18 files changed, 94 insertions, 38 deletions

diff --git a/GITALY_SERVER_VERSION b/GITALY_SERVER_VERSION
index cb64edcf9aa..bbac90ce56c 100644
--- a/GITALY_SERVER_VERSION
+++ b/GITALY_SERVER_VERSION
@@ -1 +1 @@
-67a5d6727d2ee6b4c50fcee9c3b9be5a8b528e42
+933db61fb6cd67139730d83ff2170624986d30e5
diff --git a/app/assets/javascripts/header_search/index.js b/app/assets/javascripts/header_search/index.js
index f6963263725..766d4066e6a 100644
--- a/app/assets/javascripts/header_search/index.js
+++ b/app/assets/javascripts/header_search/index.js
@@ -11,7 +11,7 @@ export const initHeaderSearchApp = (search = '') => {
   const el = document.getElementById('js-header-search');
   const headerEl = document.querySelector('.header-content');
 
-  if (!el && !headerEl) {
+  if (!el || !headerEl) {
     return false;
   }
 
diff --git a/app/assets/javascripts/issues/show/components/header_actions.vue b/app/assets/javascripts/issues/show/components/header_actions.vue
index f8c323fccae..229bc473db7 100644
--- a/app/assets/javascripts/issues/show/components/header_actions.vue
+++ b/app/assets/javascripts/issues/show/components/header_actions.vue
@@ -20,7 +20,7 @@ import {
   NEW_ACTIONS_POPOVER_KEY,
 } from '~/issues/show/constants';
 import { capitalizeFirstCharacter } from '~/lib/utils/text_utility';
-import { getCookie, parseBoolean, setCookie } from '~/lib/utils/common_utils';
+import { getCookie, parseBoolean, setCookie, isLoggedIn } from '~/lib/utils/common_utils';
 import { visitUrl } from '~/lib/utils/url_utility';
 import { s__, __, sprintf } from '~/locale';
 import eventHub from '~/notes/event_hub';
@@ -137,6 +137,7 @@ export default {
   data() {
     return {
       isReportAbuseDrawerOpen: false,
+      isUserSignedIn: isLoggedIn(),
     };
   },
   apollo: {
@@ -204,7 +205,11 @@ export default {
     },
     hasDesktopDropdown() {
       return (
-        this.canCreateIssue || this.canPromoteToEpic || !this.isIssueAuthor || this.canReportSpam
+        this.canCreateIssue ||
+        this.canPromoteToEpic ||
+        !this.isIssueAuthor ||
+        this.canReportSpam ||
+        this.issuableReference
       );
     },
     hasMobileDropdown() {
@@ -219,7 +224,10 @@ export default {
       return this.glFeatures.movedMrSidebar;
     },
     showLockIssueOption() {
-      return this.isMrSidebarMoved && this.issueType === TYPE_ISSUE;
+      return this.isMrSidebarMoved && this.issueType === TYPE_ISSUE && this.isUserSignedIn;
+    },
+    showMovedSidebarOptions() {
+      return this.isMrSidebarMoved && this.isUserSignedIn;
     },
   },
   created() {
@@ -336,7 +344,7 @@ export default {
       data-testid="mobile-dropdown"
       :loading="isToggleStateButtonLoading"
     >
-      <template v-if="isMrSidebarMoved">
+      <template v-if="showMovedSidebarOptions">
         <sidebar-subscriptions-widget
           :iid="String(iid)"
           :full-path="fullPath"
@@ -375,7 +383,7 @@ export default {
           >{{ $options.i18n.copyReferenceText }}</gl-dropdown-item
         >
         <gl-dropdown-item
-          v-if="issuableEmailAddress"
+          v-if="issuableEmailAddress && showMovedSidebarOptions"
           :data-clipboard-text="issuableEmailAddress"
           data-testid="copy-email"
           @click="copyEmailAddress"
@@ -401,7 +409,7 @@ export default {
         </gl-dropdown-item>
       </template>
       <gl-dropdown-item
-        v-if="!isIssueAuthor"
+        v-if="!isIssueAuthor && isUserSignedIn"
         data-testid="report-abuse-item"
         @click="toggleReportAbuseDrawer(true)"
       >
@@ -449,7 +457,7 @@ export default {
       right
       @shown="dismissPopover"
     >
-      <template v-if="isMrSidebarMoved">
+      <template v-if="showMovedSidebarOptions">
         <sidebar-subscriptions-widget
           :iid="String(iid)"
           :full-path="fullPath"
@@ -460,7 +468,7 @@ export default {
         <gl-dropdown-divider />
       </template>
 
-      <gl-dropdown-item v-if="canCreateIssue" :href="newIssuePath">
+      <gl-dropdown-item v-if="canCreateIssue && isUserSignedIn" :href="newIssuePath">
         {{ newIssueTypeText }}
       </gl-dropdown-item>
       <gl-dropdown-item
@@ -482,7 +490,7 @@ export default {
           >{{ $options.i18n.copyReferenceText }}</gl-dropdown-item
         >
         <gl-dropdown-item
-          v-if="issuableEmailAddress"
+          v-if="issuableEmailAddress && showMovedSidebarOptions"
           :data-clipboard-text="issuableEmailAddress"
           data-testid="copy-email"
           @click="copyEmailAddress"
@@ -509,7 +517,7 @@ export default {
         </gl-dropdown-item>
       </template>
       <gl-dropdown-item
-        v-if="!isIssueAuthor"
+        v-if="!isIssueAuthor && isUserSignedIn"
         data-testid="report-abuse-item"
         @click="toggleReportAbuseDrawer(true)"
       >
diff --git a/app/assets/javascripts/super_sidebar/components/menu_section.vue b/app/assets/javascripts/super_sidebar/components/menu_section.vue
index 93c249dffeb..2fbdc5dc7e4 100644
--- a/app/assets/javascripts/super_sidebar/components/menu_section.vue
+++ b/app/assets/javascripts/super_sidebar/components/menu_section.vue
@@ -71,7 +71,7 @@ export default {
   <component :is="tag">
     <hr v-if="separated" aria-hidden="true" class="gl-mx-4 gl-my-2" />
     <button
-      class="gl-rounded-base gl-relative gl-display-flex gl-align-items-center gl-mb-1 gl-py-3 gl-px-0 gl-line-height-normal gl-text-black-normal! gl-hover-bg-t-gray-a-08 gl-focus-bg-t-gray-a-08 gl-text-decoration-none! gl-appearance-none gl-border-0 gl-bg-transparent gl-text-left gl-w-full gl-focus--focus"
+      class="gl-rounded-base gl-relative gl-display-flex gl-align-items-center gl-mb-2 gl-py-2 gl-px-0 gl-text-black-normal! gl-hover-bg-t-gray-a-08 gl-focus-bg-t-gray-a-08 gl-text-decoration-none! gl-appearance-none gl-border-0 gl-bg-transparent gl-text-left gl-w-full gl-focus--focus"
       :class="computedLinkClasses"
       data-qa-selector="menu_section_button"
       :data-qa-section-name="item.title"
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 0e7fca65208..a63159dc4af 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -761,7 +761,6 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
   before_validation :ensure_uuid!
   before_validation :coerce_repository_storages_weighted, if: :repository_storages_weighted_changed?
   before_validation :normalize_default_branch_name
-  before_validation :remove_old_import_sources
 
   before_save :ensure_runners_registration_token
   before_save :ensure_health_check_access_token
@@ -805,10 +804,6 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
     users_count >= INSTANCE_REVIEW_MIN_USERS
   end
 
-  def remove_old_import_sources
-    self.import_sources -= %w[phabricator gitlab] if self.import_sources
-  end
-
   Recursion = Class.new(RuntimeError)
 
   def self.create_from_defaults
diff --git a/db/post_migrate/20230512104238_add_audit_events_group_index.rb b/db/post_migrate/20230512104238_add_audit_events_group_index.rb
new file mode 100644
index 00000000000..d1d7e5f26fc
--- /dev/null
+++ b/db/post_migrate/20230512104238_add_audit_events_group_index.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class AddAuditEventsGroupIndex < Gitlab::Database::Migration[2.1]
+  include Gitlab::Database::PartitioningMigrationHelpers
+
+  TABLE_NAME = :audit_events
+  COLUMN_NAMES = [:entity_id, :entity_type, :created_at, :id]
+  INDEX_NAME = 'index_audit_events_on_entity_id_and_entity_type_and_created_at'
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_partitioned_index(TABLE_NAME, COLUMN_NAMES, name: INDEX_NAME)
+  end
+
+  def down
+    remove_concurrent_partitioned_index_by_name(TABLE_NAME, INDEX_NAME)
+  end
+end
diff --git a/db/schema_migrations/20230512104238 b/db/schema_migrations/20230512104238
new file mode 100644
index 00000000000..7147448d13e
--- /dev/null
+++ b/db/schema_migrations/20230512104238
@@ -0,0 +1 @@
+db35cec0252dc30e2de62c9d61c0230d603f5714a986412d8a5ebdc2d9c0a1d5
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index a23d01c628e..50b15accfc5 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -29822,6 +29822,8 @@ CREATE UNIQUE INDEX index_atlassian_identities_on_extern_uid ON atlassian_identi
 
 CREATE UNIQUE INDEX index_audit_events_external_audit_on_verification_token ON audit_events_external_audit_event_destinations USING btree (verification_token);
 
+CREATE INDEX index_audit_events_on_entity_id_and_entity_type_and_created_at ON ONLY audit_events USING btree (entity_id, entity_type, created_at, id);
+
 CREATE INDEX index_authentication_events_on_provider ON authentication_events USING btree (provider);
 
 CREATE INDEX index_authentication_events_on_user_and_ip_address_and_result ON authentication_events USING btree (user_id, ip_address, result);
diff --git a/doc/administration/gitaly/index.md b/doc/administration/gitaly/index.md
index 359d4ef90dc..d5d022ecaba 100644
--- a/doc/administration/gitaly/index.md
+++ b/doc/administration/gitaly/index.md
@@ -481,8 +481,7 @@ You can [monitor distribution of reads](monitoring.md#monitor-gitaly-cluster) us
 
 #### Strong consistency
 
-> - In GitLab 13.6 to 13.12, strong consistency must be manually configured. Refer to [the 13.12 documentation](https://docs.gitlab.com/13.12/ee/administration/gitaly/praefect.html#strong-consistency).
-> - In GitLab 14.0, strong consistency is the primary replication method.
+> In GitLab 14.0, strong consistency is the primary replication method.
 
 Gitaly Cluster provides strong consistency by writing changes synchronously to all healthy, up-to-date replicas. If a
 replica is outdated or unhealthy at the time of the transaction, the write is asynchronously replicated to it.
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index 3f8a3b6cb83..b4373c20aa0 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -55,7 +55,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="queryaimessagesrequestids"></a>`requestIds` | [`[ID!]`](#id) | Array of request IDs to fetch. |
-| <a id="queryaimessagesroles"></a>`roles` | [`[AiCachedMessageRole!]`](#aicachedmessagerole) | Array of request IDs to fetch. |
+| <a id="queryaimessagesroles"></a>`roles` | [`[AiCachedMessageRole!]`](#aicachedmessagerole) | Array of roles to fetch. |
 
 ### `Query.boardList`
 
@@ -11783,7 +11783,7 @@ Information about a connected Agent.
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="aicachedmessagetypecontent"></a>`content` | [`String`](#string) | Content of the message. Can be null for user requests or failed responses. |
-| <a id="aicachedmessagetypeerrors"></a>`errors` | [`[String!]!`](#string) | Errors that occurred while asynchronously fetching an AI(assistant) response. |
+| <a id="aicachedmessagetypeerrors"></a>`errors` | [`[String!]!`](#string) | Errors that occurred while asynchronously fetching an AI (assistant) response. |
 | <a id="aicachedmessagetypeid"></a>`id` | [`ID`](#id) | UUID of the message. |
 | <a id="aicachedmessagetyperequestid"></a>`requestId` | [`ID`](#id) | UUID of the original request message. |
 | <a id="aicachedmessagetyperole"></a>`role` | [`AiCachedMessageRole!`](#aicachedmessagerole) | Message role. |
@@ -23973,7 +23973,7 @@ Roles to filter in chat message.
 
 | Value | Description |
 | ----- | ----------- |
-| <a id="aicachedmessageroleassistant"></a>`ASSISTANT` | Filter only AI responses. |
+| <a id="aicachedmessageroleassistant"></a>`ASSISTANT` | Filter only assistant messages. |
 | <a id="aicachedmessageroleuser"></a>`USER` | Filter only user messages. |
 
 ### `AlertManagementAlertSort`
diff --git a/doc/development/fe_guide/source_editor.md b/doc/development/fe_guide/source_editor.md
index 45ec3ba1464..943ac2969f3 100644
--- a/doc/development/fe_guide/source_editor.md
+++ b/doc/development/fe_guide/source_editor.md
@@ -210,7 +210,7 @@ export default {
 
 In the code example, `this` refers to the instance. By referring to the instance,
 we can access the complete underlying
-[Monaco editor API](https://microsoft.github.io/monaco-editor/api/),
+[Monaco editor API](https://microsoft.github.io/monaco-editor/docs.html),
 which includes functions like `getValue()`.
 
 Now let's use our extension:
diff --git a/doc/tutorials/build_application.md b/doc/tutorials/build_application.md
index 2e0130e46ca..cbeeb7a614f 100644
--- a/doc/tutorials/build_application.md
+++ b/doc/tutorials/build_application.md
@@ -30,3 +30,4 @@ Use GitLab Pages to publish a static website directly from your project.
 |-------|-------------|--------------------|
 | [Create a Pages website from a CI/CD template](../user/project/pages/getting_started/pages_ci_cd_template.md) | Quickly generate a Pages website for your project using a CI/CD template for a popular Static Site Generator (SSG). | **{star}** |
 | [Create a Pages website from scratch](../user/project/pages/getting_started/pages_from_scratch.md) | Create all the components of a Pages website from a blank project. | |
+| [Build, test, and deploy your Hugo site with GitLab](/ee/tutorials/hugo/index.md) | Generate your Hugo site using a CI/CD template and GitLab Pages. | **{star}** |
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md
index 7a82f98425a..042ed0190c4 100644
--- a/doc/user/application_security/container_scanning/index.md
+++ b/doc/user/application_security/container_scanning/index.md
@@ -220,7 +220,7 @@ The `CS_DISABLE_LANGUAGE_VULNERABILITY_SCAN` CI/CD variable controls whether the
 findings related to programming languages. The languages supported depend on the
 [scanner used](#change-scanners):
 
-- [Trivy](https://aquasecurity.github.io/trivy/latest/docs/vulnerability/detection/language/).
+- [Trivy](https://aquasecurity.github.io/trivy/v0.41/docs/scanner/vulnerability/language/)
 - [Grype](https://github.com/anchore/grype#features).
 
 By default, the report only includes packages managed by the Operating System (OS) package manager
diff --git a/doc/user/clusters/agent/install/index.md b/doc/user/clusters/agent/install/index.md
index 1bcbb42fc8e..e91bcd6e330 100644
--- a/doc/user/clusters/agent/install/index.md
+++ b/doc/user/clusters/agent/install/index.md
@@ -144,7 +144,7 @@ When [KAS](../../../../administration/clusters/kas.md) is behind a self-signed c
 you can set the value of `config.caCert` to the certificate. For example:
 
 ```shell
-helm update --install gitlab-agent gitlab/gitlab-agent \
+helm upgrade --install gitlab-agent gitlab/gitlab-agent \
   --set-file config.caCert=my-custom-ca.pem
 ```
 
diff --git a/doc/user/group/saml_sso/example_saml_config.md b/doc/user/group/saml_sso/example_saml_config.md
index 524a5d5a9bd..f2db36e80b1 100644
--- a/doc/user/group/saml_sso/example_saml_config.md
+++ b/doc/user/group/saml_sso/example_saml_config.md
@@ -58,7 +58,7 @@ Attribute mapping:
 NOTE:
 Using the **Group ID** source attribute requires users to enter the group ID or object ID when configuring SAML group links. If available, use the **sAMAccountName** source attribute for the friendly group name instead.
 
-[Azure AD limits the number of groups that can be sent in a SAML response to 150](https://support.esri.com/en-us/knowledge-base/000022190'). If a user is a member of more than 150 groups, Azure does not include that user's group claim in the SAML response.
+[Azure AD limits the number of groups that can be sent in a SAML response to 150](https://support.esri.com/en-us/knowledge-base/000022190). If a user is a member of more than 150 groups, Azure does not include that user's group claim in the SAML response.
 
 ## Google Workspace
 
diff --git a/spec/features/incidents/user_views_incident_spec.rb b/spec/features/incidents/user_views_incident_spec.rb
index 0265960fce7..8739c99bdd0 100644
--- a/spec/features/incidents/user_views_incident_spec.rb
+++ b/spec/features/incidents/user_views_incident_spec.rb
@@ -18,6 +18,7 @@ RSpec.describe "User views incident", feature_category: :incident_management do
 
   before do
     sign_in(user)
+    stub_feature_flags(moved_mr_sidebar: false)
 
     visit(incident_project_issues_path(project, incident))
   end
diff --git a/spec/frontend/issues/show/components/header_actions_spec.js b/spec/frontend/issues/show/components/header_actions_spec.js
index a5ba512434c..c14da65a236 100644
--- a/spec/frontend/issues/show/components/header_actions_spec.js
+++ b/spec/frontend/issues/show/components/header_actions_spec.js
@@ -134,6 +134,7 @@ describe('HeaderActions component', () => {
     .mockResolvedValue(promoteToEpicMutationErrorResponse);
 
   const mountComponent = ({
+    isLoggedIn = true,
     props = {},
     issueState = STATUS_OPEN,
     blockedByIssues = [],
@@ -151,6 +152,10 @@ describe('HeaderActions component', () => {
       [promoteToEpicMutation, promoteToEpicHandler],
     ];
 
+    if (isLoggedIn) {
+      window.gon.current_user_id = 1;
+    }
+
     return shallowMount(HeaderActions, {
       apolloProvider: createMockApollo(handlers),
       store,
@@ -648,4 +653,40 @@ describe('HeaderActions component', () => {
       });
     });
   });
+
+  describe('when logged out', () => {
+    describe.each`
+      movedMrSidebarEnabled | issueType        | headerActionsVisible
+      ${true}               | ${TYPE_ISSUE}    | ${true}
+      ${true}               | ${TYPE_INCIDENT} | ${true}
+      ${false}              | ${TYPE_ISSUE}    | ${false}
+      ${false}              | ${TYPE_INCIDENT} | ${false}
+    `(
+      `with movedMrSidebarEnabled flag is "$movedMrSidebarEnabled" with issue type "$issueType"`,
+      ({ movedMrSidebarEnabled, issueType, headerActionsVisible }) => {
+        beforeEach(async () => {
+          wrapper = mountComponent({
+            props: {
+              issueType,
+              canCreateIssue: false,
+              canPromoteToEpic: false,
+              canReportSpam: false,
+            },
+            movedMrSidebarEnabled,
+            isLoggedIn: false,
+          });
+
+          await waitForPromises();
+        });
+
+        it(`${headerActionsVisible ? 'shows' : 'hides'} headers actions`, () => {
+          expect(findDesktopDropdown().exists()).toBe(headerActionsVisible);
+          expect(findCopyRefenceDropdownItem().exists()).toBe(headerActionsVisible);
+          expect(findNotificationWidget().exists()).toBe(false);
+          expect(findReportAbuseSelectorItem().exists()).toBe(false);
+          expect(findLockIssueWidget().exists()).toBe(false);
+        });
+      },
+    );
+  });
 });
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 9ecb0c6f75b..e6f99842621 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -320,17 +320,6 @@ RSpec.describe ApplicationSetting, feature_category: :shared, type: :model do
       end
     end
 
-    context 'import_sources validation' do
-      before do
-        subject.import_sources = %w[github bitbucket gitlab git gitlab_project gitea manifest phabricator]
-      end
-
-      it 'removes phabricator as an import source' do
-        subject.validate
-        expect(subject.import_sources).to eq(%w[github bitbucket git gitlab_project gitea manifest])
-      end
-    end
-
     context 'grafana_url validations' do
       before do
         subject.instance_variable_set(:@parsed_grafana_url, nil)