common/github-pull-requests';
-import {GithubTeams} from '../../lib/common/github-teams';
-import {BuildVerifier} from '../../lib/preview-server/build-verifier';
-
-// Tests
-describe('BuildVerifier', () => {
-  const defaultConfig = {
-    allowedTeamSlugs: ['team1', 'team2'],
-    githubOrg: 'organization',
-    githubRepo: 'repo',
-    githubToken: 'githubToken',
-    secret: 'secret',
-    trustedPrLabel: 'trusted: pr-label',
-  };
-  let prs: GithubPullRequests;
-  let bv: BuildVerifier;
-
-  // Helpers
-  const createBuildVerifier = (partialConfig: Partial<typeof defaultConfig> = {}) => {
-    const cfg = {...defaultConfig, ...partialConfig} as typeof defaultConfig;
-    const api = new GithubApi(cfg.githubToken);
-    prs = new GithubPullRequests(api, cfg.githubOrg, cfg.githubRepo);
-    const teams = new GithubTeams(api, cfg.githubOrg);
-    return new BuildVerifier(prs, teams, cfg.allowedTeamSlugs, cfg.trustedPrLabel);
-  };
-
-  beforeEach(() => bv = createBuildVerifier());
-
-
-  describe('constructor()', () => {
-
-    ['githubToken', 'githubRepo', 'githubOrg', 'allowedTeamSlugs', 'trustedPrLabel'].
-      forEach(param => {
-        it(`should throw if '${param}' is missing or empty`, () => {
-          expect(() => createBuildVerifier({[param]: ''})).
-            toThrowError(`Missing or empty required parameter '${param}'!`);
-        });
-      });
-
-
-    it('should throw if \'allowedTeamSlugs\' is an empty array', () => {
-      expect(() => createBuildVerifier({allowedTeamSlugs: []})).
-        toThrowError('Missing or empty required parameter \'allowedTeamSlugs\'!');
-    });
-
-  });
-
-
-  describe('getSignificantFilesChanged', () => {
-    it('should return false if none of the fetched files match the given pattern', async () => {
-      const fetchFilesSpy = spyOn(prs, 'fetchFiles');
-      fetchFilesSpy.and.callFake(() => Promise.resolve([{filename: 'a/b/c'}, {filename: 'd/e/f'}]));
-      expect(await bv.getSignificantFilesChanged(777, /^x/)).toEqual(false);
-      expect(fetchFilesSpy).toHaveBeenCalledWith(777);
-
-      fetchFilesSpy.calls.reset();
-      expect(await bv.getSignificantFilesChanged(777, /^a/)).toEqual(true);
-      expect(fetchFilesSpy).toHaveBeenCalledWith(777);
-    });
-  });
-
-
-  describe('getPrIsTrusted()', () => {
-    const pr = 9;
-    let mockPrInfo: PullRequest;
-    let prsFetchSpy: jasmine.Spy;
-    let teamsIsMemberBySlugSpy: jasmine.Spy;
-
-    beforeEach(() => {
-      mockPrInfo = {
-        labels: [
-          {name: 'foo'},
-          {name: 'bar'},
-        ],
-        number: 9,
-        user: {login: 'username'},
-      };
-
-      prsFetchSpy = spyOn(GithubPullRequests.prototype, 'fetch').
-        and.callFake(() => Promise.resolve(mockPrInfo));
-
-      teamsIsMemberBySlugSpy = spyOn(GithubTeams.prototype, 'isMemberBySlug').
-        and.callFake(() => Promise.resolve(true));
-    });
-
-
-    it('should return a promise', done => {
-      const promise = bv.getPrIsTrusted(pr);
-      promise.then(done);   // Do not complete the test (and release the spies) synchronously
-                            // to avoid running the actual `GithubTeams#isMemberBySlug()`.
-
-      expect(promise).toEqual(jasmine.any(Promise));
-    });
-
-
-    it('should fetch the corresponding PR', done => {
-      bv.getPrIsTrusted(pr).then(() => {
-        expect(prsFetchSpy).toHaveBeenCalledWith(pr);
-        done();
-      });
-    });
-
-
-    it('should fail if fetching the PR errors', done => {
-      prsFetchSpy.and.callFake(() => Promise.reject('Test'));
-      bv.getPrIsTrusted(pr).catch(err => {
-        expect(err).toBe('Test');
-        done();
-      });
-    });
-
-
-    describe('when the PR has the "trusted PR" label', () => {
-
-      beforeEach(() => mockPrInfo.labels.push({name: 'trusted: pr-label'}));
-
-
-      it('should resolve to true', done => {
-        bv.getPrIsTrusted(pr).then(isTrusted => {
-          expect(isTrusted).toBe(true);
-          done();
-        });
-      });
-
-
-      it('should not try to verify the author\'s membership status', done => {
-        bv.getPrIsTrusted(pr).then(() => {
-          expect(teamsIsMemberBySlugSpy).not.toHaveBeenCalled();
-          done();
-        });
-      });
-
-    });
-
-
-    describe('when the PR does not have the "trusted PR" label', () => {
-
-      it('should verify the PR author\'s membership in the specified teams', done => {
-        bv.getPrIsTrusted(pr).then(() => {
-          expect(teamsIsMemberBySlugSpy).toHaveBeenCalledWith('username', ['team1', 'team2']);
-          done();
-        });
-      });
-
-
-      it('should fail if verifying membership errors', done => {
-        teamsIsMemberBySlugSpy.and.callFake(() => Promise.reject('Test'));
-        bv.getPrIsTrusted(pr).catch(err => {
-          expect(err).toBe('Test');
-          done();
-        });
-      });
-
-
-      it('should resolve to true if the PR\'s author is a member', done => {
-        teamsIsMemberBySlugSpy.and.callFake(() => Promise.resolve(true));
-
-        bv.getPrIsTrusted(pr).then(isTrusted => {
-          expect(isTrusted).toBe(true);
-          done();
-        });
-      });
-
-
-      it('should resolve to false if the PR\'s author is not a member', done => {
-        teamsIsMemberBySlugSpy.and.callFake(() => Promise.resolve(false));
-
-        bv.getPrIsTrusted(pr).then(isTrusted => {
-          expect(isTrusted).toBe(false);
-          done();
-        });
-      });
-
-    });
-
-  });
-
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/helpers.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/helpers.ts
@ -1,11 +0,0 @@
-import {PreviewServerError} from '../../lib/preview-server/preview-error';
-
-export const expectToBePreviewServerError = (actual: PreviewServerError, status?: number, message?: string) => {
-  expect(actual).toEqual(jasmine.any(PreviewServerError));
-  if (status != null) {
-    expect(actual.status).toBe(status);
-  }
-  if (message != null) {
-    expect(actual.message).toBe(message);
-  }
-};
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/preview-error.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/preview-error.spec.ts
@ -1,39 +0,0 @@
-// Imports
-import {PreviewServerError} from '../../lib/preview-server/preview-error';
-
-// Tests
-describe('PreviewServerError', () => {
-  let err: PreviewServerError;
-
-  beforeEach(() => err = new PreviewServerError(999, 'message'));
-
-
-  it('should extend Error', () => {
-    expect(err).toEqual(jasmine.any(PreviewServerError));
-    expect(err).toEqual(jasmine.any(Error));
-
-    expect(Object.getPrototypeOf(err)).toBe(PreviewServerError.prototype);
-  });
-
-
-  it('should have a \'status\' property', () => {
-    expect(err.status).toBe(999);
-  });
-
-
-  it('should have a \'message\' property', () => {
-    expect(err.message).toBe('message');
-  });
-
-
-  it('should have a 500 \'status\' by default', () => {
-    expect(new PreviewServerError().status).toBe(500);
-  });
-
-
-  it('should have an empty \'message\' by default', () => {
-    expect(new PreviewServerError().message).toBe('');
-    expect(new PreviewServerError(999).message).toBe('');
-  });
-
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/preview-server-factory.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/preview-server-factory.spec.ts
@ -1,692 +0,0 @@
-// Imports
-import * as express from 'express';
-import * as http from 'http';
-import * as supertest from 'supertest';
-import {CircleCiApi} from '../../lib/common/circle-ci-api';
-import {GithubApi} from '../../lib/common/github-api';
-import {GithubPullRequests} from '../../lib/common/github-pull-requests';
-import {GithubTeams} from '../../lib/common/github-teams';
-import {Logger} from '../../lib/common/utils';
-import {BuildCreator} from '../../lib/preview-server/build-creator';
-import {ChangedPrVisibilityEvent, CreatedBuildEvent} from '../../lib/preview-server/build-events';
-import {BuildRetriever, GithubInfo} from '../../lib/preview-server/build-retriever';
-import {BuildVerifier} from '../../lib/preview-server/build-verifier';
-import {PreviewServerConfig, PreviewServerFactory} from '../../lib/preview-server/preview-server-factory';
-
-interface CircleCiWebHookPayload {
-  payload: {
-    build_num: number;
-    build_parameters: {
-      CIRCLE_JOB: string;
-    }
-  };
-}
-
-// Tests
-describe('PreviewServerFactory', () => {
-  const defaultConfig: PreviewServerConfig = {
-    buildArtifactPath: 'artifact/path.zip',
-    buildsDir: 'builds/dir',
-    circleCiToken: 'CIRCLE_CI_TOKEN',
-    domainName: 'domain.name',
-    downloadSizeLimit: 999,
-    downloadsDir: '/tmp/aio-create-builds',
-    githubOrg: 'organisation',
-    githubRepo: 'repo',
-    githubTeamSlugs: ['team1', 'team2'],
-    githubToken: '12345',
-    significantFilesPattern: '^(?:aio|packages)\\/(?!.*[._]spec\\.[jt]s$)',
-    trustedPrLabel: 'trusted: pr-label',
-  };
-  let loggerErrorSpy: jasmine.Spy;
-  let loggerInfoSpy: jasmine.Spy;
-  let loggerLogSpy: jasmine.Spy;
-
-  // Helpers
-  const createPreviewServer = (partialConfig: Partial<PreviewServerConfig> = {}) =>
-    PreviewServerFactory.create({...defaultConfig, ...partialConfig});
-
-  beforeEach(() => {
-    loggerErrorSpy = spyOn(Logger.prototype, 'error');
-    loggerInfoSpy = spyOn(Logger.prototype, 'info');
-    loggerLogSpy = spyOn(Logger.prototype, 'log');
-  });
-
-  describe('create()', () => {
-    let usfCreateMiddlewareSpy: jasmine.Spy;
-
-    beforeEach(() => {
-      usfCreateMiddlewareSpy = spyOn(PreviewServerFactory, 'createMiddleware').and.callThrough();
-    });
-
-
-    it('should throw if \'buildsDir\' is missing or empty', () => {
-      expect(() => createPreviewServer({buildsDir: ''})).
-        toThrowError('Missing or empty required parameter \'buildsDir\'!');
-    });
-
-
-    it('should throw if \'domainName\' is missing or empty', () => {
-      expect(() => createPreviewServer({domainName: ''})).
-        toThrowError('Missing or empty required parameter \'domainName\'!');
-    });
-
-
-    it('should throw if \'githubToken\' is missing or empty', () => {
-      expect(() => createPreviewServer({githubToken: ''})).
-        toThrowError('Missing or empty required parameter \'githubToken\'!');
-    });
-
-
-    it('should throw if \'githubOrg\' is missing or empty', () => {
-      expect(() => createPreviewServer({githubOrg: ''})).
-        toThrowError('Missing or empty required parameter \'githubOrg\'!');
-    });
-
-
-    it('should throw if \'githubTeamSlugs\' is missing or empty', () => {
-      expect(() => createPreviewServer({githubTeamSlugs: []})).
-        toThrowError('Missing or empty required parameter \'allowedTeamSlugs\'!');
-    });
-
-
-    it('should throw if \'githubRepo\' is missing or empty', () => {
-      expect(() => createPreviewServer({githubRepo: ''})).
-        toThrowError('Missing or empty required parameter \'githubRepo\'!');
-    });
-
-
-    it('should throw if \'trustedPrLabel\' is missing or empty', () => {
-      expect(() => createPreviewServer({trustedPrLabel: ''})).
-        toThrowError('Missing or empty required parameter \'trustedPrLabel\'!');
-    });
-
-
-    it('should return an http.Server', () => {
-      const httpCreateServerSpy = spyOn(http, 'createServer').and.callThrough();
-      const server = createPreviewServer();
-
-      expect(server).toBe(httpCreateServerSpy.calls.mostRecent().returnValue);
-    });
-
-
-    it('should create and use an appropriate BuildCreator', () => {
-      const usfCreateBuildCreatorSpy = spyOn(PreviewServerFactory, 'createBuildCreator').and.callThrough();
-
-      createPreviewServer();
-      const buildRetriever = jasmine.any(BuildRetriever);
-      const buildVerifier = jasmine.any(BuildVerifier);
-      const prs = jasmine.any(GithubPullRequests);
-      const buildCreator: BuildCreator = usfCreateBuildCreatorSpy.calls.mostRecent().returnValue;
-
-      expect(usfCreateMiddlewareSpy).toHaveBeenCalledWith(buildRetriever, buildVerifier, buildCreator, defaultConfig);
-      expect(usfCreateBuildCreatorSpy).toHaveBeenCalledWith(prs, 'builds/dir', 'domain.name');
-    });
-
-
-    it('should create and use an appropriate middleware', () => {
-      const httpCreateServerSpy = spyOn(http, 'createServer').and.callThrough();
-
-      createPreviewServer();
-
-      const buildRetriever = jasmine.any(BuildRetriever);
-      const buildVerifier = jasmine.any(BuildVerifier);
-      const buildCreator = jasmine.any(BuildCreator);
-      expect(usfCreateMiddlewareSpy).toHaveBeenCalledWith(buildRetriever, buildVerifier, buildCreator, defaultConfig);
-
-      const middleware: express.Express = usfCreateMiddlewareSpy.calls.mostRecent().returnValue;
-      expect(httpCreateServerSpy).toHaveBeenCalledWith(middleware);
-    });
-
-
-    it('should log the server address info on \'listening\'', () => {
-      const server = createPreviewServer();
-      server.address = () => ({address: 'foo', family: '', port: 1337});
-
-      expect(loggerInfoSpy).not.toHaveBeenCalled();
-
-      server.emit('listening');
-      expect(loggerInfoSpy).toHaveBeenCalledWith('Up and running (and listening on foo:1337)...');
-    });
-
-  });
-
-
-  // Protected methods
-
-  describe('createBuildCreator()', () => {
-    let buildCreator: BuildCreator;
-
-    beforeEach(() => {
-      const api = new GithubApi(defaultConfig.githubToken);
-      const prs = new GithubPullRequests(api, defaultConfig.githubOrg, defaultConfig.githubRepo);
-      buildCreator = PreviewServerFactory.createBuildCreator(prs, defaultConfig.buildsDir, defaultConfig.domainName);
-    });
-
-    it('should pass the \'buildsDir\' to the BuildCreator', () => {
-      expect((buildCreator as any).buildsDir).toBe('builds/dir');
-    });
-
-
-    describe('on \'build.created\'', () => {
-      let prsAddCommentSpy: jasmine.Spy;
-
-      beforeEach(() => prsAddCommentSpy = spyOn(GithubPullRequests.prototype, 'addComment'));
-
-
-      it('should post a comment on GitHub for public previews', () => {
-        const commentBody = 'You can preview 1234567890 at https://pr42-1234567890.domain.name/.';
-
-        buildCreator.emit(CreatedBuildEvent.type, {pr: 42, sha: '1234567890', isPublic: true});
-        expect(prsAddCommentSpy).toHaveBeenCalledWith(42, commentBody);
-      });
-
-
-      it('should not post a comment on GitHub for non-public previews', () => {
-        buildCreator.emit(CreatedBuildEvent.type, {pr: 42, sha: '1234567890', isPublic: false});
-        expect(prsAddCommentSpy).not.toHaveBeenCalled();
-      });
-
-    });
-
-
-    describe('on \'pr.changedVisibility\'', () => {
-      let prsAddCommentSpy: jasmine.Spy;
-
-      beforeEach(() => prsAddCommentSpy = spyOn(GithubPullRequests.prototype, 'addComment'));
-
-
-      it('should post a comment on GitHub (for all SHAs) for PRs made public', () => {
-        const commentBody = 'You can preview 12345 at https://pr42-12345.domain.name/.\n' +
-                            'You can preview 67890 at https://pr42-67890.domain.name/.';
-
-        buildCreator.emit(ChangedPrVisibilityEvent.type, {pr: 42, shas: ['12345', '67890'], isPublic: true});
-        expect(prsAddCommentSpy).toHaveBeenCalledWith(42, commentBody);
-      });
-
-
-      it('should not post a comment on GitHub if no SHAs were affected', () => {
-        buildCreator.emit(ChangedPrVisibilityEvent.type, {pr: 42, shas: [], isPublic: true});
-        expect(prsAddCommentSpy).not.toHaveBeenCalled();
-      });
-
-
-      it('should not post a comment on GitHub for PRs made non-public', () => {
-        buildCreator.emit(ChangedPrVisibilityEvent.type, {pr: 42, shas: ['12345', '67890'], isPublic: false});
-        expect(prsAddCommentSpy).not.toHaveBeenCalled();
-      });
-
-    });
-
-
-    it('should pass the correct parameters to GithubPullRequests', () => {
-      const prsAddCommentSpy = spyOn(GithubPullRequests.prototype, 'addComment');
-
-      buildCreator.emit(CreatedBuildEvent.type, {pr: 42, sha: '1234567890', isPublic: true});
-      buildCreator.emit(ChangedPrVisibilityEvent.type, {pr: 42, shas: ['12345', '67890'], isPublic: true});
-
-      const allCalls = prsAddCommentSpy.calls.all();
-      const prs: GithubPullRequests = allCalls[0].object;
-
-      expect(prsAddCommentSpy).toHaveBeenCalledTimes(2);
-      expect(prs).toBe(allCalls[1].object);
-      expect(prs).toEqual(jasmine.any(GithubPullRequests));
-      expect(prs.repoSlug).toBe('organisation/repo');
-    });
-
-  });
-
-
-  describe('createMiddleware()', () => {
-    let buildRetriever: BuildRetriever;
-    let buildVerifier: BuildVerifier;
-    let buildCreator: BuildCreator;
-    let agent: supertest.SuperTest<supertest.Test>;
-
-    beforeEach(() => {
-      const circleCiApi = new CircleCiApi(defaultConfig.githubOrg, defaultConfig.githubRepo,
-                                          defaultConfig.circleCiToken);
-      const githubApi = new GithubApi(defaultConfig.githubToken);
-      const prs = new GithubPullRequests(githubApi, defaultConfig.githubOrg, defaultConfig.githubRepo);
-      const teams = new GithubTeams(githubApi, defaultConfig.githubOrg);
-
-      buildRetriever = new BuildRetriever(circleCiApi, defaultConfig.downloadSizeLimit, defaultConfig.downloadsDir);
-      buildVerifier = new BuildVerifier(prs, teams, defaultConfig.githubTeamSlugs, defaultConfig.trustedPrLabel);
-      buildCreator = new BuildCreator(defaultConfig.buildsDir);
-
-      const middleware = PreviewServerFactory.createMiddleware(buildRetriever, buildVerifier, buildCreator,
-                                                               defaultConfig);
-      agent = supertest.agent(middleware);
-    });
-
-
-    describe('GET /health-check', () => {
-
-      it('should respond with 200', async () => {
-        await Promise.all([
-          agent.get('/health-check').expect(200),
-          agent.get('/health-check/').expect(200),
-        ]);
-      });
-
-
-      it('should respond with 404 for non-GET requests', async () => {
-        await Promise.all([
-          agent.put('/health-check').expect(404),
-          agent.post('/health-check').expect(404),
-          agent.patch('/health-check').expect(404),
-          agent.delete('/health-check').expect(404),
-        ]);
-      });
-
-
-      it('should respond with 404 if the path does not match exactly', async () => {
-        await Promise.all([
-          agent.get('/health-check/foo').expect(404),
-          agent.get('/health-check-foo').expect(404),
-          agent.get('/health-checknfoo').expect(404),
-          agent.get('/foo/health-check').expect(404),
-          agent.get('/foo-health-check').expect(404),
-          agent.get('/foonhealth-check').expect(404),
-        ]);
-      });
-
-    });
-
-
-    describe('GET /can-have-public-preview/<pr>', () => {
-      const baseUrl = '/can-have-public-preview';
-      const pr = 777;
-      const url = `${baseUrl}/${pr}`;
-      let bvGetPrIsTrustedSpy: jasmine.Spy;
-      let bvGetSignificantFilesChangedSpy: jasmine.Spy;
-
-      beforeEach(() => {
-        bvGetPrIsTrustedSpy = spyOn(buildVerifier, 'getPrIsTrusted').and.returnValue(Promise.resolve(true));
-        bvGetSignificantFilesChangedSpy = spyOn(buildVerifier, 'getSignificantFilesChanged').
-          and.returnValue(Promise.resolve(true));
-      });
-
-
-      it('should respond with 404 for non-GET requests', async () => {
-        await Promise.all([
-          agent.put(url).expect(404),
-          agent.post(url).expect(404),
-          agent.patch(url).expect(404),
-          agent.delete(url).expect(404),
-        ]);
-      });
-
-
-      it('should respond with 404 if the path does not match exactly', async () => {
-        await Promise.all([
-          agent.get('/can-have-public-preview/42/foo').expect(404),
-          agent.get('/can-have-public-preview-foo/42').expect(404),
-          agent.get('/can-have-public-previewnfoo/42').expect(404),
-          agent.get('/foo/can-have-public-preview/42').expect(404),
-          agent.get('/foo-can-have-public-preview/42').expect(404),
-          agent.get('/fooncan-have-public-preview/42').expect(404),
-        ]);
-      });
-
-
-      it('should respond appropriately if the PR did not touch any significant files', async () => {
-        bvGetSignificantFilesChangedSpy.and.returnValue(Promise.resolve(false));
-
-        const expectedResponse = {canHavePublicPreview: false, reason: 'No significant files touched.'};
-        const expectedLog = `PR:${pr} - Cannot have a public preview, because it did not touch any significant files.`;
-
-        await agent.get(url).expect(200, expectedResponse);
-
-        expect(bvGetSignificantFilesChangedSpy).toHaveBeenCalledWith(pr, jasmine.any(RegExp));
-        expect(bvGetPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(loggerLogSpy).toHaveBeenCalledWith(expectedLog);
-      });
-
-
-      it('should respond appropriately if the PR is not automatically verifiable as "trusted"', async () => {
-        bvGetPrIsTrustedSpy.and.returnValue(Promise.resolve(false));
-
-        const expectedResponse = {canHavePublicPreview: false, reason: 'Not automatically verifiable as "trusted".'};
-        const expectedLog =
-          `PR:${pr} - Cannot have a public preview, because not automatically verifiable as "trusted".`;
-
-        await agent.get(url).expect(200, expectedResponse);
-
-        expect(bvGetSignificantFilesChangedSpy).toHaveBeenCalledWith(pr, jasmine.any(RegExp));
-        expect(bvGetPrIsTrustedSpy).toHaveBeenCalledWith(pr);
-        expect(loggerLogSpy).toHaveBeenCalledWith(expectedLog);
-      });
-
-
-      it('should respond appropriately if the PR can have a preview', async () => {
-        const expectedResponse = {canHavePublicPreview: true, reason: null};
-        const expectedLog = `PR:${pr} - Can have a public preview.`;
-
-        await agent.get(url).expect(200, expectedResponse);
-
-        expect(bvGetSignificantFilesChangedSpy).toHaveBeenCalledWith(pr, jasmine.any(RegExp));
-        expect(bvGetPrIsTrustedSpy).toHaveBeenCalledWith(pr);
-        expect(loggerLogSpy).toHaveBeenCalledWith(expectedLog);
-      });
-
-
-      it('should respond with error if `getSignificantFilesChanged()` fails', async () => {
-        bvGetSignificantFilesChangedSpy.and.callFake(() => Promise.reject('getSignificantFilesChanged error'));
-
-        await agent.get(url).expect(500, 'getSignificantFilesChanged error');
-        expect(loggerErrorSpy).toHaveBeenCalledWith('Previewability check error', 'getSignificantFilesChanged error');
-      });
-
-
-      it('should respond with error if `getPrIsTrusted()` fails', async () => {
-        const error = new Error('getPrIsTrusted error');
-        bvGetPrIsTrustedSpy.and.callFake(() => { throw error; });
-
-        await agent.get(url).expect(500, 'getPrIsTrusted error');
-        expect(loggerErrorSpy).toHaveBeenCalledWith('Previewability check error', error);
-      });
-
-    });
-
-
-    describe('POST /circle-build', () => {
-      let getGithubInfoSpy: jasmine.Spy;
-      let getSignificantFilesChangedSpy: jasmine.Spy;
-      let downloadBuildArtifactSpy: jasmine.Spy;
-      let getPrIsTrustedSpy: jasmine.Spy;
-      let createBuildSpy: jasmine.Spy;
-      let IS_PUBLIC: boolean;
-      let BUILD_INFO: GithubInfo;
-      let AFFECTS_SIGNIFICANT_FILES: boolean;
-      let BASIC_PAYLOAD: CircleCiWebHookPayload;
-      const URL = '/circle-build';
-      const BUILD_NUM = 12345;
-      const PR = 777;
-      const SHA = 'COMMIT';
-      const DOWNLOADED_ARTIFACT_PATH = 'downloads/777-COMMIT-build.zip';
-
-      beforeEach(() => {
-        IS_PUBLIC = true;
-        BUILD_INFO  = {
-          org: defaultConfig.githubOrg,
-          pr: PR,
-          repo: defaultConfig.githubRepo,
-          sha: SHA,
-          success: true,
-        };
-        BASIC_PAYLOAD = { payload: { build_num: BUILD_NUM, build_parameters: { CIRCLE_JOB: 'aio_preview' } } };
-        AFFECTS_SIGNIFICANT_FILES = true;
-        getGithubInfoSpy = spyOn(buildRetriever, 'getGithubInfo')
-          .and.callFake(() => Promise.resolve(BUILD_INFO));
-        getSignificantFilesChangedSpy = spyOn(buildVerifier, 'getSignificantFilesChanged')
-          .and.callFake(() => Promise.resolve(AFFECTS_SIGNIFICANT_FILES));
-        downloadBuildArtifactSpy = spyOn(buildRetriever, 'downloadBuildArtifact')
-          .and.callFake(() => Promise.resolve(DOWNLOADED_ARTIFACT_PATH));
-        getPrIsTrustedSpy = spyOn(buildVerifier, 'getPrIsTrusted')
-          .and.callFake(() => Promise.resolve(IS_PUBLIC));
-        createBuildSpy = spyOn(buildCreator, 'create');
-      });
-
-      it('should respond with 400 if the request body is not in the correct format', async () => {
-        await Promise.all([
-          agent.post(URL).expect(400),
-          agent.post(URL).send().expect(400),
-          agent.post(URL).send({}).expect(400),
-          agent.post(URL).send({ payload: {} }).expect(400),
-          agent.post(URL).send({ payload: { build_num: -1 } }).expect(400),
-          agent.post(URL).send({ payload: { build_num: 4000 } }).expect(400),
-          agent.post(URL).send({ payload: { build_num: 4000, build_parameters: { } } }).expect(400),
-          agent.post(URL).send({ payload: { build_num: 4000, build_parameters: { CIRCLE_JOB: '' } } }).expect(400),
-        ]);
-      });
-
-      it('should create a preview if everything is good and the build succeeded', async () => {
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(201);
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(getSignificantFilesChangedSpy).toHaveBeenCalledWith(PR, jasmine.any(RegExp));
-        expect(downloadBuildArtifactSpy).toHaveBeenCalledWith(BUILD_NUM, PR, SHA, defaultConfig.buildArtifactPath);
-        expect(getPrIsTrustedSpy).toHaveBeenCalledWith(PR);
-        expect(createBuildSpy).toHaveBeenCalledWith(PR, SHA, DOWNLOADED_ARTIFACT_PATH, IS_PUBLIC);
-      });
-
-      it('should respond with 204 if the reported build is not the "AIO preview" job', async () => {
-        BASIC_PAYLOAD.payload.build_parameters.CIRCLE_JOB = 'lint';
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(204);
-        expect(getGithubInfoSpy).not.toHaveBeenCalled();
-        expect(getSignificantFilesChangedSpy).not.toHaveBeenCalled();
-        expect(loggerLogSpy).toHaveBeenCalledWith(
-          'Build:12345, Job:lint -', 'Skipping preview processing because this is not the "aio_preview" job.');
-        expect(downloadBuildArtifactSpy).not.toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should respond with 204 if the build did not affect any significant files', async () => {
-        AFFECTS_SIGNIFICANT_FILES = false;
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(204);
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(getSignificantFilesChangedSpy).toHaveBeenCalledWith(PR, jasmine.any(RegExp));
-        expect(loggerLogSpy).toHaveBeenCalledWith(
-          'PR:777, Build:12345 - Skipping preview processing because this PR did not touch any significant files.');
-        expect(downloadBuildArtifactSpy).not.toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should respond with 201 if the build is trusted', async () => {
-        IS_PUBLIC = true;
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(201);
-      });
-
-      it('should respond with 202 if the build is not trusted', async () => {
-        IS_PUBLIC = false;
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(202);
-      });
-
-      it('should not create a preview if the build was not successful', async () => {
-        BUILD_INFO.success = false;
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(204);
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(downloadBuildArtifactSpy).not.toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should fail if the CircleCI request fails', async () => {
-        // Note it is important to put the `reject` into `and.callFake`;
-        // If you just `and.returnValue` the rejected promise
-        // then you get an "unhandled rejection" message in the console.
-        getGithubInfoSpy.and.callFake(() => Promise.reject('Test Error'));
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(500, 'Test Error');
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(downloadBuildArtifactSpy).not.toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should fail if the Github organisation of the build does not match the configured organisation', async () => {
-        BUILD_INFO.org = 'bad';
-        await agent.post(URL).send(BASIC_PAYLOAD)
-          .expect(500, `Invalid webhook: expected "githubOrg" property to equal "organisation" but got "bad".`);
-      });
-
-      it('should fail if the Github repo of the build does not match the configured repo', async () => {
-        BUILD_INFO.repo = 'bad';
-        await agent.post(URL).send(BASIC_PAYLOAD)
-          .expect(500, `Invalid webhook: expected "githubRepo" property to equal "repo" but got "bad".`);
-      });
-
-      it('should fail if the artifact fetch request fails', async () => {
-        downloadBuildArtifactSpy.and.callFake(() => Promise.reject('Test Error'));
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(500, 'Test Error');
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(downloadBuildArtifactSpy).toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).not.toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should fail if verifying the PR fails', async () => {
-        getPrIsTrustedSpy.and.callFake(() => Promise.reject('Test Error'));
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(500, 'Test Error');
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(downloadBuildArtifactSpy).toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).toHaveBeenCalled();
-        expect(createBuildSpy).not.toHaveBeenCalled();
-      });
-
-      it('should fail if creating the preview build fails', async () => {
-        createBuildSpy.and.callFake(() => Promise.reject('Test Error'));
-        await agent.post(URL).send(BASIC_PAYLOAD).expect(500, 'Test Error');
-        expect(getGithubInfoSpy).toHaveBeenCalledWith(BUILD_NUM);
-        expect(downloadBuildArtifactSpy).toHaveBeenCalled();
-        expect(getPrIsTrustedSpy).toHaveBeenCalled();
-        expect(createBuildSpy).toHaveBeenCalled();
-      });
-    });
-
-
-    describe('POST /pr-updated', () => {
-      const pr = '9';
-      const url = '/pr-updated';
-      let bvGetPrIsTrustedSpy: jasmine.Spy;
-      let bcUpdatePrVisibilitySpy: jasmine.Spy;
-
-      // Helpers
-      const createRequest = (num: number, action?: string) =>
-        agent.post(url).send({number: num, action});
-
-      beforeEach(() => {
-        bvGetPrIsTrustedSpy = spyOn(buildVerifier, 'getPrIsTrusted');
-        bcUpdatePrVisibilitySpy = spyOn(buildCreator, 'updatePrVisibility');
-      });
-
-
-      it('should respond with 404 for non-POST requests', async () => {
-        await Promise.all([
-          agent.get(url).expect(404),
-          agent.put(url).expect(404),
-          agent.patch(url).expect(404),
-          agent.delete(url).expect(404),
-        ]);
-      });
-
-
-      it('should respond with 400 for requests without a payload', async () => {
-        const responseBody = `Missing or empty 'number' field in request: POST ${url} {}`;
-
-        const request1 = agent.post(url);
-        const request2 = agent.post(url).send();
-
-        await Promise.all([
-          request1.expect(400, responseBody),
-          request2.expect(400, responseBody),
-        ]);
-      });
-
-
-      it('should respond with 400 for requests without a \'number\' field', async () => {
-        const responseBodyPrefix = `Missing or empty 'number' field in request: POST ${url}`;
-
-        const request1 = agent.post(url).send({});
-        const request2 = agent.post(url).send({number: null});
-
-        await Promise.all([
-          request1.expect(400, `${responseBodyPrefix} {}`),
-          request2.expect(400, `${responseBodyPrefix} {"number":null}`),
-        ]);
-      });
-
-
-      it('should call \'BuildVerifier#gtPrIsTrusted()\' with the correct arguments', async () => {
-        await createRequest(+pr);
-        expect(bvGetPrIsTrustedSpy).toHaveBeenCalledWith(9);
-      });
-
-
-      it('should propagate errors from BuildVerifier', async () => {
-        bvGetPrIsTrustedSpy.and.callFake(() => Promise.reject('Test'));
-
-        await createRequest(+pr).expect(500, 'Test');
-
-        expect(bvGetPrIsTrustedSpy).toHaveBeenCalledWith(9);
-        expect(bcUpdatePrVisibilitySpy).not.toHaveBeenCalled();
-      });
-
-
-      it('should call \'BuildCreator#updatePrVisibility()\' with the correct arguments', async () => {
-        bvGetPrIsTrustedSpy.and.callFake((pr2: number) => Promise.resolve(pr2 === 42));
-
-        await createRequest(24);
-        expect(bcUpdatePrVisibilitySpy).toHaveBeenCalledWith(24, false);
-
-        await createRequest(42);
-        expect(bcUpdatePrVisibilitySpy).toHaveBeenCalledWith(42, true);
-      });
-
-
-      it('should propagate errors from BuildCreator', async () => {
-        bcUpdatePrVisibilitySpy.and.callFake(() => Promise.reject('Test'));
-        await createRequest(+pr).expect(500, 'Test');
-      });
-
-
-      describe('on success', () => {
-
-        it('should respond with 200 (action: undefined)', async () => {
-          bvGetPrIsTrustedSpy.and.returnValues(Promise.resolve(true), Promise.resolve(false));
-
-          const reqs = [4, 2].map(num => createRequest(num).expect(200, http.STATUS_CODES[200]));
-          await Promise.all(reqs);
-        });
-
-
-        it('should respond with 200 (action: labeled)', async () => {
-          bvGetPrIsTrustedSpy.and.returnValues(Promise.resolve(true), Promise.resolve(false));
-
-          const reqs = [4, 2].map(num => createRequest(num, 'labeled').expect(200, http.STATUS_CODES[200]));
-          await Promise.all(reqs);
-        });
-
-
-        it('should respond with 200 (action: unlabeled)', async () => {
-          bvGetPrIsTrustedSpy.and.returnValues(Promise.resolve(true), Promise.resolve(false));
-
-          const reqs = [4, 2].map(num => createRequest(num, 'unlabeled').expect(200, http.STATUS_CODES[200]));
-          await Promise.all(reqs);
-        });
-
-
-        it('should respond with 200 (and do nothing) if \'action\' implies no visibility change', async () => {
-          const promises = ['foo', 'notlabeled'].
-            map(action => createRequest(+pr, action).expect(200, http.STATUS_CODES[200]));
-
-          await Promise.all(promises);
-          expect(bvGetPrIsTrustedSpy).not.toHaveBeenCalled();
-          expect(bcUpdatePrVisibilitySpy).not.toHaveBeenCalled();
-        });
-
-      });
-
-    });
-
-
-    describe('ALL *', () => {
-
-      it('should respond with 404', async () => {
-        const responseFor = (method: string) => `Unknown resource in request: ${method.toUpperCase()} /some/url`;
-
-        await Promise.all([
-          agent.get('/some/url').expect(404, responseFor('get')),
-          agent.put('/some/url').expect(404, responseFor('put')),
-          agent.post('/some/url').expect(404, responseFor('post')),
-          agent.patch('/some/url').expect(404, responseFor('patch')),
-          agent.delete('/some/url').expect(404, responseFor('delete')),
-        ]);
-      });
-
-    });
-
-  });
-
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/utils.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/utils.spec.ts
@ -1,49 +0,0 @@
-import * as express from 'express';
-import {PreviewServerError} from '../../lib/preview-server/preview-error';
-import {respondWithError, throwRequestError} from '../../lib/preview-server/utils';
-
-describe('preview-server/utils', () => {
-  describe('respondWithError', () => {
-    let endSpy: jasmine.Spy;
-    let statusSpy: jasmine.Spy;
-    let response: express.Response;
-
-    beforeEach(() => {
-      endSpy = jasmine.createSpy('end');
-      statusSpy = jasmine.createSpy('status').and.callFake(() => response);
-      response = {status: statusSpy, end: endSpy} as any;
-    });
-
-    it('should set the status on the response', () => {
-      respondWithError(response, new PreviewServerError(505, 'TEST MESSAGE'));
-      expect(statusSpy).toHaveBeenCalledWith(505);
-      expect(endSpy).toHaveBeenCalledWith('TEST MESSAGE', jasmine.any(Function));
-    });
-
-    it('should convert non-PreviewServerError errors to 500 PreviewServerErrors', () => {
-      respondWithError(response, new Error('OTHER MESSAGE'));
-      expect(statusSpy).toHaveBeenCalledWith(500);
-      expect(endSpy).toHaveBeenCalledWith('OTHER MESSAGE', jasmine.any(Function));
-    });
-  });
-
-  describe('throwRequestError', () => {
-    it('should throw a suitable error', () => {
-      let caught = false;
-      try {
-        const request = {
-          body: 'The request body',
-          method: 'POST',
-          originalUrl: 'some.domain.com/path',
-        } as express.Request;
-        throwRequestError(505, 'ERROR MESSAGE', request);
-      } catch (error) {
-        caught = true;
-        expect(error).toEqual(jasmine.any(PreviewServerError));
-        expect(error.status).toEqual(505);
-        expect(error.message).toEqual(`ERROR MESSAGE in request: POST some.domain.com/path "The request body"`);
-      }
-      expect(caught).toEqual(true);
-    });
-  });
-});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-creator.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-creator.spec.ts
@ -5,21 +5,20 @@ import * as fs from 'fs';
 import * as path from 'path';
 import * as shell from 'shelljs';
 import {SHORT_SHA_LEN} from '../../lib/common/constants';
-import {Logger} from '../../lib/common/utils';
-import {BuildCreator} from '../../lib/preview-server/build-creator';
-import {ChangedPrVisibilityEvent, CreatedBuildEvent} from '../../lib/preview-server/build-events';
-import {PreviewServerError} from '../../lib/preview-server/preview-error';
-import {expectToBePreviewServerError} from './helpers';
+import {BuildCreator} from '../../lib/upload-server/build-creator';
+import {ChangedPrVisibilityEvent, CreatedBuildEvent} from '../../lib/upload-server/build-events';
+import {UploadError} from '../../lib/upload-server/upload-error';
+import {expectToBeUploadError} from './helpers';

 // Tests
 describe('BuildCreator', () => {
-  const pr = 9;
+  const pr = '9';
  const sha = '9'.repeat(40);
  const shortSha = sha.substr(0, SHORT_SHA_LEN);
  const archive = 'snapshot.tar.gz';
  const buildsDir = 'builds/dir';
  const hiddenPrDir = path.join(buildsDir, `hidden--${pr}`);
-  const publicPrDir = path.join(buildsDir, `${pr}`);
+  const publicPrDir = path.join(buildsDir, pr);
  const hiddenShaDir = path.join(hiddenPrDir, shortSha);
  const publicShaDir = path.join(publicPrDir, shortSha);
  let bc: BuildCreator;
@ -135,8 +134,8 @@ describe('BuildCreator', () => {


        it('should abort and skip further operations if changing the PR\'s visibility fails', done => {
-          const mockError = new PreviewServerError(543, 'Test');
-          bcUpdatePrVisibilitySpy.and.callFake(() => Promise.reject(mockError));
+          const mockError = new UploadError(543, 'Test');
+          bcUpdatePrVisibilitySpy.and.returnValue(Promise.reject(mockError));

          bc.create(pr, sha, archive, isPublic).catch(err => {
            expect(err).toBe(mockError);
@ -155,7 +154,7 @@ describe('BuildCreator', () => {
          existsValues[shaDir] = true;
          bc.create(pr, sha, archive, isPublic).catch(err => {
            const publicOrNot = isPublic ? 'public' : 'non-public';
-            expectToBePreviewServerError(err, 409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
+            expectToBeUploadError(err, 409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
            expect(shellMkdirSpy).not.toHaveBeenCalled();
            expect(bcExtractArchiveSpy).not.toHaveBeenCalled();
            expect(bcEmitSpy).not.toHaveBeenCalled();
@ -172,7 +171,7 @@ describe('BuildCreator', () => {

          bc.create(pr, sha, archive, isPublic).catch(err => {
            const publicOrNot = isPublic ? 'public' : 'non-public';
-            expectToBePreviewServerError(err, 409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
+            expectToBeUploadError(err, 409, `Request to overwrite existing ${publicOrNot} directory: ${shaDir}`);
            expect(shellMkdirSpy).not.toHaveBeenCalled();
            expect(bcExtractArchiveSpy).not.toHaveBeenCalled();
            expect(bcEmitSpy).not.toHaveBeenCalled();
@ -223,20 +222,20 @@ describe('BuildCreator', () => {
        });


-        it('should reject with an PreviewServerError', done => {
+        it('should reject with an UploadError', done => {
          // tslint:disable-next-line: no-string-throw
          shellMkdirSpy.and.callFake(() => { throw 'Test'; });
          bc.create(pr, sha, archive, isPublic).catch(err => {
-            expectToBePreviewServerError(err, 500, `Error while creating preview at: ${shaDir}\nTest`);
+            expectToBeUploadError(err, 500, `Error while uploading to directory: ${shaDir}\nTest`);
            done();
          });
        });


-        it('should pass PreviewServerError instances unmodified', done => {
-          shellMkdirSpy.and.callFake(() => { throw new PreviewServerError(543, 'Test'); });
+        it('should pass UploadError instances unmodified', done => {
+          shellMkdirSpy.and.callFake(() => { throw new UploadError(543, 'Test'); });
          bc.create(pr, sha, archive, isPublic).catch(err => {
-            expectToBePreviewServerError(err, 543, 'Test');
+            expectToBeUploadError(err, 543, 'Test');
            done();
          });
        });
@ -325,7 +324,7 @@ describe('BuildCreator', () => {
          const shas = ['foo', 'bar', 'baz'];
          let emitted = false;

-          bcListShasByDate.and.callFake(() => Promise.resolve(shas));
+          bcListShasByDate.and.returnValue(Promise.resolve(shas));
          bcEmitSpy.and.callFake((type: string, evt: ChangedPrVisibilityEvent) => {
            expect(bcListShasByDate).toHaveBeenCalledWith(newPrDir);

@ -377,8 +376,7 @@ describe('BuildCreator', () => {
        it('should abort and skip further operations if both directories exist', done => {
          bcExistsSpy.and.returnValue(true);
          bc.updatePrVisibility(pr, makePublic).catch(err => {
-            expectToBePreviewServerError(err, 409,
-              `Request to move '${oldPrDir}' to existing directory '${newPrDir}'.`);
+            expectToBeUploadError(err, 409, `Request to move '${oldPrDir}' to existing directory '${newPrDir}'.`);
            expect(shellMvSpy).not.toHaveBeenCalled();
            expect(bcListShasByDate).not.toHaveBeenCalled();
            expect(bcEmitSpy).not.toHaveBeenCalled();
@ -409,21 +407,20 @@ describe('BuildCreator', () => {
        });


-        it('should reject with an PreviewServerError', done => {
+        it('should reject with an UploadError', done => {
          // tslint:disable-next-line: no-string-throw
          shellMvSpy.and.callFake(() => { throw 'Test'; });
          bc.updatePrVisibility(pr, makePublic).catch(err => {
-            expectToBePreviewServerError(err, 500,
-                `Error while making PR ${pr} ${makePublic ? 'public' : 'hidden'}.\nTest`);
+            expectToBeUploadError(err, 500, `Error while making PR ${pr} ${makePublic ? 'public' : 'hidden'}.\nTest`);
            done();
          });
        });


-        it('should pass PreviewServerError instances unmodified', done => {
-          shellMvSpy.and.callFake(() => { throw new PreviewServerError(543, 'Test'); });
+        it('should pass UploadError instances unmodified', done => {
+          shellMvSpy.and.callFake(() => { throw new UploadError(543, 'Test'); });
          bc.updatePrVisibility(pr, makePublic).catch(err => {
-            expectToBePreviewServerError(err, 543, 'Test');
+            expectToBeUploadError(err, 543, 'Test');
            done();
          });
        });
@ -454,7 +451,7 @@ describe('BuildCreator', () => {

    it('should call \'fs.access()\' with the specified argument', () => {
      (bc as any).exists('foo');
-      expect(fsAccessSpy).toHaveBeenCalledWith('foo', jasmine.any(Function));
+      expect(fs.access).toHaveBeenCalledWith('foo', jasmine.any(Function));
    });


@ -492,7 +489,7 @@ describe('BuildCreator', () => {
    beforeEach(() => {
      cpExecCbs = [];

-      consoleWarnSpy = spyOn(Logger.prototype, 'warn');
+      consoleWarnSpy = spyOn(console, 'warn');
      shellChmodSpy = spyOn(shell, 'chmod');
      shellRmSpy = spyOn(shell, 'rm');
      cpExecSpy = spyOn(cp, 'exec').and.callFake((_: string, cb: (...args: any[]) => void) => cpExecCbs.push(cb));
@ -530,7 +527,7 @@ describe('BuildCreator', () => {
    });


-    it('should delete the build artifact file on success', done => {
+    it('should delete the uploaded file on success', done => {
      (bc as any).extractArchive('input/file', 'output/dir').
        then(() => expect(shellRmSpy).toHaveBeenCalledWith('-f', 'input/file')).
        then(done);
@ -570,7 +567,7 @@ describe('BuildCreator', () => {
      });


-      it('should abort and reject if it fails to remove the build artifact file', done => {
+      it('should abort and reject if it fails to remove the uploaded file', done => {
        (bc as any).extractArchive('foo', 'bar').catch((err: any) => {
          expect(shellChmodSpy).toHaveBeenCalled();
          expect(shellRmSpy).toHaveBeenCalled();
@ -621,7 +618,7 @@ describe('BuildCreator', () => {


    it('should reject if listing files fails', done => {
-      shellLsSpy.and.callFake(() => Promise.reject('Test'));
+      shellLsSpy.and.returnValue(Promise.reject('Test'));
      (bc as any).listShasByDate('input/dir').catch((err: string) => {
        expect(err).toBe('Test');
        done();
@ -630,7 +627,7 @@ describe('BuildCreator', () => {


    it('should return the filenames', done => {
-      shellLsSpy.and.callFake(() => Promise.resolve([
+      shellLsSpy.and.returnValue(Promise.resolve([
        lsResult('foo', 100),
        lsResult('bar', 200),
        lsResult('baz', 300),
@ -643,7 +640,7 @@ describe('BuildCreator', () => {


    it('should sort by date', done => {
-      shellLsSpy.and.callFake(() => Promise.resolve([
+      shellLsSpy.and.returnValue(Promise.resolve([
        lsResult('foo', 300),
        lsResult('bar', 100),
        lsResult('baz', 200),
@ -663,7 +660,7 @@ describe('BuildCreator', () => {
      ];
      mockArray.sort = jasmine.createSpy('sort');

-      shellLsSpy.and.callFake(() => Promise.resolve(mockArray));
+      shellLsSpy.and.returnValue(Promise.resolve(mockArray));
      (bc as any).listShasByDate('input/dir').
        then((shas: string[]) => {
          expect(shas).toEqual(['bar', 'baz', 'foo']);
@ -674,7 +671,7 @@ describe('BuildCreator', () => {


    it('should only include directories', done => {
-      shellLsSpy.and.callFake(() => Promise.resolve([
+      shellLsSpy.and.returnValue(Promise.resolve([
        lsResult('foo', 100),
        lsResult('bar', 200, false),
        lsResult('baz', 300),
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-events.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/preview-server/build-events.spec.ts
@ -1,5 +1,5 @@
 // Imports
-import {ChangedPrVisibilityEvent, CreatedBuildEvent} from '../../lib/preview-server/build-events';
+import {ChangedPrVisibilityEvent, CreatedBuildEvent} from '../../lib/upload-server/build-events';

 // Tests
 describe('ChangedPrVisibilityEvent', () => {
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/build-verifier.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/build-verifier.spec.ts
@ -0,0 +1,303 @@
+// Imports
+import * as jwt from 'jsonwebtoken';
+import {GithubPullRequests, PullRequest} from '../../lib/common/github-pull-requests';
+import {GithubTeams} from '../../lib/common/github-teams';
+import {BUILD_VERIFICATION_STATUS, BuildVerifier} from '../../lib/upload-server/build-verifier';
+import {expectToBeUploadError} from './helpers';
+
+// Tests
+describe('BuildVerifier', () => {
+  const defaultConfig = {
+    allowedTeamSlugs: ['team1', 'team2'],
+    githubToken: 'githubToken',
+    organization: 'organization',
+    repoSlug: 'repo/slug',
+    secret: 'secret',
+    trustedPrLabel: 'trusted: pr-label',
+  };
+  let bv: BuildVerifier;
+
+  // Helpers
+  const createBuildVerifier = (partialConfig: Partial<typeof defaultConfig> = {}) => {
+    const cfg = {...defaultConfig, ...partialConfig} as typeof defaultConfig;
+    return new BuildVerifier(cfg.secret, cfg.githubToken, cfg.repoSlug, cfg.organization,
+                             cfg.allowedTeamSlugs, cfg.trustedPrLabel);
+  };
+
+  beforeEach(() => bv = createBuildVerifier());
+
+
+  describe('constructor()', () => {
+
+    ['secret', 'githubToken', 'repoSlug', 'organization', 'allowedTeamSlugs', 'trustedPrLabel'].
+      forEach(param => {
+        it(`should throw if '${param}' is missing or empty`, () => {
+          expect(() => createBuildVerifier({[param]: ''})).
+            toThrowError(`Missing or empty required parameter '${param}'!`);
+        });
+      });
+
+
+    it('should throw if \'allowedTeamSlugs\' is an empty array', () => {
+      expect(() => createBuildVerifier({allowedTeamSlugs: []})).
+        toThrowError('Missing or empty required parameter \'allowedTeamSlugs\'!');
+    });
+
+  });
+
+
+  describe('getPrIsTrusted()', () => {
+    const pr = 9;
+    let mockPrInfo: PullRequest;
+    let prsFetchSpy: jasmine.Spy;
+    let teamsIsMemberBySlugSpy: jasmine.Spy;
+
+    beforeEach(() => {
+      mockPrInfo = {
+        labels: [
+          {name: 'foo'},
+          {name: 'bar'},
+        ],
+        number: 9,
+        user: {login: 'username'},
+      };
+
+      prsFetchSpy = spyOn(GithubPullRequests.prototype, 'fetch').
+        and.returnValue(Promise.resolve(mockPrInfo));
+
+      teamsIsMemberBySlugSpy = spyOn(GithubTeams.prototype, 'isMemberBySlug').
+        and.returnValue(Promise.resolve(true));
+    });
+
+
+    it('should return a promise', done => {
+      const promise = bv.getPrIsTrusted(pr);
+      promise.then(done);   // Do not complete the test (and release the spies) synchronously
+                            // to avoid running the actual `GithubTeams#isMemberBySlug()`.
+
+      expect(promise).toEqual(jasmine.any(Promise));
+    });
+
+
+    it('should fetch the corresponding PR', done => {
+      bv.getPrIsTrusted(pr).then(() => {
+        expect(prsFetchSpy).toHaveBeenCalledWith(pr);
+        done();
+      });
+    });
+
+
+    it('should fail if fetching the PR errors', done => {
+      prsFetchSpy.and.callFake(() => Promise.reject('Test'));
+      bv.getPrIsTrusted(pr).catch(err => {
+        expect(err).toBe('Test');
+        done();
+      });
+    });
+
+
+    describe('when the PR has the "trusted PR" label', () => {
+
+      beforeEach(() => mockPrInfo.labels.push({name: 'trusted: pr-label'}));
+
+
+      it('should resolve to true', done => {
+        bv.getPrIsTrusted(pr).then(isTrusted => {
+          expect(isTrusted).toBe(true);
+          done();
+        });
+      });
+
+
+      it('should not try to verify the author\'s membership status', done => {
+        bv.getPrIsTrusted(pr).then(() => {
+          expect(teamsIsMemberBySlugSpy).not.toHaveBeenCalled();
+          done();
+        });
+      });
+
+    });
+
+
+    describe('when the PR does not have the "trusted PR" label', () => {
+
+      it('should verify the PR author\'s membership in the specified teams', done => {
+        bv.getPrIsTrusted(pr).then(() => {
+          expect(teamsIsMemberBySlugSpy).toHaveBeenCalledWith('username', ['team1', 'team2']);
+          done();
+        });
+      });
+
+
+      it('should fail if verifying membership errors', done => {
+        teamsIsMemberBySlugSpy.and.callFake(() => Promise.reject('Test'));
+        bv.getPrIsTrusted(pr).catch(err => {
+          expect(err).toBe('Test');
+          done();
+        });
+      });
+
+
+      it('should resolve to true if the PR\'s author is a member', done => {
+        teamsIsMemberBySlugSpy.and.returnValue(Promise.resolve(true));
+
+        bv.getPrIsTrusted(pr).then(isTrusted => {
+          expect(isTrusted).toBe(true);
+          done();
+        });
+      });
+
+
+      it('should resolve to false if the PR\'s author is not a member', done => {
+        teamsIsMemberBySlugSpy.and.returnValue(Promise.resolve(false));
+
+        bv.getPrIsTrusted(pr).then(isTrusted => {
+          expect(isTrusted).toBe(false);
+          done();
+        });
+      });
+
+    });
+
+  });
+
+
+  describe('verify()', () => {
+    const pr = 9;
+    const defaultJwt = {
+      'exp': Math.floor(Date.now() / 1000) + 30,
+      'iat': Math.floor(Date.now() / 1000) - 30,
+      'iss': 'Travis CI, GmbH',
+      'pull-request': pr,
+      'slug': defaultConfig.repoSlug,
+    };
+    let bvGetPrIsTrusted: jasmine.Spy;
+
+    // Heleprs
+    const createAuthHeader = (partialJwt: Partial<typeof defaultJwt> = {}, secret: string = defaultConfig.secret) =>
+      `Token ${jwt.sign({...defaultJwt, ...partialJwt}, secret)}`;
+
+    beforeEach(() => {
+      bvGetPrIsTrusted = spyOn(bv, 'getPrIsTrusted').and.returnValue(Promise.resolve(true));
+    });
+
+
+    it('should return a promise', done => {
+      const promise = bv.verify(pr, createAuthHeader());
+      promise.then(done);   // Do not complete the test (and release the spies) synchronously
+                            // to avoid running the actual `bvGetPrIsTrusted()`.
+
+      expect(promise).toEqual(jasmine.any(Promise));
+    });
+
+
+    it('should fail if the authorization header is invalid', done => {
+      bv.verify(pr, 'foo').catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: jwt malformed';
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should fail if the secret is invalid', done => {
+      bv.verify(pr, createAuthHeader({}, 'foo')).catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: invalid signature';
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should fail if the issuer is invalid', done => {
+      bv.verify(pr, createAuthHeader({iss: 'not valid'})).catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: ' +
+                             `jwt issuer invalid. expected: ${defaultJwt.iss}`;
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should fail if the token has expired', done => {
+      bv.verify(pr, createAuthHeader({exp: 0})).catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: jwt expired';
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should fail if the repo slug does not match', done => {
+      bv.verify(pr, createAuthHeader({slug: 'foo/bar'})).catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: ' +
+                             `jwt slug invalid. expected: ${defaultConfig.repoSlug}`;
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should fail if the PR does not match', done => {
+      bv.verify(pr, createAuthHeader({'pull-request': 1337})).catch(err => {
+        const errorMessage = 'Error while verifying upload for PR 9: ' +
+                             `jwt pull-request invalid. expected: ${pr}`;
+
+        expectToBeUploadError(err, 403, errorMessage);
+        done();
+      });
+    });
+
+
+    it('should not fail if the token is valid', done => {
+      bv.verify(pr, createAuthHeader()).then(done);
+    });
+
+
+    it('should not fail even if the token has been issued in the future', done => {
+      const in30s = Math.floor(Date.now() / 1000) + 30;
+      bv.verify(pr, createAuthHeader({iat: in30s})).then(done);
+    });
+
+
+    it('should call \'getPrIsTrusted()\' if the token is valid', done => {
+      bv.verify(pr, createAuthHeader()).then(() => {
+        expect(bvGetPrIsTrusted).toHaveBeenCalledWith(pr);
+        done();
+      });
+    });
+
+
+    it('should fail if \'getPrIsTrusted()\' rejects', done => {
+      bvGetPrIsTrusted.and.callFake(() => Promise.reject('Test'));
+      bv.verify(pr, createAuthHeader()).catch(err => {
+        expectToBeUploadError(err, 403, `Error while verifying upload for PR ${pr}: Test`);
+        done();
+      });
+    });
+
+
+    it('should resolve to `verifiedNotTrusted` if \'getPrIsTrusted()\' returns false', done => {
+      bvGetPrIsTrusted.and.returnValue(Promise.resolve(false));
+      bv.verify(pr, createAuthHeader()).then(value => {
+        expect(value).toBe(BUILD_VERIFICATION_STATUS.verifiedNotTrusted);
+        done();
+      });
+    });
+
+
+    it('should resolve to `verifiedAndTrusted` if \'getPrIsTrusted()\' returns true', done => {
+      bv.verify(pr, createAuthHeader()).then(value => {
+        expect(value).toBe(BUILD_VERIFICATION_STATUS.verifiedAndTrusted);
+        done();
+      });
+    });
+
+  });
+
+});
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/helpers.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/helpers.ts
@ -0,0 +1,11 @@
+import {UploadError} from '../../lib/upload-server/upload-error';
+
+export const expectToBeUploadError = (actual: UploadError, status?: number, message?: string) => {
+  expect(actual).toEqual(jasmine.any(UploadError));
+  if (status != null) {
+    expect(actual.status).toBe(status);
+  }
+  if (message != null) {
+    expect(actual.message).toBe(message);
+  }
+};
--- a/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/upload-error.spec.ts
+++ b/aio/aio-builds-setup/dockerbuild/scripts-js/test/upload-server/upload-error.spec.ts
@ -0,0 +1,39 @@
+// Imports
+import {UploadError} from '../../lib/upload-server/upload-error';
+
+// Tests
+describe('UploadError', () => {
+  let err: UploadError;
+
+  beforeEach(() => err = new UploadError(999, 'message'));
+
+
+  it('should extend Error', () => {
+    expect(err).toEqual(jasmine.any(UploadError));
+    expect(err).toEqual(jasmine.any(Error));
+
+    expect(Object.getPrototypeOf(err)).toBe(UploadError.prototype);
+  });
+
+
+  it('should have a \'status\' property', () => {
+    expect(err.status).toBe(999);
+  });
+
+
+  it('should have a \'message\' property', () => {
+    expect(err.message).toBe('message');
+  });
+
+
+  it('should have a 500 \'status\' by default', () => {
+    expect(new UploadError().status).toBe(500);
+  });
+
+
+  it('should have an empty \'message\' by default', () => {
+    expect(new UploadError().message).toBe('');
+    expect(new UploadError(999).message).toBe('');
+  });
+
+});
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .9.0
 .9.5