Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-11 03:11:52 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2023-10-11 03:11:52 +0300
commit: 29b547f00429a063b266f6e6e478bba92c6a167a (patch)
tree: 5fbb39c281630f5c140c132b8a8894df1e92a516
parent: 5f722a35635ac0a883d17ed6173cbebdb9a87477 (diff)
29 files changed, 143 insertions, 112 deletions
diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index 9648edf91f6..96dbc00209e 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-801a942f21de22cf8ca8f59cca00175deafe7654
+6d87b1c993a78c6a2ba8d229b42967f22bd0cda0
diff --git a/app/assets/javascripts/observability/client.js b/app/assets/javascripts/observability/client.js
index 6c8156f2943..afdc4a7d55e 100644
--- a/app/assets/javascripts/observability/client.js
+++ b/app/assets/javascripts/observability/client.js
@@ -140,7 +140,7 @@ function filterObjToQueryParams(filterObj) {
       let value = rawValue;
       if (filterName === 'durationMs') {
         // converting durationMs to duration_nano
-        value *= 1000;
+        value *= 1000000;
       }
 
       if (paramName && value) {
diff --git a/app/controllers/concerns/enforces_two_factor_authentication.rb b/app/controllers/concerns/enforces_two_factor_authentication.rb
index 539feb3cf1c..24475909b62 100644
--- a/app/controllers/concerns/enforces_two_factor_authentication.rb
+++ b/app/controllers/concerns/enforces_two_factor_authentication.rb
@@ -73,7 +73,7 @@ module EnforcesTwoFactorAuthentication
   end
 
   def skip_two_factor?
-    session[:skip_two_factor] && session[:skip_two_factor] > Time.current
+    session[:skip_two_factor] && session[:skip_two_factor].future?
   end
 
   def two_factor_verifier
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb
index 3a29c8f68cf..d2cf9058976 100644
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@@ -1091,7 +1091,7 @@ module Ci
     end
 
     def has_expiring_artifacts?
-      artifacts_expire_at.present? && artifacts_expire_at > Time.current
+      artifacts_expire_at.present? && artifacts_expire_at.future?
     end
 
     def job_jwt_variables
diff --git a/app/models/ci/job_artifact.rb b/app/models/ci/job_artifact.rb
index 3f9d8f07b06..2a346f97958 100644
--- a/app/models/ci/job_artifact.rb
+++ b/app/models/ci/job_artifact.rb
@@ -310,7 +310,7 @@ module Ci
     end
 
     def expiring?
-      expire_at.present? && expire_at > Time.current
+      expire_at.present? && expire_at.future?
     end
 
     def expire_in
diff --git a/app/models/system/broadcast_message.rb b/app/models/system/broadcast_message.rb
index 332baea4449..06f0115ade6 100644
--- a/app/models/system/broadcast_message.rb
+++ b/app/models/system/broadcast_message.rb
@@ -125,7 +125,7 @@ module System
     end
 
     def future?
-      starts_at > Time.current
+      starts_at.future?
     end
 
     def now_or_future?
diff --git a/app/workers/run_pipeline_schedule_worker.rb b/app/workers/run_pipeline_schedule_worker.rb
index dab92e16ee3..61ef7494d38 100644
--- a/app/workers/run_pipeline_schedule_worker.rb
+++ b/app/workers/run_pipeline_schedule_worker.rb
@@ -22,7 +22,7 @@ class RunPipelineScheduleWorker # rubocop:disable Scalability/IdempotentWorker
     options.symbolize_keys!
 
     if options[:scheduling]
-      return if schedule.next_run_at > Time.current
+      return if schedule.next_run_at.future?
 
       update_next_run_at_for(schedule)
     end
diff --git a/config/feature_flags/development/fast_forward_merge_trains_support.yml b/config/feature_flags/development/fast_forward_merge_trains_support.yml
index 0e951c42680..9c814bb658e 100644
--- a/config/feature_flags/development/fast_forward_merge_trains_support.yml
+++ b/config/feature_flags/development/fast_forward_merge_trains_support.yml
@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/282442
 milestone: '16.1'
 type: development
 group: group::pipeline execution
-default_enabled: false
+default_enabled: true
diff --git a/db/migrate/20220602130306_add_namespace_type_index.rb b/db/migrate/20220602130306_add_namespace_type_index.rb
index b20f36b3278..14e017c1dc8 100644
--- a/db/migrate/20220602130306_add_namespace_type_index.rb
+++ b/db/migrate/20220602130306_add_namespace_type_index.rb
@@ -5,9 +5,11 @@ class AddNamespaceTypeIndex < Gitlab::Database::Migration[2.0]
 
   INDEX_NAME = 'index_groups_on_parent_id_id'
 
+  # rubocop:disable Migration/PreventIndexCreation
   def up
     add_concurrent_index :namespaces, [:parent_id, :id], where: "type = 'Group'", name: INDEX_NAME
   end
+  # rubocop:enable Migration/PreventIndexCreation
 
   def down
     remove_concurrent_index_by_name(:namespaces, INDEX_NAME)
diff --git a/db/post_migrate/20220530082653_add_traversal_id_type_group_index.rb b/db/post_migrate/20220530082653_add_traversal_id_type_group_index.rb
index 00d997e1f52..e8080bc89dc 100644
--- a/db/post_migrate/20220530082653_add_traversal_id_type_group_index.rb
+++ b/db/post_migrate/20220530082653_add_traversal_id_type_group_index.rb
@@ -5,9 +5,11 @@ class AddTraversalIdTypeGroupIndex < Gitlab::Database::Migration[2.0]
 
   disable_ddl_transaction!
 
+  # rubocop:disable Migration/PreventIndexCreation
   def up
     add_concurrent_index :namespaces, :traversal_ids, using: :btree, where: "type='Group'", name: INDEX_NAME
   end
+  # rubocop:enable Migration/PreventIndexCreation
 
   def down
     remove_concurrent_index_by_name :namespaces, INDEX_NAME
diff --git a/db/post_migrate/20230110172751_add_partial_index_on_group_path_id.rb b/db/post_migrate/20230110172751_add_partial_index_on_group_path_id.rb
index c04b71835a2..2135f241fd1 100644
--- a/db/post_migrate/20230110172751_add_partial_index_on_group_path_id.rb
+++ b/db/post_migrate/20230110172751_add_partial_index_on_group_path_id.rb
@@ -5,9 +5,11 @@ class AddPartialIndexOnGroupPathId < Gitlab::Database::Migration[2.1]
 
   INDEX_NAME = :index_groups_on_path_and_id
 
+  # rubocop:disable Migration/PreventIndexCreation
   def up
     add_concurrent_index :namespaces, [:path, :id], where: "type = 'Group'", name: INDEX_NAME
   end
+  # rubocop:enable Migration/PreventIndexCreation
 
   def down
     remove_concurrent_index_by_name :namespaces, INDEX_NAME
diff --git a/db/post_migrate/20230420120431_create_namespaces_by_top_level_namespace_index.rb b/db/post_migrate/20230420120431_create_namespaces_by_top_level_namespace_index.rb
index f9fe6d4a16c..37af68ac68e 100644
--- a/db/post_migrate/20230420120431_create_namespaces_by_top_level_namespace_index.rb
+++ b/db/post_migrate/20230420120431_create_namespaces_by_top_level_namespace_index.rb
@@ -5,9 +5,11 @@ class CreateNamespacesByTopLevelNamespaceIndex < Gitlab::Database::Migration[2.1
 
   INDEX_NAME = 'index_on_namespaces_namespaces_by_top_level_namespace'
 
+  # rubocop:disable Migration/PreventIndexCreation
   def up
     add_concurrent_index :namespaces, '(traversal_ids[1]), type, id', name: INDEX_NAME
   end
+  # rubocop:enable Migration/PreventIndexCreation
 
   def down
     remove_concurrent_index_by_name :namespaces, INDEX_NAME
diff --git a/db/post_migrate/20230614182049_add_index_to_namespaces_organization_id.rb b/db/post_migrate/20230614182049_add_index_to_namespaces_organization_id.rb
index edbb0a8b953..c7eeb7a8915 100644
--- a/db/post_migrate/20230614182049_add_index_to_namespaces_organization_id.rb
+++ b/db/post_migrate/20230614182049_add_index_to_namespaces_organization_id.rb
@@ -9,9 +9,11 @@ class AddIndexToNamespacesOrganizationId < Gitlab::Database::Migration[2.1]
   # This index was added on GitLab SaaS in
   # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/120822
 
+  # rubocop:disable Migration/PreventIndexCreation
   def up
     add_concurrent_index TABLE, :organization_id, name: INDEX_NAME
   end
+  # rubocop:enable Migration/PreventIndexCreation
 
   def down
     remove_concurrent_index_by_name TABLE, INDEX_NAME
diff --git a/doc/administration/dedicated/index.md b/doc/administration/dedicated/index.md
index 107c6fc9108..2889fb9b389 100644
--- a/doc/administration/dedicated/index.md
+++ b/doc/administration/dedicated/index.md
@@ -43,7 +43,7 @@ The following stages guide you through a series of four steps to provide the inf
    - If you need to make changes to these attributes, [submit a support ticket](https://support.gitlab.com/hc/en-us/requests/new?ticket_form_id=4414917877650).
 1. Tenant configuration: Provides the minimum required information needed to create your GitLab Dedicated tenant:
    - Desired instance subdomain: The main domain for GitLab Dedicated instances is `gitlab-dedicated.com`. You choose the subdomain name where your instance is accessible from. For example, `customer_name.gitlab-dedicated.com`.
-   - Desired primary region: Primary AWS region in which your data is stored. Note the [unavailable AWS regions](../../subscriptions/gitlab_dedicated/index.md#unavailable-aws-regions).
+   - Desired primary region: Primary AWS region in which your data is stored. Note the [available AWS regions](../../subscriptions/gitlab_dedicated/index.md#available-aws-regions).
    - Desired secondary region: Secondary AWS region in which your data is stored. This region is used to recover your GitLab Dedicated instance in case of a disaster.
    - Desired backup region: An AWS region where the primary backups of your data are replicated. This can be the same as the primary or secondary region, or different.
    - Desired maintenance window: A weekly four-hour time slot that GitLab uses to perform routine maintenance and upgrade operations on all tenant instances. For more information, see [maintenance windows](#maintenance-window).
diff --git a/doc/administration/package_information/supported_os.md b/doc/administration/package_information/supported_os.md
index 4bc1861a22b..2064ee2a8e2 100644
--- a/doc/administration/package_information/supported_os.md
+++ b/doc/administration/package_information/supported_os.md
@@ -27,6 +27,7 @@ architecture.
 | CentOS 7                                                     | GitLab CE / GitLab EE 7.10.0   | x86_64          | [CentOS Install Documentation](https://about.gitlab.com/install/#centos-7) | June 2024  | <https://wiki.centos.org/About/Product>                      |
 | Debian 10                                                    | GitLab CE / GitLab EE 12.2.0   | amd64, arm64    | [Debian Install Documentation](https://about.gitlab.com/install/#debian) | 2024       | <https://wiki.debian.org/LTS>                                |
 | Debian 11                                                    | GitLab CE / GitLab EE 14.6.0   | amd64, arm64    | [Debian Install Documentation](https://about.gitlab.com/install/#debian) | 2026       | <https://wiki.debian.org/LTS>                                |
+| Debian 12                                                   | GitLab CE / GitLab EE 16.1.0   | amd64, arm64    | [Debian Install Documentation](https://about.gitlab.com/install/#debian) | TBD       | <https://wiki.debian.org/LTS>                                |
 | OpenSUSE 15.4                                                | GitLab CE / GitLab EE 15.7.0   | x86_64, aarch64 | [OpenSUSE Install Documentation](https://about.gitlab.com/install/#opensuse-leap) | Nov 2023   | <https://en.opensuse.org/Lifetime>                           |
 | OpenSUSE 15.5                                                | GitLab CE / GitLab EE 16.4.0   | x86_64, aarch64 | [OpenSUSE Install Documentation](https://about.gitlab.com/install/#opensuse-leap) | Dec 2024   | <https://en.opensuse.org/Lifetime>                           |
 | RHEL 8                                                       | GitLab CE / GitLab EE 12.8.1   | x86_64, arm64   | [Use CentOS Install Documentation](https://about.gitlab.com/install/#centos-7) | May 2029   | [RHEL Details](https://access.redhat.com/support/policy/updates/errata/#Life_Cycle_Dates) |
diff --git a/doc/ci/pipelines/merge_trains.md b/doc/ci/pipelines/merge_trains.md
index d7f03490c68..80069fe37f6 100644
--- a/doc/ci/pipelines/merge_trains.md
+++ b/doc/ci/pipelines/merge_trains.md
@@ -6,6 +6,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Merge trains **(PREMIUM ALL)**
 
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/282442) support for [fast-forward](../../user/project/merge_requests/methods/index.md#fast-forward-merge) and [semi-linear](../../user/project/merge_requests/methods/index.md#merge-commit-with-semi-linear-history) merge methods in GitLab 16.5 [with a flag](../../administration/feature_flags.md) named `fast_forward_merge_trains_support`. The flag is enabled on GitLab.com and enabled by default on self-managed GitLab.
+
 NOTE:
 [In GitLab 16.0 and later](https://gitlab.com/gitlab-org/gitlab/-/issues/359057), the **Start merge train**
 and **Start merge train when pipeline succeeds** buttons became **Set to auto-merge**.
@@ -19,9 +21,6 @@ might conflict with each other. [Merged results pipelines](merged_results_pipeli
 ensure the changes work with the content in the default branch, but not content
 that others are merging at the same time.
 
-Merge trains do not work with [Semi-linear history merge requests](../../user/project/merge_requests/methods/index.md#merge-commit-with-semi-linear-history)
-or [fast-forward merge requests](../../user/project/merge_requests/methods/index.md#fast-forward-merge).
-
 For more information about:
 
 - How merge trains work, review the [merge train workflow](#merge-train-workflow).
diff --git a/doc/ci/testing/fail_fast_testing.md b/doc/ci/testing/fail_fast_testing.md
index 733c190616c..d47053fa971 100644
--- a/doc/ci/testing/fail_fast_testing.md
+++ b/doc/ci/testing/fail_fast_testing.md
@@ -12,7 +12,7 @@ For applications that use RSpec for running tests, we've introduced the `Verify/
 [template to run subsets of your test suite](https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Verify/FailFast.gitlab-ci.yml),
 based on the changes in your merge request.
 
-The template uses the [`test_file_finder` (`tff`) gem](https://gitlab.com/gitlab-org/ci-cd/test_file_finder/)
+The template uses the [`test_file_finder` (`tff`) gem](https://gitlab.com/gitlab-org/ruby/gems/test_file_finder)
 that accepts a list of files as input, and returns a list of spec (test) files
 that it believes to be relevant to the input files.
 
diff --git a/doc/development/pipelines/index.md b/doc/development/pipelines/index.md
index cc0cfafa01d..2266bdbe459 100644
--- a/doc/development/pipelines/index.md
+++ b/doc/development/pipelines/index.md
@@ -66,14 +66,14 @@ To identify the RSpec tests that are likely to fail in a merge request, we use *
 
 ##### Static mappings
 
-We use the [`test_file_finder` gem](https://gitlab.com/gitlab-org/ci-cd/test_file_finder), with a static mapping maintained in the [`tests.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/tests.yml) for special cases that cannot
+We use the [`test_file_finder` gem](https://gitlab.com/gitlab-org/ruby/gems/test_file_finder), with a static mapping maintained in the [`tests.yml` file](https://gitlab.com/gitlab-org/gitlab/-/blob/master/tests.yml) for special cases that cannot
   be mapped via coverage tracing ([see where it's used](https://gitlab.com/gitlab-org/gitlab/-/blob/5ab06422826c0d69c615655982a6f969a7f3c6ea/tooling/lib/tooling/find_tests.rb#L17)).
 
 The test mappings contain a map of each source files to a list of test files which is dependent of the source file.
 
 ##### Dynamic mappings
 
-First, we use the [`test_file_finder` gem](https://gitlab.com/gitlab-org/ci-cd/test_file_finder), with a dynamic mapping strategy from test coverage tracing (generated via the [`Crystalball` gem](https://github.com/toptal/crystalball))
+First, we use the [`test_file_finder` gem](https://gitlab.com/gitlab-org/ruby/gems/test_file_finder), with a dynamic mapping strategy from test coverage tracing (generated via the [`Crystalball` gem](https://github.com/toptal/crystalball))
   ([see where it's used](https://gitlab.com/gitlab-org/gitlab/-/blob/master/tooling/lib/tooling/find_tests.rb#L20)).
 
 In addition to `test_file_finder`, we have added several advanced mappings to detect even more tests to run:
diff --git a/doc/subscriptions/gitlab_dedicated/index.md b/doc/subscriptions/gitlab_dedicated/index.md
index f44dda53b92..1e191539c30 100644
--- a/doc/subscriptions/gitlab_dedicated/index.md
+++ b/doc/subscriptions/gitlab_dedicated/index.md
@@ -9,7 +9,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 GitLab Dedicated is a fully isolated, single-tenant SaaS service that is:
 
 - Hosted and managed by GitLab, Inc.
-- Deployed on AWS in a cloud region of your choice. See [unavailable AWS regions](#unavailable-aws-regions).
+- Deployed on AWS in a cloud region of your choice. See [available AWS regions](#available-aws-regions).
 
 GitLab Dedicated removes the overhead of platform management to increase your operational efficiency, reduce risk, and enhance the speed and agility of your organization. Each GitLab Dedicated instance is highly available with disaster recovery and deployed into the cloud region of your choice. GitLab teams fully manage the maintenance and operations of each isolated instance, so customers can access our latest product improvements while meeting the most complex compliance standards.
 
@@ -19,7 +19,7 @@ It's the offering of choice for enterprises and organizations in highly regulate
 
 ### Data residency
 
-GitLab Dedicated allows you to select the cloud region where your data will be stored. Upon [onboarding](../../administration/dedicated/index.md#onboarding-to-gitlab-dedicated-using-switchboard), choose the cloud region where you want to deploy your Dedicated instance. Some AWS regions have limited features and as a result, we are not able to deploy production instances to those regions. See below for the [list of unavailable AWS regions](#unavailable-aws-regions).
+GitLab Dedicated allows you to select the cloud region where your data will be stored. Upon [onboarding](../../administration/dedicated/index.md#onboarding-to-gitlab-dedicated-using-switchboard), choose the cloud region where you want to deploy your Dedicated instance. Some AWS regions have limited features and as a result, we are not able to deploy production instances to those regions. See below for the [list of available AWS regions](#available-aws-regions).
 
 ### Availability and scalability
 
@@ -29,7 +29,7 @@ GitLab Dedicated leverages the GitLab [Cloud Native Hybrid reference architectur
 
 When [onboarding](../../administration/dedicated/index.md#onboarding-to-gitlab-dedicated-using-switchboard) to GitLab Dedicated, you can provide a Secondary AWS region in which your data is stored. This region is used to recover your GitLab Dedicated instance in case of a disaster. Regular backups of all GitLab Dedicated datastores (including Database and Git repositories) are taken and tested regularly and stored in your desired secondary region. GitLab Dedicated also provides the ability to store copies of these backups in a separate cloud region of choice for greater redundancy.
 
-For more information, read about the [recovery plan for GitLab Dedicated](https://about.gitlab.com/handbook/engineering/infrastructure/team/gitlab-dedicated/slas/#disaster-recovery-plan) as well as RPO and RTO targets. These targets are available only when both the primary and secondary regions are supported by GitLab Dedicated. See below for a [list of unavailable AWS regions](#unavailable-aws-regions) for GitLab Dedicated.
+For more information, read about the [recovery plan for GitLab Dedicated](https://about.gitlab.com/handbook/engineering/infrastructure/team/gitlab-dedicated/slas/#disaster-recovery-plan) as well as RPO and RTO targets. These targets are available only when both the primary and secondary regions are supported by GitLab Dedicated. See below for a [list of available AWS regions](#available-aws-regions) for GitLab Dedicated.
 
 ### Security
 
@@ -145,31 +145,19 @@ The following operational features are not available:
 - Observability Dashboard using Switchboard
 - Pre-Production Instance
 
-### Unavailable AWS regions
-
-The following is an incomplete list of unavailable AWS regions. Regions must support `io2` volumes and meet other requirements. GitLab team members can view our evaluation of additional
-regions in this confidential issue: `https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/1405`.
-
-Contact [GitLab Support](https://about.gitlab.com/support/) if you have any questions.
-
-- Jakarta (`ap-southeast-3`)
-- Bahrain (`me-south-1`)
-- Hong Kong (`ap-east-1`)
-- Cape Town (`af-south-1`)
-- Milan (`eu-south-1`)
-- Paris (`eu-west-3`)
-- Zurich (`eu-central-2`)
-- GovCloud (US-East) (`us-gov-east-1`)
-- GovCloud (US-West) (`us-gov-west-1`)
-- Melbourne (`ap-southeast-4`)
-- Hyderabad (`ap-south-2`)
-- Osaka (`ap-northeast-3`)
-- Beijing (`cn-north-1`)
-- Ningxia (`cn-northwest-1`)
-- Spain (`eu-south-2`)
-- Tel Aviv (`il-central-1`)
-- UAE (`me-central-1`)
-- São Paulo (`sa-east-1`)
+### Available AWS regions
+
+The following is a list of AWS regions verified for use in GitLab Dedicated. Regions must support io2 volumes and meet other requirements. If there is a region you are interested in that is not on this list, please reach out through your account representative or [GitLab Support](https://about.gitlab.com/support/) to inquire about its availability. This list will be updated from time to time as additional regions are verified.
+
+- Asia Pacific (Singapore)
+- Asia Pacific (Sydney)
+- Europe (Frankfurt)
+- Europe (Ireland)
+- Europe (London)
+- US East (Ohio)
+- US East (N. Virginia)
+- US West (N. California)
+- US West (Oregon)
 
 ## Planned features
 
diff --git a/doc/update/versions/gitlab_14_changes.md b/doc/update/versions/gitlab_14_changes.md
index d58fbd348b5..4399792392f 100644
--- a/doc/update/versions/gitlab_14_changes.md
+++ b/doc/update/versions/gitlab_14_changes.md
@@ -843,6 +843,10 @@ Other issues:
 
 ### Linux package installations
 
+- The binaries for PostgreSQL 11 and repmgr have been removed. Before upgrading, you must:
+  1. Ensure the installation is using [PostgreSQL 12](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server).
+  1. If using repmgr, [convert to using Patroni](../../administration/postgresql/replication_and_failover.md#switching-from-repmgr-to-patroni).
+
 - In GitLab 13.0, `sidekiq-cluster` was enabled by default and the `sidekiq` service ran `sidekiq-cluster` under the hood.
   However, users could control this behavior using `sidekiq['cluster']` setting to run Sidekiq directly instead. Users
   could also run `sidekiq-cluster` separately using the various `sidekiq_cluster[*]` settings available in `gitlab.rb`.
@@ -871,10 +875,6 @@ Other issues:
 
   For more information, see
   [Set up the initial password](https://docs.gitlab.com/omnibus/installation/index.html#set-up-the-initial-password).
-- The binaries for PostgreSQL 11 and repmgr have been removed. Prior to upgrading, administrators of Linux package
-  installations must:
-  1. Ensure the installation is using [PostgreSQL 12](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server).
-  1. If using repmgr, [convert to using Patroni](../../administration/postgresql/replication_and_failover.md#switching-from-repmgr-to-patroni).
 - Two configuration options for Redis were deprecated in GitLab 13 and removed in GitLab 14:
 
   - `redis_slave_role` is replaced with `redis_replica_role`.
diff --git a/doc/update/versions/gitlab_15_changes.md b/doc/update/versions/gitlab_15_changes.md
index 997397904dd..9dfe00dae0e 100644
--- a/doc/update/versions/gitlab_15_changes.md
+++ b/doc/update/versions/gitlab_15_changes.md
@@ -790,7 +790,18 @@ A [license caching issue](https://gitlab.com/gitlab-org/gitlab/-/issues/376706)
     for Omnibus GitLab. This replaces `gitlab_shell['custom_hooks_dir']`.
 - PostgreSQL 13.6 is being shipped as the default version for fresh installs and
   12.10 for upgrades. You can manually upgrade to PostgreSQL 13.6 following the
-  [upgrade docs](https://docs.gitlab.com/omnibus/settings/database.html#gitlab-150-and-later).
+  [upgrade docs](https://docs.gitlab.com/omnibus/settings/database.html#upgrade-packaged-postgresql-server) with:
+
+  ```shell
+  sudo gitlab-ctl pg-upgrade -V 13
+  ```
+
+  Until PostgreSQL 12 is removed, you may
+  [pin the PostgreSQL version](https://docs.gitlab.com/omnibus/settings/database.html#pin-the-packaged-postgresql-version-fresh-installs-only)
+  if needed for compatibility or test environment reasons.
+
+  [Fault tolerant and Geo installations require additional steps and planning](../../administration/postgresql/replication_and_failover.md#upgrading-postgresql-major-version-in-a-patroni-cluster).
+
   Because of underlying structural changes, the running PostgreSQL process
   **_must_** be restarted when it is upgraded before running database
   migrations. If automatic restart is skipped, you must run the following
diff --git a/doc/update/versions/gitlab_16_changes.md b/doc/update/versions/gitlab_16_changes.md
index e9b31458d37..7c5dd8ae6ae 100644
--- a/doc/update/versions/gitlab_16_changes.md
+++ b/doc/update/versions/gitlab_16_changes.md
@@ -178,10 +178,29 @@ Specific information applies to installations using Geo:
 
   For more information, see [issue 421629](https://gitlab.com/gitlab-org/gitlab/-/issues/421629).
 
+- You might encounter the following error after upgrading to GitLab 16.2 or later:
+
+  ```plaintext
+  PG::NotNullViolation: ERROR:  null value in column "source_partition_id" of relation "ci_sources_pipelines" violates not-null constraint
+  ```
+
+  Sidekiq and Puma processes must be restarted to resolve this issue.
+
 ### Linux package installations
 
 Specific information applies to Linux package installations:
 
+- As of GitLab 16.2, PostgreSQL 13.11 and 14.8 are both shipped with the Linux package.
+  During a package upgrade, the database isn't upgraded to PostgreSQL 14. If you
+  want to upgrade to PostgreSQL 14, you must do it manually:
+
+  ```shell
+  sudo gitlab-ctl pg-upgrade -V 14
+  ```
+
+  PostgreSQL 14 isn't supported on Geo deployments and is [planned](https://gitlab.com/groups/gitlab-org/-/epics/9065)
+  for future releases.
+
 - In 16.2, we are upgrading Redis from 6.2.11 to 7.0.12. This upgrade is expected to be fully backwards compatible.
 
   Redis is not automatically restarted as part of `gitlab-ctl reconfigure`.
diff --git a/package.json b/package.json
index 1edf117345e..09dd1024048 100644
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/fonts": "^1.3.0",
     "@gitlab/svgs": "3.66.0",
-    "@gitlab/ui": "66.20.0",
+    "@gitlab/ui": "66.23.1",
     "@gitlab/visual-review-tools": "1.7.3",
     "@gitlab/web-ide": "0.0.1-dev-20231004090414",
     "@mattiasbuelens/web-streams-adapter": "^0.1.0",
diff --git a/qa/gdk/Dockerfile.gdk b/qa/gdk/Dockerfile.gdk
index 759e87befe6..9326beba93f 100644
--- a/qa/gdk/Dockerfile.gdk
+++ b/qa/gdk/Dockerfile.gdk
@@ -5,7 +5,7 @@ ENV GITLAB_LICENSE_MODE=test \
 
 # Clone GDK at specific sha and bootstrap packages
 #
-ARG GDK_SHA=a93d0763b332efbd94856022a8877e97879869e6
+ARG GDK_SHA=65cf4576208b9f79c54c0042c44024c0008deafc
 RUN set -eux; \
     git clone --depth 1 https://gitlab.com/gitlab-org/gitlab-development-kit.git && cd gitlab-development-kit; \
     git fetch --depth 1 origin ${GDK_SHA} && git -c advice.detachedHead=false checkout ${GDK_SHA}; \
diff --git a/qa/qa/specs/features/api/1_manage/import/import_large_github_repo_spec.rb b/qa/qa/specs/features/api/1_manage/import/import_large_github_repo_spec.rb
index 26a3dabd308..4098a35545d 100644
--- a/qa/qa/specs/features/api/1_manage/import/import_large_github_repo_spec.rb
+++ b/qa/qa/specs/features/api/1_manage/import/import_large_github_repo_spec.rb
@@ -139,6 +139,34 @@ module QA
         with_paginated_request { github_client.list_issues(github_repo, state: 'all') }
       end
 
+      let(:gh_issues) do
+        issues = gh_all_issues.reject(&:pull_request).each_with_object({}) do |issue, hash|
+          id = issue.number
+          hash[id] = {
+            url: issue.html_url,
+            title: issue.title,
+            body: issue.body || '',
+            comments: gh_issue_comments[id]
+          }
+        end
+
+        fetch_github_events(issues, "issue")
+      end
+
+      let(:gh_prs) do
+        prs = gh_all_issues.select(&:pull_request).each_with_object({}) do |pr, hash|
+          id = pr.number
+          hash[id] = {
+            url: pr.html_url,
+            title: pr.title,
+            body: pr.body || '',
+            comments: [*gh_pr_comments[id], *gh_issue_comments[id]].compact
+          }
+        end
+
+        fetch_github_events(prs, "pr")
+      end
+
       # rubocop:disable Layout/LineLength
       let(:gh_issue_comments) do
         logger.info("- Fetching issue comments -")
@@ -353,63 +381,21 @@ module QA
       #
       private
 
-      # Github prs
-      #
-      # Instance variable is used because parallel doesn't play nice with memoized rspec vars
-      #
-      # @return [Hash]
-      def gh_prs
-        @gh_prs ||= begin
-          prs = gh_all_issues.select(&:pull_request).each_with_object({}) do |pr, hash|
-            id = pr.number
-            hash[id] = {
-              url: pr.html_url,
-              title: pr.title,
-              body: pr.body || '',
-              comments: [*gh_pr_comments[id], *gh_issue_comments[id]].compact
-            }
-          end
-
-          fetch_github_events(prs, "pr")
-        end
-      end
-
-      # Github issues
-      #
-      # Instance variable is used because parallel doesn't play nice with memoized rspec vars
-      #
-      # @return [Hash]
-      def gh_issues
-        @gh_issues ||= begin
-          issues = gh_all_issues.reject(&:pull_request).each_with_object({}) do |issue, hash|
-            id = issue.number
-            hash[id] = {
-              url: issue.html_url,
-              title: issue.title,
-              body: issue.body || '',
-              comments: gh_issue_comments[id]
-            }
-          end
-
-          fetch_github_events(issues, "issue")
-        end
-      end
-
       # Fetch github events and add to issue object
       #
       # @param [Hash] issuables
       # @param [String] type
       # @return [Hash]
       def fetch_github_events(issuables, type)
-        logger.info("- Fetching #{type} events in #{api_parallel_threads} parallel threads -")
-        Parallel.map(issuables, in_threads: 8) do |id, issuable|
-          logger.debug("[tid: #{current_thread}] Fetching events for #{type} !#{id}")
+        logger.info("- Fetching #{type} events -")
+        issuables.to_h do |id, issuable|
+          logger.debug("Fetching events for #{type} !#{id}")
           events = with_paginated_request { github_client.issue_events(github_repo, id) }
             .map { |event| event[:event] }
             .reject { |event| unsupported_events.include?(event) }
 
           [id, issuable.merge({ events: events })]
-        end.to_h
+        end
       end
 
       # Verify imported mrs or issues and return missing items
@@ -677,7 +663,7 @@ module QA
           next_link = github_client.last_response.rels[:next]&.href
           break unless next_link
 
-          logger.debug("[tid: #{current_thread}] Fetching resources from next page: '#{next_link}'")
+          logger.debug("Fetching resources from next page: '#{next_link}'")
           resources.concat(with_rate_limit { github_client.get(next_link) })
         end
 
@@ -693,8 +679,8 @@ module QA
         raise e unless e.response[:status] == 403
 
         wait = github_client.rate_limit.resets_in + 5
-        logger.warn("[tid: #{current_thread}] GitHub rate api rate limit reached, resuming in '#{wait}' seconds")
-        logger.debug("[tid: #{current_thread}] #{JSON.parse(e.response[:body])['message']}")
+        logger.warn("GitHub rate api rate limit reached, resuming in '#{wait}' seconds")
+        logger.debug(JSON.parse(e.response[:body])['message'])
         sleep(wait)
 
         retry
diff --git a/rubocop/cop/migration/prevent_index_creation.rb b/rubocop/cop/migration/prevent_index_creation.rb
index 4c39032eb0f..aa0ab7b1e50 100644
--- a/rubocop/cop/migration/prevent_index_creation.rb
+++ b/rubocop/cop/migration/prevent_index_creation.rb
@@ -8,9 +8,11 @@ module RuboCop
       class PreventIndexCreation < RuboCop::Cop::Base
         include MigrationHelpers
 
-        FORBIDDEN_TABLES = %i[ci_builds].freeze
+        FORBIDDEN_TABLES = %i[ci_builds namespaces].freeze
 
-        MSG = "Adding new index to #{FORBIDDEN_TABLES.join(", ")} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886".freeze
+        MSG = "Adding new index to #{FORBIDDEN_TABLES.join(", ")} is forbidden. " \
+              "For `ci_builds` see https://gitlab.com/gitlab-org/gitlab/-/issues/332886, " \
+              "for `namespaces` see https://gitlab.com/groups/gitlab-org/-/epics/11543".freeze
 
         def on_new_investigation
           super
@@ -40,6 +42,9 @@ module RuboCop
         def on_def(node)
           return unless in_migration?(node)
 
+          direction = node.children[0]
+          return if direction == :down
+
           node.each_descendant(:send) do |send_node|
             add_offense(send_node.loc.selector) if offense?(send_node)
           end
diff --git a/spec/frontend/observability/client_spec.js b/spec/frontend/observability/client_spec.js
index 6fecd0b4971..23e9a15ba06 100644
--- a/spec/frontend/observability/client_spec.js
+++ b/spec/frontend/observability/client_spec.js
@@ -232,7 +232,7 @@ describe('buildClient', () => {
           },
         });
         expect(getQueryParam()).toBe(
-          'gt[duration_nano]=100000&lt[duration_nano]=1000000' +
+          'gt[duration_nano]=100000000&lt[duration_nano]=1000000000' +
             '&operation=op&not[operation]=not-op' +
             '&service_name=service&not[service_name]=not-service' +
             '&period=5m' +
diff --git a/spec/rubocop/cop/migration/prevent_index_creation_spec.rb b/spec/rubocop/cop/migration/prevent_index_creation_spec.rb
index 9d886467a48..088edfedfc9 100644
--- a/spec/rubocop/cop/migration/prevent_index_creation_spec.rb
+++ b/spec/rubocop/cop/migration/prevent_index_creation_spec.rb
@@ -4,7 +4,7 @@ require 'rubocop_spec_helper'
 require_relative '../../../../rubocop/cop/migration/prevent_index_creation'
 
 RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
-  let(:forbidden_tables) { %w(ci_builds) }
+  let(:forbidden_tables) { %w(ci_builds namespaces) }
   let(:forbidden_tables_list) { forbidden_tables.join(', ') }
 
   context 'when in migration' do
@@ -12,14 +12,26 @@ RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
       allow(cop).to receive(:in_migration?).and_return(true)
     end
 
+    let(:offense) { "Adding new index to #{forbidden_tables_list} is forbidden. [...]" }
+
     context 'when adding an index to a forbidden table' do
+      it 'does not register an offense when direction is down' do
+        forbidden_tables.each do |table_name|
+          expect_no_offenses(<<~RUBY)
+            def down
+              add_concurrent_index :#{table_name}, :runners_token, unique: true, name: INDEX_NAME
+            end
+          RUBY
+        end
+      end
+
       context 'when table_name is a symbol' do
         it "registers an offense when add_index is used", :aggregate_failures do
           forbidden_tables.each do |table_name|
             expect_offense(<<~RUBY)
               def change
                 add_index :#{table_name}, :protected
-                ^^^^^^^^^ Adding new index to #{forbidden_tables_list} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886
+                ^^^^^^^^^ #{offense}
               end
             RUBY
           end
@@ -30,7 +42,7 @@ RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
             expect_offense(<<~RUBY)
               def change
                 add_concurrent_index :#{table_name}, :protected
-                ^^^^^^^^^^^^^^^^^^^^ Adding new index to #{forbidden_tables_list} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886
+                ^^^^^^^^^^^^^^^^^^^^ #{offense}
               end
             RUBY
           end
@@ -43,7 +55,7 @@ RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
             expect_offense(<<~RUBY)
               def change
                 add_index "#{table_name}", :protected
-                ^^^^^^^^^ Adding new index to #{forbidden_tables_list} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886
+                ^^^^^^^^^ #{offense}
               end
             RUBY
           end
@@ -54,7 +66,7 @@ RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
             expect_offense(<<~RUBY)
               def change
                 add_concurrent_index "#{table_name}", :protected
-                ^^^^^^^^^^^^^^^^^^^^ Adding new index to #{forbidden_tables_list} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886
+                ^^^^^^^^^^^^^^^^^^^^ #{offense}
               end
             RUBY
           end
@@ -70,7 +82,7 @@ RSpec.describe RuboCop::Cop::Migration::PreventIndexCreation do
 
             def change
               add_concurrent_index TABLE_NAME, :protected
-              ^^^^^^^^^^^^^^^^^^^^ Adding new index to #{forbidden_tables_list} is forbidden, see https://gitlab.com/gitlab-org/gitlab/-/issues/332886
+              ^^^^^^^^^^^^^^^^^^^^ #{offense}
             end
           RUBY
         end
diff --git a/yarn.lock b/yarn.lock
index f98ad6d4c5f..8d60dd70771 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1274,10 +1274,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.66.0.tgz#5dbe98f9811001942d78395756b9d7c588300c01"
   integrity sha512-FdkoMAprxjJJnl90GJYoCMeIpvCaYPNAnRkrlsmo7NY3Ce8fpRb/XE/ZakqULeadj82S7R1IRuTHYfWB06vVtA==
 
-"@gitlab/ui@66.20.0":
-  version "66.20.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.20.0.tgz#66a48f1e0f356e96be79c01626350cca04cd0049"
-  integrity sha512-wavhvYuziLV0atwPe1qdcIM3RgAKGkPvaiFfR5CWdOS61fgPbPCe8PQTqXaVZItgYe176Mq/b3AuYcjoLE+S/w==
+"@gitlab/ui@66.23.1":
+  version "66.23.1"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-66.23.1.tgz#aab7c02050db233e14ace583029bac0011bccf20"
+  integrity sha512-ZtzHxVyWLgkOHckTLhhZqxTqF1nTQq16Bf5lbuAiPD2ZeHGUKDBuThvO2EDG0zbI2OgWUuC4q6iP2r2vjgketg==
   dependencies:
     "@floating-ui/dom" "1.2.9"
     bootstrap-vue "2.23.1"
author	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-11 03:11:52 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2023-10-11 03:11:52 +0300
commit	29b547f00429a063b266f6e6e478bba92c6a167a (patch)
tree	5fbb39c281630f5c140c132b8a8894df1e92a516
parent	5f722a35635ac0a883d17ed6173cbebdb9a87477 (diff)