Add latest changes from gitlab-org/gitlab@13-3-stable-ee

18 files changed, 294 insertions, 92 deletions

diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 4e2c4aa5c76..7a5516338e8 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -2,13 +2,12 @@
 # project here: https://gitlab.com/gitlab-org/gitlab/-/project_members
 # As described in https://docs.gitlab.com/ee/user/project/code_owners.html
 
-# Backend Maintainers are the default for all ruby files
+[Backend]
 *.rb @gitlab-org/maintainers/rails-backend
 *.rake @gitlab-org/maintainers/rails-backend
 
-# Technical writing team are the default reviewers for all markdown docs
+[Documentation]
 /doc/ @gl-docsteam
-# Doc subpaths
 /doc/administration/monitoring/ @aqualls
 /doc/development/ @marcia @mjang1
 /doc/development/documentation/ @mikelewis
@@ -19,7 +18,127 @@
 /doc/user/project/clusters @aqualls
 /doc/.vale/ @marcel.amirault @eread @aqualls @mikelewis
 
-# Frontend maintainers should see everything in `app/assets/`
+[Docs Create]
+/doc/user/project/merge_requests/allow_collaboration.md @marcia
+/doc/user/project/merge_requests/authorization_for_merge_requests.md @marcia
+/doc/user/project/merge_requests/cherry_pick_changes.md @marcia
+/doc/user/project/merge_requests/creating_merge_requests.md @marcia
+/doc/user/project/merge_requests/fast_forward_merge.md @marcia
+/doc/user/project/merge_requests/getting_started.md @marcia
+/doc/user/project/merge_requests/index.md @marcia
+/doc/user/project/merge_requests/merge_request_approvals.md @marcia
+/doc/user/project/merge_requests/merge_request_dependencies.md @marcia
+/doc/user/project/merge_requests/resolve_conflicts.md @marcia
+/doc/user/project/merge_requests/revert_changes.md @marcia
+/doc/user/project/merge_requests/reviewing_and_managing_merge_requests.md @marcia
+/doc/user/project/merge_requests/squash_and_merge.md @marcia
+/doc/user/project/merge_requests/work_in_progress_merge_requests.md @marcia
+/doc/user/project/repository/file_finder.md @marcia
+/doc/user/project/repository/forking_workflow.md @marcia
+/doc/user/project/repository/git_blame.md @marcia
+/doc/user/project/repository/git_history.md @marcia
+/doc/user/project/repository/index.md @marcia
+/doc/user/project/repository/repository_mirroring.md @marcia
+/doc/user/project/repository/web_editor.md @marcia
+/doc/user/project/autocomplete_characters.md @marcia
+/doc/user/project/badges.md @marcia
+/doc/user/project/code_intelligence.md @marcia
+/doc/user/project/code_owners.md @marcia
+/doc/user/project/file_lock.md @marcia
+/doc/user/project/git_attributes.md @marcia
+/doc/user/project/highlighting.md @marcia
+/doc/user/project/index.md @marcia
+/doc/user/project/protected_branches.md @marcia
+/doc/user/project/protected_tags.md @marcia
+/doc/user/project/push_options.md @marcia
+/doc/user/project/repository/branches/index.md @marcia
+/doc/user/project/repository/gpg_signed_commits/index.md @marcia
+/doc/user/project/repository/jupyter_notebooks/index.md @marcia
+/doc/user/project/repository/x509_signed_commits/index.md @marcia
+/doc/user/project/settings/import_export.md @marcia
+/doc/user/project/settings/index.md @marcia
+/doc/user/project/settings/project_access_tokens.md @marcia
+/doc/user/project/static_site_editor/index.md @marcia
+/doc/user/project/web_ide/index.md @marcia
+/doc/user/project/wiki/index.md @marcia
+/doc/gitlab-basics/README.md @marcia
+/doc/gitlab-basics/add-file.md @marcia
+/doc/gitlab-basics/command-line-commands.md @marcia
+/doc/gitlab-basics/create-branch.md @marcia
+/doc/gitlab-basics/create-project.md @marcia
+/doc/gitlab-basics/create-your-ssh-keys.md @marcia
+/doc/gitlab-basics/feature_branch_workflow.md @marcia
+/doc/gitlab-basics/fork-project.md @marcia
+/doc/gitlab-basics/start-using-git.md @marcia
+/doc/integration/sourcegraph.md @marcia
+/doc/intro/README.md @marcia
+/doc/push_rules/push_rules.md @marcia
+/doc/ssh/README.md @marcia
+/doc/topics/git/feature_branch_development.md @marcia
+/doc/topics/git/how_to_install_git/index.md @marcia
+/doc/topics/git/index.md @marcia
+/doc/topics/git/lfs/index.md @marcia
+/doc/topics/git/lfs/migrate_from_git_annex_to_git_lfs.md @marcia
+/doc/topics/git/numerous_undo_possibilities_in_git/index.md @marcia
+/doc/topics/git/partial_clone.md @marcia
+/doc/topics/git/troubleshooting_git.md @marcia
+/doc/topics/git/useful_git_commands.md @marcia
+/doc/topics/gitlab_flow.md @marcia
+/doc/user/index.md @marcia
+/doc/user/snippets.md @marcia
+/doc/administration/issue_closing_pattern.md @marcia
+/doc/user/asciidoc.md @marcia
+/doc/user/markdown.md @marcia
+/doc/user/search/advanced_global_search.md @marcia
+/doc/user/search/advanced_search_syntax.md @marcia
+/doc/user/search/index.md @marcia
+/doc/administration/file_hooks.md @marcia
+/doc/administration/git_annex.md @marcia
+/doc/administration/git_protocol.md @marcia
+/doc/administration/integration/plantuml.md @marcia
+/doc/administration/invalidate_markdown_cache.md @marcia
+/doc/administration/issue_closing_pattern.md @marcia
+/doc/administration/lfs/index.md @marcia
+/doc/administration/merge_request_diffs.md @marcia
+/doc/administration/repository_checks.md @marcia
+/doc/administration/snippets/index.md @marcia
+/doc/administration/static_objects_external_storage.md @marcia
+/doc/api/access_requests.md @marcia
+/doc/api/branches.md @marcia
+/doc/api/commits.md @marcia
+/doc/api/discussions.md @marcia
+/doc/api/group_wikis.md @marcia
+/doc/api/keys.md @marcia
+/doc/api/markdown.md @marcia
+/doc/api/merge_request_approvals.md @marcia
+/doc/api/merge_request_context_commits.md @marcia
+/doc/api/merge_requests.md @marcia
+/doc/api/project_aliases.md @marcia
+/doc/api/project_badges.md @marcia
+/doc/api/project_import_export.md @marcia
+/doc/api/project_level_variables.md @marcia
+/doc/api/project_snippets.md @marcia
+/doc/api/project_statistics.md @marcia
+/doc/api/project_templates.md @marcia
+/doc/api/project_vulnerabilities.md @marcia
+/doc/api/protected_branches.md @marcia
+/doc/api/protected_tags.md @marcia
+/doc/api/remote_mirrors.md @marcia
+/doc/api/repositories.md @marcia
+/doc/api/repository_files.md @marcia
+/doc/api/repository_submodules.md @marcia
+/doc/api/search.md @marcia
+/doc/api/snippets.md @marcia
+/doc/api/suggestions.md @marcia
+/doc/api/tags.md @marcia
+/doc/api/visual_review_discussions.md @marcia
+/doc/api/wikis.md @marcia
+/doc/user/admin_area/settings/account_and_limit_settings.md @marcia
+/doc/user/admin_area/settings/instance_template_repository.md @marcia
+/doc/user/admin_area/settings/push_event_activities_limit.md @marcia
+/doc/user/admin_area/settings/visibility_and_access_controls.md @marcia
+
+[Frontend]
 *.scss @annabeldunstone @gitlab-org/maintainers/frontend
 *.js @gitlab-org/maintainers/frontend
 /app/assets/ @gitlab-org/maintainers/frontend
@@ -29,7 +148,7 @@
 /spec/frontend/ @gitlab-org/maintainers/frontend
 /ee/spec/frontend/ @gitlab-org/maintainers/frontend
 
-# Database maintainers should review changes in `db/`
+[Database]
 /db/ @gitlab-org/maintainers/database
 /ee/db/ @gitlab-org/maintainers/database
 /lib/gitlab/background_migration/ @gitlab-org/maintainers/database
@@ -41,19 +160,7 @@
 /app/finders/ @gitlab-org/maintainers/database
 /ee/app/finders/ @gitlab-org/maintainers/database
 
-# Feature specific owners
-/ee/lib/ee/gitlab/auth/ldap/ @dblessing @mkozono
-/lib/gitlab/auth/ldap/ @dblessing @mkozono
-/lib/gitlab/ci/templates/ @nolith @dosuken123
-/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
-/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab
-/ee/app/models/project_alias.rb @patrickbajao
-/ee/lib/api/project_aliases.rb @patrickbajao
-
-# Quality owned files
-/qa/ @gl-quality
-
-# Engineering Productivity owned files
+[Engineering Productivity]
 /.gitlab-ci.yml @gl-quality/eng-prod
 /.gitlab/ci/ @gl-quality/eng-prod
 /.gitlab/ci/docs.gitlab-ci.yml @gl-quality/eng-prod @gl-docsteam
@@ -66,16 +173,45 @@ Dangerfile @gl-quality/eng-prod
 /scripts/frontend/ @gl-quality/eng-prod @gitlab-org/maintainers/frontend
 .editorconfig @gl-quality/eng-prod
 
-# Telemetry owner files
-/ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry
-/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/grafana_embed_usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/cycle_analytics/usage_data.rb @gitlab-org/growth/telemetry
-/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry
+[End-to-end]
+/qa/ @gl-quality
+
+[LDAP]
+/ee/lib/ee/gitlab/auth/ldap/ @dblessing @mkozono
+/lib/gitlab/auth/ldap/ @dblessing @mkozono
+
+[Templates]
+/lib/gitlab/ci/templates/ @nolith @dosuken123
+/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml @DylanGriffith @mayra-cabrera @tkuah
+/lib/gitlab/ci/templates/Security/ @plafoucriere @gonzoyumo @twoodham @sethgitlab
+
+[Project Alias]
+/ee/app/models/project_alias.rb @patrickbajao
+/ee/lib/api/project_aliases.rb @patrickbajao
+
+# Secure & Threat Management ownership delineation
+# https://about.gitlab.com/handbook/engineering/development/threat-management/delineate-secure-threat-management.html#technical-boundaries
+[Secure]
+/ee/app/models/vulnerability.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/app/models/security/ @gitlab-org/secure/threat-insights-backend-team
+/ee/app/models/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
+/ee/lib/gitlab/ci/parsers/license_compliance/ @gitlab-org/secure/composition-analysis-be
+/ee/lib/gitlab/ci/parsers/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be
+/ee/lib/gitlab/ci/reports/coverage_fuzzing/ @gitlab-org/secure/fuzzing-be
+/ee/lib/gitlab/ci/reports/dependency_list/ @gitlab-org/secure/composition-analysis-be
+/ee/lib/gitlab/ci/reports/license_scanning/ @gitlab-org/secure/composition-analysis-be
+/ee/lib/gitlab/ci/reports/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be
 
 [Code Owners]
 /ee/lib/gitlab/code_owners.rb @reprazent @kerrizor @garyh
 /ee/lib/gitlab/code_owners/ @reprazent @kerrizor @garyh
 /ee/spec/lib/gitlab/code_owners/ @reprazent @kerrizor @garyh
 /doc/user/project/code_owners.md @reprazent @kerrizor @garyh
+
+[Telemetry]
+/ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry/engineers
+/ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/telemetry/engineers
+/lib/gitlab/grafana_embed_usage_data.rb @gitlab-org/growth/telemetry/engineers
+/lib/gitlab/usage_data.rb @gitlab-org/growth/telemetry/engineers
+/lib/gitlab/cycle_analytics/usage_data.rb @gitlab-org/growth/telemetry/engineers
+/lib/gitlab/usage_data_counters/ @gitlab-org/growth/telemetry/engineers
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index 8745e7d8e9e..62546e59368 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -27,7 +27,7 @@
 review-docs-deploy:
   extends: .review-docs
   script:
-    - ./scripts/trigger-build-docs deploy
+    - ./scripts/trigger-build docs deploy
 
 # Cleanup remote environment of gitlab-docs
 review-docs-cleanup:
@@ -36,7 +36,7 @@ review-docs-cleanup:
     name: review-docs/$DOCS_GITLAB_REPO_SUFFIX-$CI_MERGE_REQUEST_IID
     action: stop
   script:
-    - ./scripts/trigger-build-docs cleanup
+    - ./scripts/trigger-build docs cleanup
 
 docs lint:
   extends:
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index 084a48a7fc6..27f56cd8667 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -11,7 +11,7 @@
   extends:
     - .frontend-base
     - .assets-compile-cache
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-git-2.27-lfs-2.9-node-12.x-yarn-1.21-graphicsmagick-1.3.34
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-git-2.28-lfs-2.9-node-12.x-yarn-1.21-graphicsmagick-1.3.34
   variables:
     WEBPACK_VENDOR_DLL: "true"
   stage: prepare
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 3101a42c058..238059bf972 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -64,39 +64,39 @@
     policy: pull
 
 .use-pg11:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.28-lfs-2.9-chrome-84-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
   services:
     - name: postgres:11.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:alpine
+    - name: redis:4.0-alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg12:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.28-lfs-2.9-chrome-84-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34"
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:alpine
+    - name: redis:4.0-alpine
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg11-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.28-lfs-2.9-chrome-84-node-12.x-yarn-1.21-postgresql-11-graphicsmagick-1.3.34"
   services:
     - name: postgres:11.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:alpine
+    - name: redis:4.0-alpine
     - name: elasticsearch:6.4.2
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg12-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.27-lfs-2.9-chrome-83-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34"
+  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.6.6-golang-1.14-git-2.28-lfs-2.9-chrome-84-node-12.x-yarn-1.21-postgresql-12-graphicsmagick-1.3.34"
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-    - name: redis:alpine
+    - name: redis:4.0-alpine
     - name: elasticsearch:6.4.2
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
diff --git a/.gitlab/ci/notify.gitlab-ci.yml b/.gitlab/ci/notify.gitlab-ci.yml
new file mode 100644
index 00000000000..fcdd5ee97d2
--- /dev/null
+++ b/.gitlab/ci/notify.gitlab-ci.yml
@@ -0,0 +1,23 @@
+.notify-slack:
+  image: alpine
+  stage: notify
+  dependencies: []
+  cache: {}
+  before_script:
+    - apk update && apk add git curl bash
+
+notify-update-gitaly:
+  extends:
+    - .notify-slack
+  rules:
+    - if: '$CI_MERGE_REQUEST_IID && $CI_COMMIT_BRANCH == $GITALY_UPDATE_BRANCH'
+      when: on_failure
+      allow_failure: true
+  variables:
+    NOTIFY_CHANNEL: g_create_gitaly
+    GITALY_UPDATE_BRANCH: release-tools/update-gitaly
+    MERGE_REQUEST_URL: ${CI_MERGE_REQUEST_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}
+  script:
+    - echo "NOTIFY_CHANNEL is ${NOTIFY_CHANNEL}"
+    - echo "CI_PIPELINE_URL is ${CI_PIPELINE_URL}"
+    - scripts/slack ${NOTIFY_CHANNEL} "☠️ \`${GITALY_UPDATE_BRANCH}\` failed! ☠️ See ${CI_PIPELINE_URL} (triggered from ${MERGE_REQUEST_URL})" ci_failing
diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml
index 9a81ea513b7..96a8f093fea 100644
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -59,6 +59,10 @@ package-and-qa:
   extends:
     - .package-and-qa-base
     - .qa:rules:package-and-qa
+  # This job often times out, so temporarily use private runners and a long timeout: https://gitlab.com/gitlab-org/gitlab/-/issues/238563
+  tags:
+    - prm
+  timeout: 4h
   needs:
     - job: build-qa-image
       artifacts: false
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 4cef4ee26ff..0b54626f690 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -70,7 +70,6 @@
     - run_timed_command "scripts/gitaly-test-build"
     - run_timed_command "scripts/gitaly-test-spawn"
     - source scripts/rspec_helpers.sh
-    - scripts/prepare_postgres_fdw.sh
     - rspec_paralellized_job "--tag ~quarantine --tag geo"
 
 .rspec-ee-base-geo-pg11:
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 228747ae8d3..b9f81f2eb0f 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -15,7 +15,7 @@ code_quality:
   stage: test
   needs: []
   variables:
-    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.10"
+    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.10-gitlab.1"
   script:
     - |
       if ! docker info &>/dev/null; then
@@ -58,7 +58,7 @@ code_quality:
     SAST_ANALYZER_IMAGE_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
     SAST_ANALYZER_IMAGE_TAG: 2
     SAST_BRAKEMAN_LEVEL: 2  # GitLab-specific
-    SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec  # GitLab-specific
+    SAST_EXCLUDED_PATHS: qa,spec,doc,ee/spec,config/gitlab.yml.example  # GitLab-specific
     SAST_DISABLE_BABEL: "true"
   script:
     - /analyzer run
@@ -150,35 +150,35 @@ dependency_scanning:
 ## We need to duplicate this job's definition because it seems it's impossible to
 ## override an included `only.refs`.
 ## See https://gitlab.com/gitlab-org/gitlab/issues/31371.
-#dast:
-#  extends:
-#    - .default-retry
-#    - .reports:rules:dast
-#  # This is needed so that manual jobs with needs don't block the pipeline.
-#  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
-#  dependencies: ["review-deploy"]
-#  stage: qa  # GitLab-specific
-#  image:
-#    name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
-#  variables:
-#    # To be done in a later iteration
-#    # DAST_USERNAME: "root"
-#    # DAST_USERNAME_FIELD: "user[login]"
-#    # DAST_PASSWORD_FIELD: "user[passowrd]"
-#    DAST_VERSION: 1
-#  script:
-#    - 'export DAST_WEBSITE="${DAST_WEBSITE:-$(cat environment_url.txt)}"'
-#    # To be done in a later iteration
-#    # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"'
-#    # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"'
-#    - /analyze -t $DAST_WEBSITE
-#  timeout: 4h
-#  artifacts:
-#    paths:
-#      - gl-dast-report.json  # GitLab-specific
-#    reports:
-#      dast: gl-dast-report.json
-#    expire_in: 1 week  # GitLab-specific
+# dast:
+#   extends:
+#     - .default-retry
+#     - .reports:rules:dast
+#   # This is needed so that manual jobs with needs don't block the pipeline.
+#   # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
+#   dependencies: ["review-deploy"]
+#   stage: qa  # GitLab-specific
+#   image:
+#     name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
+#   variables:
+#     # To be done in a later iteration
+#     # DAST_USERNAME: "root"
+#     # DAST_USERNAME_FIELD: "user[login]"
+#     # DAST_PASSWORD_FIELD: "user[passowrd]"
+#     DAST_VERSION: 1
+#   script:
+#     - 'export DAST_WEBSITE="${DAST_WEBSITE:-$(cat environment_url.txt)}"'
+#     # To be done in a later iteration
+#     # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"'
+#     # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"'
+#     - /analyze -t $DAST_WEBSITE
+#   timeout: 4h
+#   artifacts:
+#     paths:
+#       - gl-dast-report.json  # GitLab-specific
+#     reports:
+#       dast: gl-dast-report.json
+#     expire_in: 1 week  # GitLab-specific
 
 # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
 # schedule:dast:
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index f508bfa1465..839a06862b2 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -125,6 +125,7 @@
 .db-patterns: &db-patterns
   - "{,ee/}{,spec/}{db,migrations}/**/*"
   - "{,ee/}{,spec/}lib/{,ee/}gitlab/background_migration/**/*"
+  - "config/prometheus/common_metrics.yml" # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer
 
 .backstage-patterns: &backstage-patterns
   - "Dangerfile"
diff --git a/.gitlab/issue_templates/Doc Review.md b/.gitlab/issue_templates/Doc Review.md
index 5b470ed7c75..bd3843ac5cd 100644
--- a/.gitlab/issue_templates/Doc Review.md
+++ b/.gitlab/issue_templates/Doc Review.md
@@ -3,7 +3,7 @@
 
 <!-- NOTE: Please add a DevOps stage label (format `devops:<stage_name>`)
      and assign the technical writer who is
-     [listed for that stage](https://about.gitlab.com/handbook/product/categories/#devops-stages). -->
+     [listed for that stage](https://about.gitlab.com/handbook/product/product-categories/#devops-stages). -->
 
 
 ## References
diff --git a/.gitlab/issue_templates/Documentation.md b/.gitlab/issue_templates/Documentation.md
index 43ee7cd448b..f05d7049b7f 100644
--- a/.gitlab/issue_templates/Documentation.md
+++ b/.gitlab/issue_templates/Documentation.md
@@ -24,7 +24,7 @@
 * Any concepts, procedures, reference info we could add to make it easier to successfully use GitLab?
 * Include use cases, benefits, and/or goals for this work.
 * If adding content: What audience is it intended for? (What roles and scenarios?)
-  For ideas, see personas at https://design.gitlab.com/research/personas or the persona labels at
+  For ideas, see personas at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ or the persona labels at
   https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=persona%3A
 -->
 
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index 7cb8871f5bc..69053b396a4 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md
@@ -12,7 +12,7 @@ Remove the `:feature_name` feature flag ...
 
 ## Expectations
 
-### What are we expecting to happen?
+### What are we expecting to happen?
 
 ### What might happen if this goes wrong?
 
diff --git a/.gitlab/issue_templates/Feature proposal.md b/.gitlab/issue_templates/Feature proposal.md
index 589310b4cef..4e894b8ce80 100644
--- a/.gitlab/issue_templates/Feature proposal.md
+++ b/.gitlab/issue_templates/Feature proposal.md
@@ -1,8 +1,8 @@
-<!-- The first four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
+<!-- The first four sections: "Problem to solve", "Intended users", "User experience goal", and "Proposal", are strongly recommended, while the rest of the sections can be filled out during the problem validation or breakdown phase. However, keep in mind that providing complete and relevant information early helps our product team validate the problem and start working on a solution. -->
 
 ### Problem to solve
 
-<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
+<!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
 
 ### Intended users
 
@@ -78,7 +78,7 @@ See the test engineering planning process and reach out to your counterpart Soft
 
 ### What is the type of buyer?
 
-<!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/
+<!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/
 In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers -->
 
 ### Is this a cross-stage feature?
@@ -87,4 +87,7 @@ In which enterprise tier should this feature go? See https://about.gitlab.com/ha
 
 ### Links / references
 
+<!--  Label reminders - you should have one of each of the following labels if you can figure out the correct ones -->
+/label ~devops:: ~group: ~Category:
+
 /label ~feature
diff --git a/.gitlab/issue_templates/QA Failure.md b/.gitlab/issue_templates/QA Failure.md
index 2a8b1b2d2f9..772f363ae31 100644
--- a/.gitlab/issue_templates/QA Failure.md
+++ b/.gitlab/issue_templates/QA Failure.md
@@ -68,10 +68,10 @@ a nightly pipeline, select ~"found:nightly".
 
 <!--
 https://about.gitlab.com/handbook/engineering/quality/guidelines/#priorities:
-- ~P1: Tests that are needed to verify fundamental GitLab functionality.
-- ~P2: Tests that deal with external integrations which may take a longer time to debug and fix.
+- ~P::1: Tests that are needed to verify fundamental GitLab functionality.
+- ~P::2: Tests that deal with external integrations which may take a longer time to debug and fix.
 -->
-/label ~P
+/label ~P::
 
-<!-- Select the current milestone if ~P1 or the next milestone if ~P2. -->
+<!-- Select the current milestone if ~P::1 or the next milestone if ~P::2. -->
 /milestone %
diff --git a/.gitlab/issue_templates/Refactoring.md b/.gitlab/issue_templates/Refactoring.md
index cd0ce8486f0..d9466185ff7 100644
--- a/.gitlab/issue_templates/Refactoring.md
+++ b/.gitlab/issue_templates/Refactoring.md
@@ -38,4 +38,12 @@ If you are aware of tests that need to be written or adjusted apart from unit te
 please list them here.
 -->
 
-/label ~backstage
+<!--
+Please select the appropriate label from the following:
+    ~"feature::addition"
+    ~"feature::maintenance"
+    ~"tooling::pipelines"
+    ~"tooling::workflow"
+-->
+
+/label ~"feature::maintenance"
diff --git a/.gitlab/issue_templates/Security Release.md b/.gitlab/issue_templates/Security Release Tracking Issue.md
index b06f31f0e9a..d2de7462ecb 100644
--- a/.gitlab/issue_templates/Security Release.md
+++ b/.gitlab/issue_templates/Security Release Tracking Issue.md
@@ -8,12 +8,6 @@ Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
 
 -------
 
-## Releases tasks
-
-- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/release-manager.md
-- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
-- https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/security-engineer.md
-
 ## Version issues:
 
 12.2.X, 12.1.X, 12.0.X: {release task link}
@@ -25,11 +19,15 @@ your security issues as related to this release tracking issue. You can do this
 in the "Linked issues" section below this issue description.
 
 :warning: If your security issues are not marked as related to this release
-tracking issue, their merge requests may not be included in the security
+tracking issue, their merge requests will not be included in the security
 release.
 
-## QA
-{QA issue link}
+### Branches to target in GitLab Security
+
+Your Security Implementation Issue should have `4` merge requests associated:
+
+- [master and 3 backports](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#backports)
+- Backports should target the stable branches for the versions mentioned included in this Security Release
 
 ## Blog post
 
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index 7de137bd2e2..d21da6a161b 100644
--- a/.gitlab/issue_templates/Security developer workflow.md
+++ b/.gitlab/issue_templates/Security developer workflow.md
@@ -28,8 +28,8 @@ After your merge request has been approved according to our [approval guidelines
    * You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
 - [ ] Create each MR targeting the stable branch `X-Y-stable`, using the [Security Release merge request template].
    * Every merge request will have its own set of TODOs, so make sure to complete those.
-- [ ] On the "Related merge requests" section, ensure all MRs are linked to this issue.
-   * This section should only list the merge requests created for this issue: One targeting `master` and the 3 backports.
+- [ ] On the "Related merge requests" section, ensure that `4` merge requests are associated: The one targeting `master` and the `3` backports.
+- [ ] If this issue requires less than `4` merge requests, post a message on the Security Release Tracking Issue and ping the Release Managers.
 
 ## Documentation and final details
 
@@ -53,7 +53,7 @@ After your merge request has been approved according to our [approval guidelines
 | Description | Details | Further details|
 | -------- | -------- | -------- |
 | Versions affected | X.Y  | |
-| GitLab EE only | Yes/No | | 
+| GitLab EE only | Yes/No | |
 | Upgrade notes | | |
 | GitLab Settings updated | Yes/No| |
 | Migration required | Yes/No | |
@@ -62,7 +62,6 @@ After your merge request has been approved according to our [approval guidelines
 [security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
 [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/utilities/secpick_script.md
 [security Release merge request template]: https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Release.md
-[code review process]: https://docs.gitlab.com/ee/development/code_review.html
 [approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
 [issue as related]: https://docs.gitlab.com/ee/user/project/issues/related_issues.html#adding-a-related-issue
 
diff --git a/.gitlab/issue_templates/actionable_insight.md b/.gitlab/issue_templates/actionable_insight.md
new file mode 100644
index 00000000000..08fbb30001c
--- /dev/null
+++ b/.gitlab/issue_templates/actionable_insight.md
@@ -0,0 +1,31 @@
+## Actionable Insights
+Actionable insights always have a follow-up action that needs to take place as a result of the research observation or data, and a clear recommendation or action associated with it. An actionable insight both defines the insight and clearly calls out the next step. These insights are tracked over time.
+
+#### Link
+
+- [ ] Provide the link to the Dovetail actionable insight you created earlier (this should contain all the essential details)
+- [ ] If applicable, link this actionable insight issue back to the original Research Issue in the GitLab UX Research project
+
+#### Assign
+
+- [ ] Assign this issue to the appropriate Product Manager, Product Designer, or UX Researcher
+
+#### Description
+
+- [ ] Provide some brief detials on the actionable insight and the action to take
+
+-------------------------------------------------------------------------------
+
+|   |  PLEASE COMPLETE THE BELOW  |
+| ------ | ------ |
+| Dovetail link: | (URL goes here) |
+| Details: | (details go here) |
+| Action to take: | (action goes here) |
+
+
+
+
+
+
+
+ ~"Actionable Insight"