Add latest changes from gitlab-org/gitlab@15-3-stable-eev15.3.0-rc42

10 files changed, 60 insertions, 17 deletions

diff --git a/doc/user/packages/composer_repository/index.md b/doc/user/packages/composer_repository/index.md
index 901fb740717..4fc55d18253 100644
--- a/doc/user/packages/composer_repository/index.md
+++ b/doc/user/packages/composer_repository/index.md
@@ -44,7 +44,7 @@ a group's namespace, rather than a user's namespace. Composer packages
 
 1. Run [`composer init`](https://getcomposer.org/doc/03-cli.md#init) and answer the prompts.
 
-   For namespace, enter your unique [namespace](../../../user/group/index.md#namespaces), like your GitLab username or group name.
+   For namespace, enter your unique [namespace](../../../user/namespace/index.md), like your GitLab username or group name.
 
    A file called `composer.json` is created:
 
diff --git a/doc/user/packages/container_registry/index.md b/doc/user/packages/container_registry/index.md
index d0c771ecc41..a203de2ed2c 100644
--- a/doc/user/packages/container_registry/index.md
+++ b/doc/user/packages/container_registry/index.md
@@ -555,6 +555,12 @@ this setting. However, disabling the Container Registry disables all Container R
 
 ## Troubleshooting the GitLab Container Registry
 
+## Migrating OCI container images to GitLab Container Registry
+
+Migrating built container images to the GitLab registry is not a current feature. However, an [epic](https://gitlab.com/groups/gitlab-org/-/epics/5210) is open to track the work on this feature.
+
+Some third-party tools can help migrate container images, for example, [skopeo](https://github.com/containers/skopeo), which can [copy container images](https://github.com/containers/skopeo#copying-images) between various storage mechanisms. You can use skopeo to copy from container registries, container storage backends, local directories, and local OCI-layout directories to the GitLab Container Registry.
+
 ### Docker connection error
 
 A Docker connection error can occur when there are special characters in either the group,
@@ -563,7 +569,7 @@ project or branch name. Special characters can include:
 - Leading underscore
 - Trailing hyphen/dash
 
-To get around this, you can [change the group path](../../group/index.md#change-a-groups-path),
+To get around this, you can [change the group path](../../group/manage.md#change-a-groups-path),
 [change the project path](../../project/settings/index.md#rename-a-repository) or change the branch
 name.
 
diff --git a/doc/user/packages/container_registry/reduce_container_registry_storage.md b/doc/user/packages/container_registry/reduce_container_registry_storage.md
index 3e41a260854..788e57b6410 100644
--- a/doc/user/packages/container_registry/reduce_container_registry_storage.md
+++ b/doc/user/packages/container_registry/reduce_container_registry_storage.md
@@ -16,9 +16,26 @@ to automatically manage your container registry usage.
 
 ## Check Container Registry Storage Use
 
-The Usage Quotas page (**Settings > Usage Quotas > Storage**) displays storage usage for Packages,
-which doesn't include the Container Registry. To track work on this, see the epic
-[Storage management for the Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/7226).
+The Usage Quotas page (**Settings > Usage Quotas > Storage**) displays storage usage for Packages.
+This page includes the Container Registry usage but is currently only available on GitLab.com.
+Measuring usage is only possible on the new version of the GitLab Container Registry backed by a
+metadata database. We are completing the [upgrade and migration of the GitLab.com Container Registry](https://gitlab.com/groups/gitlab-org/-/epics/5523)
+first and only then will work on [making this available to self-managed installs](https://gitlab.com/groups/gitlab-org/-/epics/5521).
+
+Image layers stored in the Container Registry are deduplicated at the root namespace level.
+Therefore, if you tag the same 500MB image twice (either in the same repository or across distinct
+repositories under the same root namespace), it will only count towards the root namespace usage
+once. Similarly, if a given image layer is shared across multiple images, be those under the same
+container repository, project, group, or across different ones, that layer will count only once
+towards the root namespace usage.
+
+Only layers that are referenced by tagged images are accounted for. Untagged images and any layers
+referenced exclusively by them are subject to [online garbage collection](index.md#delete-images)
+and automatically deleted after 24 hours if they remain unreferenced during that period.
+
+Image layers are stored on the storage backend in the original (usually compressed) format. This
+means that the measured size for any given image layer should match the size displayed on the
+corresponding [image manifest](https://github.com/opencontainers/image-spec/blob/main/manifest.md#example-image-manifest).
 
 ## Cleanup policy
 
diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md
index 4770057e4ea..ea9435de12a 100644
--- a/doc/user/packages/dependency_proxy/index.md
+++ b/doc/user/packages/dependency_proxy/index.md
@@ -316,6 +316,28 @@ services:
       alias: docker
 ```
 
+### Issues when authenticating to the Dependency Proxy from CI/CD jobs
+
+GitLab Runner will automatically authenticate to the Dependency Proxy. However, the underlying Docker engine is still subject to its [authorization resolving process](https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/docs/configuration/advanced-configuration.md#precedence-of-docker-authorization-resolving).
+
+Misconfigurations in the authentication mechanism may cause `HTTP Basic: Access denied` and `403: Access forbidden` errors.
+
+You can use the job logs to view the authentication mechanism used to authenticate against the Dependency Proxy:
+
+```plaintext
+Authenticating with credentials from $DOCKER_AUTH_CONFIG
+```
+
+```plaintext
+Authenticating with credentials from /root/.docker/config.json
+```
+
+```plaintext
+Authenticating with credentials from job payload (GitLab Registry)
+```
+
+Make sure you are using the expected authentication mechanism.
+
 ### "Not Found" error when pulling image
 
 Docker errors similar to the following may indicate that the user running the build job doesn't have
diff --git a/doc/user/packages/generic_packages/index.md b/doc/user/packages/generic_packages/index.md
index 8d5fc73ad4e..d4acb14b9ca 100644
--- a/doc/user/packages/generic_packages/index.md
+++ b/doc/user/packages/generic_packages/index.md
@@ -73,6 +73,7 @@ Example request with attribute `select = package_file`:
 
 ```shell
 curl --header "PRIVATE-TOKEN: <your_access_token>" \
+     --user "<username>:<Project Access Token>" \
      --upload-file path/to/file.txt \
      "https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt?select=package_file"
 ```
diff --git a/doc/user/packages/helm_repository/index.md b/doc/user/packages/helm_repository/index.md
index 07e853fa18c..f64a269938f 100644
--- a/doc/user/packages/helm_repository/index.md
+++ b/doc/user/packages/helm_repository/index.md
@@ -71,7 +71,7 @@ Once built, a chart can be uploaded to the desired channel with `curl` or `helm
 
 ### Release channels
 
-You can publish Helm charts to channels in GitLab. Channels are a method you can use to differentiate Helm chart repositories. 
+You can publish Helm charts to channels in GitLab. Channels are a method you can use to differentiate Helm chart repositories.
 For example, you can use `stable` and `devel` as channels to allow users to add the `stable` repo while `devel` charts are isolated.
 
 ## Use CI/CD to publish a Helm package
@@ -129,7 +129,7 @@ See [Using Helm](https://helm.sh/docs/intro/using_helm/) for more information.
 
 ### The chart is not visible in the Package Registry after uploading
 
-Check the [Sidekiq log](../../../administration/logs.md#sidekiqlog)
+Check the [Sidekiq log](../../../administration/logs/index.md#sidekiqlog)
 for any related errors. If you see `Validation failed: Version is invalid`, it means that the
 version in your `Chart.yaml` file does not follow [Helm Chart versioning specifications](https://helm.sh/docs/topics/charts/#charts-and-versioning).
 To fix the error, use the correct version syntax and upload the chart again.
diff --git a/doc/user/packages/npm_registry/index.md b/doc/user/packages/npm_registry/index.md
index 7ea3c1aa0c8..28de06b2d8a 100644
--- a/doc/user/packages/npm_registry/index.md
+++ b/doc/user/packages/npm_registry/index.md
@@ -585,7 +585,7 @@ NPM_TOKEN=<your_token> npm install
 If you get this error, ensure that:
 
 - The Package Registry is enabled in your project settings. Although the Package Registry is enabled
-  by default, it's possible to [disable it](../package_registry/#disable-the-package-registry).
+  by default, it's possible to [disable it](../package_registry/index.md#disable-the-package-registry).
 - Your token is not expired and has appropriate permissions.
 - A package with the same name or version doesn't already exist within the given scope.
 - The scoped packages URL includes a trailing slash:
@@ -634,7 +634,7 @@ This might be accompanied by another error:
 This is usually a permissions issue with either:
 
 - `'packages_storage_path'` default `/var/opt/gitlab/gitlab-rails/shared/packages/`.
-- The remote bucket if [object storage](../../../administration/packages/#using-object-storage)
+- The remote bucket if [object storage](../../../administration/packages/index.md#using-object-storage)
   is used.
 
 In the latter case, ensure the bucket exists and GitLab has write access to it.
diff --git a/doc/user/packages/package_registry/index.md b/doc/user/packages/package_registry/index.md
index d68c7218ca5..7748780d0e4 100644
--- a/doc/user/packages/package_registry/index.md
+++ b/doc/user/packages/package_registry/index.md
@@ -60,11 +60,8 @@ For most package types, the following credential types are valid:
   allows access to packages in the project running the job for the users running the pipeline.
   Access to other external projects can be configured.
 
-  NOTE:
-  There's an open issue,
-  [GitLab-#333444](https://gitlab.com/gitlab-org/gitlab/-/issues/333444),
-  which prevents you from using a job token with internal projects. This bug only impacts self-managed
-  GitLab instances.
+NOTE:
+If you have not activated the "Packages" feature for your project at **Settings > General > Project features**, you will receive a 403 Forbidden response.
 
 ## Use GitLab CI/CD to build packages
 
diff --git a/doc/user/packages/package_registry/reduce_package_registry_storage.md b/doc/user/packages/package_registry/reduce_package_registry_storage.md
index 4a03bd9e8a0..cd7dd062f60 100644
--- a/doc/user/packages/package_registry/reduce_package_registry_storage.md
+++ b/doc/user/packages/package_registry/reduce_package_registry_storage.md
@@ -53,7 +53,7 @@ The package files are permanently deleted.
 
 ## Cleanup policy
 
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346153) in GitLab 15.2.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/346153) in GitLab 15.2.
 
 Depending on the number of packages to remove, the process of manually deleting the packages can take a long time to finish.
 A cleanup policy defines a set of rules that, applied to a project, defines which package files you can automatically delete.
diff --git a/doc/user/packages/terraform_module_registry/index.md b/doc/user/packages/terraform_module_registry/index.md
index 2668b8b35ac..436c55f9ee0 100644
--- a/doc/user/packages/terraform_module_registry/index.md
+++ b/doc/user/packages/terraform_module_registry/index.md
@@ -101,7 +101,7 @@ module "<module>" {
 }
 ```
 
-Where `<namespace>` is the [namespace](../../../user/group/index.md#namespaces) of the Terraform module registry.
+Where `<namespace>` is the [namespace](../../../user/namespace/index.md) of the Terraform module registry.
 
 ## Publish a Terraform module by using CI/CD
 
@@ -125,7 +125,7 @@ upload:
   script:
     - TERRAFORM_MODULE_NAME=$(echo "${TERRAFORM_MODULE_NAME}" | tr " _" -) # module-name must not have spaces or underscores, so translate them to hyphens
     - tar -vczf ${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz -C ${TERRAFORM_MODULE_DIR} --exclude=./.git .
-    - 'curl --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}" 
+    - 'curl --location --header "JOB-TOKEN: ${CI_JOB_TOKEN}"
          --upload-file ${TERRAFORM_MODULE_NAME}-${TERRAFORM_MODULE_SYSTEM}-${TERRAFORM_MODULE_VERSION}.tgz
          ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/terraform/modules/${TERRAFORM_MODULE_NAME}/${TERRAFORM_MODULE_SYSTEM}/${TERRAFORM_MODULE_VERSION}/file'
   rules: