Add latest changes from gitlab-org/gitlab@master

5 files changed, 114 insertions, 8 deletions

diff --git a/doc/ci/yaml/workflow.md b/doc/ci/yaml/workflow.md
index 3d6314c8e03..82144e55216 100644
--- a/doc/ci/yaml/workflow.md
+++ b/doc/ci/yaml/workflow.md
@@ -29,7 +29,7 @@ See the [common `if` clauses for `rules`](../jobs/job_control.md#common-if-claus
 In the following example:
 
 - Pipelines run for all `push` events (changes to branches and new tags).
-- Pipelines for push events with `-draft` in the commit message don't run, because
+- Pipelines for push events with commit messages that end with `-draft` don't run, because
   they are set to `when: never`.
 - Pipelines for schedules or merge requests don't run either, because no rules evaluate to true for them.
 
diff --git a/doc/development/pipelines/internals.md b/doc/development/pipelines/internals.md
index 9ff4e5a35ec..c6f86811ac8 100644
--- a/doc/development/pipelines/internals.md
+++ b/doc/development/pipelines/internals.md
@@ -275,3 +275,94 @@ qa:selectors-as-if-foss:
   extends:
     - .qa:rules:as-if-foss
 ```
+
+### Extend the `.fast-no-clone-job` job
+
+Downloading the branch for the canonical project takes between 20 and 30 seconds.
+
+Some jobs only need a limited number of files, which we can download via the `raw` API, e.g. `https://gitlab.com/gitlab-org/gitlab/raw/master/VERSION`.
+
+You can skip a job `git clone`/`git fetch` by adding the following pattern to a job:
+
+```yaml
+  # Scenario 1: no before_script is defined in the job
+  # 
+  # You can just extend the .fast-no-clone-job
+  extends:
+    - .fast-no-clone-job
+  variables:
+    FILES_TO_DOWNLOAD: >
+      scripts/rspec_helpers.sh
+      scripts/slack
+```
+
+```yaml
+  # Scenario 2: a before_script block is already defined in the job
+  # 
+  # You will have to include the .fast-no-clone-job via a !reference as well
+  extends:
+    - .fast-no-clone-job
+  variables:
+    FILES_TO_DOWNLOAD: >
+      scripts/rspec_helpers.sh
+      scripts/slack
+  before_script:
+    - !reference [".fast-no-clone-job", before_script]
+    - [...]
+```
+
+- The job will set the `GIT_STRATEGY` to `none`.
+- The files are downloaded from:
+  - The current project, on the current `CI_COMMIT_SHA` if the project is **public**
+  - The canonical project, on the `master` branch if the project **isn't public**
+
+Below is an example on how to convert a job using this pattern:
+
+```yaml
+# Before
+my-job:
+  image: ruby
+  stage: prepare
+  script: # This job requires two files to function
+    - source ./scripts/rspec_helpers.sh
+    - source ./scripts/slack
+    - echo "The files were successfully sourced!"
+
+# After
+my-job:
+  extends:
+    - .fast-no-clone-job
+  image: ruby
+  stage: prepare
+  variables:
+    FILES_TO_DOWNLOAD: >
+      scripts/rspec_helpers.sh
+      scripts/slack
+  script: # This job requires two files to function
+    - source ./scripts/rspec_helpers.sh
+    - source ./scripts/slack
+    - echo "The files were successfully sourced!"
+```
+
+#### Caveats
+
+- This pattern does not work if a script relies on `git` to access the repository, because we don't have the repository without cloning or fetching.
+- Given that we do not require setting up any API tokens to make this work, **we cannot download the files from any private repository**.
+  In that case, we will attempt to download the files from [https://gitlab.com/gitlab-org/gitlab](https://gitlab.com/gitlab-org/gitlab), which is a public repository.
+  Changes made in the private repository will not take effects for the files it's downloading for this reason,
+  and older builds can break if the files it's downloading are changed in a non-backwards compatible way.
+  Do not use this pattern for jobs which might block pipelines in private repositories like `security` or `dev`.
+
+#### Where is this pattern used?
+
+- For now, we use this pattern for the following jobs, and those do not block private repositories:
+  - `review-build-cng-env` for:
+    - `scripts/trigger-build.rb`
+  - `review-deploy` for:
+    - `scripts/review_apps/review-apps.sh`
+    - `scripts/review_apps/seed-dast-test-data.sh`
+    - `GITLAB_SHELL_VERSION`
+    - `GITALY_SERVER_VERSION`
+    - `GITLAB_WORKHORSE_VERSION`
+
+Additionally, `scripts/utils.sh` will always be downloaded from the API when this pattern is used (this file contains the code for `.fast-no-clone-job`).
diff --git a/doc/integration/jira/connect-app.md b/doc/integration/jira/connect-app.md
index bca74d16f91..a4757d5fa80 100644
--- a/doc/integration/jira/connect-app.md
+++ b/doc/integration/jira/connect-app.md
@@ -91,10 +91,8 @@ To create an OAuth application:
 1. In **Redirect URI**:
    - If you're installing the app from the official marketplace listing, enter `https://gitlab.com/-/jira_connect/oauth_callbacks`.
    - If you're installing the app manually, enter `<instance_url>/-/jira_connect/oauth_callbacks` and replace `<instance_url>` with the URL of your instance.
-1. Clear the **Confidential** checkbox.
-<!-- markdownlint-disable MD044 -->
-1. In **Scopes**, select the **api** checkbox only.
-<!-- markdownlint-enable MD044 -->
+1. Clear the **Trusted** and **Confidential** checkboxes.
+1. In **Scopes**, select the `api` checkbox only.
 1. Select **Save application**.
 1. Copy the **Application ID** value.
 1. On the left sidebar, select **Settings > General** (`/admin/application_settings/general`).
diff --git a/doc/user/group/settings/group_access_tokens.md b/doc/user/group/settings/group_access_tokens.md
index d7a3eee6524..cd50c209b0d 100644
--- a/doc/user/group/settings/group_access_tokens.md
+++ b/doc/user/group/settings/group_access_tokens.md
@@ -163,7 +163,9 @@ Even when creation is disabled, you can still use and revoke existing group acce
 
 ## Bot users for groups
 
-Each time you create a group access token, a bot user is created and added to the group. These bot users are similar to
+Bot users for groups are [GitLab-created service accounts](../../../subscriptions/self_managed/index.md#billable-users).
+Each time you create a group access token, a bot user is created and added to the group.
+These bot users are similar to
 [bot users for projects](../../project/settings/project_access_tokens.md#bot-users-for-projects), except they are added
 to groups instead of projects. Bot users for groups:
 
@@ -174,5 +176,3 @@ to groups instead of projects. Bot users for groups:
 - Have an email set to `group{group_id}_bot@noreply.{Gitlab.config.gitlab.host}`. For example, `group123_bot@noreply.example.com`.
 
 All other properties are similar to [bot users for projects](../../project/settings/project_access_tokens.md#bot-users-for-projects).
-
-For more information, see [Bot users for projects](../../project/settings/project_access_tokens.md#bot-users-for-projects).
diff --git a/doc/user/project/service_desk.md b/doc/user/project/service_desk.md
index 732450f5443..b707f979079 100644
--- a/doc/user/project/service_desk.md
+++ b/doc/user/project/service_desk.md
@@ -504,6 +504,23 @@ On GitLab.com, this feature is not available.
 If a comment contains any attachments and their total size is less than or equal to 10 MB, these
 attachments are sent as part of the email. In other cases, the email contains links to the attachments.
 
+#### Special HTML formatting in HTML emails
+
+<!-- When the feature flag is removed, delete this topic and add as a line in version history under one of the topics above this one.-->
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/372301) in GitLab 15.9 [with a flag](../../administration/feature_flags.md) named `service_desk_html_to_text_email_handler`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available per project or for your entire instance, ask an administrator to [enable the feature flag](../../administration/feature_flags.md) named `service_desk_html_to_text_email_handler`.
+On GitLab.com, this feature is not available.
+
+When this feature is enabled, HTML emails correctly show additional HTML formatting, such as:
+
+- Tables
+- Blockquotes
+- Images
+- Collapsible sections
+
 #### Privacy considerations
 
 > [Changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/108901) the minimum required role to view the creator's and participant's email in GitLab 15.9.