Add latest changes from gitlab-org/gitlab@master

10 files changed, 65 insertions, 16 deletions

diff --git a/doc/administration/admin_area.md b/doc/administration/admin_area.md
index ff18ac8ff3a..f9b26cd364d 100644
--- a/doc/administration/admin_area.md
+++ b/doc/administration/admin_area.md
@@ -470,3 +470,12 @@ The content of each log file is listed in chronological order. To minimize perfo
 ### Audit Events **(PREMIUM SELF)**
 
 The **Audit Events** page lists changes made within the GitLab server. With this information you can control, analyze, and track every change.
+
+### Statistics
+
+The **Instance overview** section of the Dashboard lists the current statistics of the GitLab instance. This information is retrieved using the [Application statistics API](../api/statistics.md#get-current-application-statistics).
+
+NOTE:
+These statistics show exact counts for values less than 10,000. For values of 10,000 and higher, these statistics show approximate data
+when [TablesampleCountStrategy](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/count/tablesample_count_strategy.rb?ref_type=heads#L16) and [ReltuplesCountStrategy](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/count/reltuples_count_strategy.rb?ref_type=heads) strategies are used for calculations.
+.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 45473c2a931..fed954b7199 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -6261,7 +6261,7 @@ Input type: `ProjectCiCdSettingsUpdateInput`
 | <a id="mutationprojectcicdsettingsupdateinboundjobtokenscopeenabled"></a>`inboundJobTokenScopeEnabled` | [`Boolean`](#boolean) | Indicates CI/CD job tokens generated in other projects have restricted access to this project. |
 | <a id="mutationprojectcicdsettingsupdatejobtokenscopeenabled"></a>`jobTokenScopeEnabled` **{warning-solid}** | [`Boolean`](#boolean) | **Deprecated:** Outbound job token scope is being removed. This field can now only be set to false. Deprecated in 16.0. |
 | <a id="mutationprojectcicdsettingsupdatekeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Indicates if the latest artifact should be kept for the project. |
-| <a id="mutationprojectcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merge pipelines are enabled for the project. |
+| <a id="mutationprojectcicdsettingsupdatemergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Indicates if merged results pipelines are enabled for the project. |
 | <a id="mutationprojectcicdsettingsupdatemergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Indicates if merge trains are enabled for the project. |
 | <a id="mutationprojectcicdsettingsupdatemergetrainsskiptrainallowed"></a>`mergeTrainsSkipTrainAllowed` | [`Boolean`](#boolean) | Indicates whether an option is allowed to merge without refreshing the merge train. Ignored unless the `merge_trains_skip_train` feature flag is also enabled. |
 
@@ -6800,7 +6800,7 @@ Input type: `RunnersExportUsageInput`
 | ---- | ---- | ----------- |
 | <a id="mutationrunnersexportusageclientmutationid"></a>`clientMutationId` | [`String`](#string) | A unique identifier for the client performing the mutation. |
 | <a id="mutationrunnersexportusagefromdate"></a>`fromDate` | [`ISO8601Date`](#iso8601date) | UTC start date of the period to report on. Defaults to the start of last full month. |
-| <a id="mutationrunnersexportusagemaxprojectcount"></a>`maxProjectCount` | [`Int`](#int) | Maximum number of projects to return. All other runner usage will be attributed to a '<Other projects>' entry. Defaults to 1000 projects. |
+| <a id="mutationrunnersexportusagemaxprojectcount"></a>`maxProjectCount` | [`Int`](#int) | Maximum number of projects to return. All other runner usage will be attributed to an `<Other projects>` entry. Defaults to 1000 projects. |
 | <a id="mutationrunnersexportusagetodate"></a>`toDate` | [`ISO8601Date`](#iso8601date) | UTC end date of the period to report on. " \ "Defaults to the end of the month specified by `fromDate`. |
 | <a id="mutationrunnersexportusagetype"></a>`type` | [`CiRunnerType`](#cirunnertype) | Scope of the runners to include in the report. |
 
@@ -25854,7 +25854,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | <a id="projectcicdsettinginboundjobtokenscopeenabled"></a>`inboundJobTokenScopeEnabled` | [`Boolean`](#boolean) | Indicates CI/CD job tokens generated in other projects have restricted access to this project. |
 | <a id="projectcicdsettingjobtokenscopeenabled"></a>`jobTokenScopeEnabled` | [`Boolean`](#boolean) | Indicates CI/CD job tokens generated in this project have restricted access to other projects. |
 | <a id="projectcicdsettingkeeplatestartifact"></a>`keepLatestArtifact` | [`Boolean`](#boolean) | Whether to keep the latest builds artifacts. |
-| <a id="projectcicdsettingmergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Whether merge pipelines are enabled. |
+| <a id="projectcicdsettingmergepipelinesenabled"></a>`mergePipelinesEnabled` | [`Boolean`](#boolean) | Whether merged results pipelines are enabled. |
 | <a id="projectcicdsettingmergetrainsenabled"></a>`mergeTrainsEnabled` | [`Boolean`](#boolean) | Whether merge trains are enabled. |
 | <a id="projectcicdsettingmergetrainsskiptrainallowed"></a>`mergeTrainsSkipTrainAllowed` | [`Boolean!`](#boolean) | Whether merge immediately is allowed for merge trains. |
 | <a id="projectcicdsettingproject"></a>`project` | [`Project`](#project) | Project the CI/CD settings belong to. |
@@ -30859,6 +30859,7 @@ Member role permission.
 | ----- | ----------- |
 | <a id="memberrolepermissionadmin_group_member"></a>`ADMIN_GROUP_MEMBER` | Allows to admin group members. |
 | <a id="memberrolepermissionadmin_merge_request"></a>`ADMIN_MERGE_REQUEST` | Allows to approve merge requests. |
+| <a id="memberrolepermissionadmin_terraform_state"></a>`ADMIN_TERRAFORM_STATE` | Allows to admin terraform state. |
 | <a id="memberrolepermissionadmin_vulnerability"></a>`ADMIN_VULNERABILITY` | Allows admin access to the vulnerability reports. |
 | <a id="memberrolepermissionarchive_project"></a>`ARCHIVE_PROJECT` | Allows to archive projects. |
 | <a id="memberrolepermissionmanage_group_access_tokens"></a>`MANAGE_GROUP_ACCESS_TOKENS` | Allows manage access to the group access tokens. |
diff --git a/doc/api/member_roles.md b/doc/api/member_roles.md
index 2fd10d99fda..2bfbc29081f 100644
--- a/doc/api/member_roles.md
+++ b/doc/api/member_roles.md
@@ -19,6 +19,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - [Archive project introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/134998) in GitLab 16.7.
 > - [Delete project introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/139696) in GitLab 16.8.
 > - [Manage group access tokens introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140115) in GitLab 16.8.
+> - [Admin terraform state introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140759) in GitLab 16.8.
 
 FLAG:
 On self-managed GitLab, by default these features are not available. To make them available, an administrator can [enable the feature flags](../administration/feature_flags.md) named `admin_group_member` and `manage_project_access_tokens`.
@@ -46,6 +47,7 @@ If successful, returns [`200`](rest/index.md#status-codes) and the following res
 | `[].group_id`                      | integer | The ID of the group that the member role belongs to. |
 | `[].base_access_level`             | integer | Base access level for member role. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), or 50 (Owner).|
 | `[].admin_merge_request`           | boolean | Permission to admin project merge requests and enables the ability to `download_code`. |
+| `[].admin_terraform_state`         | boolean | Permission to admin project terraform state. |
 | `[].admin_vulnerability`           | boolean | Permission to admin project vulnerabilities. |
 | `[].read_code`                     | boolean | Permission to read project code. |
 | `[].read_dependency`               | boolean | Permission to read project dependencies. |
@@ -73,6 +75,7 @@ Example response:
     "group_id": 84,
     "base_access_level": 10,
     "admin_merge_request": false,
+    "admin_terraform_state": false,
     "admin_vulnerability": false,
     "read_code": true,
     "read_dependency": false,
@@ -88,8 +91,9 @@ Example response:
     "description: "Custom guest that read and admin security entities",
     "group_id": 84,
     "base_access_level": 10,
-    "admin_merge_request": false,
     "admin_vulnerability": true,
+    "admin_merge_request": false,
+    "admin_terraform_state": false,
     "read_code": false,
     "read_dependency": true,
     "read_vulnerability": true,
@@ -120,6 +124,7 @@ To add a member role to a group, the group must be at root-level (have no parent
 | `description`  | string         | no       | The description of the member role. |
 | `base_access_level` | integer   | yes      | Base access level for configured role. Valid values are 10 (Guest), 20 (Reporter), 30 (Developer), 40 (Maintainer), or 50 (Owner).|
 | `admin_merge_request` | boolean | no       | Permission to admin project merge requests. |
+| `admin_terraform_state` | boolean | no       | Permission to admin project terraform state. |
 | `admin_vulnerability` | boolean | no       | Permission to admin project vulnerabilities. |
 | `read_code`           | boolean | no       | Permission to read project code. |
 | `read_dependency`     | boolean | no       | Permission to read project dependencies. |
@@ -135,6 +140,7 @@ If successful, returns [`201`](rest/index.md#status-codes) and the following att
 | `group_id`               | integer | The ID of the group that the member role belongs to. |
 | `base_access_level`      | integer | Base access level for member role. |
 | `admin_merge_request`    | boolean | Permission to admin project merge requests. |
+| `admin_terraform_state`    | boolean | Permission to admin project terraform state. |
 | `admin_vulnerability`    | boolean | Permission to admin project vulnerabilities. |
 | `read_code`              | boolean | Permission to read project code. |
 | `read_dependency`        | boolean | Permission to read project dependencies. |
diff --git a/doc/api/projects.md b/doc/api/projects.md
index 33f05357876..257dd88a770 100644
--- a/doc/api/projects.md
+++ b/doc/api/projects.md
@@ -1538,7 +1538,7 @@ curl --request POST --header "PRIVATE-TOKEN: <your-token>" \
 | `jobs_enabled`                                                    | boolean | No                             | _(Deprecated)_ Enable jobs for this project. Use `builds_access_level` instead. |
 | `lfs_enabled`                                                     | boolean | No                             | Enable LFS. |
 | `merge_method`                                                    | string  | No                             | Set the [merge method](#project-merge-method) used. |
-| `merge_pipelines_enabled`                                         | boolean | No                             | Enable or disable merge pipelines. |
+| `merge_pipelines_enabled`                                         | boolean | No                             | Enable or disable merged results pipelines. |
 | `merge_requests_access_level`                                     | string  | No                             | One of `disabled`, `private`, or `enabled`. |
 | `merge_requests_enabled`                                          | boolean | No                             | _(Deprecated)_ Enable merge requests for this project. Use `merge_requests_access_level` instead. |
 | `merge_trains_enabled`                                            | boolean | No                             | Enable or disable merge trains. |
@@ -1739,7 +1739,7 @@ Supported attributes:
 | `lfs_enabled`                                                     | boolean           | No       | Enable LFS. |
 | `merge_commit_template`                                           | string            | No       | [Template](../user/project/merge_requests/commit_templates.md) used to create merge commit message in merge requests. _([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/20263) in GitLab 14.5.)_ |
 | `merge_method`                                                    | string            | No       | Set the [merge method](#project-merge-method) used. |
-| `merge_pipelines_enabled`                                         | boolean           | No       | Enable or disable merge pipelines. |
+| `merge_pipelines_enabled`                                         | boolean           | No       | Enable or disable merged results pipelines. |
 | `merge_requests_access_level`                                     | string            | No       | One of `disabled`, `private`, or `enabled`. |
 | `merge_requests_enabled`                                          | boolean           | No       | _(Deprecated)_ Enable merge requests for this project. Use `merge_requests_access_level` instead. |
 | `merge_requests_template` **(PREMIUM ALL)**                       | string            | No       | Default description for merge requests. Description is parsed with GitLab Flavored Markdown. See [Templates for issues and merge requests](#templates-for-issues-and-merge-requests). |
diff --git a/doc/api/statistics.md b/doc/api/statistics.md
index 8868f6d5190..fc0aa9a0b39 100644
--- a/doc/api/statistics.md
+++ b/doc/api/statistics.md
@@ -12,7 +12,8 @@ List the current statistics of the GitLab instance. You have to be an
 administrator to perform this action.
 
 NOTE:
-These statistics are approximate.
+These statistics show exact counts for values less than 10,000. For values of 10,000 and higher, these statistics show approximate data
+when [TablesampleCountStrategy](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/count/tablesample_count_strategy.rb?ref_type=heads#L16) and [ReltuplesCountStrategy](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/count/reltuples_count_strategy.rb?ref_type=heads) strategies are used for calculations.
 
 ```plaintext
 GET /application/statistics
diff --git a/doc/development/fe_guide/frontend_faq.md b/doc/development/fe_guide/frontend_faq.md
index b8e98b47cac..0ab64841365 100644
--- a/doc/development/fe_guide/frontend_faq.md
+++ b/doc/development/fe_guide/frontend_faq.md
@@ -202,3 +202,10 @@ To see what polyfills are being used:
 ### 9. Why is my page broken in dark mode?
 
 See [dark mode docs](dark_mode.md)
+
+### 10. How to render GitLab-flavored Markdown?
+
+If you need to render [GitLab-flavored Markdown](../gitlab_flavored_markdown/index.md), then there are two things that you require:
+
+- Pass the GLFM content with the `v-safe-html` directive to a `div` HTML element inside your Vue component
+- Add the `md` class to the root div, which will apply the appropriate CSS styling
diff --git a/doc/development/testing_guide/end_to_end/execution_context_selection.md b/doc/development/testing_guide/end_to_end/execution_context_selection.md
index f625dc466b9..f940cf289d9 100644
--- a/doc/development/testing_guide/end_to_end/execution_context_selection.md
+++ b/doc/development/testing_guide/end_to_end/execution_context_selection.md
@@ -48,6 +48,7 @@ Matches use:
 | The `nightly` and `canary` pipelines | `only: { pipeline: [:nightly, :canary] }` | ["nightly scheduled pipeline"](https://gitlab.com/gitlab-org/gitlab/-/pipeline_schedules) and ["canary"](https://gitlab.com/gitlab-org/quality/canary) |
 | The `ee:instance` job | `only: { job: 'ee:instance' }` | The `ee:instance` job in any pipeline |
 | Any `quarantine` job | `only: { job: '.*quarantine' }` | Any job ending in `quarantine` in any pipeline |
+| Local development environment | `only: :local` | Any environment where `Runtime::Env.running_in_ci?` is false |
 | Any run where condition evaluates to a truthy value | `only: { condition: -> { ENV['TEST_ENV'] == 'true' } }` | Any run where `TEST_ENV` is set to true
 
 ```ruby
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 6098a061917..0f18a1252d0 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -894,17 +894,15 @@ you can use the `MAVEN_CLI_OPTS` CI/CD variable.
 
 Read more on [how to use private Maven repositories](../index.md#using-private-maven-repositories).
 
-#### FIPS-enabled images
+### FIPS-enabled images
 
-> Introduced in GitLab 14.10. GitLab team members can view more information in this confidential issue:  `https://gitlab.com/gitlab-org/gitlab/-/issues/354796`
+> - Introduced in GitLab 14.10. GitLab team members can view more information in this confidential issue:  `https://gitlab.com/gitlab-org/gitlab/-/issues/354796`
+> - Introduced in GitLab 15.0 - Gemnasium uses FIPS-enabled images when FIPS mode is enabled.
 
 GitLab also offers [FIPS-enabled Red Hat UBI](https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image)
-versions of the Gemnasium images. You can therefore replace standard images with FIPS-enabled images.
-
-Gemnasium scanning jobs automatically use FIPS-enabled image when FIPS mode is enabled in the GitLab instance.
-([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/357922) in GitLab 15.0.)
-
-To manually switch to FIPS-enabled images, set the variable `DS_IMAGE_SUFFIX` to `"-fips"`.
+versions of the Gemnasium images. When FIPS mode is enabled in the GitLab instance, Gemnasium
+scanning jobs automatically use the FIPS-enabled images. To manually switch to FIPS-enabled images,
+set the variable `DS_IMAGE_SUFFIX` to `"-fips"`.
 
 Dependency scanning for Gradle projects and auto-remediation for Yarn projects are not supported in FIPS mode.
 
diff --git a/doc/user/project/pages/redirects.md b/doc/user/project/pages/redirects.md
index d13f30060e7..2b33e7dc343 100644
--- a/doc/user/project/pages/redirects.md
+++ b/doc/user/project/pages/redirects.md
@@ -26,7 +26,7 @@ are supported.
 | Rewrites (other than `200`)            | **{dotted-circle}** No  | `/en/* /en/404.html 404` |
 | Query parameters | **{dotted-circle}** No | `/store id=:id  /blog/:id  301` |
 | Force ([shadowing](https://docs.netlify.com/routing/redirects/rewrites-proxies/#shadowing)) | **{dotted-circle}** No | `/app/  /app/index.html  200!` |
-| Domain-level redirects | **{dotted-circle}** No | `http://blog.example.com/* https://www.example.com/blog/:splat 301` |
+| [Domain-level redirects](#domain-level-redirects) | **{check-circle}** Yes | `http://blog.example.com/* https://www.example.com/blog/:splat 301` |
 | Redirect by country or language | **{dotted-circle}** No | `/  /anz     302  Country=au,nz` |
 | Redirect by role | **{dotted-circle}** No | `/admin/*  200!  Role=admin` |
 
@@ -119,6 +119,30 @@ request matches the `from`:
 This status code can be used in combination with [splat rules](#splats) to dynamically
 rewrite the URL.
 
+## Domain-level redirects
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/936) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `FF_ENABLE_DOMAIN_REDIRECT`. Disabled by default.
+
+To create a domain-level redirect, add a domain-level path (beginning with `http://`
+or `https://`) to either:
+
+- The `to` path only.
+- The `from` and `to` paths.
+The supported [HTTP status codes](#http-status-codes) are `301` and `302`:
+
+```plaintext
+# 301 permanent redirect
+http://blog.example.com/file_1.html https://www.example.com/blog/file_1.html 301
+/file_2.html https://www.example.com/blog/file_2.html 301
+
+# 302 temporary redirect
+http://blog.example.com/file_3.html https://www.example.com/blog/file_3.html 302
+/file_4.html https://www.example.com/blog/file_4.html 302
+```
+
+Domain-level redirects can be used in combination with [splat rules](#splats) (including splat placeholders)
+to dynamically rewrite the URL path.
+
 ## Splats
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab-pages/-/merge_requests/458) in GitLab 14.3.
diff --git a/doc/user/project/repository/branches/index.md b/doc/user/project/repository/branches/index.md
index 1e52aaaa211..d6bcae57322 100644
--- a/doc/user/project/repository/branches/index.md
+++ b/doc/user/project/repository/branches/index.md
@@ -301,6 +301,8 @@ When you create a merge request, the workflow checks the name of the branch. If
 branch name matches the workflow, the merge request targets the branch you specify. If the branch name does not match, the merge request targets the
 default branch of the project.
 
+Rules are processed on a "first-match" basis - if two rules match the same branch name, the top-most rule is applied.
+
 Prerequisites:
 
 - You must have at least the Maintainer role.