Add latest changes from gitlab-org/gitlab@16-2-stable-eev16.2.0-rc42

9 files changed, 166 insertions, 8 deletions

diff --git a/.gitlab/issue_templates/Analytics_Instrumentation_Incident_Template.md b/.gitlab/issue_templates/Analytics_Instrumentation_Incident_Template.md
new file mode 100644
index 00000000000..2ebd5acdcd4
--- /dev/null
+++ b/.gitlab/issue_templates/Analytics_Instrumentation_Incident_Template.md
@@ -0,0 +1,49 @@
+<!-- Please complete the template below as best as you can. Make sure to check if this issue has already been raised by someone else first to avoid duplication. 
+
+For each section below, please add screenshots or links or anything that may help visual learners understand the problem better, even if this takes you an extra minute or two this is a great help to some folks.
+
+https://www.learning-styles-online.com/style/visual-spatial/
+
+-->
+
+## Problem
+<!-- High level overview of the Incident -->
+
+##  Detection
+
+<!-- How did we learn of the problem? System Error? User? -->
+
+## Impact
+
+<!-- Who was impacted and how were they impacted?
+Please include Teams, Users, Automations, Processes -->
+
+
+## Additional information
+
+<!-- Please fill out any additonal information that may help with resolution -->
+
+
+## Checklist
+<!-- Please ensure all of the below steps are taken -->
+
+* [ ] Assigned severity tags based on this [guidance](https://about.gitlab.com/handbook/engineering/development/analytics/analytics-instrumentation/#incident-detection)
+* [ ] Assigned to PM and EM of ~"group::analytics instrumentation"
+* [ ] Posted link to incident in `g_analyze_analytics_instrumentation` and tagged both PM and EM of the group
+
+
+<---- TO BE FILLED BY ASSIGNEE / RESOLUTION DRI---->
+<!-- The intention of this section is to give stakeholders a high level summary of the issue with whatever information we have at the point of closing the issue or providing a quick fix. For a deeper analysis of the root cause and how we can avoid such incidents in the future please use the RCA template as outlined in the handbook incident resolution guidance and link the issue here -->
+
+## Summary
+<!-- Overall summary of the issue -->
+
+## Root Cause
+
+<!-- To be filled by the assignee. What caused this incident? Link to RCA issue if needed -->
+
+## Resolution
+<!-- To be filled by assignee.Has the issue been resolved? How? Please include any relevant issue and/or MR links in the description -->
+
+
+
diff --git a/.gitlab/issue_templates/Broken Master - Flaky.md b/.gitlab/issue_templates/Broken Master - Flaky.md
index b87d9b5ee1f..5b01e67feab 100644
--- a/.gitlab/issue_templates/Broken Master - Flaky.md
+++ b/.gitlab/issue_templates/Broken Master - Flaky.md
@@ -27,4 +27,8 @@ Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engi
 
 Once the flaky failure has been fixed on the default branch, open merge requests to cherry-pick the fix to the active stable branches.
 
+### Logs
+
+<!-- Add here failing job logs -->
+
 /label ~"type::maintenance" ~"failure::flaky-test" ~"priority::3" ~"severity::3"
diff --git a/.gitlab/issue_templates/Broken Master - Non-flaky.md b/.gitlab/issue_templates/Broken Master - Non-flaky.md
index d2dc616ead8..0b92326ed42 100644
--- a/.gitlab/issue_templates/Broken Master - Non-flaky.md
+++ b/.gitlab/issue_templates/Broken Master - Non-flaky.md
@@ -21,4 +21,8 @@ Please read the below documentations for a workflow of triaging and resolving br
 
 Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.
 
+### Logs
+
+<!-- Add here failing job logs -->
+
 /label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1" ~"type::maintenance" ~"maintenance::pipelines"
diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
index c63a5cb0032..b77247954de 100644
--- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
@@ -69,7 +69,6 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
         t.integer :retry_count, default: 0, limit: 2, null: false
         t.integer :verification_retry_count, default: 0, limit: 2, null: false
         t.boolean :checksum_mismatch, default: false, null: false
-        t.boolean :force_to_redownload, default: false, null: false
         t.boolean :missing_on_primary, default: false, null: false
         t.binary :verification_checksum
         t.binary :verification_checksum_mismatched
@@ -146,11 +145,14 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
     enable_lock_retries!
 
     def up
-      create_table :cool_widget_states, id: false do |t|
+      create_table :cool_widget_states do |t|
         t.datetime_with_timezone :verification_started_at
         t.datetime_with_timezone :verification_retry_at
         t.datetime_with_timezone :verified_at
-        t.references :cool_widget, primary_key: true, default: nil, index: false, foreign_key: { on_delete: :cascade }
+        t.references :cool_widget,
+          null: false,
+          index: { unique: true },
+          foreign_key: { on_delete: :cascade }
         t.integer :verification_state, default: 0, limit: 2, null: false
         t.integer :verification_retry_count, default: 0, limit: 2, null: false
         t.binary :verification_checksum, using: 'verification_checksum::bytea'
@@ -292,6 +294,11 @@ That's all of the required database changes.
         # Search the codebase for examples, and consult a Geo expert if needed.
       end
 
+      override :verification_state_model_key
+      def verification_state_model_key
+        :cool_widget_id
+      end
+
       override :verification_state_table_class
       def verification_state_table_class
         CoolWidgetState
@@ -391,7 +398,7 @@ That's all of the required database changes.
 
 - [ ] Make sure a Geo secondary site can request and download Cool Widgets on the Geo primary site. You may need to make some changes to `Gitlab::GitAccessCoolWidget`. For example, see [this change for Group-level Wikis](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54914/diffs?commit_id=0f2b36f66697b4addbc69bd377ee2818f648dd33).
 
-- [ ] Make sure a Geo secondary site can replicate Cool Widgets where repository does not exist on the Geo primary site. The only way to know about this is to parse the error text. You may need to make some changes to `Gitlab::CoolWidgetReplicator.no_repo_message` to return the proper error message. For example, see [this change for Group-level Wikis](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74133).
+- [ ] Make sure a Geo secondary site marks Cool Widgets as missing on primary when a repository does not exist on the Geo primary site. The only way to know about this is to parse the error text. You may need to make some changes to `Gitlab::CoolWidgetReplicator.no_repo_message` to return the proper error message. For example, see [this change for Group-level Wikis](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74133). Alternatively, if a repository should *always* exist on the primary, then a Geo-specific workaround is to create an empty repository when verifying on primary. See examples for [project wikis](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123869) and [design repositories](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123917).
 
 - [ ] Generate the feature flag definition files by running the feature flag commands and following the command prompts:
 
diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md
index 91a86a96ac9..94c93bd27e4 100644
--- a/.gitlab/issue_templates/Geo Replicate a new blob type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md
@@ -148,14 +148,13 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
     enable_lock_retries!
 
     def up
-      create_table :cool_widget_states, id: false do |t|
+      create_table :cool_widget_states do |t|
         t.datetime_with_timezone :verification_started_at
         t.datetime_with_timezone :verification_retry_at
         t.datetime_with_timezone :verified_at
         t.references :cool_widget,
-          primary_key: true,
-          default: nil,
-          index: false,
+          null: false,
+          index: { unique: true },
           foreign_key: { on_delete: :cascade }
         t.integer :verification_state, default: 0, limit: 2, null: false
         t.integer :verification_retry_count, default: 0, limit: 2, null: false
@@ -298,6 +297,11 @@ That's all of the required database changes.
         # Search the codebase for examples, and consult a Geo expert if needed.
       end
 
+      override :verification_state_model_key
+      def verification_state_model_key
+        :cool_widget_id
+      end
+
       override :verification_state_table_class
       def verification_state_table_class
         CoolWidgetState
diff --git a/.gitlab/issue_templates/Pipeline Execution Issue Implementation.md b/.gitlab/issue_templates/Pipeline Execution Issue Implementation.md
new file mode 100644
index 00000000000..54a8f0e4153
--- /dev/null
+++ b/.gitlab/issue_templates/Pipeline Execution Issue Implementation.md
@@ -0,0 +1,55 @@
+<!--
+## Author Checklist
+(_NOTE: This section can be removed when the issue is ready for creation_)
+- [ ] Ensure that issue title is concise yet descriptive
+- [ ] Add "~frontend", "~backend", or "~documentation" labels as appropriate
+- [ ] Ensure the issue containing the feature or change proposal and related discussions is linked as related to this implementation issue.
+- [ ] Aside from default labeling, please make sure to include relevant labels for `type::`, `workflow::`, and `~frontend`/`~backend` labeling.
+- [ ] Issues with user-facing changes should include the `~UX` label.
+-->
+
+## Summary
+
+## Proposal
+
+## Additional details
+<!--
+_NOTE: If the issue has addressed all of these questions, this separate section can be removed._
+-->
+
+Some relevant technical details, if applicable, such as:
+
+- Does this need a ~"feature flag"?
+- Does there need to be an associated ~"instrumentation" issue created related to this work?
+- Is there an example response showing the data structure that should be returned (new endpoints only)?
+- What permissions should be used?
+- Is this EE or CE?
+    - [ ] EE
+    - [ ] CE
+- Additional comments:
+
+## Implementation Table
+
+<!--
+_NOTE: If the issue is not part of an epic, the implementation table can be removed. If it is part of an epic, make sure that the implementation table below mirrors the corresponding epic's implementation table content._
+-->
+
+
+| Group | Issue Link |
+| ------ | ------ |
+| ~backend | :point_left: You are here |
+| ~frontend | [#123123](url) |
+
+<!--
+## Documentation 
+
+_NOTE: This section is optional, but can be used for easy access to any relevant documentation URLs._
+-->
+
+## Links/References
+
+
+
+
+/label ~"group::pipeline execution" ~"Category:Continuous Integration" ~"section::ci" ~"devops::verify" ~"workflow::planning breakdown" ~"needs weight" ~"cicd::planning"
+/milestone %"Backlog"
diff --git a/.gitlab/issue_templates/Pipeline Execution Refinement Spike.md b/.gitlab/issue_templates/Pipeline Execution Refinement Spike.md
new file mode 100644
index 00000000000..38877ad777a
--- /dev/null
+++ b/.gitlab/issue_templates/Pipeline Execution Refinement Spike.md
@@ -0,0 +1,33 @@
+<
+## Author Checklist
+(_NOTE: This section can be removed when the issue is ready for creation_)
+- [ ] Set title to "Spike: Refine "<original issue title>"
+- [ ] Update the slash commands below with the appropriate issue #.
+- [ ] Update the weight slash command to an appropriate value based on the timebox size
+- [ ] Add `~frontend`, `~backend`, or `~documentation` labels as appropriate
+- [ ] Update the expected outcomes if the default ones don't capture everything that should be done in this spike.
+
+/blocks #<original issue>
+/copy_metadata #<original issue>
+
+/label ~"spike" ~"group::pipeline execution" ~"section::ci" ~"devops::verify" ~"workflow::ready for development" ~"cicd::planning"
+/weight ##
+
+## Summary - Why is this spike needed?
+
+## Timebox Expectations
+
+<How much time should be spent on this spike>
+
+## Expected Outcomes
+
+- [ ] Possible cause(s) are determined   
+- [ ] Technical proposal added to #<original issue>
+- [ ] Weight added to #<original issue>
+
+
+## Links/References
+
+
+
+
diff --git a/.gitlab/issue_templates/Pipeline Security issue implementation b/.gitlab/issue_templates/Pipeline Security issue implementation.md
index 72807e98012..72807e98012 100644
--- a/.gitlab/issue_templates/Pipeline Security issue implementation
+++ b/.gitlab/issue_templates/Pipeline Security issue implementation.md
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index 294d699ea2f..9cbb74d10d8 100644
--- a/.gitlab/issue_templates/Security developer workflow.md
+++ b/.gitlab/issue_templates/Security developer workflow.md
@@ -24,6 +24,7 @@ MUST be linked for the release bot to know that the associated merge requests sh
 - [ ] Create a new branch prefixing it with `security-`.
 - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
 - [ ] If this includes a breaking change, make sure to include a mention of it for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
+   * See if the [breaking changes workflow] applies
 
 After your merge request has been approved according to our [approval guidelines] and by a team member of the AppSec team, you're ready to prepare the backports
 
@@ -76,5 +77,6 @@ After your merge request has been approved according to our [approval guidelines
 [approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
 [issue as linked]: https://docs.gitlab.com/ee/user/project/issues/related_issues.html#add-a-linked-issue
 [issue really needs to follow the security release workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#making-sure-the-issue-needs-to-follow-the-security-release-workflow
+[breaking changes workflow]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/far_reaching_impact_fixes_or_breaking_change_fixes.md
 
 /label ~security