Add latest changes from gitlab-org/gitlab@master

6 files changed, 127 insertions, 8 deletions

diff --git a/doc/administration/audit_events.md b/doc/administration/audit_events.md
index e8d19363242..bd8699c2c1f 100644
--- a/doc/administration/audit_events.md
+++ b/doc/administration/audit_events.md
@@ -64,8 +64,9 @@ To view instance audit events:
 
 The time zone used for audit events depends on where you view them:
 
-- In GitLab UI, your local time zone (GitLab 15.6 and later) or UTC (GitLab 15.5 and earlier) is used.
-- The [Audit Events API](../api/audit_events.md) returns dates and times in UTC by default, or the [configured time zone](timezone.md) on a self-managed GitLab instance.
+- In GitLab UI, your local time zone (GitLab 15.7 and later) or UTC (GitLab 15.6 and earlier) is used.
+- The [Audit Events API](../api/audit_events.md) returns dates and times in UTC by default, or the
+  [configured time zone](timezone.md) on a self-managed GitLab instance.
 - In `audit_json.log`, UTC is used.
 - In CSV exports, UTC is used.
 
diff --git a/doc/user/application_security/policies/index.md b/doc/user/application_security/policies/index.md
index f6d22ab28cd..453b815509e 100644
--- a/doc/user/application_security/policies/index.md
+++ b/doc/user/application_security/policies/index.md
@@ -140,10 +140,10 @@ for more information on the product direction of security policies within GitLab
 
 ## Troubleshooting
 
-### `Branch name does not follow the pattern 'update-policy-<timestamp>'`
+### `Branch name 'update-policy-<timestamp>' does not follow the pattern '<branch_name_regex>'`
 
 When you create a new security policy or change an existing policy, a new branch is automatically created with the branch name following the pattern `update-policy-<timestamp>`. For example: `update-policy-1659094451`.
 
-If you have group or instance push rules that do not allow branch name patterns that contain the text `update-policy-<timestamp>`, you will get an error that states `Branch name does not follow the pattern 'update-policy-<timestamp>'`.
+If you have group or instance [push rules that do not allow branch name patterns](../../project/repository/push_rules.md#validate-branch-names) that contain the text `update-policy-<timestamp>`, you will get an error that states `Branch name 'update-policy-<timestamp>' does not follow the pattern '<branch_name_regex>'`.
 
 The workaround is to amend your group or instance push rules to allow branches following the pattern `update-policy-` followed by an integer timestamp.
diff --git a/doc/user/project/repository/branches/index.md b/doc/user/project/repository/branches/index.md
index 6cc7394e7b3..645144522e4 100644
--- a/doc/user/project/repository/branches/index.md
+++ b/doc/user/project/repository/branches/index.md
@@ -101,10 +101,13 @@ This feature allows you to search and select branches quickly. Search results ap
 - Branches with names that matched search terms exactly.
 - Other branches with names that include search terms, sorted alphabetically.
 
-Sometimes when you have hundreds of branches you may want a more flexible matching pattern. In such cases you can use the following:
+Sometimes when you have hundreds of branches you may want a more flexible matching pattern. In such cases you can use the following operators:
 
-- `^feature` matches only branch names that begin with 'feature'.
-- `feature$` matches only branch names that end with 'feature'.
+- `^` matches beginning of branch name, for example `^feat` would match `feat/user-authentication`
+- `$` matches end of branch name, for example `widget$` would match `feat/search-box-widget`
+- `*` wildcard matcher, for example `branch*cache*` would match `fix/branch-search-cache-expiration`
+
+These operators can be mixed, for example `^chore/*migration$` would match `chore/user-data-migration`
 
 ## Swap revisions
 
diff --git a/doc/user/project/repository/gpg_signed_commits/index.md b/doc/user/project/repository/gpg_signed_commits/index.md
index 61fc0b88d05..6b67ffd0e59 100644
--- a/doc/user/project/repository/gpg_signed_commits/index.md
+++ b/doc/user/project/repository/gpg_signed_commits/index.md
@@ -4,7 +4,7 @@ group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
 ---
 
-# Signing commits with GPG **(FREE)**
+# Sign commits with GPG **(FREE)**
 
 You can sign the commits you make in a GitLab repository with a
 GPG ([GNU Privacy Guard](https://gnupg.org/)) key. When you add a cryptographic
@@ -238,6 +238,7 @@ If you must unverify both future and past commits,
 ## Related topics
 
 - [Sign commits and tags with X.509 certificates](../x509_signed_commits/index.md)
+- [Sign commits with SSH keys](../ssh_signed_commits/index.md)
 - [Commits API](../../../../api/commits.md)
 - GPG resources:
   - [Git Tools - Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
diff --git a/doc/user/project/repository/ssh_signed_commits/index.md b/doc/user/project/repository/ssh_signed_commits/index.md
new file mode 100644
index 00000000000..4c7e07da7f1
--- /dev/null
+++ b/doc/user/project/repository/ssh_signed_commits/index.md
@@ -0,0 +1,112 @@
+---
+stage: Create
+group: Source Code
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Sign commits with SSH keys **(FREE)**
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/343879) in GitLab 15.7 [with a flag](../../../../administration/feature_flags.md) named `ssh_commit_signatures`. Disabled by default.
+
+Use SSH keys to sign Git commits in the same manner as
+[GPG signed commits](../gpg_signed_commits/index.md). When you sign commits
+with SSH keys, GitLab uses the SSH public keys associated with your
+GitLab account to cryptographically verify the commit signature.
+If successful, GitLab displays a **Verified** label on the commit.
+
+You may use the same SSH keys for `git+ssh` authentication to GitLab
+and signing commit signatures.
+
+To learn more about managing the SSH keys associated with your GitLab account, read
+[use SSH keys to communicate with GitLab](../../../ssh.md).
+
+## Configure Git to sign commits with your SSH key
+
+After you have [created an SSH key](../../../ssh.md#generate-an-ssh-key-pair) and
+[added it to your GitLab account](../../../ssh.md#add-an-ssh-key-to-your-gitlab-account),
+you need to configure Git to begin using it.
+
+Prerequisites:
+
+- Git 2.34.0 or newer.
+- OpenSSH 8.0 or newer.
+
+  NOTE:
+  OpenSSH 8.7 has broken signing functionality. If you are on OpenSSH 8.7, upgrade to OpenSSH 8.8.
+
+- A SSH key of one of these types:
+  - [ED25519](../../../ssh.md#ed25519-ssh-keys) (recommended)
+  - [RSA](../../../ssh.md#rsa-ssh-keys)
+
+To configure Git:
+
+1. Configure Git to use SSH for commit signing:
+
+   ```shell
+   git config --global gpg.format ssh
+   ```
+
+1. Specify which SSH key should be used as the signing key, changing the filename
+   (here, `~/.ssh/examplekey`) to the location of your key. The filename may
+   differ, depending on how you generated your key:
+
+   ```shell
+   git config --global user.signingkey ~/.ssh/examplekey
+   ```
+
+## Sign commits with your SSH key
+
+Prerequisites:
+
+- You've [created an SSH key](../../../ssh.md#generate-an-ssh-key-pair).
+- You've [added the key](../../../ssh.md#add-an-ssh-key-to-your-gitlab-account) to your GitLab account.
+- You've [configured Git to sign commits](#configure-git-to-sign-commits-with-your-ssh-key) with your SSH key.
+
+To sign a commit:
+
+1. Use the `-S` flag when signing your commits:
+
+   ```shell
+   git commit -S -m "My commit msg"
+   ```
+
+1. Optional. If you don't want to type the `-S` flag every time you commit, tell
+   Git to sign your commits automatically:
+
+   ```shell
+   git config --global commit.gpgsign true
+   ```
+
+1. If your SSH key is protected, Git prompts you to enter your passphrase.
+1. Push to GitLab.
+1. Check that your commits [are verified](../gpg_signed_commits/index.md#verify-commits).
+
+## Verify commits
+
+You can review commits for a merge request, or for an entire project, to confirm
+they are signed:
+
+1. To review commits for a project:
+   1. On the top bar, select **Main menu > Projects** and find your project.
+   1. On the left sidebar, select **Repository > Commits**.
+1. To review commits for a merge request:
+   1. On the top bar, select **Main menu > Projects** and find your project.
+   1. On the left sidebar, select **Merge requests**, then select your merge request.
+   1. Select **Commits**.
+1. Identify the commit you want to review. Signed commits show either a **Verified**
+   or **Unverified** badge, depending on the verification status of the signature.
+   Unsigned commits do not display a badge.
+
+1. To display the signature details for a commit, select **Verified**. GitLab shows
+   the SSH key's fingerprint.
+
+## Revoke an SSH key for signing commits
+
+You can't revoke an SSH key used for signing commits. To learn more, read
+[Add revocation for SSH keys](https://gitlab.com/gitlab-org/gitlab/-/issues/382984).
+
+## Related topics
+
+- [Sign commits and tags with X.509 certificates](../x509_signed_commits/index.md)
+- [Sign commits with GPG](../gpg_signed_commits/index.md)
+- [Commits API](../../../../api/commits.md)
diff --git a/doc/user/project/repository/x509_signed_commits/index.md b/doc/user/project/repository/x509_signed_commits/index.md
index e16f5e4defe..42f7be30822 100644
--- a/doc/user/project/repository/x509_signed_commits/index.md
+++ b/doc/user/project/repository/x509_signed_commits/index.md
@@ -160,6 +160,8 @@ can start signing your tags:
 ## Related topics
 
 - [Rake task for X.509 signatures](../../../../raketasks/x509_signatures.md)
+- [Sign commits with GPG](../gpg_signed_commits/index.md)
+- [Sign commits with SSH keys](../ssh_signed_commits/index.md)
 
 ## Troubleshooting