Add latest changes from gitlab-org/gitlab@master

5 files changed, 132 insertions, 3 deletions

diff --git a/doc/administration/gitaly/configure_gitaly.md b/doc/administration/gitaly/configure_gitaly.md
index 88efd1885db..0fb285c50d6 100644
--- a/doc/administration/gitaly/configure_gitaly.md
+++ b/doc/administration/gitaly/configure_gitaly.md
@@ -300,7 +300,7 @@ disable enforcement. For more information, see the documentation on configuring
    ```toml
    listen_addr = '0.0.0.0:8075'
 
-   internal_socket_dir = '/var/opt/gitlab/gitaly'
+   runtime_dir = '/var/opt/gitlab/gitaly'
 
    [logging]
    format = 'json'
@@ -308,6 +308,9 @@ disable enforcement. For more information, see the documentation on configuring
    dir = '/var/log/gitaly'
    ```
 
+    For GitLab 14.9 and earlier, set `internal_socket_dir = '/var/opt/gitlab/gitaly'` instead
+    of `runtime_dir`.
+
 1. Append the following to `/home/git/gitaly/config.toml` for each respective Gitaly server:
 
    On `gitaly1.internal`:
diff --git a/doc/api/notes.md b/doc/api/notes.md
index 83631c70f8a..9b11494cf05 100644
--- a/doc/api/notes.md
+++ b/doc/api/notes.md
@@ -403,7 +403,7 @@ Parameters:
 | `merge_request_iid`     | integer        | yes      | The IID of a project merge request                                                                                           |
 | `body`                  | string         | yes      | The content of a note. Limited to 1,000,000 characters.                                                                      |
 | `created_at`            | string         | no       | Date time string, ISO 8601 formatted. Example: `2016-03-11T03:45:40Z` (requires administrator or project/group owner rights) |
-| `merge_request_diff_sha`| string         | no       | The SHA of the head commit which is used to ensure that the merge request hasn't been updated since the API request was sent. This is required for the /merge quick action |
+| `merge_request_diff_sha`| string         | no       | Required for the `/merge` [quick action](../user/project/quick_actions.md). The SHA of the head commit, which ensures the merge request wasn't updated after the API request was sent. |
 
 ### Modify existing merge request note
 
diff --git a/doc/cloud_seed/index.md b/doc/cloud_seed/index.md
new file mode 100644
index 00000000000..d4b8d040758
--- /dev/null
+++ b/doc/cloud_seed/index.md
@@ -0,0 +1,120 @@
+---
+stage: Release
+group: Incubation
+info: Cloud Seed (formerly 5mp) is a GitLab Incubation Engineering program. No technical writer assigned to this group.
+---
+
+# Cloud Seed
+
+Cloud Seed is an open-source program led
+by [GitLab Incubation Engineering](https://about.gitlab.com/handbook/engineering/incubation/) in collaboration with
+[Google Cloud](https://cloud.google.com/).
+
+Cloud Seed is in `private-testing` mode and is available to a select group of users. If you are interested in joining
+this group, please fill in
+the [Cloud Seed Trusted Testers invitation form](https://docs.google.com/forms/d/e/1FAIpQLSeJPtFE8Vpqs_YTAKkFK42p5mO9zIYA2jr_PiP2h32cs8R39Q/viewform)
+and we will reach out to you.
+
+## Purpose
+
+We believe that it should be **trivial** to deploy web applications (and other workloads) from GitLab to major cloud
+providers.
+
+To support this effort, Cloud Seed makes it simple and intuitive to consume appropriate Google Cloud services
+within GitLab.
+
+## Why Google Cloud
+
+*or Why not AWS or Azure?*
+
+Cloud Seed is an open-source program that can be extended by anyone, and we'd love to work with every major cloud
+provider. We chose to work with Google Cloud because their team is accessible, supportive, and collaborative in
+this effort.
+
+As an open-source project, [everyone can contribute](#contribute-to-cloud-seed) and shape our direction.
+
+## Deploy to Google Cloud Run
+
+After you have your web application in a GitLab project, follow these steps
+to deploy your application from GitLab to Google Cloud with Cloud Seed:
+
+1. [Set up deployment credentials](#set-up-deployment-credentials)
+1. (Optional) [Configure your preferred GCP region](#configure-your-preferred-gcp-region)
+1. [Configure the Cloud Run deployment pipeline](#configure-the-cloud-run-deployment-pipeline)
+
+### Set up deployment credentials
+
+Cloud Seed provides an interface to create Google Cloud Platform (GCP) service accounts from your GitLab project. The associated GCP project
+must be selected during the service account creation workflow. This process generates a service account, keys, and deployment permissions.
+
+To create a service account:
+
+1. Go to the `Project :: Infrastructure :: Google Cloud` page.
+1. Select **Create Service Account**.
+1. Follow the Google OAuth 2 workflow and authorize GitLab.
+1. Select your GCP project.
+1. Associate a Git reference (such as a branch or tag) for the selected GCP project.
+1. Submit the form to create the service account.
+
+The generated service account, service account key, and associated GCP project ID are stored in GitLab as project CI
+variables. You can review and manage these in the `Project :: Settings :: CI` page.
+
+The generated service account has the following roles:
+
+- `roles/iam.serviceAccountUser`
+- `roles/artifactregistry.admin`
+- `roles/cloudbuild.builds.builder`
+- `roles/run.admin`
+- `roles/storage.admin`
+- `roles/cloudsql.admin`
+- `roles/browser`
+
+You can enhance security by storing CI variables in secret managers. Learn more about [secret management with GitLab](../ci/secrets/index.md).
+
+### Configure your preferred GCP region
+
+When you configure GCP regions for your deployments, the list of regions offered is a subset of
+all GCP regions available.
+
+To configure a region:
+
+1. Go to the `Project :: Infrastructure :: Google Cloud` page.
+1. Select **Configure GCP Region**.
+1. Select your preferred GCP region.
+1. Associate a Git reference (such as a branch or tag) for the selected GCP region.
+1. Submit the form to configure the GCP region.
+
+The configured GCP region is stored in GitLab as a project CI variable. You can review and manage these in
+the `Project :: Settings :: CI` page.
+
+### Configure the Cloud Run deployment pipeline
+
+You can configure the Google Cloud Run deployment job in your pipeline. A typical use case for such
+a pipeline is continuous deployment of your web application.
+
+The project pipeline itself could have a broader purpose spanning across several stages, such as build, test, and secure.
+Therefore, the Cloud Run deployment offering comes packaged as one job that fits into a much larger pipeline.
+
+To configure the Cloud Run deployment pipeline:
+
+1. Go to the `Project :: Infrastructure :: Google Cloud` page.
+1. Go to the `Deployments` tab.
+1. For `Cloud Run`, select **Configure via Merge Request**.
+1. Review the changes and submit to create a merge request.
+
+This creates a new branch with the Cloud Run deployment pipeline (or injected into an existing pipeline)
+and creates an associated merge request where the changes and deployment pipeline execution can be reviewed and merged
+into the main branch.
+
+## Contribute to Cloud Seed
+
+There are several ways you can contribute to Cloud Seed:
+
+- [Become a Cloud Seed user](https://docs.google.com/forms/d/e/1FAIpQLSeJPtFE8Vpqs_YTAKkFK42p5mO9zIYA2jr_PiP2h32cs8R39Q/viewform)
+  in GitLab
+  and [share feedback](https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/feedback/-/issues/new?template=general_feedback).
+- If you are familiar with Ruby on Rails or Vue.js,
+  consider [contributing to GitLab](../development/contributing/index.md) as a developer.
+  - Much of Cloud Seed is an internal module within the GitLab code base.
+- If you are familiar with GitLab pipelines, consider contributing to
+  the [Cloud Seed Library](https://gitlab.com/gitlab-org/incubation-engineering/five-minute-production/library) project.
diff --git a/doc/topics/release_your_application.md b/doc/topics/release_your_application.md
index 7ed227adcac..c791b1f7185 100644
--- a/doc/topics/release_your_application.md
+++ b/doc/topics/release_your_application.md
@@ -64,3 +64,8 @@ Use GitLab [Releases](../user/project/releases/index.md) to plan, build, and del
 ### Feature flags
 
 Use [feature flags](../operations/feature_flags.md) to control and strategically rollout application deployments.
+
+## Deploy to Google Cloud
+
+GitLab [Cloud Seed](../cloud_seed/index.md) is an open-source Incubation Engineering program that 
+enables you to set up deployment credentials and deploy your application to Google Cloud Run with minimal friction.
diff --git a/doc/user/application_security/iac_scanning/index.md b/doc/user/application_security/iac_scanning/index.md
index b72f54b4493..67ecbd094e8 100644
--- a/doc/user/application_security/iac_scanning/index.md
+++ b/doc/user/application_security/iac_scanning/index.md
@@ -41,9 +41,10 @@ GitLab IaC scanning supports a variety of IaC configuration files. Our IaC secur
 | Google Deployment Manager                | [KICS](https://kics.io/)         | 14.5                          |
 | Kubernetes                               | [KICS](https://kics.io/)         | 14.5                          |
 | OpenAPI                                  | [KICS](https://kics.io/)         | 14.5                          |
-| Terraform                                | [KICS](https://kics.io/)         | 14.5                          |
+| Terraform <sup>2</sup>                   | [KICS](https://kics.io/)         | 14.5                          |
 
 1. IaC scanning can analyze Azure Resource Manager templates in JSON format. If you write templates in the [Bicep](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/overview) language, you must use [the bicep CLI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-cli) to convert your Bicep files into JSON before GitLab IaC scanning can analyze them.
+1. Terraform modules in a custom registry are not scanned for vulnerabilities. You can follow [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/357004) for the proposed feature. 
 
 ### Making IaC analyzers available to all GitLab tiers