21 files changed, 249 insertions, 95 deletions

diff --git a/Gemfile b/Gemfile
index be3b46f09d0..fb8cb8cc540 100644
--- a/Gemfile
+++ b/Gemfile
@@ -240,7 +240,7 @@ gem 'rack', '~> 2.2.8' # rubocop:todo Gemfile/MissingFeatureCategory
 gem 'rack-timeout', '~> 0.6.3', require: 'rack/timeout/base' # rubocop:todo Gemfile/MissingFeatureCategory
 
 group :puma do
-  gem 'puma', '~> 6.4', require: false # rubocop:todo Gemfile/MissingFeatureCategory
+  gem 'puma', '~> 6.4.1', require: false, feature_category: :shared
   gem 'sd_notify', '~> 0.1.0', require: false # rubocop:todo Gemfile/MissingFeatureCategory
 end
 
@@ -387,7 +387,7 @@ gem 'snowplow-tracker', '~> 0.8.0' # rubocop:todo Gemfile/MissingFeatureCategory
 
 # Metrics
 gem 'webrick', '~> 1.8.1', require: false # rubocop:todo Gemfile/MissingFeatureCategory
-gem 'prometheus-client-mmap', '~> 1.0', '>= 1.0.2', require: 'prometheus/client' # rubocop:todo Gemfile/MissingFeatureCategory
+gem 'prometheus-client-mmap', '~> 1.1', require: 'prometheus/client' # rubocop:todo Gemfile/MissingFeatureCategory
 
 gem 'warning', '~> 1.3.0' # rubocop:todo Gemfile/MissingFeatureCategory
 
diff --git a/Gemfile.checksum b/Gemfile.checksum
index 81df2b4c75e..6c9960372e7 100644
--- a/Gemfile.checksum
+++ b/Gemfile.checksum
@@ -457,11 +457,11 @@
 {"name":"prime","version":"0.1.2","platform":"ruby","checksum":"d4e956cadfaf04de036dc7dc74f95bf6a285a62cc509b28b7a66b245d19fe3a4"},
 {"name":"prism","version":"0.19.0","platform":"ruby","checksum":"47f17ea8c0b35d051de183608f9bb7e29fa0ced37f3fcc5550542896734c3b62"},
 {"name":"proc_to_ast","version":"0.1.0","platform":"ruby","checksum":"92a73fa66e2250a83f8589f818b0751bcf227c68f85916202df7af85082f8691"},
-{"name":"prometheus-client-mmap","version":"1.0.2","platform":"aarch64-linux","checksum":"1cec0954f54e47760f56c4fb9cf98de30e5a80f1a803726239590d008c976847"},
-{"name":"prometheus-client-mmap","version":"1.0.2","platform":"arm64-darwin","checksum":"a9911e1963bbdb170f07af125efa2f1fb38aa6f49b442ac31abd2e13cf3599b4"},
-{"name":"prometheus-client-mmap","version":"1.0.2","platform":"ruby","checksum":"f88ef1d375f24b651970bef567101a53edcedd1f5c21922c0c0b3fbec623def5"},
-{"name":"prometheus-client-mmap","version":"1.0.2","platform":"x86_64-darwin","checksum":"17b6266135394fa187d939ab900263837f8b50240ea4fd7946d6ede825511e00"},
-{"name":"prometheus-client-mmap","version":"1.0.2","platform":"x86_64-linux","checksum":"f03c746b1afbd583902e249b347297a8065ec0db06dae61da4c9952dcedc65d5"},
+{"name":"prometheus-client-mmap","version":"1.1.0","platform":"aarch64-linux","checksum":"c6e6f0c01372cc328a009982645f20d2cbd912d4b2cf1e0318a422def57f8e7f"},
+{"name":"prometheus-client-mmap","version":"1.1.0","platform":"arm64-darwin","checksum":"97e05aada483d2dbb530dee330b769068f8fde98e9ed00a80762e3f15a9e54a9"},
+{"name":"prometheus-client-mmap","version":"1.1.0","platform":"ruby","checksum":"6bd3d7ed398259202c4fbe9c857b45e7f00cb8e8f26f766afb992a3e8920b1a6"},
+{"name":"prometheus-client-mmap","version":"1.1.0","platform":"x86_64-darwin","checksum":"8e213d143d2f058a39d948c2b34e962c71c8c5301cd71a289ca5a002e81fd3bc"},
+{"name":"prometheus-client-mmap","version":"1.1.0","platform":"x86_64-linux","checksum":"1e768e262fbbfd445d097f9b79028cbef35dd6fb4d7733096bceadedaa7c01ab"},
 {"name":"protocol","version":"2.0.0","platform":"ruby","checksum":"dcd7c509e53b8cd6284e965a2e2e71d5291ca9e2d50acfa3d7ee0561c0df16b9"},
 {"name":"pry","version":"0.14.2","platform":"java","checksum":"fd780670977ba04ff7ee32dabd4d02fe4bf02e977afe8809832d5dca1412862e"},
 {"name":"pry","version":"0.14.2","platform":"ruby","checksum":"c4fe54efedaca1d351280b45b8849af363184696fcac1c72e0415f9bdac4334d"},
@@ -469,8 +469,8 @@
 {"name":"pry-rails","version":"0.3.9","platform":"ruby","checksum":"468662575abb6b67f4a9831219f99290d5eae7bf186e64dd810d0a3e4a8cc4b1"},
 {"name":"pry-shell","version":"0.6.4","platform":"ruby","checksum":"ad024882d29912b071a7de65ebea538b242d2dc1498c60c7c2352ef94769f208"},
 {"name":"public_suffix","version":"5.0.0","platform":"ruby","checksum":"26ee4fbce33ada25eb117ac71f2c24bf4d8b3414ab6b34f05b4708a3e90f1c6b"},
-{"name":"puma","version":"6.4.0","platform":"java","checksum":"eb27679e9e665882bab85dfa84704b0615b4f77cec46de014f05b90a5ab36cfe"},
-{"name":"puma","version":"6.4.0","platform":"ruby","checksum":"d5dda11362744df9f4694708a62e3cfddf72eba7498c16016ebbb30f106712f9"},
+{"name":"puma","version":"6.4.1","platform":"java","checksum":"a69eea2af807ab4165850c57aafa2a7b1360199e6ae173de00dde2e0fc7e5635"},
+{"name":"puma","version":"6.4.1","platform":"ruby","checksum":"278512793a0d3e2460a27ed5370b3d1f7bcd195eae09b355679179bc333f1524"},
 {"name":"pyu-ruby-sasl","version":"0.0.3.3","platform":"ruby","checksum":"5683a6bc5738db5a1bf5ceddeaf545405fb241b4184dd4f2587e679a7e9497e5"},
 {"name":"raabro","version":"1.4.0","platform":"ruby","checksum":"d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882"},
 {"name":"racc","version":"1.6.2","platform":"java","checksum":"0880781e7dfde09e665d0b6160b583e01ed52fcc2955d7891447d33c2d1d2cf1"},
@@ -495,7 +495,7 @@
 {"name":"rake","version":"13.0.6","platform":"ruby","checksum":"5ce4bf5037b4196c24ac62834d8db1ce175470391026bd9e557d669beeb19097"},
 {"name":"rb-fsevent","version":"0.11.2","platform":"ruby","checksum":"43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe"},
 {"name":"rb-inotify","version":"0.10.1","platform":"ruby","checksum":"050062d4f31d307cca52c3f6a7f4b946df8de25fc4bd373e1a5142e41034a7ca"},
-{"name":"rb_sys","version":"0.9.83","platform":"ruby","checksum":"0ed80df79aa08b942af731d93a676f2d885428267f2fbf138f9b6b7809c6455e"},
+{"name":"rb_sys","version":"0.9.86","platform":"ruby","checksum":"65d35ad5f2f2e7257607310186d6a178f34d0fee807d3b1af5611db6a5503a8c"},
 {"name":"rbtrace","version":"0.4.14","platform":"ruby","checksum":"162bbf89cecabfc4f09c869b655f6f3a679c4870ebb7cbdcadf7393a81cc1769"},
 {"name":"rbtree","version":"0.4.6","platform":"ruby","checksum":"14eea4469b24fd2472542e5f3eb105d6344c8ccf36f0b56d55fdcfeb4e0f10fc"},
 {"name":"rchardet","version":"1.8.0","platform":"ruby","checksum":"693acd5253d5ade81a51940697955f6dd4bb2f0d245bda76a8e23deec70a52c7"},
diff --git a/Gemfile.lock b/Gemfile.lock
index b2e8f6c95b8..cb49d098cdf 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1262,8 +1262,8 @@ GEM
       coderay
       parser
       unparser
-    prometheus-client-mmap (1.0.2)
-      rb_sys (~> 0.9)
+    prometheus-client-mmap (1.1.0)
+      rb_sys (~> 0.9.86)
     protocol (2.0.0)
       ruby_parser (~> 3.0)
     pry (0.14.2)
@@ -1279,7 +1279,7 @@ GEM
       tty-markdown
       tty-prompt
     public_suffix (5.0.0)
-    puma (6.4.0)
+    puma (6.4.1)
       nio4r (~> 2.0)
     pyu-ruby-sasl (0.0.3.3)
     raabro (1.4.0)
@@ -1344,7 +1344,7 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rb_sys (0.9.83)
+    rb_sys (0.9.86)
     rbtrace (0.4.14)
       ffi (>= 1.0.6)
       msgpack (>= 0.4.3)
@@ -2025,11 +2025,11 @@ DEPENDENCIES
   pg_query (~> 4.2.3)
   png_quantizator (~> 0.2.1)
   premailer-rails (~> 1.10.3)
-  prometheus-client-mmap (~> 1.0, >= 1.0.2)
+  prometheus-client-mmap (~> 1.1)
   pry-byebug
   pry-rails (~> 0.3.9)
   pry-shell (~> 0.6.4)
-  puma (~> 6.4)
+  puma (~> 6.4.1)
   rack (~> 2.2.8)
   rack-attack (~> 6.7.0)
   rack-cors (~> 2.0.1)
@@ -2126,4 +2126,4 @@ DEPENDENCIES
   yajl-ruby (~> 1.4.3)
 
 BUNDLED WITH
-   2.4.22
+   2.5.4
diff --git a/app/assets/javascripts/editor/schema/ci.json b/app/assets/javascripts/editor/schema/ci.json
index 63c1ccb36da..7cedd00e491 100644
--- a/app/assets/javascripts/editor/schema/ci.json
+++ b/app/assets/javascripts/editor/schema/ci.json
@@ -735,6 +735,30 @@
                 }
               ]
             },
+            "gcp_secret_manager": {
+              "type": "object",
+              "markdownDescription": "Defines the secret version to be fetched from GCP Secret Manager. Name refers to the secret name in GCP secret manager. Version refers to the desired secret version (defaults to 'latest').",
+              "properties": {
+                "name": {
+                  "type": "string"
+                },
+                "version": {
+                  "oneOf": [
+                    {
+                      "type": "string"
+                    },
+                    {
+                      "type": "integer"
+                    }
+                  ],
+                  "default": "version"
+                }
+              },
+              "required": [
+                "name"
+              ],
+              "additionalProperties": false
+            },
             "azure_key_vault": {
               "type": "object",
               "properties": {
@@ -757,7 +781,7 @@
             },
             "token": {
               "type": "string",
-              "description": "Specifies the JWT variable that should be used to authenticate with Hashicorp Vault."
+              "description": "Specifies the JWT variable that should be used to authenticate with the secret provider."
             }
           },
           "anyOf": [
@@ -770,8 +794,18 @@
               "required": [
                 "azure_key_vault"
               ]
+            },
+            {
+              "required": [
+                "gcp_secret_manager"
+              ]
             }
           ],
+          "dependencies": {
+            "gcp_secret_manager": [
+              "token"
+            ]
+          },
           "additionalProperties": false
         }
       }
diff --git a/app/models/onboarding/completion.rb b/app/models/onboarding/completion.rb
index afbd671f82e..53781e112ae 100644
--- a/app/models/onboarding/completion.rb
+++ b/app/models/onboarding/completion.rb
@@ -3,7 +3,6 @@
 module Onboarding
   class Completion
     include Gitlab::Utils::StrongMemoize
-    include Gitlab::Experiment::Dsl
 
     ACTION_PATHS = [
       :pipeline_created,
@@ -12,6 +11,7 @@ module Onboarding
       :code_owners_enabled,
       :issue_created,
       :git_write,
+      :code_added,
       :merge_request_created,
       :user_added,
       :license_scanning_run,
@@ -35,20 +35,11 @@ module Onboarding
     end
 
     def completed?(column)
-      if column == :code_added
-        repository.commit_count > 1 || repository.branch_count > 1
-      else
-        attributes[column].present?
-      end
+      attributes[column].present?
     end
 
     private
 
-    def repository
-      project.repository
-    end
-    strong_memoize_attr :repository
-
     def attributes
       onboarding_progress.attributes.symbolize_keys
     end
@@ -60,8 +51,7 @@ module Onboarding
     strong_memoize_attr :onboarding_progress
 
     def action_columns
-      [:code_added] +
-        ACTION_PATHS.map { |action_key| ::Onboarding::Progress.column_name(action_key) }
+      ACTION_PATHS.map { |action_key| ::Onboarding::Progress.column_name(action_key) }
     end
     strong_memoize_attr :action_columns
 
diff --git a/app/models/onboarding/progress.rb b/app/models/onboarding/progress.rb
index 83030732c6a..b6628843821 100644
--- a/app/models/onboarding/progress.rb
+++ b/app/models/onboarding/progress.rb
@@ -32,7 +32,8 @@ module Onboarding
       :secure_api_fuzzing_run,
       :secure_cluster_image_scanning_run,
       :license_scanning_run,
-      :promote_ultimate_features
+      :promote_ultimate_features,
+      :code_added
     ].freeze
 
     scope :incomplete_actions, ->(actions) do
diff --git a/app/services/projects/update_statistics_service.rb b/app/services/projects/update_statistics_service.rb
index 9b979f6ed68..0d51de4d26e 100644
--- a/app/services/projects/update_statistics_service.rb
+++ b/app/services/projects/update_statistics_service.rb
@@ -17,6 +17,8 @@ module Projects
       expire_repository_caches
       expire_wiki_caches
       project.statistics.refresh!(only: statistics)
+
+      record_onboarding_progress
     end
 
     private
@@ -46,5 +48,11 @@ module Projects
         params[:statistics]&.map(&:to_sym)
       end
     end
+
+    def record_onboarding_progress
+      return unless repository.commit_count > 1 || repository.branch_count > 1
+
+      Onboarding::ProgressService.new(project.namespace).execute(action: :code_added)
+    end
   end
 end
diff --git a/app/validators/json_schemas/build_metadata_secrets.json b/app/validators/json_schemas/build_metadata_secrets.json
index ac34af3f107..e8d095e2921 100644
--- a/app/validators/json_schemas/build_metadata_secrets.json
+++ b/app/validators/json_schemas/build_metadata_secrets.json
@@ -8,33 +8,79 @@
       "patternProperties": {
         "^vault$": {
           "type": "object",
-          "required": ["path", "field", "engine"],
+          "required": [
+            "path",
+            "field",
+            "engine"
+          ],
           "properties": {
-            "path": { "type": "string" },
-            "field": { "type": "string" },
+            "path": {
+              "type": "string"
+            },
+            "field": {
+              "type": "string"
+            },
             "engine": {
               "type": "object",
-              "required": ["name", "path"],
+              "required": [
+                "name",
+                "path"
+              ],
               "properties": {
-                "path": { "type": "string" },
-                "name": { "type": "string" }
+                "path": {
+                  "type": "string"
+                },
+                "name": {
+                  "type": "string"
+                }
               },
               "additionalProperties": false
             }
           },
           "additionalProperties": false
         },
+        "^gcp_secret_manager$": {
+          "type": "object",
+          "required": [
+            "name"
+          ],
+          "properties": {
+            "name": {
+              "type": "string"
+            },
+            "version": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "additionalProperties": false
+        },
         "^azure_key_vault$": {
           "type": "object",
-          "required": ["name"],
+          "required": [
+            "name"
+          ],
           "properties": {
-            "name": { "type": "string" },
-            "version": { "type": ["string", "null"] }
+            "name": {
+              "type": "string"
+            },
+            "version": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
           },
           "additionalProperties": false
         },
-        "^file$": { "type": "boolean" },
-        "^token$": { "type": "string" }
+        "^file$": {
+          "type": "boolean"
+        },
+        "^token$": {
+          "type": "string"
+        }
       },
       "anyOf": [
         {
@@ -44,6 +90,11 @@
         },
         {
           "required": [
+            "gcp_secret_manager"
+          ]
+        },
+        {
+          "required": [
             "azure_key_vault"
           ]
         }
diff --git a/doc/development/documentation/metadata.md b/doc/development/documentation/metadata.md
index 1798e83a9ec..e6eff56d66d 100644
--- a/doc/development/documentation/metadata.md
+++ b/doc/development/documentation/metadata.md
@@ -54,11 +54,26 @@ info: This page is owned by the Solutions Architecture team.
 ---
 ```
 
+## Description metadata
+
+The `description` tag:
+
+- Is used to populate text on the docs home page.
+- Is shown in social media previews.
+- Can be used in search result snippets.
+
+For the top-level pages, like **Use GitLab** and one level underneath,
+the descriptions are lists of nouns. For example, for **Set up your organization**,
+the description is `Users, groups, namespaces, SSH keys.`
+
+For other pages, descriptions are not actively maintained. However, if you want to add one,
+use a short description of what the page is about.
+See the Google [Best practices for creating quality meta descriptions](https://developers.google.com/search/docs/appearance/snippet#meta-descriptions) for tips. 
+
 ## Additional metadata
 
 The following metadata is optional and is not actively maintained.
 
-- `description`: A short description of what the page is about. See the Google [Best practices for creating quality meta descriptions](https://developers.google.com/search/docs/appearance/snippet#meta-descriptions) for writing tips. This content can be used in search result snippets and is shown in social media previews.
 - `feedback`: Set to `false` to not include the "Help & Feedback" footer.
 - `noindex`: Set to `false` to prevent the page from being indexed by search engines.
 - `redirect_to`: Used to control redirects. For more information, see [Redirects in GitLab documentation](redirects.md).
diff --git a/doc/user/packages/maven_repository/index.md b/doc/user/packages/maven_repository/index.md
index 118be200a4f..e571c01f6b8 100644
--- a/doc/user/packages/maven_repository/index.md
+++ b/doc/user/packages/maven_repository/index.md
@@ -17,8 +17,6 @@ Supported clients:
 - `mvn`. Learn how to build a [Maven](../workflows/build_packages.md#maven) package.
 - `gradle`. Learn how to build a [Gradle](../workflows/build_packages.md#gradle) package.
 - `sbt`.
-  - `sbt` can only be used to [pull dependencies](#install-a-package).
-    See this [issue 408479](https://gitlab.com/gitlab-org/gitlab/-/issues/408479) for more details.
 
 ## Publish to the GitLab package registry
 
diff --git a/doc/user/project/merge_requests/approvals/index.md b/doc/user/project/merge_requests/approvals/index.md
index 5436edf9f8d..1210ecc4637 100644
--- a/doc/user/project/merge_requests/approvals/index.md
+++ b/doc/user/project/merge_requests/approvals/index.md
@@ -25,7 +25,7 @@ group-level settings for merge request approval rules is tracked in this
 [GitLab Premium](https://about.gitlab.com/pricing/) and
 [GitLab Ultimate](https://about.gitlab.com/pricing/) self-managed GitLab instances
 can also configure approvals
-[for the entire instance](../../../../administration/admin_area.md).
+[for the entire instance](../../../../administration/merge_requests_approvals.md).
 
 ## How approvals work
 
@@ -128,7 +128,7 @@ Invalid approval rules created through a scan result policy are presented with
 ## Related topics
 
 - [Merge request approvals API](../../../../api/merge_request_approvals.md)
-- [Instance-level approval rules](../../../../administration/admin_area.md) for self-managed installations
+- [Instance-level approval rules](../../../../administration/merge_requests_approvals.md) for self-managed installations
 
 <!-- ## Troubleshooting
 
diff --git a/doc/user/project/merge_requests/approvals/rules.md b/doc/user/project/merge_requests/approvals/rules.md
index 2c5d6b89c0e..2f1e2a96295 100644
--- a/doc/user/project/merge_requests/approvals/rules.md
+++ b/doc/user/project/merge_requests/approvals/rules.md
@@ -19,7 +19,7 @@ You can define approval rules:
 
 You can configure approval rules:
 
-- [At the instance level](../../../../administration/admin_area.md).
+- [At the instance level](../../../../administration/merge_requests_approvals.md).
 
 If you don't define a [default approval rule](#add-an-approval-rule),
 any user can approve a merge request. Even if you don't define a rule, you can still
diff --git a/doc/user/project/merge_requests/approvals/settings.md b/doc/user/project/merge_requests/approvals/settings.md
index f9e40a6714c..fa06fb59bc1 100644
--- a/doc/user/project/merge_requests/approvals/settings.md
+++ b/doc/user/project/merge_requests/approvals/settings.md
@@ -57,7 +57,7 @@ this setting, unless you configure one of these options:
 - [Prevent overrides of default approvals](#prevent-editing-approval-rules-in-merge-requests) at
   the project level.
 - *(Self-managed instances only)* Prevent overrides of default approvals
-  [at the instance level](../../../../administration/admin_area.md). When configured
+  [at the instance level](../../../../administration/merge_requests_approvals.md). When configured
   at the instance level, you can't edit this setting at the project or individual
   merge request levels.
 
@@ -68,7 +68,7 @@ this setting, unless you configure one of these options:
 > - [Feature flag `keep_merge_commits_for_approvals`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131778) removed in GitLab 16.5. This check now includes merge commits.
 
 By default, users who commit to a merge request can still approve it. At both
-the project level or [instance level](../../../../administration/admin_area.md),
+the project level or instance level,
 you can prevent committers from approving merge requests that are partially
 their own. To do this:
 
@@ -76,7 +76,7 @@ their own. To do this:
 1. In the **Merge request approvals** section, scroll to **Approval settings** and
    select **Prevent approvals by users who add commits**.
    If this checkbox is cleared, an administrator has disabled it
-   [at the instance level](../../../../administration/admin_area.md), and
+   [at the instance level](../../../../administration/merge_requests_approvals.md), and
    it can't be changed at the project level.
 1. Select **Save changes**.
 
@@ -184,7 +184,7 @@ To do this:
 
 You can also enforce merge request approval settings:
 
-- At the [instance level](../../../../administration/admin_area.md), which apply to all groups
+- At the [instance level](../../../../administration/merge_requests_approvals.md), which apply to all groups
   on an instance and, therefore, all projects.
 - On a [top-level group](../../../group/manage.md#group-merge-request-approval-settings), which apply to all subgroups
   and projects.
@@ -194,6 +194,6 @@ that inherited them.
 
 ## Related topics
 
-- [Instance-level merge request approval settings](../../../../administration/admin_area.md)
+- [Instance-level merge request approval settings](../../../../administration/merge_requests_approvals.md)
 - [Compliance center](../../../compliance/compliance_center/index.md)
 - [Merge request approvals API](../../../../api/merge_request_approvals.md)
diff --git a/package.json b/package.json
index 5b0785ff514..40662dc6739 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/fonts": "^1.3.0",
     "@gitlab/svgs": "3.74.0",
-    "@gitlab/ui": "^72.3.1",
+    "@gitlab/ui": "^72.4.0",
     "@gitlab/visual-review-tools": "1.7.3",
     "@gitlab/web-ide": "^0.0.1-dev-20231211152737",
     "@mattiasbuelens/web-streams-adapter": "^0.1.0",
diff --git a/qa/Gemfile b/qa/Gemfile
index 3c0ddf98008..68bbda117b5 100644
--- a/qa/Gemfile
+++ b/qa/Gemfile
@@ -37,7 +37,7 @@ gem 'chemlab', '~> 0.11', '>= 0.11.1'
 gem 'chemlab-library-www-gitlab-com', '~> 0.1', '>= 0.1.1'
 
 # dependencies for jenkins client
-gem 'nokogiri', '~> 1.15', '>= 1.15.5'
+gem 'nokogiri', '~> 1.16'
 
 gem 'deprecation_toolkit', '~> 2.0.4', require: false
 
diff --git a/qa/Gemfile.lock b/qa/Gemfile.lock
index 5db23d82db7..50c89151d70 100644
--- a/qa/Gemfile.lock
+++ b/qa/Gemfile.lock
@@ -214,7 +214,7 @@ GEM
     multi_json (1.15.0)
     multi_xml (0.6.0)
     netrc (0.11.0)
-    nokogiri (1.15.5)
+    nokogiri (1.16.0)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     octokit (8.0.0)
@@ -364,7 +364,7 @@ DEPENDENCIES
   gitlab_quality-test_tooling (~> 1.10.0)
   influxdb-client (~> 3.0)
   knapsack (~> 4.0)
-  nokogiri (~> 1.15, >= 1.15.5)
+  nokogiri (~> 1.16)
   octokit (~> 8.0.0)
   parallel (~> 1.24)
   parallel_tests (~> 4.4)
@@ -385,4 +385,4 @@ DEPENDENCIES
   zeitwerk (~> 2.6, >= 2.6.12)
 
 BUNDLED WITH
-   2.5.2
+   2.5.4
diff --git a/spec/frontend/editor/schema/ci/yaml_tests/negative_tests/secrets.yml b/spec/frontend/editor/schema/ci/yaml_tests/negative_tests/secrets.yml
index 4baf4c6b850..23d667eeeff 100644
--- a/spec/frontend/editor/schema/ci/yaml_tests/negative_tests/secrets.yml
+++ b/spec/frontend/editor/schema/ci/yaml_tests/negative_tests/secrets.yml
@@ -71,3 +71,21 @@ job_with_secrets_with_missing_required_name_property:
       azure_key_vault:
         name:
         version: latest
+
+job_with_gcp_secret_manager_secret_without_name:
+  script:
+    - echo $TEST_DB_PASSWORD
+  secrets:
+    TEST_DB_PASSWORD:
+      gcp_secret_manager:
+        version: latest
+      token: $TEST_TOKEN
+
+job_with_gcp_secret_manager_secret_without_token:
+  script:
+    - echo $TEST_DB_PASSWORD
+  secrets:
+    TEST_DB_PASSWORD:
+      gcp_secret_manager:
+        name: my-secret
+
diff --git a/spec/frontend/editor/schema/ci/yaml_tests/positive_tests/secrets.yml b/spec/frontend/editor/schema/ci/yaml_tests/positive_tests/secrets.yml
index af3107974b9..e615fa52dc5 100644
--- a/spec/frontend/editor/schema/ci/yaml_tests/positive_tests/secrets.yml
+++ b/spec/frontend/editor/schema/ci/yaml_tests/positive_tests/secrets.yml
@@ -43,3 +43,32 @@ valid_job_with_azure_key_vault_secrets_name_and_version:
       azure_key_vault:
         name: 'test'
         version: 'version'
+
+valid_job_with_gcp_secret_manager_name:
+  script:
+    - echo $TEST_DB_PASSWORD
+  secrets:
+    TEST_DB_PASSWORD:
+      gcp_secret_manager:
+        name: 'test'
+      token: $TEST_TOKEN
+
+valid_job_with_gcp_secret_manager_name_and_numbered_version:
+  script:
+    - echo $TEST_DB_PASSWORD
+  secrets:
+    TEST_DB_PASSWORD:
+      gcp_secret_manager:
+        name: 'test'
+        version: 2
+      token: $TEST_TOKEN
+
+valid_job_with_gcp_secret_manager_name_and_string_version:
+  script:
+    - echo $TEST_DB_PASSWORD
+  secrets:
+    TEST_DB_PASSWORD:
+      gcp_secret_manager:
+        name: 'test'
+        version: 'latest'
+      token: $TEST_TOKEN
diff --git a/spec/models/onboarding/completion_spec.rb b/spec/models/onboarding/completion_spec.rb
index dd7648f7799..b9c9b994736 100644
--- a/spec/models/onboarding/completion_spec.rb
+++ b/spec/models/onboarding/completion_spec.rb
@@ -42,43 +42,19 @@ RSpec.describe Onboarding::Completion, feature_category: :onboarding do
   describe '#completed?' do
     subject(:completed?) { described_class.new(project).completed?(column) }
 
-    context 'when code_added' do
-      let(:column) { :code_added }
+    let(:column) { :code_added_at }
+    let(:completed_actions) { { code_added_at: code_added_at_timestamp } }
 
-      context 'when commit_count > 1' do
-        let(:project) { build(:project, :stubbed_commit_count, namespace: namespace) }
+    context 'when the action has been completed' do
+      let(:code_added_at_timestamp) { Time.current }
 
-        it { is_expected.to eq(true) }
-      end
-
-      context 'when branch_count > 1' do
-        let(:project) { build(:project, :stubbed_branch_count, namespace: namespace) }
-
-        it { is_expected.to eq(true) }
-      end
-
-      context 'when empty repository' do
-        let(:project) { build(:project, namespace: namespace) }
-
-        it { is_expected.to eq(false) }
-      end
+      it { is_expected.to eq(true) }
     end
 
-    context 'when secure_dast_run' do
-      let(:column) { :secure_dast_run_at }
-      let(:completed_actions) { { secure_dast_run_at: secure_dast_run_at } }
-
-      context 'when is completed' do
-        let(:secure_dast_run_at) { Time.current }
-
-        it { is_expected.to eq(true) }
-      end
-
-      context 'when is not completed' do
-        let(:secure_dast_run_at) { nil }
+    context 'when the action has not been completed' do
+      let(:code_added_at_timestamp) { nil }
 
-        it { is_expected.to eq(false) }
-      end
+      it { is_expected.to eq(false) }
     end
   end
 end
diff --git a/spec/services/projects/update_statistics_service_spec.rb b/spec/services/projects/update_statistics_service_spec.rb
index 5311b8daeb1..c90da48af8b 100644
--- a/spec/services/projects/update_statistics_service_spec.rb
+++ b/spec/services/projects/update_statistics_service_spec.rb
@@ -17,6 +17,12 @@ RSpec.describe Projects::UpdateStatisticsService, feature_category: :groups_and_
 
         service.execute
       end
+
+      it_behaves_like 'does not record an onboarding progress action' do
+        subject do
+          service.execute
+        end
+      end
     end
 
     context 'with an existing project' do
@@ -64,5 +70,33 @@ RSpec.describe Projects::UpdateStatisticsService, feature_category: :groups_and_
         service.execute
       end
     end
+
+    context 'with an existing project with project repository' do
+      let_it_be(:project) { create(:project) }
+
+      subject { service.execute }
+
+      context 'when the repository is empty' do
+        it_behaves_like 'does not record an onboarding progress action'
+      end
+
+      context 'when the repository has more than one commit or more than one branch' do
+        where(:commit_count, :branch_count) do
+          2 | 1
+          1 | 2
+          2 | 2
+        end
+
+        with_them do
+          before do
+            allow(project.repository).to receive_messages(commit_count: commit_count, branch_count: branch_count)
+          end
+
+          it_behaves_like 'records an onboarding progress action', :code_added do
+            let(:namespace) { project.namespace }
+          end
+        end
+      end
+    end
   end
 end
diff --git a/yarn.lock b/yarn.lock
index 1fc9b39f16e..187d52bddff 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1274,10 +1274,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.74.0.tgz#b6b41be65b9e70378c0cef0435f96edd5467e759"
   integrity sha512-eHoywPSLrYb+I/IYGapei2Tum5vLtgWkFxN0fxmUUAnBnxFSA+67aheI33kQVV3WjANuZGkglfPBX3QAmN8BLA==
 
-"@gitlab/ui@^72.3.1":
-  version "72.3.1"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-72.3.1.tgz#da3d3fcde275d30f98e913d2068f69ae559b0216"
-  integrity sha512-BBeVIF1TlM0br16CPspaFg8p9WDF7DwpwM44N8VYXMLe5wTF3AgKh8bk0qJurHF9D+KNco1yqbX+6oB4tIN4sQ==
+"@gitlab/ui@^72.4.0":
+  version "72.4.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-72.4.0.tgz#035e2aa31c456900d2230edeb66b9eebc78fcb21"
+  integrity sha512-6mgMHMEvIZ0jDnP8tDLgBmnrOCNvZ6rTmA68O5Xz9SQNuaTGfwuAc4xTql5fg9k8Ts5Jf9YU8x/IHCCVBAgvAg==
   dependencies:
     "@floating-ui/dom" "1.2.9"
     bootstrap-vue "2.23.1"