New upstream version 15.10.8+ds1

2023-06-09 08:11:10 +05:30 · 2023-06-09 08:11:10 +05:30 · 68c65fd975
commit 68c65fd975
parent aef0f23401
21129 changed files with 927791 additions and 385531 deletions
--- a/.csscomb.json
+++ b/.csscomb.json
@ -1,20 +0,0 @@
 {
  "exclude": [
    "app/assets/stylesheets/framework/tw_bootstrap_variables.scss",
    "app/assets/stylesheets/framework/fonts.scss"
  ],
  "always-semicolon": true,
  "color-case": "lower",
  "block-indent": "  ",
  "color-shorthand": false,
  "element-case": "lower",
  "space-before-colon": "",
  "space-after-colon": " ",
  "space-before-combinator": " ",
  "space-after-combinator": " ",
  "space-between-declarations": "\n",
  "space-before-opening-brace": " ",
  "space-after-opening-brace": "\n",
  "space-before-closing-brace": "\n",
  "unitless-zero": true
 }
--- a/.dockerignore
+++ b/.dockerignore
@ -49,7 +49,6 @@
 /lib/registry/
 /lib/policy/
 /lib/feature/
 /lib/flowdock/
 /lib/generators/
 /lib/gitaly/
 /lib/api/
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@ -75,6 +75,8 @@ rules:
        - sibling
        - index
      pathGroups:
        - pattern: '@sentry/browser'
          group: external
        - pattern: ~/**
          group: internal
        - pattern: emojis/**
@ -113,6 +115,12 @@ rules:
    - error
    - selector: ImportSpecifier[imported.name='GlSkeletonLoading']
      message: 'Migrate to GlSkeletonLoader, or import GlDeprecatedSkeletonLoading.'
    - selector: ImportSpecifier[imported.name='GlSafeHtmlDirective']
      message: 'Use directive at ~/vue_shared/directives/safe_html.js instead.'
    # TODO: Remove this rule once GitLab UI no longer exports the deprecated alias.
    # See https://gitlab.com/gitlab-org/gitlab/-/issues/382424.
    - selector: ImportSpecifier[imported.name='GlListbox']
      message: 'Import GlCollapsibleListbox instead. The GlListbox name is deprecated.'
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/360551
  vue/multi-word-component-names: off
  unicorn/prefer-dom-node-dataset:
@ -170,8 +178,7 @@ overrides:
      - '@graphql-eslint'
    parserOptions:
      parser: '@graphql-eslint/eslint-plugin'
-      operations:
+      operations: '{,ee/,jh/}app/**/*.graphql'
        - '{,ee/,jh/}app/**/*.graphql'
      schema: './tmp/tests/graphql/gitlab_schema_apollo.graphql'
    rules:
      filenames/match-regex: off
@ -189,6 +196,6 @@ overrides:
      '@graphql-eslint/no-unused-fragments': error
      '@graphql-eslint/no-duplicate-fields': error
  - files:
-    - 'spec/contracts/consumer/**/*'
+    - '{,ee/}spec/contracts/consumer/**/*'
    rules:
      '@gitlab/require-i18n-strings': off
--- a/.gitignore
+++ b/.gitignore
@ -42,6 +42,7 @@ eslint-report.html
 /config/initializers/relative_url.rb
 /config/resque.yml
 /config/redis.*.yml
 /config/redis.yml
 /config/unicorn.rb
 /config/puma.rb
 /config/secrets.yml
@ -69,15 +70,18 @@ eslint-report.html
 /tags
 /vendor/bundle/*
 /vendor/gitaly-ruby
 /vendor/package_metadata_db/
 /builds*
 /.gitlab_workhorse_secret
 /.gitlab_pages_secret
 /.gitlab_kas_secret
 /.gitlab_suggested_reviewers_secret
 /webpack-report/
 /crystalball/
 /test_results/
 /deprecations/
 /knapsack/
 /query_recorder/
 /rspec_flaky/
 /rspec/
 /locale/**/LC_MESSAGES
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,5 +1,6 @@
 stages:
  - sync
  - preflight
  - prepare
  - build-images
  - fixtures
@ -11,6 +12,7 @@ stages:
  - post-qa
  - pages
  - notify
  - release-environments
 # always use `gitlab-org` runners, however
 # in cases where jobs require Docker-in-Docker, the job
@ -24,10 +26,31 @@ default:
  # Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
  timeout: 90m
 .ruby3-variables: &ruby3-variables
  RUBY_VERSION: "3.0"
  OMNIBUS_GITLAB_RUBY3_BUILD: "true"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3"
 .ruby2-variables: &ruby2-variables
  RUBY_VERSION: "2.7"
  OMNIBUS_GITLAB_RUBY2_BUILD: "true"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY2"
 .default-branch-pipeline-failure-variables: &default-branch-pipeline-failure-variables
  CREATE_INCIDENT_FOR_PIPELINE_FAILURE: "true"
  NOTIFY_PIPELINE_FAILURE_CHANNEL: "master-broken"
  BROKEN_BRANCH_INCIDENTS_PROJECT: "gitlab-org/quality/engineering-productivity/master-broken-incidents"
  BROKEN_BRANCH_INCIDENTS_PROJECT_TOKEN: "${BROKEN_MASTER_INCIDENTS_PROJECT_TOKEN}"
  CREATE_ISSUES_FOR_FAILING_TESTS: "true"
 workflow:
  name: '$PIPELINE_NAME'
  rules:
    # If `$FORCE_GITLAB_CI` is set, create a pipeline.
    - if: '$FORCE_GITLAB_CI'
      variables:
        <<: *ruby3-variables
        PIPELINE_NAME: 'Ruby 3 forced pipeline'
    # As part of the process of creating RCs automatically, we update stable
    # branches with the changes of the most recent production deployment. The
    # merge requests used for this merge a branch release-tools/X into a stable
@ -35,54 +58,80 @@ workflow:
    # they serve no purpose and will run anyway when the changes are merged.
    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release-tools\/\d+\.\d+\.\d+-rc\d+$/ && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/ && $CI_PROJECT_PATH == "gitlab-org/gitlab"'
      when: never
-    # For merge requests running exclusively in Ruby 3.0
+    # For merge requests running exclusively in Ruby 2.7
-    - if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/'
+    - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby2/'
      variables:
-        RUBY_VERSION: "3.0"
+        <<: *ruby2-variables
-    # For merge requests running exclusively in Ruby 3.0
+        PIPELINE_NAME: 'Ruby 2 $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline'
-    - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/'
+        NO_SOURCEMAPS: 'true'
    - if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/'
      variables:
-        RUBY_VERSION: "3.0"
+        <<: *ruby3-variables
        GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
        PIPELINE_NAME: 'Ruby 3 $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline (community contribution)'
        NO_SOURCEMAPS: 'true'
    # For (detached) merge request pipelines.
    - if: '$CI_MERGE_REQUEST_IID'
      variables:
        <<: *ruby3-variables
        PIPELINE_NAME: 'Ruby 3 $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline'
        NO_SOURCEMAPS: 'true'
    # For the scheduled pipelines, we set specific variables.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule"'
      variables:
        <<: *ruby3-variables
        <<: *default-branch-pipeline-failure-variables
        CRYSTALBALL: "true"
-        CREATE_INCIDENT_FOR_PIPELINE_FAILURE: "true"
+        PIPELINE_NAME: 'Scheduled Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
-        NOTIFY_PIPELINE_FAILURE_CHANNEL: "master-broken"
+    # Run pipelines for ruby2 branch
-    # Run pipelines for ruby3 branch
+    - if: '$CI_COMMIT_BRANCH == "ruby2" && $CI_PIPELINE_SOURCE == "schedule"'
    - if: '$CI_COMMIT_BRANCH == "ruby3" && $CI_PIPELINE_SOURCE == "schedule"'
      variables:
-        RUBY_VERSION: "3.0"
+        <<: *ruby2-variables
        NOTIFY_PIPELINE_FAILURE_CHANNEL: "f_ruby3"
-        OMNIBUS_GITLAB_RUBY3_BUILD: "true"
+        PIPELINE_NAME: 'Scheduled Ruby 2 $CI_COMMIT_BRANCH branch pipeline'
        OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3"
    # This work around https://gitlab.com/gitlab-org/gitlab/-/issues/332411 whichs prevents usage of dependency proxy
    # when pipeline is triggered by a project access token.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/'
      variables:
        <<: *ruby3-variables
        <<: *default-branch-pipeline-failure-variables
        GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
-        CREATE_INCIDENT_FOR_PIPELINE_FAILURE: "true"
+        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline (triggered by a project token)'
        NOTIFY_PIPELINE_FAILURE_CHANNEL: "master-broken"
    # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
      variables:
-        CREATE_INCIDENT_FOR_PIPELINE_FAILURE: "true"
+        <<: *ruby3-variables
-        NOTIFY_PIPELINE_FAILURE_CHANNEL: "master-broken"
+        <<: *default-branch-pipeline-failure-variables
        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
    # For tags, create a pipeline.
    - if: '$CI_COMMIT_TAG'
      variables:
        <<: *ruby3-variables
        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_TAG tag pipeline'
    # If `$GITLAB_INTERNAL` isn't set, don't create a pipeline.
    - if: '$GITLAB_INTERNAL == null'
      when: never
    # For stable, auto-deploy, and security branches, create a pipeline.
    - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/'
      variables:
        <<: *ruby3-variables
        NOTIFY_PIPELINE_FAILURE_CHANNEL: "releases"
        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
        CREATE_INCIDENT_FOR_PIPELINE_FAILURE: "true"
        BROKEN_BRANCH_INCIDENTS_PROJECT: "gitlab-org/release/tasks"
        BROKEN_BRANCH_INCIDENTS_PROJECT_TOKEN: "${BROKEN_STABLE_INCIDENTS_PROJECT_TOKEN}"
    - if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
      variables:
        <<: *ruby3-variables
        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
    - if: '$CI_COMMIT_BRANCH =~ /^security\//'
      variables:
        <<: *ruby3-variables
        PIPELINE_NAME: 'Ruby 3 $CI_COMMIT_BRANCH branch pipeline'
 variables:
  PG_VERSION: "12"
-  DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-${GO_VERSION}-node-16.14-postgresql-${PG_VERSION}:rubygems-3.2-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36"
+  DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-${GO_VERSION}-rust-${RUST_VERSION}-node-16.14-postgresql-${PG_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36"
  # We set $GITLAB_DEPENDENCY_PROXY to another variable (since it's set at the group level and has higher precedence than .gitlab-ci.yml)
  # so that we can override $GITLAB_DEPENDENCY_PROXY_ADDRESS in workflow rules.
  GITLAB_DEPENDENCY_PROXY_ADDRESS: "${GITLAB_DEPENDENCY_PROXY}"
@ -92,41 +141,46 @@ variables:
  BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3"
  BUNDLE_FROZEN: "true"
  # we override the max_old_space_size to prevent OOM errors
-  NODE_OPTIONS: --max_old_space_size=3584
+  NODE_OPTIONS: --max_old_space_size=4096
  GIT_DEPTH: "20"
  # 'GIT_STRATEGY: clone' optimizes the pack-objects cache hit ratio
  GIT_STRATEGY: "clone"
  GIT_SUBMODULE_STRATEGY: "none"
  GET_SOURCES_ATTEMPTS: "3"
  DEBIAN_VERSION: "bullseye"
-  CHROME_VERSION: "106"
+  CHROME_VERSION: "109"
-  DOCKER_VERSION: "20.10.14"
+  DOCKER_VERSION: "23.0.1"
  RUBY_VERSION: "2.7"
  RUBYGEMS_VERSION: "3.4"
  GO_VERSION: "1.18"
  RUST_VERSION: "1.65"
  TMP_TEST_FOLDER: "${CI_PROJECT_DIR}/tmp/tests"
  GITLAB_WORKHORSE_FOLDER: "gitlab-workhorse"
  TMP_TEST_GITLAB_WORKHORSE_PATH: "${TMP_TEST_FOLDER}/${GITLAB_WORKHORSE_FOLDER}"
  KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
  FLAKY_RSPEC_SUITE_REPORT_PATH: rspec/flaky/report-suite.json
  RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
  RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
  RSPEC_PROFILING_FOLDER_PATH: rspec/profiling
  FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json
-  RSPEC_CHANGED_FILES_PATH: rspec/changed_files.txt
+  GITLAB_WORKHORSE_FOLDER: "gitlab-workhorse"
  RSPEC_MATCHING_TESTS_PATH: rspec/matching_tests.txt
  RSPEC_MATCHING_TESTS_FOSS_PATH: rspec/matching_tests-foss.txt
  RSPEC_LAST_RUN_RESULTS_FILE: rspec/rspec_last_run_results.txt
  RSPEC_FOSS_IMPACT_PIPELINE_YML: rspec-foss-impact-pipeline.yml
  JUNIT_RESULT_FILE: rspec/junit_rspec.xml
  JUNIT_RETRY_FILE: rspec/junit_rspec-retry.xml
  KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
  RSPEC_CHANGED_FILES_PATH: rspec/changed_files.txt
  RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML: .gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
  RSPEC_LAST_RUN_RESULTS_FILE: rspec/rspec_last_run_results.txt
  RSPEC_MATCHING_JS_FILES_PATH: rspec/js_matching_files.txt
  RSPEC_MATCHING_TESTS_PATH: rspec/matching_tests.txt
  RSPEC_MATCHING_TESTS_FOSS_PATH: rspec/matching_tests-foss.txt
  RSPEC_MATCHING_TESTS_EE_PATH: rspec/matching_tests-ee.txt
  RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
  RSPEC_PROFILING_FOLDER_PATH: rspec/profiling
  RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
  TMP_TEST_FOLDER: "${CI_PROJECT_DIR}/tmp/tests"
  TMP_TEST_GITLAB_WORKHORSE_PATH: "${TMP_TEST_FOLDER}/${GITLAB_WORKHORSE_FOLDER}"
  ES_JAVA_OPTS: "-Xms256m -Xmx256m"
  ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
  BUNDLER_CHECKSUM_VERIFICATION_OPT_IN: "1"
  CACHE_CLASSES: "true"
  CHECK_PRECOMPILED_ASSETS: "true"
  FF_USE_FASTZIP: "true"
-  SKIP_FLAKY_TESTS_AUTOMATICALLY: "true"
+  SKIP_FLAKY_TESTS_AUTOMATICALLY: "false"
  RETRY_FAILED_TESTS_IN_NEW_PROCESS: "true"
  # Run with decomposed databases by default
  DECOMPOSED_DB: "true"
@ -139,12 +193,20 @@ variables:
  REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
  REVIEW_APPS_GCP_REGION: "us-central1"
  CACHE_ASSETS_AS_PACKAGE: "true"
  BUILD_ASSETS_IMAGE: "true"  # Set it to "false" to disable assets image building, used in `build-assets-image`
  SIMPLECOV: "true"
  REGISTRY_HOST: "registry.gitlab.com"
  REGISTRY_GROUP: "gitlab-org"
  # Disable useless network connections when installing some NPM packages.
  # See https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory/-/issues/827#note_1203181407
  DISABLE_OPENCOLLECTIVE: "true"
  # This is set at the gitlab-org level, but we set it here for forks
  DANGER_DO_NOT_POST_INVALID_DANGERFILE_ERROR: "1"
 include:
  - local: .gitlab/ci/*.gitlab-ci.yml
  - remote: 'https://gitlab.com/gitlab-org/frontend/untamper-my-lockfile/-/raw/main/templates/merge_request_pipelines.yml'
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
--- a/.gitlab/ci/as-if-jh.gitlab-ci.yml
+++ b/.gitlab/ci/as-if-jh.gitlab-ci.yml
@ -10,7 +10,7 @@ add-jh-files:
  extends:
    - .shared-as-if-jh
    - .as-if-jh:rules:prepare-as-if-jh
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  stage: prepare
  before_script:
    - source ./scripts/utils.sh
@ -37,13 +37,21 @@ prepare-as-if-jh-branch:
  stage: prepare
  needs:
    - add-jh-files
  variables:
    # We can't apply --filter=tree:0 for runner to set up the repository,
    # so instead we tell runner to not clone anything, and we set up the
    # repository by ourselves.
    GIT_STRATEGY: "none"
  script:
-    - git checkout -b "${AS_IF_JH_BRANCH}"
+    - git clone --filter=tree:0 "$CI_REPOSITORY_URL" gitlab
    # We should checkout before moving/changing files
    - cd gitlab
    - git checkout -b "${AS_IF_JH_BRANCH}" "${CI_COMMIT_SHA}"
    - cd ..
    - mv $JH_FILES_TO_COMMIT gitlab/
    - cd gitlab
    - git add ${JH_FILES_TO_COMMIT}
    - git commit -m 'Add JH files'  # TODO: Mark which SHA we add
    # Fetch for the history of the branch so it does not cause the following error:
    #   ! [remote rejected] ref -> ref (shallow update not allowed)
    - git fetch --unshallow --filter=tree:0 origin "${CI_COMMIT_REF_NAME}"
    - git push -f "${SANDBOX_REPOSITORY}" "${AS_IF_JH_BRANCH}"
 start-as-if-jh:
--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
@ -23,9 +23,39 @@ build-qa-image:
  script:
    - run_timed_command "scripts/build_qa_image"
-# This image is used by:
+build-qa-image as-if-foss:
-# - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335
+  extends:
-# - The `omnibus-gitlab` pipelines (via the `e2e:package-and-test` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130
+    - build-qa-image
    - .as-if-foss
    - .build-images:rules:build-qa-image-as-if-foss
 # Prepares an image with GDK configured based on code in master. This saves some time in MRs because some installation
 # and complilation will have already been performed.
 build-qa-on-gdk-master-image:
  extends:
    - .base-image-build-buildx
    - .build-images:rules:build-qa-on-gdk-master-image
  tags:
    - e2e
  stage: build-images
  needs: []
  variables:
    QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk"
  before_script:
    - !reference [.use-buildx, before_script]
    - sysctl -n -w fs.inotify.max_user_watches=524288
  script:
    - |
      docker buildx build \
        --cache-to=type=inline \
        --cache-from ${QA_GDK_IMAGE}:master \
        --platform=${ARCH:-amd64} \
        --add-host gdk.test:127.0.0.1 \
        --tag ${QA_GDK_IMAGE}:master \
        --file="qa/gdk/Dockerfile" \
        --push \
        ${CI_PROJECT_DIR}
 build-assets-image:
  extends:
    - .base-image-build
@ -33,7 +63,11 @@ build-assets-image:
  stage: build-images
  needs: ["compile-production-assets"]
  script:
-    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
+    - skopeo login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
    # https://gitlab.com/gitlab-org/gitlab/issues/208389
    - run_timed_command "scripts/build_assets_image"
  artifacts:
    expire_in: 7 days
    paths:
      # The `cached-assets-hash.txt` file is used in `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`)
      # to pass the assets image tag to the CNG downstream pipeline.
      - cached-assets-hash.txt
--- a/.gitlab/ci/caching.gitlab-ci.yml
+++ b/.gitlab/ci/caching.gitlab-ci.yml
@ -47,16 +47,15 @@ cache-assets:test as-if-foss:
    - .as-if-foss
 cache-assets:production:
-  extends: .cache-assets-base
+  extends:
-  variables:
+    - .cache-assets-base
-    NODE_ENV: "production"
+    - .production
    RAILS_ENV: "production"
 packages-cleanup:
  extends:
    - .default-retry
    - .caching:rules:packages-cleanup
-  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  stage: prepare
  before_script:
    - source scripts/utils.sh
--- a/.gitlab/ci/database.gitlab-ci.yml
+++ b/.gitlab/ci/database.gitlab-ci.yml
@ -0,0 +1,147 @@
 include:
  - local: .gitlab/ci/rails/shared.gitlab-ci.yml
 db:rollback single-db-ci-connection:
  extends:
    - db:rollback
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:migrate:reset single-db-ci-connection:
  extends:
    - db:migrate:reset
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:check-schema-single-db-ci-connection:
  extends:
    - db:check-schema
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:post_deployment_migrations_validator-single-db-ci-connection:
  extends:
    - db:post_deployment_migrations_validator
    - .single-db-ci-connection
    - .rails:rules:db:check-migrations-single-db-ci-connection
 db:backup_and_restore single-db-ci-connection:
  extends:
    - db:backup_and_restore
    - .single-db-ci-connection
    - .rails:rules:db-backup
 db:rollback:
  extends:
    - .db-job-base
    - .rails:rules:db-rollback
  script:
    - bundle exec rake db:migrate VERSION=20220502173045  # 14.10 (last 14.x version)
    - bundle exec rake db:migrate
 db:rollback single-db:
  extends:
    - db:rollback
    - .single-db
    - .rails:rules:single-db
 db:migrate:reset:
  extends: .db-job-base
  script:
    - bundle exec rake db:migrate:reset
 db:migrate:reset single-db:
  extends:
    - db:migrate:reset
    - .single-db
    - .rails:rules:single-db
 db:check-schema:
  extends:
    - .db-job-base
    - .rails:rules:ee-mr-and-default-branch-only
  script:
    - run_timed_command "bundle exec rake db:drop db:create db:migrate"
 db:check-schema-single-db:
  extends:
    - db:check-schema
    - .single-db
    - .rails:rules:single-db
 db:check-migrations:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/validate_migration_schema
  allow_failure: true
 db:check-migrations-single-db:
  extends:
    - db:check-migrations
    - .single-db
    - .rails:rules:db:check-migrations-single-db
 db:post_deployment_migrations_validator:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/post_deployment_migrations_validator
  allow_failure: true
 db:post_deployment_migrations_validator-single-db:
  extends:
    - db:post_deployment_migrations_validator
    - .single-db
    - .rails:rules:db:check-migrations-single-db
 db:migrate-non-superuser:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - bundle exec rake gitlab:db:reset_as_non_superuser
 db:gitlabcom-database-testing:
  extends: .rails:rules:db:gitlabcom-database-testing
  stage: test
  image: ruby:${RUBY_VERSION}-alpine
  needs: []
  allow_failure: true
  script:
    - source scripts/utils.sh
    - install_gitlab_gem
    - ./scripts/trigger-build.rb gitlab-com-database-testing
 db:backup_and_restore:
  extends:
    - .db-job-base
    - .rails:rules:db-backup
  variables:
    SETUP_DB: "false"
    GITLAB_ASSUME_YES: "1"
  script:
    - . scripts/prepare_build.sh
    - bundle exec rake db:drop db:create db:schema:load db:seed_fu
    - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages}
    - bundle exec rake gitlab:backup:create
    - date
    - bundle exec rake gitlab:backup:restore
 db:backup_and_restore single-db:
  extends:
    - db:backup_and_restore
    - .single-db
    - .rails:rules:db-backup
 db:rollback geo:
  extends:
    - db:rollback
    - .rails:rules:ee-only-migration
  script:
    - bundle exec rake db:migrate:geo VERSION=20170627195211
    - bundle exec rake db:migrate:geo
--- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml
+++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml
@ -16,7 +16,7 @@
 .run-dev-fixtures-script: &run-dev-fixtures-script
  - run_timed_command "scripts/gitaly-test-spawn"
-  - run_timed_command "RAILS_ENV=test bundle exec rake db:seed_fu"
+  - run_timed_command "bundle exec rake db:seed_fu"
 run-dev-fixtures:
  extends:
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@ -42,7 +42,7 @@ review-docs-cleanup:
 docs-lint links:
  extends:
    - .docs:rules:docs-lint
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.17-ruby-3.2.1-f53af000
  stage: lint
  needs: []
  script:
@ -58,24 +58,39 @@ docs-lint links:
 .docs-markdown-lint-image:
  # When updating the image version here, update it in /scripts/lint-doc.sh too.
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.20.1-markdownlint-0.32.2
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.17-vale-2.24.0-markdownlint-0.33.0-markdownlint2-0.6.0
 docs-lint markdown:
  extends:
    - .default-retry
    - .docs:rules:docs-lint
    - .docs-markdown-lint-image
    - .yarn-cache
  stage: lint
  needs: []
  script:
    - source ./scripts/utils.sh
    - yarn_install_script
    - scripts/lint-doc.sh
-docs-code-quality:
+docs-lint blueprint:
  extends:
-    - .docs:rules:docs-code-quality
+    - .default-retry
    - .docs:rules:docs-blueprints-lint
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  stage: lint
  needs: []
  script:
    - scripts/lint-docs-blueprints.rb
 docs code_quality:
  extends:
    - .reports:rules:code_quality
    - .docs-markdown-lint-image
  stage: lint
  needs: []
  dependencies: []
  allow_failure: true
  script:
    - vale --output=doc/.vale/vale-json.tmpl --minAlertLevel warning doc > gl-code-quality-report-docs.json || exit_code=$?
  artifacts:
@ -83,7 +98,8 @@ docs-code-quality:
      codequality: gl-code-quality-report-docs.json
    paths:
      - gl-code-quality-report-docs.json
-    expire_in: 1 week
+    expire_in: 2 weeks
    when: always
 ui-docs-links lint:
  extends:
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@ -3,7 +3,7 @@
    - .default-retry
    - .default-before_script
    - .assets-compile-cache
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-16.14:rubygems-3.2-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-16.14:rubygems-${RUBYGEMS_VERSION}-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36
  variables:
    SETUP_DB: "false"
    WEBPACK_VENDOR_DLL: "true"
@ -28,14 +28,13 @@
        fi
      fi
    - assets_compile_script
    - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt"
 compile-production-assets:
  extends:
    - .compile-assets-base
    - .production
    - .frontend:rules:compile-production-assets
  variables:
    NODE_ENV: "production"
    RAILS_ENV: "production"
  artifacts:
    name: webpack-report
    expire_in: 31d
@ -43,12 +42,25 @@ compile-production-assets:
      # These assets are used in multiple locations:
      # - in `build-assets-image` job to create assets image for packaging systems
      # - GitLab UI for integration tests: https://gitlab.com/gitlab-org/gitlab-ui/-/blob/e88493b3c855aea30bf60baee692a64606b0eb1e/.storybook/preview-head.pug#L1
      - cached-assets-hash.txt
      - public/assets/
      - "${WEBPACK_COMPILE_LOG_PATH}"
    when: always
  after_script:
    - rm -f /etc/apt/sources.list.d/google*.list  # We don't need to update Chrome here
 compile-production-assets-esbuild:
  allow_failure: true
  extends:
    - .compile-assets-base
    - .frontend:rules:compile-production-assets
  variables:
    NODE_ENV: "production"
    RAILS_ENV: "production"
    WEBPACK_USE_ESBUILD_LOADER: "true"
  after_script:
    - rm -f /etc/apt/sources.list.d/google*.list  # We don't need to update Chrome here
 compile-test-assets:
  extends:
    - .compile-assets-base
@ -61,6 +73,14 @@ compile-test-assets:
      - "${WEBPACK_COMPILE_LOG_PATH}"
    when: always
 compile-test-assets-esbuild:
  allow_failure: true
  extends:
    - .compile-assets-base
    - .frontend:rules:compile-test-assets
  variables:
    WEBPACK_USE_ESBUILD_LOADER: "true"
 compile-test-assets as-if-foss:
  extends:
    - compile-test-assets
@ -73,9 +93,6 @@ update-assets-compile-production-cache:
    - .assets-compile-cache-push
    - .shared:rules:update-cache
  stage: prepare
  script:
    - !reference [compile-production-assets, script]
    - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt"
  artifacts: {}  # This job's purpose is only to update the cache.
 update-assets-compile-test-cache:
@ -132,7 +149,7 @@ rspec-all frontend_fixture:
  needs:
    - !reference [.frontend-fixtures-base, needs]
    - "compile-test-assets"
-  parallel: 5
+  parallel: 7
 # Builds FOSS fixtures in the EE project, with the `ee/` folder removed (due to `as-if-foss`).
 rspec-all frontend_fixture as-if-foss:
@ -144,6 +161,21 @@ rspec-all frontend_fixture as-if-foss:
    - !reference [.frontend-fixtures-base, needs]
    - "compile-test-assets as-if-foss"
 # Uploads EE fixtures in the EE project.
 # Uploads FOSS fixtures in the FOSS project.
 upload-frontend-fixtures:
  extends:
    - .frontend-fixtures-base
    - .frontend:rules:upload-frontend-fixtures
  stage: fixtures
  needs: ["rspec-all frontend_fixture"]
  script:
    - source scripts/gitlab_component_helpers.sh
    - 'fixtures_archive_doesnt_exist || { echoinfo "INFO: Exiting early as package exists."; exit 0; }'
    - run_timed_command "create_fixtures_package"
    - run_timed_command "upload_fixtures_package"
  artifacts: {}
 graphql-schema-dump:
  variables:
    SETUP_DB: "false"
@ -203,17 +235,17 @@ jest:
      - tmp/tests/frontend/
    reports:
      junit: junit_jest.xml
-  parallel: 5
+  parallel: 7
-jest minimal:
+jest predictive:
  extends:
    - jest
-    - .frontend:rules:jest:minimal
+    - .frontend:rules:jest:predictive
  needs:
    - !reference [jest, needs]
    - "detect-tests"
  script:
-    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:minimal"; fi
+    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]] || [[ -s "$RSPEC_MATCHING_JS_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:predictive"; fi
 jest as-if-foss:
  extends:
@ -221,18 +253,18 @@ jest as-if-foss:
    - .frontend:rules:jest:as-if-foss
    - .as-if-foss
  needs: ["rspec-all frontend_fixture as-if-foss"]
-  parallel: 2
+  parallel: 4
-jest minimal as-if-foss:
+jest predictive as-if-foss:
  extends:
    - .jest-base
-    - .frontend:rules:jest:minimal:as-if-foss
+    - .frontend:rules:jest:predictive:as-if-foss
    - .as-if-foss
  needs:
    - "rspec-all frontend_fixture as-if-foss"
    - "detect-tests"
  script:
-    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:minimal"; fi
+    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]] || [[ -s "$RSPEC_MATCHING_JS_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:predictive"; fi
 jest-integration:
  extends:
@ -253,7 +285,7 @@ coverage-frontend:
  needs:
    - job: "jest"
      optional: true
-    - job: "jest minimal"
+    - job: "jest predictive"
      optional: true
  stage: post-test
  script:
@ -274,32 +306,6 @@ coverage-frontend:
        coverage_format: cobertura
        path: coverage-frontend/cobertura-coverage.xml
 .qa-frontend-node:
  extends:
    - .default-retry
    - .default-utils-before_script
    - .qa-frontend-node-cache
    - .frontend:rules:qa-frontend-node
  stage: test
  needs: []
  script:
    - yarn_install_script
    - run_timed_command "retry yarn run webpack-prod"
 qa-frontend-node:14:
  extends: .qa-frontend-node
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:14
 qa-frontend-node:16:
  extends: .qa-frontend-node
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:16
 qa-frontend-node:latest:
  extends:
    - .qa-frontend-node
    - .frontend:rules:qa-frontend-node-latest
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}node:latest
 webpack-dev-server:
  extends:
    - .default-retry
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@ -21,6 +21,12 @@
    - !reference [.default-utils-before_script, before_script]
    - source scripts/prepare_build.sh
 .production:
  variables:
    RAILS_ENV: "production"
    NODE_ENV: "production"
    GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true"
 .ruby-gems-cache: &ruby-gems-cache
  key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
  paths:
@ -82,19 +88,6 @@
  <<: *node-modules-cache
  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 .assets-cache: &assets-cache
  key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v5"
  # This list should match GITLAB_ASSETS_PATHS_LIST from scripts/gitlab_component_helpers.sh
  paths:
    - cached-assets-hash.txt
    - app/assets/javascripts/locale/**/app.js
    - public/assets/
  policy: pull
 .assets-cache-push: &assets-cache-push
  <<: *assets-cache
  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 .assets-tmp-cache: &assets-tmp-cache
  key: "assets-tmp-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v1"
  paths:
@ -214,11 +207,6 @@
  cache:
    - *node-modules-cache
 .qa-frontend-node-cache:
  cache:
    - *node-modules-cache
    - *assets-tmp-cache
 .assets-compile-cache:
  cache:
    - *ruby-gems-cache
@ -241,14 +229,6 @@
    - *node-modules-cache  # We don't push this cache as it's already rebuilt by `update-assets-compile-*-cache`
    - *storybook-node-modules-cache-push
 .use-pg11:
  services:
    - name: postgres:11.6
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
    - name: redis:5.0-alpine
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "11"
 .use-pg12:
  services:
@ -268,17 +248,6 @@
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "13"
 .use-pg11-es7-ee:
  services:
    - name: postgres:11.6
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
    - name: redis:5.0-alpine
    - name: elasticsearch:7.17.6
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "11"
 .use-pg12-es7-ee:
  services:
    - name: postgres:12
@ -286,9 +255,13 @@
    - name: redis:6.0-alpine
    - name: elasticsearch:7.17.6
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "12"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg13-es7-ee:
  services:
@ -297,21 +270,29 @@
    - name: redis:6.2-alpine
    - name: elasticsearch:7.17.6
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "13"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg12-es8-ee:
  services:
    - name: postgres:12
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
    - name: redis:6.0-alpine
-    - name: elasticsearch:8.4.1
+    - name: elasticsearch:8.6.2
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "12"
    ES_SETTING_DISCOVERY_TYPE: "single-node"
    ES_SETTING_XPACK_SECURITY_ENABLED: "false"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg12-opensearch1-ee:
  services:
@ -321,9 +302,13 @@
    - name: opensearchproject/opensearch:1.3.5
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "12"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg12-opensearch2-ee:
  services:
@ -333,9 +318,13 @@
    - name: opensearchproject/opensearch:2.2.1
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "12"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-kaniko:
  image:
@ -364,11 +353,11 @@
 .use-buildx:
  extends: .use-docker-in-docker
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-slim:docker-${DOCKER_VERSION}-buildx-0.8
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-slim:docker-${DOCKER_VERSION}
  variables:
    QEMU_IMAGE: tonistiigi/binfmt:qemu-v7.0.0
  before_script:
-    - source scripts/utils.sh
+    - !reference [.default-utils-before_script, before_script]
    - echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
    - |
      if [[ "${ARCH}" =~ arm64 ]]; then
@ -378,3 +367,8 @@
        docker run --rm --privileged ${QEMU_IMAGE} --install all;
      fi
    - docker buildx create --use # creates and set's to active buildkit builder
 .use-kube-context:
  before_script:
    - export KUBE_CONTEXT="gitlab-org/gitlab:review-apps"
    - kubectl config use-context ${KUBE_CONTEXT}
--- a/.gitlab/ci/memory.gitlab-ci.yml
+++ b/.gitlab/ci/memory.gitlab-ci.yml
@ -19,12 +19,11 @@
 memory-on-boot:
  extends:
    - .only-code-memory-job-base
    - .production
    - .use-pg12
  stage: test
  needs: ["setup-test-env", "compile-test-assets"]
  variables:
    NODE_ENV: "production"
    RAILS_ENV: "production"
    SETUP_DB: "true"
    MEMORY_ON_BOOT_FILE_PREFIX: "tmp/memory_on_boot_"
    TEST_COUNT: 5
--- a/.gitlab/ci/notify.gitlab-ci.yml
+++ b/.gitlab/ci/notify.gitlab-ci.yml
@ -43,8 +43,9 @@ notify-pipeline-failure:
    - .notify:rules:notify-pipeline-failure
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  variables:
-    BROKEN_MASTER_INCIDENTS_PROJECT: "gitlab-org/quality/engineering-productivity/master-broken-incidents"
+    INCIDENT_PROJECT: "${BROKEN_BRANCH_INCIDENTS_PROJECT}"
-    BROKEN_MASTER_INCIDENT_JSON: "${CI_PROJECT_DIR}/incident.json"
+    BROKEN_BRANCH_PROJECT_TOKEN: "${BROKEN_BRANCH_INCIDENTS_PROJECT_TOKEN}"
    INCIDENT_JSON: "${CI_PROJECT_DIR}/incident.json"
    SLACK_CHANNEL: "${NOTIFY_PIPELINE_FAILURE_CHANNEL}"
    FAILED_PIPELINE_SLACK_MESSAGE_FILE: "${CI_PROJECT_DIR}/failed_pipeline_slack_message.json"
  before_script:
@ -54,15 +55,55 @@ notify-pipeline-failure:
  script:
    - |
      if [[ "${CREATE_INCIDENT_FOR_PIPELINE_FAILURE}" == "true" ]]; then
-        scripts/create-pipeline-failure-incident.rb -p ${BROKEN_MASTER_INCIDENTS_PROJECT} -f ${BROKEN_MASTER_INCIDENT_JSON} -t ${BROKEN_MASTER_INCIDENTS_PROJECT_TOKEN};
+        scripts/create-pipeline-failure-incident.rb -p ${INCIDENT_PROJECT} -f ${INCIDENT_JSON} -t ${BROKEN_BRANCH_PROJECT_TOKEN} ||
-        echosuccess "Created incident $(jq '.web_url' ${BROKEN_MASTER_INCIDENT_JSON})";
+          scripts/slack ${SLACK_CHANNEL} "☠️  Broken pipeline incident creation failed! ☠️  See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter";
        echosuccess "Created incident $(jq '.web_url' ${INCIDENT_JSON})";
      fi
    - |
-      scripts/generate-failed-pipeline-slack-message.rb -i ${BROKEN_MASTER_INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE};
+      scripts/generate-failed-pipeline-slack-message.rb -i ${INCIDENT_JSON} -f ${FAILED_PIPELINE_SLACK_MESSAGE_FILE};
-      curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL";
+      curl -X POST -H 'Content-Type: application/json' --data @${FAILED_PIPELINE_SLACK_MESSAGE_FILE} "$CI_SLACK_WEBHOOK_URL" ||
        scripts/slack ${SLACK_CHANNEL} "☠️  Broken pipeline notification failed! ☠️  See ${CI_JOB_URL}" ci_failing "Failed pipeline reporter";
  artifacts:
    paths:
-      - ${BROKEN_MASTER_INCIDENT_JSON}
+      - ${INCIDENT_JSON}
      - ${FAILED_PIPELINE_SLACK_MESSAGE_FILE}
    when: always
    expire_in: 2 days
 create-issues-for-failing-tests:
  extends:
    - .notify-defaults
    - .notify:rules:create-issues-for-failing-tests
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  variables:
    FAILED_TESTS_DIR: "${CI_PROJECT_DIR}/tmp/failed_tests"
    FAILING_ISSUES_PROJECT: "gitlab-org/quality/engineering-productivity/flaky-tests-playground"
    FAILING_ISSUE_JSON_DIR: "${CI_PROJECT_DIR}/tmp/issues"
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/rspec_helpers.sh
    - install_gitlab_gem
  script:
    - mkdir -p "${FAILING_ISSUE_JSON_DIR}"
    - retrieve_failed_tests "${FAILED_TESTS_DIR}" "json" "latest"
    - scripts/pipeline/create_test_failure_issues.rb --project "${FAILING_ISSUES_PROJECT}" --tests-report-file "${FAILED_TESTS_DIR}/rspec_failed_tests.json" --issues-json-folder "${FAILING_ISSUE_JSON_DIR}" --api-token "${FAILING_ISSUES_PROJECT_TOKEN}"
    - scripts/pipeline/create_test_failure_issues.rb --project "${FAILING_ISSUES_PROJECT}" --tests-report-file "${FAILED_TESTS_DIR}/rspec_ee_failed_tests.json" --issues-json-folder "${FAILING_ISSUE_JSON_DIR}" --api-token "${FAILING_ISSUES_PROJECT_TOKEN}"
  artifacts:
    paths:
      - ${FAILED_TESTS_DIR}/
      - ${FAILING_ISSUE_JSON_DIR}/
    when: always
    expire_in: 2 days
 notify-package-and-test-failure:
  extends:
    - .notify-defaults
    - .notify:rules:notify-package-and-test-failure
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  before_script:
    - source scripts/utils.sh
    - apt-get update
    - install_gitlab_gem
  script:
    - scripts/generate-failed-package-and-test-mr-message.rb
--- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml
@ -1,4 +1,5 @@
 # E2E tests pipeline loaded dynamically by script: scripts/generate-e2e-pipeline
 # For adding new tests, refer to: doc/development/testing_guide/end_to_end/package_and_test_pipeline.md
 default:
  interruptible: true
@ -7,7 +8,7 @@ include:
  - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml
  - local: .gitlab/ci/package-and-test/variables.gitlab-ci.yml
  - project: gitlab-org/quality/pipeline-common
-    ref: 1.7.0
+    ref: 2.2.0
    file:
      - /ci/base.gitlab-ci.yml
      - /ci/allure-report.yml
@ -38,26 +39,10 @@ stages:
  extends:
    - .gitlab-qa-install
 .omnibus-env:
  variables:
    BUILD_ENV: build.env
  script:
    - |
      SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true")
      echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV
      for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done
      echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV
      echo "Built environment file for omnibus build:"
      cat $BUILD_ENV
  artifacts:
    reports:
      dotenv: $BUILD_ENV
 .update-script:
  script:
-    - export QA_COMMAND="bundle exec gitlab-qa Test::Omnibus::UpdateFromPrevious $RELEASE $GITLAB_VERSION $UPDATE_TYPE -- $QA_RSPEC_TAGS $RSPEC_REPORT_OPTS"
+    - !reference [.bundle-prefix]
    - export QA_COMMAND="$BUNDLE_PREFIX gitlab-qa Test::Omnibus::UpdateFromPrevious $RELEASE $GITLAB_SEMVER_VERSION $UPDATE_TYPE -- $QA_RSPEC_TAGS $RSPEC_REPORT_OPTS"
    - echo "Running - '$QA_COMMAND'"
    - eval "$QA_COMMAND"
@ -74,15 +59,17 @@ stages:
      optional: true
    - job: download-knapsack-report
      artifacts: true
      optional: true
    - job: check-release-set
  variables:
    QA_GENERATE_ALLURE_REPORT: "true"
    QA_CAN_TEST_PRAEFECT: "false"
    QA_INTERCEPT_REQUESTS: "true"
-    QA_RUN_TYPE: e2e-package-and-test
+    GITLAB_LICENSE_MODE: test
-    TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE
+    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
    # todo: remove in 16.1 milestone when not needed for backwards compatibility anymore
    EE_LICENSE: $QA_EE_LICENSE
    GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN
    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
 # ==========================================
 # Prepare stage
@ -108,9 +95,46 @@ dont-interrupt-me:
 trigger-omnibus-env:
  extends:
    - .omnibus-env
    - .rules:omnibus-build
  stage: .pre
  needs:
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream omnibus-gitlab pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - |
      # This is duplicating the function from `scripts/utils.sh` since `.gitlab/ci/package-and-test/main.gitlab-ci.yml` can be included in other projects.
      function assets_image_tag() {
        local cache_assets_hash_file="cached-assets-hash.txt"
        if [[ -n "${CI_COMMIT_TAG}" ]]; then
          echo -n "${CI_COMMIT_REF_NAME}"
        elif [[ -f "${cache_assets_hash_file}" ]]; then
          echo -n "assets-hash-$(cat ${cache_assets_hash_file} | cut -c1-10)"
        else
          echo -n "${CI_COMMIT_SHA}"
        fi
      }
  script:
    - |
      SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true")
      echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV
      for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done
      echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_RUBY2_BUILD=${OMNIBUS_GITLAB_RUBY2_BUILD:-false}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV
      echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
      echo "EE=$([[ $FOSS_ONLY == '1' ]] && echo 'false' || echo 'true')" >> $BUILD_ENV
      target_branch_name="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-${CI_COMMIT_REF_NAME}}"
      echo "TRIGGER_BRANCH=$([[ "${target_branch_name}" =~ ^[0-9-]+-stable(-ee)?$ ]] && echo ${target_branch_name%-ee} || echo 'master')" >> $BUILD_ENV
      echo "Built environment file for omnibus build:"
      cat $BUILD_ENV
  artifacts:
    reports:
      dotenv: $BUILD_ENV
 trigger-omnibus:
  extends: .rules:omnibus-build
@ -128,23 +152,25 @@ trigger-omnibus:
    GITLAB_SHELL_VERSION: $GITLAB_SHELL_VERSION
    GITLAB_WORKHORSE_VERSION: $GITLAB_WORKHORSE_VERSION
    GITLAB_VERSION: $CI_COMMIT_SHA
    GITLAB_ASSETS_TAG: $GITLAB_ASSETS_TAG
    IMAGE_TAG: $CI_COMMIT_SHA
    TOP_UPSTREAM_SOURCE_PROJECT: $CI_PROJECT_PATH
    SECURITY_SOURCES: $SECURITY_SOURCES
    CACHE_UPDATE: $OMNIBUS_GITLAB_CACHE_UPDATE
    RUBY3_BUILD: $OMNIBUS_GITLAB_RUBY3_BUILD
    RUBY2_BUILD: $OMNIBUS_GITLAB_RUBY2_BUILD
    CACHE_EDITION: $OMNIBUS_GITLAB_CACHE_EDITION
    SKIP_QA_DOCKER: "true"
    SKIP_QA_TEST: "true"
-    ee: "true"
+    ee: $EE
  trigger:
    project: gitlab-org/build/omnibus-gitlab-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend
 download-knapsack-report:
  extends:
    - .gitlab-qa-image
-    - .rules:prepare
+    - .rules:download-knapsack
  stage: .pre
  variables:
    KNAPSACK_DIR: ${CI_PROJECT_DIR}/qa/knapsack
@ -183,7 +209,7 @@ cache-gems:
 # Run manual quarantine job
 #   this job requires passing QA_SCENARIO variable
 #   and optionally QA_TESTS to run specific quarantined tests
-_ee:quarantine:
+_quarantine:
  extends:
    - .qa
    - .rules:test:manual
@ -194,18 +220,39 @@ _ee:quarantine:
  variables:
    QA_RSPEC_TAGS: --tag quarantine
-# ------------------------------------------
+# Temporary test job to support the effort of migrating to Super Sidebar
-# FF changes
+# https://gitlab.com/groups/gitlab-org/-/epics/9044
-# ------------------------------------------
+_super-sidebar-nav:
 # Run specs with feature flags set to the opposite of the default state
 ee:instance-parallel-ff-inverse:
  extends:
    - .qa
    - .parallel
  variables:
    QA_SCENARIO: Test::Instance::Image
-    QA_KNAPSACK_REPORT_NAME: ee-instance-parallel
+    QA_KNAPSACK_REPORT_NAME: ee-instance
    QA_TESTS: ""
    QA_SUPER_SIDEBAR_ENABLED: "true"
    QA_ALLURE_RESULTS_DIRECTORY: tmp/allure-results-super-sidebar
    QA_EXPORT_TEST_METRICS: "false"
    GITLAB_QA_OPTS: --set-feature-flags super_sidebar_nav=enabled
    RSPEC_REPORT_OPTS: "--format documentation"
    SKIP_REPORT_IN_ISSUES: "true"
  allow_failure: true
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
    - !reference [.rules:test:manual, rules]
 # ------------------------------------------
 # FF changes
 # ------------------------------------------
 # Run specs with feature flags set to the opposite of the default state
 instance-ff-inverse:
  extends:
    - .qa
    - .parallel
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_KNAPSACK_REPORT_NAME: ee-instance
    GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS
  rules:
    - !reference [.rules:test:feature-flags-set, rules]
@ -213,140 +260,141 @@ ee:instance-parallel-ff-inverse:
 # ------------------------------------------
 # Jobs with parallel variant
 # ------------------------------------------
-ee:instance:
+instance-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:instance-parallel:
+instance:
  extends:
    - .parallel
-    - ee:instance
+    - instance-selective
  rules:
-    - !reference [.rules:test:feature-flags-set, rules]  # always run instance-parallel to validate ff change
+    - !reference [.rules:test:feature-flags-set, rules]  # always run instance to validate ff change
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:praefect:
+praefect-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Praefect
    QA_CAN_TEST_PRAEFECT: "true"
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:praefect-parallel:
+praefect:
  extends:
    - .parallel
-    - ee:praefect
+    - praefect-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:relative-url:
+relative-url-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::RelativeUrl
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:relative-url-parallel:
+relative-url:
  extends:
    - .parallel
-    - ee:relative-url
+    - relative-url-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:decomposition-single-db:
+decomposition-single-db-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    GITLAB_QA_OPTS: --omnibus-config decomposition_single_db
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:decomposition-single-db-parallel:
+decomposition-single-db:
  extends:
    - .parallel
-    - ee:decomposition-single-db
+    - decomposition-single-db-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:decomposition-multiple-db:
+decomposition-multiple-db-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true"
    GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:decomposition-multiple-db-parallel:
+decomposition-multiple-db:
  extends:
    - .parallel
-    - ee:decomposition-multiple-db
+    - decomposition-multiple-db-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
-ee:object-storage:
+object-storage-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag object_storage
    GITLAB_QA_OPTS: --omnibus-config object_storage
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/
-ee:object-storage-parallel:
+object-storage:
-  extends: ee:object-storage
+  extends: object-storage-selective
  parallel: 2
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/
-ee:object-storage-aws:
+object-storage-aws-selective:
-  extends: ee:object-storage
+  extends: object-storage-selective
  variables:
    AWS_S3_ACCESS_KEY: $QA_AWS_S3_ACCESS_KEY
    AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME
    AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID
    AWS_S3_REGION: $QA_AWS_S3_REGION
    GITLAB_QA_OPTS: --omnibus-config object_storage_aws
-ee:object-storage-aws-parallel:
+object-storage-aws:
-  extends: ee:object-storage-aws
+  extends: object-storage-aws-selective
  parallel: 2
  rules:
-    - !reference [ee:object-storage-parallel, rules]
+    - !reference [object-storage, rules]
-ee:object-storage-gcs:
+object-storage-gcs-selective:
-  extends: ee:object-storage
+  extends: object-storage-selective
  variables:
    GCS_BUCKET_NAME: $QA_GCS_BUCKET_NAME
    GOOGLE_PROJECT: $QA_GOOGLE_PROJECT
    GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY
    GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL
    GITLAB_QA_OPTS: --omnibus-config object_storage_gcs
-ee:object-storage-gcs-parallel:
+object-storage-gcs:
-  extends: ee:object-storage-gcs
+  extends: object-storage-gcs-selective
  parallel: 2
  rules:
-    - !reference [ee:object-storage-parallel, rules]
+    - !reference [object-storage, rules]
-ee:packages:
+packages-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag packages
    GITLAB_QA_OPTS: --omnibus-config packages
  rules:
-    - !reference [.rules:test:qa-non-parallel, rules]
+    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::Packages/
-ee:packages-parallel:
+packages:
-  extends: ee:packages
+  extends: packages-selective
  parallel: 2
  rules:
    - !reference [.rules:test:qa-parallel, rules]
@ -355,7 +403,7 @@ ee:packages-parallel:
 # ------------------------------------------
 # Non parallel jobs
 # ------------------------------------------
-ee:update-minor:
+update-minor:
  extends:
    - .qa
    - .update-script
@ -367,7 +415,7 @@ ee:update-minor:
    - if: $QA_SUITES =~ /Test::Instance::Smoke/
    - !reference [.rules:test:manual, rules]
-ee:update-major:
+update-major:
  extends:
    - .qa
    - .update-script
@ -379,16 +427,16 @@ ee:update-major:
    - if: $QA_SUITES =~ /Test::Instance::Smoke/
    - !reference [.rules:test:manual, rules]
-ee:gitab-pages:
+gitlab-pages:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GitlabPages
  rules:
    - !reference [.rules:test:qa, rules]
-    - if: $QA_SUITES =~ /Test::Integration::GitlabPages/
+    - if: $QA_SUITES =~ /Test::Instance::GitlabPages/
    - !reference [.rules:test:manual, rules]
-ee:gitaly-cluster:
+gitaly-cluster:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GitalyCluster
@ -397,16 +445,17 @@ ee:gitaly-cluster:
    - if: $QA_SUITES =~ /Test::Integration::GitalyCluster/
    - !reference [.rules:test:manual, rules]
-ee:group-saml:
+group-saml:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GroupSAML
  rules:
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::GroupSAML/
    - !reference [.rules:test:manual, rules]
-ee:instance-saml:
+instance-saml:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::InstanceSAML
@ -415,7 +464,7 @@ ee:instance-saml:
    - if: $QA_SUITES =~ /Test::Integration::InstanceSAML/
    - !reference [.rules:test:manual, rules]
-ee:jira:
+jira:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Jira
@ -426,7 +475,16 @@ ee:jira:
    - if: $QA_SUITES =~ /Test::Integration::Jira/
    - !reference [.rules:test:manual, rules]
-ee:ldap-no-server:
+integrations:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Integrations
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Integrations/
    - !reference [.rules:test:manual, rules]
 ldap-no-server:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPNoServer
@ -435,7 +493,7 @@ ee:ldap-no-server:
    - if: $QA_SUITES =~ /Test::Integration::LDAPNoServer/
    - !reference [.rules:test:manual, rules]
-ee:ldap-tls:
+ldap-tls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPTLS
@ -444,7 +502,7 @@ ee:ldap-tls:
    - if: $QA_SUITES =~ /Test::Integration::LDAPTLS/
    - !reference [.rules:test:manual, rules]
-ee:ldap-no-tls:
+ldap-no-tls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPNoTLS
@ -453,16 +511,16 @@ ee:ldap-no-tls:
    - if: $QA_SUITES =~ /Test::Integration::LDAPNoTLS/
    - !reference [.rules:test:manual, rules]
-ee:mtls:
+mtls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::MTLS
  rules:
    - !reference [.rules:test:qa, rules]
-    - if: $QA_SUITES =~ /Test::Integration::MTLS/
+    - if: $QA_SUITES =~ /Test::Integration::Mtls/
    - !reference [.rules:test:manual, rules]
-ee:mattermost:
+mattermost:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Mattermost
@ -471,7 +529,7 @@ ee:mattermost:
    - if: $QA_SUITES =~ /Test::Integration::Mattermost/
    - !reference [.rules:test:manual, rules]
-ee:registry:
+registry:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Registry
@ -480,7 +538,7 @@ ee:registry:
    - if: $QA_SUITES =~ /Test::Integration::Registry/
    - !reference [.rules:test:manual, rules]
-ee:registry-with-cdn:
+registry-with-cdn:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::RegistryWithCDN
@ -497,7 +555,7 @@ ee:registry-with-cdn:
    - if: $QA_SUITES =~ /Test::Integration::RegistryWithCDN/
    - !reference [.rules:test:manual, rules]
-ee:repository-storage:
+repository-storage:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::RepositoryStorage
@ -506,7 +564,7 @@ ee:repository-storage:
    - if: $QA_SUITES =~ /Test::Instance::RepositoryStorage/
    - !reference [.rules:test:manual, rules]
-ee:service-ping-disabled:
+service-ping-disabled:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::ServicePingDisabled
@ -515,7 +573,7 @@ ee:service-ping-disabled:
    - if: $QA_SUITES =~ /Test::Integration::ServicePingDisabled/
    - !reference [.rules:test:manual, rules]
-ee:smtp:
+smtp:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::SMTP
@ -524,17 +582,17 @@ ee:smtp:
    - if: $QA_SUITES =~ /Test::Integration::SMTP/
    - !reference [.rules:test:manual, rules]
-ee:cloud-activation:
+cloud-activation:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag cloud_activation
  rules:
    - !reference [.rules:test:qa, rules]
-    - if: $QA_SUITES =~ /Test::Integration::CloudActivation/
+    - if: $QA_SUITES =~ /Test::Instance::CloudActivation/
    - !reference [.rules:test:manual, rules]
-ee:large-setup:
+large-setup:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
@ -544,7 +602,7 @@ ee:large-setup:
    - if: $QA_SUITES =~ /Test::Instance::LargeSetup/
    - !reference [.rules:test:manual, rules]
-ee:metrics:
+metrics:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Metrics
@ -553,26 +611,36 @@ ee:metrics:
    - if: $QA_SUITES =~ /Test::Instance::Metrics/
    - !reference [.rules:test:manual, rules]
-ee:elasticsearch:
+elasticsearch:
  extends: .qa
  variables:
    QA_SCENARIO: "Test::Integration::Elasticsearch"
  before_script:
    - unset ELASTIC_URL  # unset url which is globally defined in .gitlab-ci.yml
    - !reference [.qa, before_script]
  rules:
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Elasticsearch/
    - !reference [.rules:test:manual, rules]
-ee:registry-object-storage-tls:
+registry-object-storage-tls:
-  extends: ee:object-storage-aws
+  extends: object-storage-aws-selective
  variables:
    QA_SCENARIO: Test::Integration::RegistryTLS
    QA_RSPEC_TAGS: ""
    GITLAB_TLS_CERTIFICATE: $QA_GITLAB_TLS_CERTIFICATE
    GITLAB_QA_OPTS: --omnibus-config registry_object_storage
 importers:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Import
    QA_MOCK_GITHUB: "true"
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Import/
    - !reference [.rules:test:manual, rules]
 # ==========================================
 # Post test stage
 # ==========================================
@ -582,16 +650,26 @@ e2e-test-report:
    - .rules:report:allure-report
  stage: report
  variables:
-    GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
+    ALLURE_JOB_NAME: e2e-package-and-test
    GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE
    ALLURE_PROJECT_PATH: $CI_PROJECT_PATH
    ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
-    ALLURE_JOB_NAME: e2e-package-and-test
+
-    GIT_STRATEGY: none
+# Temporary separate test report for super-sidebar test job
-  artifacts:  # save rspec results for displaying in parent pipeline
+# TODO: remove once super-sidebar is on by default and enabled in tests
-    expire_in: 1 day
+# https://gitlab.com/groups/gitlab-org/-/epics/9044
-    when: always
+e2e-test-report-super-sidebar:
-    paths:
+  extends:
-      - gitlab-qa-run-*/**/rspec-*.xml
+    - .generate-allure-report-base
  stage: report
  needs:
    - _super-sidebar-nav
  variables:
    ALLURE_JOB_NAME: e2e-super-sidebar
    ALLURE_RESULTS_GLOB: gitlab-qa-run-*/**/allure-results-super-sidebar
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
    - !reference [.rules:test:manual, rules]
 upload-knapsack-report:
  extends:
@ -621,7 +699,7 @@ relate-test-failures:
  variables:
    QA_FAILURES_REPORTING_PROJECT: gitlab-org/gitlab
    QA_FAILURES_MAX_DIFF_RATIO: "0.15"
-    GITLAB_QA_ACCESS_TOKEN: $GITLAB_QA_PRODUCTION_ACCESS_TOKEN
+    GITLAB_QA_ACCESS_TOKEN: $QA_GITLAB_CI_TOKEN
  when: on_failure
  script:
    - |
--- a/.gitlab/ci/package-and-test/rules.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/rules.gitlab-ci.yml
@ -43,9 +43,9 @@
 .rules:dont-interrupt:
  rules:
-    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+    - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null'
      allow_failure: true
-    - if: $CI_MERGE_REQUEST_IID
+    - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
      when: manual
      allow_failure: true
@ -61,6 +61,15 @@
      when: never
    - when: always
 # This job requires project access token with api permissions to detect parallel jobs,
 # it is problematic to set for every project that would include this template
 # Because parallel jobs themselves can download knapsack report, skip for non canonical runs
 .rules:download-knapsack:
  rules:
    - <<: *not-canonical-project
      when: never
    - when: always
 # ------------------------------------------
 # Test
 # ------------------------------------------
@ -80,7 +89,7 @@
 # parallel and non parallel rules are used for jobs that require parallel execution and thus need to switch
 # between parallel and non parallel when only certain specs are executed
-.rules:test:qa-non-parallel:
+.rules:test:qa-selective:
  rules:
    # always run parallel with full suite when framework changes present or ff state changed
    - <<: *qa-run-all-tests
@ -106,12 +115,18 @@
    - *qa-run-all-tests
    - *feature-flags-set-manual
 .rules:test:ee-only:
  rules:
    - if: $FOSS_ONLY == "true"
      when: never
 .rules:test:update:
  rules:
-    # skip upgrade jobs if gitlab version is not provided
+    # skip upgrade jobs if gitlab version is not in semver compatible format
    # these jobs need gitlab version because we can't reliably detect it from just the image
-    - if: $GITLAB_VERSION == null
+    - if: $GITLAB_SEMVER_VERSION !~ /^\d+\.\d+\.\d+/
      when: never
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
 # ------------------------------------------
--- a/.gitlab/ci/package-and-test/variables.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/variables.gitlab-ci.yml
@ -6,7 +6,12 @@ variables:
  SKIP_REPORT_IN_ISSUES: "true"
  OMNIBUS_GITLAB_CACHE_UPDATE: "false"
  OMNIBUS_GITLAB_RUBY3_BUILD: "false"
  OMNIBUS_GITLAB_RUBY2_BUILD: "false"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB"
  ALLURE_JOB_NAME: $CI_PROJECT_NAME
  QA_LOG_LEVEL: "info"
  QA_TESTS: ""
  QA_FEATURE_FLAGS: ""
  # run all tests by default when package-and-test is included natively in other projects
  # this will be overridden when selective test execution is used in gitlab canonical project
  QA_RUN_ALL_TESTS: "true"
--- a/.gitlab/ci/preflight.gitlab-ci.yml
+++ b/.gitlab/ci/preflight.gitlab-ci.yml
@ -0,0 +1,63 @@
 .preflight-job-base:
  stage: preflight
  extends:
    - .default-retry
  needs: []
 .qa-preflight-job:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}
  extends:
    - .preflight-job-base
    - .qa-cache
  variables:
    USE_BUNDLE_INSTALL: "false"
    SETUP_DB: "false"
  before_script:
    - !reference [.default-before_script, before_script]
    - cd qa && bundle install
 rails-production-server-boot:
  extends:
    - .preflight-job-base
    - .default-before_script
    - .production
    - .ruby-cache
    - .setup:rules:rails-production-server-boot
    - .use-pg12
  variables:
    BUNDLE_WITHOUT: "development:test"
    BUNDLE_WITH: "production"
  needs: []
  script:
    - source scripts/utils.sh
    - bundle exec rails server -e production &
    - sleep 40 # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114124#note_1309506358
    - retry_times_sleep 10 5 "curl http://0.0.0.0:3000"
    - kill $(jobs -p)
 no-ee-check:
  extends:
    - .preflight-job-base
    - .setup:rules:no-ee-check
  script:
    - scripts/no-dir-check ee
 no-jh-check:
  extends:
    - .preflight-job-base
    - .setup:rules:no-jh-check
  script:
    - scripts/no-dir-check jh
 qa:selectors:
  extends:
    - .qa-preflight-job
    - .qa:rules:ee-and-foss
  script:
    - bundle exec bin/qa Test::Sanity::Selectors
 qa:selectors-as-if-foss:
  extends:
    - qa:selectors
    - .qa:rules:as-if-foss
    - .as-if-foss
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@ -25,13 +25,6 @@ qa:internal-as-if-foss:
    - .qa:rules:internal-as-if-foss
    - .as-if-foss
 qa:selectors:
  extends:
    - .qa-job-base
    - .qa:rules:ee-and-foss
  script:
    - bundle exec bin/qa Test::Sanity::Selectors
 qa:master-auto-quarantine-dequarantine:
  extends:
    - .qa-job-base
@ -50,12 +43,6 @@ qa:nightly-auto-quarantine-dequarantine:
    - bundle exec confiner -r .confiner/nightly.yml
  allow_failure: true
 qa:selectors-as-if-foss:
  extends:
    - qa:selectors
    - .qa:rules:as-if-foss
    - .as-if-foss
 qa:update-qa-cache:
  extends:
    - .qa-job-base
@ -65,8 +52,9 @@ qa:update-qa-cache:
  script:
    - echo "Cache has been updated and ready to be uploaded."
-e2e:package-and-test:
+e2e:package-and-test-ee:
  extends:
    - .production  # this makes sure GITLAB_ALLOW_SEPARATE_CI_DATABASE is passed to the child pipeline
    - .qa:rules:package-and-test
  stage: qa
  needs:
@ -74,11 +62,24 @@ e2e:package-and-test:
    - build-qa-image
    - e2e-test-pipeline-generate
  variables:
    # This is needed by `trigger-omnibus-env` (`.gitlab/ci/package-and-test/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    SKIP_MESSAGE: Skipping package-and-test due to mr containing only quarantine changes!
    RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}"
    GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}"
    RUN_WITH_BUNDLE: "true"  # instructs pipeline to install and run gitlab-qa gem via bundler
    QA_PATH: qa  # sets the optional path for bundler to run from
    QA_RUN_TYPE: e2e-package-and-test
  inherit:
    variables:
      - CHROME_VERSION
      - RUBY_VERSION
      - DOCKER_VERSION
      - REGISTRY_GROUP
      - REGISTRY_HOST
      - OMNIBUS_GITLAB_CACHE_EDITION
      - OMNIBUS_GITLAB_RUBY3_BUILD
      - OMNIBUS_GITLAB_RUBY2_BUILD
  trigger:
    strategy: depend
    forward:
@ -88,24 +89,19 @@ e2e:package-and-test:
      - artifact: package-and-test-pipeline.yml
        job: e2e-test-pipeline-generate
-# Fetch child pipeline test results and store in parent pipeline
+e2e:test-on-gdk:
 # workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205
 e2e:package-and-test-results:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3
  extends:
-    - .qa-job-base
+    - .qa:rules:e2e:test-on-gdk
    - .qa:rules:package-and-test
  stage: qa
  needs:
-    - e2e:package-and-test
+    # In scheduled master pipelines we wait for the image to be built.
-  variables:
+    # In MRs we assume the last scheduled master pipeline built the image already.
-    COLORIZED_LOGS: "true"
+    - job: build-qa-on-gdk-master-image
-    QA_LOG_LEVEL: "debug"
+      optional: true
  when: always
  allow_failure: true
-  script:
+  trigger:
-    - bundle exec rake "ci:download_test_results[e2e:package-and-test,e2e-test-report,${CI_PROJECT_DIR}]"
+    strategy: depend
-  artifacts:
+    forward:
-    when: always
+      yaml_variables: true
-    reports:
+      pipeline_variables: true
-      junit: gitlab-qa-run-*/**/rspec-*.xml
+    include: .gitlab/ci/test-on-gdk/main.gitlab-ci.yml
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@ -71,13 +71,27 @@ rspec migration pg12:
  extends:
    - .rspec-base-pg12
    - .rspec-base-migration
    - .rails:rules:ee-and-foss-migration
    - .rspec-migration-parallel
-rspec migration pg12 minimal:
+rspec migration pg12 predictive:
  extends:
    - rspec migration pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-and-foss-migration:minimal
+    - .rails:rules:ee-and-foss-migration:predictive
 rspec background_migration pg12:
  extends:
    - .rspec-base-pg12
    - .rspec-base-migration
    - .rails:rules:ee-and-foss-background-migration
    - .rspec-background-migration-parallel
 rspec background_migration pg12 predictive:
  extends:
    - rspec background_migration pg12
    - .predictive-rspec-tests
    - .rails:rules:ee-and-foss-background-migration:predictive
 rspec migration pg12 single-db:
  extends:
@ -85,23 +99,47 @@ rspec migration pg12 single-db:
    - .single-db-rspec
    - .rails:rules:single-db
 rspec background_migration pg12 single-db:
  extends:
    - rspec background_migration pg12
    - .single-db-rspec
    - .rails:rules:single-db
 rspec migration pg12 single-db-ci-connection:
  extends:
    - rspec migration pg12
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec background_migration pg12 single-db-ci-connection:
  extends:
    - rspec background_migration pg12
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec migration pg12 praefect:
  extends:
    - rspec migration pg12
    - .praefect-with-db
    - .rails:rules:praefect-with-db
 rspec background_migration pg12 praefect:
  extends:
    - rspec background_migration pg12
    - .praefect-with-db
    - .rails:rules:praefect-with-db
 rspec unit pg12:
  extends:
    - .rspec-base-pg12
    - .rails:rules:ee-and-foss-unit
    - .rspec-unit-parallel
-rspec unit pg12 minimal:
+rspec unit pg12 predictive:
  extends:
    - rspec unit pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-and-foss-unit:minimal
+    - .rails:rules:ee-and-foss-unit:predictive
 rspec unit pg12 single-db:
  extends:
@ -121,11 +159,11 @@ rspec integration pg12:
    - .rails:rules:ee-and-foss-integration
    - .rspec-integration-parallel
-rspec integration pg12 minimal:
+rspec integration pg12 predictive:
  extends:
    - rspec integration pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-and-foss-integration:minimal
+    - .rails:rules:ee-and-foss-integration:predictive
 rspec integration pg12 single-db:
  extends:
@ -147,11 +185,11 @@ rspec system pg12:
  variables:
    DEBUG_GITLAB_TRANSACTION_STACK: "true"
-rspec system pg12 minimal:
+rspec system pg12 predictive:
  extends:
    - rspec system pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-and-foss-system:minimal
+    - .rails:rules:ee-and-foss-system:predictive
 rspec system pg12 single-db:
  extends:
@ -165,16 +203,6 @@ rspec system pg12 praefect:
    - .praefect-with-db
    - .rails:rules:praefect-with-db
 # Dedicated job to test DB library code against PG11.
 # Note that these are already tested against PG12 in the `rspec unit pg12` / `rspec-ee unit pg12` jobs.
 rspec db-library-code pg11:
  extends:
    - .rspec-base-pg11
    - .rails:rules:ee-and-foss-db-library-code
  script:
    - !reference [.base-script, script]
    - rspec_db_library_code
 rspec fast_spec_helper:
  extends:
    - .rspec-base-pg12
@ -184,91 +212,6 @@ rspec fast_spec_helper:
    # Load fast_spec_helper as well just in case there are no specs available.
    - bin/rspec --dry-run spec/fast_spec_helper.rb $fast_spec_helper_specs
 db:rollback:
  extends: .db-job-base
  script:
    - scripts/db_tasks db:migrate VERSION=20210301200959
    - scripts/db_tasks db:migrate SKIP_SCHEMA_VERSION_CHECK=true
 db:rollback single-db:
  extends:
    - db:rollback
    - .single-db
    - .rails:rules:single-db
 db:migrate:reset:
  extends: .db-job-base
  script:
    - bundle exec rake db:migrate:reset
 db:migrate:reset single-db:
  extends:
    - db:migrate:reset
    - .single-db
    - .rails:rules:single-db
 db:check-schema:
  extends:
    - .db-job-base
    - .rails:rules:ee-mr-and-default-branch-only
  script:
    - run_timed_command "bundle exec rake db:drop db:create"
    - run_timed_command "scripts/db_tasks db:migrate"
 db:check-schema-single-db:
  extends:
    - db:check-schema
    - .single-db
    - .rails:rules:single-db
 db:check-migrations:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/validate_migration_schema
  allow_failure: true
 db:check-migrations-single-db:
  extends:
    - db:check-migrations
    - .single-db
    - .rails:rules:single-db
 db:post_deployment_migrations_validator:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/post_deployment_migrations_validator
  allow_failure: true
 db:post_deployment_migrations_validator-single-db:
  extends:
    - db:post_deployment_migrations_validator
    - .single-db
    - .rails:rules:single-db
 db:migrate-non-superuser:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - bundle exec rake gitlab:db:reset_as_non_superuser
 db:gitlabcom-database-testing:
  extends: .rails:rules:db:gitlabcom-database-testing
  stage: test
  image: ruby:${RUBY_VERSION}-alpine
  needs: []
  allow_failure: true
  script:
    - source scripts/utils.sh
    - install_gitlab_gem
    - ./scripts/trigger-build.rb gitlab-com-database-testing
 gitlab:setup:
  extends: .db-job-base
  variables:
@ -286,29 +229,6 @@ gitlab:setup:
    paths:
      - log/*.log
 db:backup_and_restore:
  extends: .db-job-base
  variables:
    SETUP_DB: "false"
    GITLAB_ASSUME_YES: "1"
  script:
    - . scripts/prepare_build.sh
    - bundle exec rake db:drop db:create db:structure:load db:seed_fu
    - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages}
    - bundle exec rake gitlab:backup:create
    - date
    - bundle exec rake gitlab:backup:restore
  rules:
    - changes:
        - "lib/backup/**/*"
        - "lib/tasks/gitlab/backup.rake"
 db:backup_and_restore single-db:
  extends:
    - db:backup_and_restore
    - .single-db
    - .rails:rules:single-db
 rspec:deprecations:
  extends:
    - .default-retry
@ -321,10 +241,12 @@ rspec:deprecations:
  # so we use `dependencies` here.
  dependencies:
    - rspec migration pg12
    - rspec background_migration pg12
    - rspec unit pg12
    - rspec integration pg12
    - rspec system pg12
    - rspec-ee migration pg12
    - rspec-ee background_migration pg12
    - rspec-ee unit pg12
    - rspec-ee integration pg12
    - rspec-ee system pg12
@ -333,7 +255,7 @@ rspec:deprecations:
  script:
    - grep -h -R "keyword" deprecations/ | awk '{$1=$1};1' | sort | uniq -c | sort
    - grep -R "keyword" deprecations/ | wc
-    - run_timed_command "bundle exec rubocop --only Lint/LastKeywordArgument --parallel"
+    - run_timed_command "fail_on_warnings bundle exec rubocop --only Lint/LastKeywordArgument --parallel"
  artifacts:
    expire_in: 31d
    when: always
@ -351,31 +273,37 @@ rspec:coverage:
    - setup-test-env
    # FOSS/EE jobs
    - rspec migration pg12
    - rspec background_migration pg12
    - rspec unit pg12
    - rspec integration pg12
    - rspec system pg12
-    # FOSS/EE minimal jobs
+    # FOSS/EE predictive jobs
-    - rspec migration pg12 minimal
+    - rspec migration pg12 predictive
-    - rspec unit pg12 minimal
+    - rspec background_migration pg12 predictive
-    - rspec integration pg12 minimal
+    - rspec unit pg12 predictive
-    - rspec system pg12 minimal
+    - rspec integration pg12 predictive
    - rspec system pg12 predictive
    # FOSS/EE single-db jobs
    - rspec migration pg12 single-db
    - rspec background_migration pg12 single-db
    - rspec unit pg12 single-db
    - rspec integration pg12 single-db
    - rspec system pg12 single-db
    # EE jobs
    - rspec-ee migration pg12
    - rspec-ee background_migration pg12
    - rspec-ee unit pg12
    - rspec-ee integration pg12
    - rspec-ee system pg12
-    # EE minimal jobs
+    # EE predictive jobs
-    - rspec-ee migration pg12 minimal
+    - rspec-ee migration pg12 predictive
-    - rspec-ee unit pg12 minimal
+    - rspec-ee background_migration pg12 predictive
-    - rspec-ee integration pg12 minimal
+    - rspec-ee unit pg12 predictive
-    - rspec-ee system pg12 minimal
+    - rspec-ee integration pg12 predictive
    - rspec-ee system pg12 predictive
    # EE single-db jobs
    - rspec-ee migration pg12 single-db
    - rspec-ee background_migration pg12 single-db
    - rspec-ee unit pg12 single-db
    - rspec-ee integration pg12 single-db
    - rspec-ee system pg12 single-db
@ -383,16 +311,19 @@ rspec:coverage:
    - memory-on-boot
    # As-if-FOSS jobs
    - rspec migration pg12-as-if-foss
-    - rspec migration pg12-as-if-foss minimal
+    - rspec migration pg12-as-if-foss predictive
    - rspec migration pg12-as-if-foss single-db
    - rspec background_migration pg12-as-if-foss
    - rspec background_migration pg12-as-if-foss predictive
    - rspec background_migration pg12-as-if-foss single-db
    - rspec unit pg12-as-if-foss
-    - rspec unit pg12-as-if-foss minimal
+    - rspec unit pg12-as-if-foss predictive
    - rspec unit pg12-as-if-foss single-db
    - rspec integration pg12-as-if-foss
-    - rspec integration pg12-as-if-foss minimal
+    - rspec integration pg12-as-if-foss predictive
    - rspec integration pg12-as-if-foss single-db
    - rspec system pg12-as-if-foss
-    - rspec system pg12-as-if-foss minimal
+    - rspec system pg12-as-if-foss predictive
    - rspec system pg12-as-if-foss single-db
  script:
    - run_timed_command "bundle exec scripts/merge-simplecov"
@ -478,11 +409,24 @@ rspec migration pg12-as-if-foss:
    - .rails:rules:as-if-foss-migration
    - .rspec-migration-parallel
-rspec migration pg12-as-if-foss minimal:
+rspec migration pg12-as-if-foss predictive:
  extends:
    - rspec migration pg12-as-if-foss
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:as-if-foss-migration:minimal
+    - .rails:rules:as-if-foss-migration:predictive
 rspec background_migration pg12-as-if-foss:
  extends:
    - .rspec-base-pg12-as-if-foss
    - .rspec-base-migration
    - .rails:rules:as-if-foss-background-migration
    - .rspec-background-migration-parallel
 rspec background_migration pg12-as-if-foss predictive:
  extends:
    - rspec background_migration pg12-as-if-foss
    - .predictive-rspec-tests
    - .rails:rules:as-if-foss-background-migration:predictive
 rspec migration pg12-as-if-foss single-db:
  extends:
@ -490,17 +434,35 @@ rspec migration pg12-as-if-foss single-db:
    - .single-db-rspec
    - .rails:rules:single-db
 rspec background_migration pg12-as-if-foss single-db:
  extends:
    - rspec background_migration pg12-as-if-foss
    - .single-db-rspec
    - .rails:rules:single-db
 rspec migration pg12-as-if-foss single-db-ci-connection:
  extends:
    - rspec migration pg12-as-if-foss
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec background_migration pg12-as-if-foss single-db-ci-connection:
  extends:
    - rspec background_migration pg12-as-if-foss
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec unit pg12-as-if-foss:
  extends:
    - .rspec-base-pg12-as-if-foss
    - .rails:rules:as-if-foss-unit
    - .rspec-unit-parallel
-rspec unit pg12-as-if-foss minimal:
+rspec unit pg12-as-if-foss predictive:
  extends:
    - rspec unit pg12-as-if-foss
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:as-if-foss-unit:minimal
+    - .rails:rules:as-if-foss-unit:predictive
 rspec unit pg12-as-if-foss single-db:
  extends:
@ -514,11 +476,11 @@ rspec integration pg12-as-if-foss:
    - .rails:rules:as-if-foss-integration
    - .rspec-integration-parallel
-rspec integration pg12-as-if-foss minimal:
+rspec integration pg12-as-if-foss predictive:
  extends:
    - rspec integration pg12-as-if-foss
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:as-if-foss-integration:minimal
+    - .rails:rules:as-if-foss-integration:predictive
 rspec integration pg12-as-if-foss single-db:
  extends:
@ -532,11 +494,11 @@ rspec system pg12-as-if-foss:
    - .rails:rules:as-if-foss-system
    - .rspec-system-parallel
-rspec system pg12-as-if-foss minimal:
+rspec system pg12-as-if-foss predictive:
  extends:
    - rspec system pg12-as-if-foss
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:as-if-foss-system:minimal
+    - .rails:rules:as-if-foss-system:predictive
 rspec system pg12-as-if-foss single-db:
  extends:
@ -551,11 +513,24 @@ rspec-ee migration pg12:
    - .rails:rules:ee-only-migration
    - .rspec-ee-migration-parallel
-rspec-ee migration pg12 minimal:
+rspec-ee migration pg12 predictive:
  extends:
    - rspec-ee migration pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-only-migration:minimal
+    - .rails:rules:ee-only-migration:predictive
 rspec-ee background_migration pg12:
  extends:
    - .rspec-ee-base-pg12
    - .rspec-base-migration
    - .rails:rules:ee-only-background-migration
    - .rspec-ee-background-migration-parallel
 rspec-ee background_migration pg12 predictive:
  extends:
    - rspec-ee background_migration pg12
    - .predictive-rspec-tests
    - .rails:rules:ee-only-background-migration:predictive
 rspec-ee migration pg12 single-db:
  extends:
@ -563,6 +538,36 @@ rspec-ee migration pg12 single-db:
    - .single-db-rspec
    - .rails:rules:single-db
 rspec-ee background_migration pg12 single-db:
  extends:
    - rspec-ee background_migration pg12
    - .single-db-rspec
    - .rails:rules:single-db
 rspec-ee migration pg12 single-db-ci-connection:
  extends:
    - rspec-ee migration pg12
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec-ee background_migration pg12 single-db-ci-connection:
  extends:
    - rspec-ee background_migration pg12
    - .single-db-ci-connection-rspec
    - .rails:rules:single-db-ci-connection
 rspec-ee migration pg12 praefect:
  extends:
    - rspec migration pg12
    - .praefect-with-db
    - .rails:rules:praefect-with-db
 rspec-ee background_migration pg12 praefect:
  extends:
    - rspec background_migration pg12
    - .praefect-with-db
    - .rails:rules:praefect-with-db
 rspec-ee unit pg12:
  extends:
    - .rspec-ee-base-pg12
@ -574,11 +579,11 @@ rspec-ee unit pg12 es8:
    - .rspec-ee-base-pg12-es8
    - .rspec-ee-unit-parallel
-rspec-ee unit pg12 minimal:
+rspec-ee unit pg12 predictive:
  extends:
    - rspec-ee unit pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-only-unit:minimal
+    - .rails:rules:ee-only-unit:predictive
 rspec-ee unit pg12 single-db:
  extends:
@ -597,11 +602,11 @@ rspec-ee integration pg12 es8:
    - .rspec-ee-base-pg12-es8
    - .rspec-ee-integration-parallel
-rspec-ee integration pg12 minimal:
+rspec-ee integration pg12 predictive:
  extends:
    - rspec-ee integration pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-only-integration:minimal
+    - .rails:rules:ee-only-integration:predictive
 rspec-ee integration pg12 single-db:
  extends:
@ -620,57 +625,23 @@ rspec-ee system pg12 es8:
    - .rspec-ee-base-pg12-es8
    - .rspec-ee-system-parallel
-rspec-ee system pg12 minimal:
+rspec-ee system pg12 predictive:
  extends:
    - rspec-ee system pg12
-    - .minimal-rspec-tests
+    - .predictive-rspec-tests
-    - .rails:rules:ee-only-system:minimal
+    - .rails:rules:ee-only-system:predictive
 rspec-ee system pg12 single-db:
  extends:
    - rspec-ee system pg12
    - .single-db-rspec
    - .rails:rules:single-db
 db:rollback geo:
  extends:
    - db:rollback
    - .rails:rules:ee-only-migration
  script:
    - bundle exec rake db:migrate:geo VERSION=20170627195211
    - bundle exec rake db:migrate:geo
 # EE: default refs (MRs, default branch, schedules) jobs #
 ##################################################
 ##########################################
 # EE/FOSS: default branch nightly scheduled jobs #
 # PG11
 rspec migration pg11:
  extends:
    - .rspec-base-pg11
    - .rspec-base-migration
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-migration-parallel
 rspec unit pg11:
  extends:
    - .rspec-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-unit-parallel
 rspec integration pg11:
  extends:
    - .rspec-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-integration-parallel
 rspec system pg11:
  extends:
    - .rspec-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-system-parallel
 # PG13
 rspec migration pg13:
  extends:
@ -679,6 +650,13 @@ rspec migration pg13:
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-migration-parallel
 rspec background_migration pg13:
  extends:
    - .rspec-base-pg13
    - .rspec-base-migration
    - .rails:rules:default-branch-schedule-nightly--code-backstage
    - .rspec-background-migration-parallel
 rspec unit pg13:
  extends:
    - .rspec-base-pg13
@ -702,86 +680,36 @@ rspec system pg13:
 #####################################
 # EE: default branch nightly scheduled jobs #
 # PG11
 rspec-ee migration pg11:
  extends:
    - .rspec-ee-base-pg11
    - .rspec-base-migration
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-migration-parallel
 rspec-ee unit pg11:
  extends:
    - .rspec-ee-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-unit-parallel
 rspec-ee integration pg11:
  extends:
    - .rspec-ee-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-integration-parallel
 rspec-ee system pg11:
  extends:
    - .rspec-ee-base-pg11
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-system-parallel
 # PG12
 rspec-ee unit pg12 es7:
  extends:
    - .rspec-ee-base-pg12-es7
    - .rspec-ee-unit-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee unit pg12 opensearch1:
  extends:
    - .rspec-ee-base-pg12-opensearch1
    - .rspec-ee-unit-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee unit pg12 opensearch2:
  extends:
    - .rspec-ee-base-pg12-opensearch2
    - .rspec-ee-unit-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee integration pg12 es7:
  extends:
    - .rspec-ee-base-pg12-es7
    - .rspec-ee-integration-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee integration pg12 opensearch1:
  extends:
    - .rspec-ee-base-pg12-opensearch1
    - .rspec-ee-integration-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee integration pg12 opensearch2:
  extends:
    - .rspec-ee-base-pg12-opensearch2
    - .rspec-ee-integration-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee system pg12 es7:
  extends:
    - .rspec-ee-base-pg12-es7
    - .rspec-ee-system-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee system pg12 opensearch1:
  extends:
    - .rspec-ee-base-pg12-opensearch1
    - .rspec-ee-system-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 rspec-ee system pg12 opensearch2:
  extends:
    - .rspec-ee-base-pg12-opensearch2
    - .rspec-ee-system-parallel
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
 # PG13
 rspec-ee migration pg13:
@ -791,6 +719,13 @@ rspec-ee migration pg13:
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-migration-parallel
 rspec-ee background_migration pg13:
  extends:
    - .rspec-ee-base-pg13
    - .rspec-base-migration
    - .rails:rules:default-branch-schedule-nightly--code-backstage-ee-only
    - .rspec-ee-background-migration-parallel
 rspec-ee unit pg13:
  extends:
    - .rspec-ee-base-pg13
@ -813,31 +748,41 @@ rspec-ee system pg13:
 ##################################################
 # EE: Canonical MR pipelines
-rspec fail-fast:
+.rspec-fail-fast:
  extends:
    - .rspec-ee-base-pg12  # This job also runs EE spec which needs elasticsearch
    - .rails:rules:rspec fail-fast
  stage: test
  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"]
  script:
    - !reference [.base-script, script]
-    - rspec_fail_fast "${RSPEC_MATCHING_TESTS_PATH}" "--tag ~quarantine"
+    - rspec_fail_fast "${MATCHING_TESTS_PATH}" "--tag ~quarantine --tag ~zoekt"
-  artifacts:
+
-    expire_in: 7d
+rspec fail-fast:
-    paths:
+  extends:
-      - tmp/capybara/
+    - .rspec-base-pg12
    - .rspec-fail-fast  # extends from .rspec-fail-fast last to override script from .rspec-base-pg12
  variables:
    MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
 rspec-ee fail-fast:
  extends:
    - .rspec-ee-base-pg12
    - .rspec-fail-fast  # extends from .rspec-fail-fast last to override script from .rspec-ee-base-pg12
  variables:
    MATCHING_TESTS_PATH: "${RSPEC_MATCHING_TESTS_EE_PATH}"
 rspec-foss-impact:pipeline-generate:
  extends:
    - .rails:rules:rspec-foss-impact
  stage: prepare
-  needs: ["detect-tests"]
+  needs: ["detect-tests", "retrieve-tests-metadata"]
  script:
-    - scripts/generate-rspec-foss-impact-pipeline "${RSPEC_MATCHING_TESTS_FOSS_PATH}" "${RSPEC_FOSS_IMPACT_PIPELINE_YML}"
+    - scripts/generate_rspec_pipeline.rb -f "${RSPEC_MATCHING_TESTS_FOSS_PATH}" -t "${RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML}" -k "${KNAPSACK_RSPEC_SUITE_REPORT_PATH}"
    - cat "${RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML}.yml"
  artifacts:
    expire_in: 1 day
    paths:
-      - $RSPEC_FOSS_IMPACT_PIPELINE_YML
+      - "${RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML}.yml"
 rspec-foss-impact:trigger:
  extends:
@ -860,7 +805,7 @@ rspec-foss-impact:trigger:
      yaml_variables: true
      pipeline_variables: true
    include:
-      - artifact: $RSPEC_FOSS_IMPACT_PIPELINE_YML
+      - artifact: "${RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML}.yml"
        job: rspec-foss-impact:pipeline-generate
 fail-pipeline-early:
@ -878,23 +823,27 @@ fail-pipeline-early:
  script:
    - fail_pipeline_early
 .base-rspec-pg12-rerun-previous-failed-tests:
  extends:
    - .rails:rules:rerun-previous-failed-tests
  stage: test
  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-previous-failed-tests"]
  script:
    - !reference [.base-script, script]
    - rspec_rerun_previous_failed_tests "${PREVIOUS_FAILED_TESTS_FILE}"
 rspec rspec-pg12-rerun-previous-failed-tests:
  extends:
    - .rspec-base-pg12
-    - .rails:rules:rerun-previous-failed-tests
+    - .base-rspec-pg12-rerun-previous-failed-tests
-  stage: test
+  variables:
-  needs: ["setup-test-env", "compile-test-assets", "detect-previous-failed-tests"]
+    PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_failed_tests.txt
  script:
    - !reference [.base-script, script]
    - rspec_rerun_previous_failed_tests tmp/previous_failed_tests/rspec_failed_files.txt
 rspec rspec-ee-pg12-rerun-previous-failed-tests:
  extends:
    - "rspec rspec-pg12-rerun-previous-failed-tests"
    - .rspec-ee-base-pg12
-  script:
+    - .base-rspec-pg12-rerun-previous-failed-tests
-    - !reference [.base-script, script]
+  variables:
-    - rspec_rerun_previous_failed_tests tmp/previous_failed_tests/rspec_ee_failed_files.txt
+    PREVIOUS_FAILED_TESTS_FILE: tmp/previous_failed_tests/rspec_ee_failed_files.txt
 # EE: Canonical MR pipelines
 ##################################################
--- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
+++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
@ -21,7 +21,7 @@ dont-interrupt-me:
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
-rspec foss-impact:
+.base-rspec-foss-impact:
  extends: .rspec-base-pg12-as-if-foss
  needs:
    - pipeline: $PARENT_PIPELINE_ID
@ -37,14 +37,54 @@ rspec foss-impact:
  variables:
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
    RSPEC_TESTS_MAPPING_ENABLED: "true"
 <% if Integer(parallel_value) > 1 %>
  parallel: <%= parallel_value %>
 <% end %>
  script:
    - !reference [.base-script, script]
-    - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration"
+    - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration --tag ~zoekt"
  artifacts:
    expire_in: 7d
    paths:
      - "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
      - tmp/capybara/
 <% if rspec_files_per_test_level[:migration][:files].size > 0 %>
 rspec migration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:migration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:migration][:parallelization] %>
 <% end %>
  script:
    - !reference [.base-script, script]
    - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt"
 <% end %>
 <% if rspec_files_per_test_level[:background_migration][:files].size > 0 %>
 rspec background_migration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:background_migration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:background_migration][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:unit][:files].size > 0 %>
 rspec unit foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:unit][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:unit][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:integration][:files].size > 0 %>
 rspec integration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:integration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:integration][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:system][:files].size > 0 %>
 rspec system foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:system][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:system][:parallelization] %>
 <% end %>
 <% end %>
--- a/.gitlab/ci/rails/shared.gitlab-ci.yml
+++ b/.gitlab/ci/rails/shared.gitlab-ci.yml
@ -28,7 +28,7 @@ include:
    - run_timed_command "scripts/gitaly-test-spawn"  # Do not use 'bundle exec' here
    - echo -e "\e[0Ksection_end:`date +%s`:gitaly-test-spawn\r\e[0K"
-.minimal-rspec-tests:
+.predictive-rspec-tests:
  variables:
    RSPEC_TESTS_MAPPING_ENABLED: "true"
@ -36,9 +36,17 @@ include:
  variables:
    DECOMPOSED_DB: "false"
 .single-db-ci-connection:
  extends: .single-db
  variables:
    CI_CONNECTION_DB: "true"
 .single-db-rspec:
  extends: .single-db
 .single-db-ci-connection-rspec:
  extends: .single-db-ci-connection
 .praefect-with-db:
  variables:
    GITALY_PRAEFECT_WITH_DB: '1'
@ -54,10 +62,22 @@ include:
    RECORD_DEPRECATIONS: "true"
    GEO_SECONDARY_PROXY: 0
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_PATH}"
-  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"]
+    SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137
  needs:
    - job: "setup-test-env"
    - job: "retrieve-tests-metadata"
    - job: "compile-test-assets"
    - job: "detect-tests"
      optional: true
  script:
    - !reference [.base-script, script]
-    - rspec_paralellized_job "--tag ~quarantine --tag ~level:migration"
+    # We need to exclude background migration because unit tests run with
    # spec/lib, yet background migration tests are also sitting there,
    # and they should run on their own jobs so we don't need to run them
    # in unit tests again.
    - rspec_paralellized_job "--tag ~quarantine --tag ~level:background_migration"
  allow_failure:
    exit_codes: !reference [.rspec-base, variables, SUCCESSFULLY_RETRIED_TEST_EXIT_CODE]
 .base-artifacts:
  artifacts:
@ -68,6 +88,7 @@ include:
      - crystalball/
      - deprecations/
      - knapsack/
      - query_recorder/
      - rspec/
      - tmp/capybara/
      - log/*.log
@ -75,19 +96,9 @@ include:
      junit: ${JUNIT_RESULT_FILE}
 .rspec-base-migration:
  extends:
    - .base-artifacts
    - .rails:rules:ee-and-foss-migration
  variables:
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_PATH}"
  script:
    - !reference [.base-script, script]
-    - rspec_paralellized_job "--tag ~quarantine --tag level:migration"
+    - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt"
 .rspec-base-pg11:
  extends:
    - .rspec-base
    - .use-pg11
 .rspec-base-pg12:
  extends:
@ -99,29 +110,23 @@ include:
    - .rspec-base
    - .as-if-foss
    - .use-pg12
-  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss", "detect-tests"]
+  needs:
    - job: "setup-test-env"
    - job: "retrieve-tests-metadata"
    - job: "compile-test-assets as-if-foss"
    - job: "detect-tests"
      optional: true
 .rspec-base-pg13:
  extends:
    - .rspec-base
    - .use-pg13
 .rspec-ee-base-pg11:
  extends:
    - .rspec-base
    - .use-pg11-es7-ee
 .rspec-ee-base-pg12:
  extends:
    - .rspec-base
    - .use-pg12-es7-ee
 .rspec-ee-base-pg12-es7:
  extends:
    - .rspec-base
    - .use-pg12-es7-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg12-es8:
  extends:
    - .rspec-base
@ -158,10 +163,16 @@ include:
 ############################
 # rspec job parallel configs
 .rspec-migration-parallel:
-  parallel: 12
+  parallel: 8
 .rspec-background-migration-parallel:
  parallel: 4
 .rspec-ee-migration-parallel:
-  parallel: 4
+  parallel: 2
 .rspec-ee-background-migration-parallel:
  parallel: 2
 .rspec-unit-parallel:
  parallel: 28
--- a/.gitlab/ci/release-environments.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments.gitlab-ci.yml
@ -0,0 +1,23 @@
 ---
 start-release-environments-pipeline:
  allow_failure: true
  extends:
    - .release-environments:rules:start-release-environments-pipeline
  stage: release-environments
  # We do not want to have ALL global variables passed as trigger variables,
  # as they cannot be overridden. See this issue for more context:
  #
  # https://gitlab.com/gitlab-org/gitlab/-/issues/387183
  inherit:
    variables:
      - RUBY_VERSION
  # These variables are set in the pipeline schedules.
  # They need to be explicitly passed on to the child pipeline.
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
  variables:
    # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
  trigger:
    strategy: depend
    include: .gitlab/ci/release-environments/main.gitlab-ci.yml
--- a/.gitlab/ci/release-environments/main.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments/main.gitlab-ci.yml
@ -0,0 +1,94 @@
 ---
 default:
  interruptible: true
 stages:
  - prepare
  - deploy
 include:
  - local: .gitlab/ci/global.gitlab-ci.yml
 release-environments-build-cng-env:
  allow_failure: true
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
  stage: prepare
  needs:
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
    - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
    - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
    - cat $BUILD_ENV
  artifacts:
    reports:
      dotenv: $BUILD_ENV
    paths:
      - $BUILD_ENV
    expire_in: 7 days
    when: always
 release-environments-build-cng:
  allow_failure: true
  stage: prepare
  needs: ["release-environments-build-cng-env"]
  inherit:
    variables: false
  variables:
    GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"
    # CNG pipeline specific variables
    GITLAB_VERSION: "${GITLAB_VERSION}"
    GITLAB_TAG: "${GITLAB_TAG}"
    GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"
    FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
    CE_PIPELINE: "${CE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
    GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
    RUBY_VERSION: "${FULL_RUBY_VERSION}"
    IMAGE_TAG_EXT: "-${CI_COMMIT_SHORT_SHA}"
  trigger:
    project: gitlab-org/build/CNG-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend
 release-environments-deploy-env:
  allow_failure: true
  stage: deploy
  needs: ["release-environments-build-cng"]
  variables:
    DEPLOY_ENV: deploy.env
  script:
    - ./scripts/construct-release-environments-versions.rb > $DEPLOY_ENV
  artifacts:
    reports:
      dotenv: $DEPLOY_ENV
    paths:
      - $DEPLOY_ENV
    expire_in: 7 days
    when: always
 release-environments-deploy:
  allow_failure: true
  stage: deploy
  needs: ["release-environments-deploy-env"]
  inherit:
    variables: false
  variables:
    VERSIONS: "${VERSIONS}"
    ENVIRONMENT: "${ENVIRONMENT}"
  trigger:
    project: gitlab-com/gl-infra/release-environments
    branch: main
    strategy: depend
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@ -3,7 +3,6 @@ include:
  - template: Jobs/SAST.gitlab-ci.yml
  - template: Jobs/Secret-Detection.gitlab-ci.yml
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
  - template: Jobs/License-Scanning.gitlab-ci.yml
 code_quality:
  extends:
@ -88,7 +87,7 @@ yarn-audit-dependency_scanning:
  extends: .default-retry
  stage: test
  image:
-    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2
+    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.3@sha256:1d3af9a61aa01549a62be17fa655fcf06271ac9e1b1e822c2a7930fa1d4a8a6b
    entrypoint: [""]
  variables:
    HTR_user: '$PACKAGE_HUNTER_USER'
@ -104,7 +103,8 @@ yarn-audit-dependency_scanning:
    - mkdir ~/.aws
    - '[[ -z "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ]] || mv "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ~/.aws/credentials'
    - npm install --no-save --ignore-scripts @aws-sdk/client-s3@3.49.0
-    - scripts/ingest-reports-to-siem
+    - scripts/ingest-reports-to-siem || true  # Allow legacy report to fail as we'll remove it in the future anyway
    - scripts/ingest-reports-to-siem-devo
  artifacts:
    paths:
      - gl-dependency-scanning-report.json
@ -125,11 +125,3 @@ package_hunter-bundler:
    - .reports:rules:package_hunter-bundler
  variables:
    PACKAGE_MANAGER: bundler
 license_scanning:
  extends: .default-retry
  stage: lint
  needs: []
  artifacts:
    expire_in: 1 week  # GitLab-specific
  rules: !reference [".reports:rules:license_scanning", rules]
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@ -10,7 +10,6 @@ stages:
 include:
  - local: .gitlab/ci/global.gitlab-ci.yml
  - local: .gitlab/ci/rules.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/rules.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml
@ -19,7 +18,6 @@ include:
 .base-before_script: &base-before_script
  - source ./scripts/utils.sh
  - source ./scripts/review_apps/review-apps.sh
  - apt-get update && apt-get install -y jq
 dont-interrupt-me:
  extends: .rules:dont-interrupt
@ -32,21 +30,27 @@ review-build-cng-env:
  extends:
    - .default-retry
    - .review:rules:review-build-cng
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
  stage: prepare
-  needs: []
+  needs:
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
-    - ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env
+    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
    - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
    - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
-    - cat build.env
+    - cat $BUILD_ENV
  artifacts:
    reports:
-      dotenv: build.env
+      dotenv: $BUILD_ENV
    paths:
-      - build.env
+      - $BUILD_ENV
    expire_in: 7 days
    when: always
@ -85,29 +89,33 @@ review-build-cng:
    strategy: depend
 .review-workflow-base:
  extends:
    - .default-retry
  image: ${REVIEW_APPS_IMAGE}
  retry:
    max: 2 # This is confusing but this means "3 runs at max"
  variables:
    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
-    GITLAB_HELM_CHART_REF: "ed813953079c1d81aa69d4cb8171c69aa9741f01"  # 6.5.4: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/ed813953079c1d81aa69d4cb8171c69aa9741f01
+    GITLAB_HELM_CHART_REF: "febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71"  # 6.9.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
-    on_stop: review-stop
+    on_stop: trigger-review-stop
    auto_stop_in: 48 hours
 review-deploy:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: deploy
-  needs: ["review-build-cng"]
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3
  needs:
    - review-build-cng
    - review-delete-deployment # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
  cache:
    key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
    paths:
      - "gitlab-${GITLAB_HELM_CHART_REF}"
  environment:
    action: start
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
@ -115,12 +123,14 @@ review-deploy:
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env
    - *base-before_script
    - !reference [".use-kube-context", before_script]
  script:
    - run_timed_command "check_kube_domain"
    - run_timed_command "download_chart"
    - run_timed_command "deploy" || (display_deployment_debug && exit 1)
-    - run_timed_command "verify_deploy"|| (display_deployment_debug && exit 1)
+    - run_timed_command "verify_deploy" || (display_deployment_debug && exit 1)
-    - run_timed_command "disable_sign_ups"
+    - run_timed_command "disable_sign_ups" || (display_deployment_debug && exit 1)
    - run_timed_command "verify_commit_sha" || (display_deployment_debug && exit 1)
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
@ -128,6 +138,7 @@ review-deploy:
  artifacts:
    paths:
      - environment_url.txt
      - curl-logs/
    reports:
      dotenv: environment.env
    expire_in: 7 days
@ -139,12 +150,15 @@ review-deploy-sample-projects:
    - .review:rules:review-deploy
  stage: deploy
  needs: ["review-deploy"]
  environment:
    action: prepare
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - *base-before_script
    - !reference [".use-kube-context", before_script]
  script:
    - date
    - create_sample_projects
@ -153,29 +167,35 @@ review-deploy-sample-projects:
  extends: .review-workflow-base
  environment:
    action: stop
  dependencies: []
  variables:
    # We're cloning the repo instead of downloading the script for now
    # because some repos are private and CI_JOB_TOKEN cannot access files.
    # See https://gitlab.com/gitlab-org/gitlab/issues/191273
    GIT_DEPTH: 1
  before_script:
    - *base-before_script
 review-delete-deployment:
  extends:
    - .review-stop-base
    - .review:rules:review-delete-deployment
  dependencies: []
  stage: prepare
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/review_apps/review-apps.sh
    - !reference [".use-kube-context", before_script]
  script:
-    - delete_helm_release
+    - retry delete_helm_release
-review-stop:
+trigger-review-stop:
  extends:
    - .review-stop-base
-    - .review:rules:review-stop
+    - .review:rules:trigger-review-stop
  resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment
  stage: deploy
  needs: []
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
-    - delete_helm_release
+    - review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")"
    - |
      curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play"
--- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
@ -1,6 +1,6 @@
 include:
  - project: gitlab-org/quality/pipeline-common
-    ref: 1.7.0
+    ref: 2.2.0
    file:
      - /ci/base.gitlab-ci.yml
      - /ci/allure-report.yml
@ -99,6 +99,7 @@ review-qa-non-blocking:
  variables:
    QA_SCENARIO: Test::Instance::ReviewNonBlocking
    QA_RUN_TYPE: review-qa-non-blocking
  when: manual
  allow_failure: true
 review-qa-non-blocking-parallel:
  extends:
@ -142,15 +143,10 @@ e2e-test-report:
    ALLURE_PROJECT_PATH: $CI_PROJECT_PATH
    ALLURE_RESULTS_GLOB: qa/tmp/allure-results
    ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
-    GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
+    GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE
    GIT_STRATEGY: none
  allow_failure: true
  when: always
  artifacts:  # re-save rspec results for displaying in parent pipeline
    expire_in: 1 day
    when: always
    paths:
      - qa/tmp/rspec-*.xml
 upload-knapsack-report:
  extends:
--- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml
@ -1,3 +1,6 @@
 # ------------------------------------------
 # Conditions
 # ------------------------------------------
 # Specific specs passed
 .specific-specs: &specific-specs
  if: $QA_TESTS != ""
@ -8,7 +11,7 @@
 # No specific specs in mr pipeline
 .all-specs-mr: &all-specs-mr
-  if: $CI_MERGE_REQUEST_IID && $QA_TESTS == ""
+  if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS == ""'
  when: manual
 # Triggered by change pattern
@ -22,6 +25,31 @@
 .default-branch: &default-branch
  if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
 .if-merge-request: &if-merge-request
  if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
 .if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app
  if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/'
 .if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline
  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"'
 # ------------------------------------------
 # Changes patterns
 # ------------------------------------------
 .ci-review-patterns: &ci-review-patterns
  - ".gitlab-ci.yml"
  - ".gitlab/ci/frontend.gitlab-ci.yml"
  - ".gitlab/ci/build-images.gitlab-ci.yml"
  - ".gitlab/ci/review.gitlab-ci.yml"
  - ".gitlab/ci/review-apps/**/*"
  - "scripts/review_apps/**/*"
  - "scripts/trigger-build.rb"
  - "{,ee/,jh/}{bin,config}/**/*.rb"
 # ------------------------------------------
 # Conditions set
 # ------------------------------------------
 .qa-manual: &qa-manual
  when: manual
  allow_failure: true
@ -53,6 +81,26 @@
      when: manual
      allow_failure: true
 .review:rules:review-build-cng:
  rules:
    - when: always
 .review:rules:review-delete-deployment:
  rules:
    - when: on_success
 # ------------------------------------------
 # Deploy
 # ------------------------------------------
 .review:rules:review-deploy:
  rules:
    - when: on_success
 .review:rules:trigger-review-stop:
  rules:
    - when: manual
      allow_failure: true
 # ------------------------------------------
 # Test
 # ------------------------------------------
@ -91,6 +139,25 @@
    - *all-specs-mr  # set full suite to manual when no specific specs passed in mr
    - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/
 .review:rules:review-performance:
  rules:
    - if: '$DAST_RUN == "true"'  # Skip this job when DAST is run
      when: never
    - <<: *if-merge-request-labels-run-review-app  # we explicitly don't allow the job to fail in that case
    - <<: *if-merge-request  # we explicitly don't allow the job to fail in that case
      changes: *ci-review-patterns
    - when: on_success
      allow_failure: true
 # ------------------------------------------
 # DAST
 # ------------------------------------------
 .reports:rules:schedule-dast:
  rules:
    - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
      when: never
    - <<: *if-dot-com-ee-schedule-nightly-child-pipeline
 # ------------------------------------------
 # Prepare/Report
 # ------------------------------------------
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@ -4,17 +4,68 @@ review-cleanup:
    - .review:rules:review-cleanup
  image: ${REVIEW_APPS_IMAGE}
  stage: prepare
  needs: []
  environment:
    name: review/regular-cleanup
-    action: stop
+    action: access
  variables:
    GIT_DEPTH: 1
  before_script:
    - source scripts/utils.sh
-    - source scripts/review_apps/gcp_cleanup.sh
+    - !reference [".use-kube-context", before_script]
    - install_gitlab_gem
-    - setup_gcp_dependencies
+    - setup_gcloud
  script:
-    - scripts/review_apps/automated_cleanup.rb
+    - scripts/review_apps/automated_cleanup.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-cleanup-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
-    - gcp_cleanup
+
 review-stop:
  extends:
    - review-cleanup
    - .review:rules:review-stop
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
    action: stop
  resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/review_apps/review-apps.sh
    - !reference [".use-kube-context", before_script]
  script:
    - retry delete_helm_release
 .base-review-checks:
  extends:
    - .default-retry
  image: ${REVIEW_APPS_IMAGE}
  stage: prepare
  before_script:
    - source scripts/utils.sh
    - setup_gcloud
    - !reference [".use-kube-context", before_script]
 review-k8s-resources-count-checks:
  extends:
    - .base-review-checks
    - .review:rules:review-k8s-resources-count-checks
  needs:
    - job: review-cleanup
      optional: true
  environment:
    name: review/k8s-resources-count-checks
    action: verify
  script:
    - scripts/review_apps/k8s-resources-count-checks.sh || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-k8s-resources-count-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
 review-gcp-quotas-checks:
  extends:
    - .base-review-checks
    - .review:rules:review-gcp-quotas-checks
  needs: []
  environment:
    name: review/gcp-quotas-checks
    action: verify
  script:
    - ruby scripts/review_apps/gcp-quotas-checks.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-gcp-quotas-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
 start-review-app-pipeline:
  extends:
@ -25,10 +76,27 @@ start-review-app-pipeline:
    - job: e2e-test-pipeline-generate
    - job: build-assets-image
      artifacts: false
  # We do not want to have ALL global variables passed as trigger variables,
  # as they cannot be overridden. See this issue for more context:
  #
  # https://gitlab.com/gitlab-org/gitlab/-/issues/387183
  inherit:
    variables:
      - CHROME_VERSION
      - REGISTRY_GROUP
      - REGISTRY_HOST
      - REVIEW_APPS_DOMAIN
      - REVIEW_APPS_GCP_PROJECT
      - REVIEW_APPS_GCP_REGION
      - REVIEW_APPS_IMAGE
      - RUBY_VERSION
  # These variables are set in the pipeline schedules.
  # They need to be explicitly passed on to the child pipeline.
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
  variables:
    # This is needed by `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    SCHEDULE_TYPE: $SCHEDULE_TYPE
    DAST_RUN: $DAST_RUN
    SKIP_MESSAGE: Skipping review-app due to mr containing only quarantine changes!
@ -38,30 +106,6 @@ start-review-app-pipeline:
      - artifact: review-app-pipeline.yml
        job: e2e-test-pipeline-generate
 # Fetch child pipeline test results and store in parent pipeline
 # workaround until natively implemented: https://gitlab.com/groups/gitlab-org/-/epics/8205
 review-app-test-results:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3
  stage: review
  extends:
    - .qa-cache
    - .review:rules:start-review-app-pipeline
  needs:
    - start-review-app-pipeline
  variables:
    COLORIZED_LOGS: "true"
    QA_LOG_LEVEL: "debug"
  before_script:
    - cd qa && bundle install
  script:
    - bundle exec rake "ci:download_test_results[start-review-app-pipeline,e2e-test-report,${CI_PROJECT_DIR}]"
  when: always
  allow_failure: true
  artifacts:
    when: always
    reports:
      junit: qa/tmp/rspec-*.xml
 danger-review:
  extends:
    - .default-retry
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@ -22,21 +22,21 @@ cache gems:
      - vendor/cache
    expire_in: 31d
-.minimal-job:
+.predictive-job:
  extends:
    - .default-retry
  needs: []
-.absolutely-minimal-job:
+.absolutely-predictive-job:
  extends:
-    - .minimal-job
+    - .predictive-job
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
  variables:
    GIT_STRATEGY: none
 dont-interrupt-me:
  extends:
-    - .absolutely-minimal-job
+    - .absolutely-predictive-job
    - .setup:rules:dont-interrupt-me
  stage: sync
  interruptible: false
@ -45,35 +45,19 @@ dont-interrupt-me:
 gitlab_git_test:
  extends:
-    - .minimal-job
+    - .predictive-job
    - .setup:rules:gitlab_git_test
  stage: test
  script:
    - spec/support/prepare-gitlab-git-test-for-commit --check-for-changes
-no-ee-check:
+verify-ruby-3.0:
  extends:
-    - .minimal-job
+    - .absolutely-predictive-job
-    - .setup:rules:no-ee-check
+    - .setup:rules:verify-ruby-3.0
  stage: test
  script:
    - scripts/no-dir-check ee
 no-jh-check:
  extends:
    - .minimal-job
    - .setup:rules:no-jh-check
  stage: test
  script:
    - scripts/no-dir-check jh
 verify-ruby-2.7:
  extends:
    - .absolutely-minimal-job
    - .setup:rules:verify-ruby-2.7
  stage: prepare
  script:
-    - echo 'Please remove label ~"pipeline:run-in-ruby3" so we do test against Ruby 2.7 (default version) before merging the merge request'
+    - echo 'Please remove label ~"pipeline:run-in-ruby2" so we do test against Ruby 3.0 (default version) before merging the merge request'
    - exit 1
 verify-tests-yml:
@ -89,7 +73,7 @@ verify-tests-yml:
 verify-approvals:
  extends:
-    - .minimal-job
+    - .predictive-job
    - .setup:rules:jh-contribution
  script:
    - source scripts/utils.sh
@ -116,16 +100,19 @@ generate-frontend-fixtures-mapping:
 detect-tests:
  extends: .rails:rules:detect-tests
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  needs: []
  stage: prepare
  variables:
    RSPEC_TESTS_MAPPING_ENABLED: "true"
  before_script:
    - apt-get update && apt-get install -y curl # Not present in ruby-slim, so we add it manually
  script:
    - source ./scripts/utils.sh
    - source ./scripts/rspec_helpers.sh
    - install_gitlab_gem
    - install_tff_gem
    - install_activesupport_gem
    - retrieve_tests_mapping
    - retrieve_frontend_fixtures_mapping
    - |
@ -133,19 +120,25 @@ detect-tests:
        mkdir -p $(dirname "$RSPEC_CHANGED_FILES_PATH")
        tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH};
        tooling/bin/find_tests ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH};
        tooling/bin/js_to_system_specs_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH};
        tooling/bin/find_changes ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_TESTS_PATH} ${FRONTEND_FIXTURES_MAPPING_PATH};
        filter_rspec_matched_foss_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_FOSS_PATH};
        filter_rspec_matched_ee_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_EE_PATH};
        tooling/bin/view_to_js_mappings ${RSPEC_CHANGED_FILES_PATH} ${RSPEC_MATCHING_JS_FILES_PATH};
        echoinfo "Changed files: $(cat $RSPEC_CHANGED_FILES_PATH)";
        echoinfo "Related RSpec tests: $(cat $RSPEC_MATCHING_TESTS_PATH)";
        echoinfo "Related FOSS RSpec tests: $(cat $RSPEC_MATCHING_TESTS_FOSS_PATH)";
        echoinfo "Related EE RSpec tests: $(cat $RSPEC_MATCHING_TESTS_EE_PATH)";
        echoinfo "Related JS files: $(cat $RSPEC_MATCHING_JS_FILES_PATH)";
      fi
  artifacts:
    expire_in: 7d
    paths:
      - ${FRONTEND_FIXTURES_MAPPING_PATH}
      - ${RSPEC_CHANGED_FILES_PATH}
      - ${RSPEC_MATCHING_JS_FILES_PATH}
      - ${RSPEC_MATCHING_TESTS_PATH}
      - ${RSPEC_MATCHING_TESTS_FOSS_PATH}
-      - ${FRONTEND_FIXTURES_MAPPING_PATH}
+      - ${RSPEC_MATCHING_TESTS_EE_PATH}
 detect-previous-failed-tests:
  extends:
@ -153,12 +146,10 @@ detect-previous-failed-tests:
    - .rails:rules:detect-previous-failed-tests
  variables:
    PREVIOUS_FAILED_TESTS_DIR: tmp/previous_failed_tests/
    RSPEC_PG_REGEX: /rspec .+ pg12( .+)?/
    RSPEC_EE_PG_REGEX: /rspec-ee .+ pg12( .+)?/
  script:
    - source ./scripts/utils.sh
    - source ./scripts/rspec_helpers.sh
-    - retrieve_previous_failed_tests ${PREVIOUS_FAILED_TESTS_DIR} "${RSPEC_PG_REGEX}" "${RSPEC_EE_PG_REGEX}"
+    - retrieve_failed_tests "${PREVIOUS_FAILED_TESTS_DIR}" "oneline" "previous"
  artifacts:
    expire_in: 7d
    paths:
@ -167,7 +158,7 @@ detect-previous-failed-tests:
 e2e-test-pipeline-generate:
  extends:
    - .qa-job-base
-    - .minimal-job
+    - .predictive-job
    - .qa:rules:determine-e2e-tests
  stage: prepare
  variables:
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@ -22,7 +22,7 @@ update-static-analysis-cache:
    # Silence cop offenses for rules with "grace period".
    # This will notify Slack if offenses were silenced.
    # For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks.
-    - run_timed_command "bundle exec rake rubocop:check:graceful"
+    - run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
 static-analysis:
  extends:
@ -32,7 +32,7 @@ static-analysis:
  parallel: 2
  script:
    - yarn_install_script
-    - scripts/static-analysis
+    - fail_on_warnings scripts/static-analysis
 static-analysis as-if-foss:
  extends:
@ -132,12 +132,12 @@ rubocop:
        # We won't notify Slack if offenses were silenced to avoid frequent messages.
        # Job `update-static-analysis-cache` takes care of Slack notifications every 2 hours.
        unset CI_SLACK_WEBHOOK_URL
-        run_timed_command "bundle exec rake rubocop:check:graceful"
+        run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
      else
        cat "${RSPEC_CHANGED_FILES_PATH}" | ruby -e 'print $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > "$RUBOCOP_TARGET_FILES"
        # Skip running RuboCop if there's no target files
        if [ -s "${RUBOCOP_TARGET_FILES}" ]; then
-          run_timed_command "bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})"
+          run_timed_command "fail_on_warnings bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})"
        else
          echoinfo "Nothing interesting changed for RuboCop. Skipping."
        fi
@ -177,9 +177,43 @@ feature-flags-usage:
  script:
    # We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used,
    # the cache would prevent these files from being created.
-    - run_timed_command "bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
+    - run_timed_command "fail_on_warnings bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
  artifacts:
    expire_in: 31d
    when: always
    paths:
      - tmp/feature_flags/
 semgrep-appsec-custom-rules:
  stage: lint
  extends:
    - .semgrep-appsec-custom-rules:rules
  image: returntocorp/semgrep
  needs: []
  script:
    # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
    - git fetch origin master
    # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
    - |
      semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
        --include app --include lib --include workhorse \
        --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
  variables:
    CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
  artifacts:
    paths:
      - gl-sast-report.json
 ping-appsec-for-sast-findings:
  stage: lint
  image: alpine:latest
  extends:
    - .ping-appsec-for-sast-findings:rules
  variables:
    # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
    BOT_USER_ID: 13559989
  needs:
    - semgrep-appsec-custom-rules
  script:
    - apk add jq curl
    - scripts/process_custom_semgrep_results.sh
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@ -14,8 +14,11 @@ retrieve-tests-metadata:
  extends:
    - .tests-metadata-state
    - .test-metadata:rules:retrieve-tests-metadata
  # We use a smaller image for this job only (update-tests-metadata compiles some gems)
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  stage: prepare
  script:
    - apt-get update && apt-get install -y curl # Not present in ruby-slim, so we add it manually
    - install_gitlab_gem
    - source ./scripts/rspec_helpers.sh
    - retrieve_tests_metadata
@ -34,10 +37,12 @@ update-tests-metadata:
    - rspec unit pg12
    - rspec integration pg12
    - rspec system pg12
    - rspec background_migration pg12
    - rspec-ee migration pg12
    - rspec-ee unit pg12
    - rspec-ee integration pg12
    - rspec-ee system pg12
    - rspec-ee background_migration pg12
  script:
    - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document"
    - source ./scripts/rspec_helpers.sh
--- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
@ -0,0 +1,81 @@
 default:
  interruptible: true
 include:
  - local: .gitlab/ci/package-and-test/rules.gitlab-ci.yml
 dont-interrupt-me:
  extends: .rules:dont-interrupt
  stage: test
  interruptible: false
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
 .run-tests:
  stage: test
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}
  services:
    - docker:${DOCKER_VERSION}-dind
  tags:
    - e2e
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - sysctl -n -w fs.inotify.max_user_watches=524288
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375
    QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk:master"
    QA_GENERATE_ALLURE_REPORT: "false"
    QA_CAN_TEST_PRAEFECT: "false"
    QA_INTERCEPT_REQUESTS: "false"
    QA_RUN_TYPE: e2e-test-on-gdk
    TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE
    EE_LICENSE: $QA_EE_LICENSE
    GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN
    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
    QA_KNAPSACK_REPORTS: qa-smoke,ee-instance-parallel
  timeout: 2 hours
  artifacts:
    when: always
    paths:
      - test_output
      - logs
    expire_in: 7 days
  script:
    - echo -e "\e[0Ksection_start:`date +%s`:pull_image\r\e[0KPull GDK QA image"
    - docker pull ${QA_GDK_IMAGE}
    - echo -e "\e[0Ksection_end:`date +%s`:pull_image\r\e[0K"
    - echo -e "\e[0Ksection_start:`date +%s`:launch_gdk_and_tests\r\e[0KLaunch GDK and run QA tests"
    - cd qa && bundle install --jobs=$(nproc) --retry=3 --quiet
    - mkdir -p $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs/gdk $CI_PROJECT_DIR/logs/gitlab
    # This command matches the permissions of the user that runs GDK inside the container.
    - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs
    - |
      docker run --rm --name gdk --add-host gdk.test:127.0.0.1 --shm-size=2gb \
        --env-file <(bundle exec rake ci:env_var_name_list) \
        --volume /var/run/docker.sock:/var/run/docker.sock:z \
        --volume $CI_PROJECT_DIR/test_output:/home/gdk/gdk/gitlab/qa/tmp:z \
        --volume $CI_PROJECT_DIR/logs/gdk:/home/gdk/gdk/log \
        --volume $CI_PROJECT_DIR/logs/gitlab:/home/gdk/gdk/gitlab/log \
        ${QA_GDK_IMAGE} "${CI_COMMIT_REF_SLUG}" "$TEST_GDK_TAGS --tag ~requires_praefect" || true
    - echo -e "\e[0Ksection_end:`date +%s`:launch_gdk_and_tests\r\e[0K"
  allow_failure: true
 test-on-gdk-smoke:
  extends:
    - .run-tests
  parallel: 2
  variables:
    TEST_GDK_TAGS: "--tag smoke"
    QA_KNAPSACK_REPORT_NAME: qa-smoke
  rules:
    - when: always
 test-on-gdk-full:
  extends:
    - .run-tests
  parallel: 5
  variables:
    QA_KNAPSACK_REPORT_NAME: ee-instance-parallel
  rules:
    - when: manual
--- a/.gitlab/ci/vendored-gems.gitlab-ci.yml
+++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml
@ -85,3 +85,19 @@ vendor bundler-checksum:
  trigger:
    include: vendor/gems/bundler-checksum/.gitlab-ci.yml
    strategy: depend
 vendor gitlab_active_record:
  extends:
    - .vendor:rules:gitlab_active_record
  needs: []
  trigger:
    include: vendor/gems/gitlab_active_record/.gitlab-ci.yml
    strategy: depend
 vendor cloud_profiler_agent:
  extends:
    - .vendor:rules:cloud_profiler_agent
  needs: []
  trigger:
    include: vendor/gems/cloud_profiler_agent/.gitlab-ci.yml
    strategy: depend
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@ -37,8 +37,9 @@ workhorse:test go:
 workhorse:test fips:
  extends: .workhorse:test
  image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ubuntu_20.04_fips:4.0.0
  variables:
-    WORKHORSE_TEST_FIPS_ENABLED: 1
+    FIPS_MODE: 1
 workhorse:test race:
  extends: .workhorse:test
--- a/.gitlab/issue_templates/Broken
+++ b/.gitlab/issue_templates/Broken
@ -16,10 +16,15 @@ Please read the below documentations for a workflow of triaging and resolving br
 <!-- If the pipeline failure is reproducible, provide steps to recreate the issue locally. Please use an ordered list. -->
 Please refer to [Flaky tests documentation](https://docs.gitlab.com/ee/development/testing_guide/flaky_tests.html) to
 learn more about how to reproduce them.
 ### Proposed Resolution
 <!-- Describe the proposed change to restore master stability. -->
 Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.
-/label ~"failure::flaky-test" ~"Engineering Productivity" ~"priority::2" ~"severity::2"
+Once the flaky failure has been fixed on the default branch, open merge requests to cherry-pick the fix to the active stable branches.
 /label ~"type::maintenance" ~"failure::flaky-test" ~"priority::3" ~"severity::3"
--- a/.gitlab/issue_templates/Broken
+++ b/.gitlab/issue_templates/Broken
@ -21,4 +21,4 @@ Please read the below documentations for a workflow of triaging and resolving br
 Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.
-/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1"
+/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1" ~"type::maintenance" ~"maintenance::pipelines"
--- a/.gitlab/issue_templates/Doc_cleanup.md
+++ b/.gitlab/issue_templates/Doc_cleanup.md
@ -1,72 +1,38 @@
 <!--
-* Use this issue template for identifying issues to work on in existing documentation, normally identified
+* Use this template for documentation issues identified
-* with our [Vale](https://docs.gitlab.com/ee/development/documentation/testing.html#vale) or [markdownlint](https://docs.gitlab.com/ee/development/documentation/testing.html#markdownlint) tools. Much of this identified work is suitable for first-time contributors or
+* by [Vale](https://docs.gitlab.com/ee/development/documentation/testing.html#vale)
 * or [markdownlint](https://docs.gitlab.com/ee/development/documentation/testing.html#markdownlint).
 * This template is meant to describe work for first-time contributors or
 * for work during Hackathons.
 *
-* Normal documentation updates should use the Documentation template, and documentation work as part of
+* Feature development work should not use this template. Use the Feature Request template instead.
 * feature development should use the Feature Request template.
 -->
-If you are a community contributor, **do not work on the issue if it is not assigned to you yet**.
+## Hi community contributors! :wave:
-Additionally, please review these points before working on this issue:
+Do you want to work on this issue?
-1. If you would like to work on the issue, type `@gl-docsteam I would like to work on this issue.`
+- **If the issue is unassigned**, in a comment, type `@docs-hackathon I would like to work on this issue` and a writer will assign it to you.
   in a comment. A technical writer will assign the issue to you. If someone has already chosen this issue,
   pick another issue, or view docs [in the docs directory](https://gitlab.com/gitlab-org/gitlab/-/tree/master/doc)
   and open a merge request for any page you feel can be improved.
 1. Carefully review the [merge request guidelines for contributors](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#merge-request-guidelines-for-contributors).
 1. Carefully review the [commit message guidelines](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#commit-messages-guidelines).
 1. Create a merge request for the issue:
   - If you were not assigned the issue, do not create a merge request. It will not be accepted.
   - If this is for a Hackathon, do not create the merge request before the Hackathon has started
     or it will not be counted towards the Hackathon.
   - Unless otherwise stated below, we expect one merge request per issue, so combine
     all changes together. If there is too much work for you to handle in one merge request,
     you can create more, but try to keep the number of merge requests as small as possible.
   - Select the **Documentation** merge request description template, and fill it out
     with the details of your work.
   - Copy the link to this issue and add it to the merge request's description,
     which links the merge request and the issue together.
 1. After your merge request is accepted and merged, close this issue.
-If you notice things you'd like to fix that are not part of the issue, open separate merge requests for those issues.
+  To be fair to others, do not ask for more than three issues at a time.
-We're sorry for all the rules but we want everyone to have a good experience, and it can be hard when we get an influx of contributions.
+- **If the issue is assigned to someone already**, choose another issue. Do not open a merge request for this issue if you are not assigned.
-Thank you again for contributing to the GitLab documentation!
+## To resolve the issue
-## Identified documentation issue
+[Follow these instructions to create a merge request](https://docs.gitlab.com/ee/development/documentation/workflow.html#how-to-update-the-docs).
-<!--
+- Don't submit your merge request until after the Hackathon has started.
-* Include information about the issue that needs resolution. If the item is from an automated test,
+- Try to address the issue in a single merge request.
-* be sure to include a copy/paste from the the test results. [This issue](https://gitlab.com/gitlab-org/gitlab/-/issues/339543) is an example of text to include with a Vale issue.
+- Try to stick to the scope of the issue. If you see other improvements that can be made in the file, open a separate merge request.
-*
+- When you create the merge request, select the **Documentation** merge request description template.
-* Limit the identified work to be related to one another, and keep it to a reasonable amount. For example,
+- In the merge request's description, add a link to this issue.
-* several moderate changes on one page, a few intermediate changes across five pages, or several very small
+- Follow the [commit message guidelines](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#commit-messages-guidelines).
-* changes for up to 10 pages. Larger items should be broken out into other issues to better distribute
+  Use three to five words for your commit message, start with message with a capital letter, and do **not** end it in a period.
-* the opportunities for contributors.
+  Other commit messages can cause the pipeline to fail.
 *
 * If you expect the work to take more than one MR to resolve, explain approximately
 * how many MRs you expect to receive for the issue.
 -->
-## Additional information
+Thank you again for contributing to the GitLab documentation! :tada:
-<!--
+## Documentation issue
 * Any concepts, procedures, reference info we could add to make it easier to successfully use GitLab?
 * Include use cases, benefits, and/or goals for this work.
 * If adding content: What audience is it intended for? (What roles and scenarios?)
  For ideas, see personas at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ or the persona labels at
  https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=persona%3A
 -->
-### Who can address the issue
+/labels ~"documentation" ~"docs-only" ~"documentation" ~"docs::improvement" ~"type::maintenance" ~"maintenance::refactor" ~"Seeking community contributions"  ~"quick win" ~"Technical Writing"
 <!-- What if any special expertise is required to resolve this issue? -->
 ### Other links/references
 <!-- For example, related GitLab issues/MRs -->
 /label ~documentation
--- a/.gitlab/issue_templates/Experiment
+++ b/.gitlab/issue_templates/Experiment
@ -10,7 +10,11 @@ The changes need to become an official part of the product.
 - [ ] Determine whether the feature should apply to SaaS and/or self-managed
 - [ ] Determine whether the feature should apply to EE - and which tiers - and/or Core
 - [ ] Determine if tracking should be kept as is, removed, or modified.
 - [ ] Determine if any UX experiences need to be "polished" i.e. updated to further improve the end user experience. This task should be completed by the designated UX counterpart. 
   - [ ] (placeholder for UX polish work that needs to be completed for this cleanup issue to be considered completed) 
 - [ ] Ensure any relevant documentation has been updated.
 - [ ] Determine whether there are other concerns that need to be considered before removing the feature flag.
   - These are typically captured in the `Experiment Successful Cleanup Concerns` section of the rollout issue.
 - [ ] Consider changes to any `feature_category:` introduced by the experiment if ownership is changing (PM for Growth and PM for the new category as DRIs)
 - [ ] Check to see if the experiment introduced new design assets. Add them to the appropriate repos and document them if needed.
 - [ ] Optional: Migrate experiment to a default enabled [feature flag](https://docs.gitlab.com/ee/development/feature_flags) for one milestone and add a changelog. Converting to a feature flag can be skipped at the ICs discretion if risk is deemed low with consideration to both SaaS and (if applicable) self managed
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -66,9 +66,12 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
 ## Rollout Steps
 Note: Please make sure to run the chatops commands in the slack channel that gets impacted by the command. 
 ### Rollout on non-production environments
- Ensure that the feature MRs have been deployed to non-production environments.
+- [ ] Verify the MR with the feature flag is merged to master.
 - Verify that the feature MRs have been deployed to non-production environments with:
    - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
 - [ ] Enable the feature globally on non-production environments.
    - [ ] `/chatops run feature set <feature-flag-name> true --dev --staging --staging-ref`
@ -79,13 +82,16 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
 ### Specific rollout on production
 For visibility, all `/chatops` commands that target production should be executed in the `#production` slack channel and cross-posted (with the command results) to the responsible team's slack channel (`#g_TEAM_NAME`).
 - Ensure that the feature MRs have been deployed to both production and canary.
    - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
- If you're using [project-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
+- Depending on the [type of actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors) you are using, pick one of these options:
  - If you're using **project-actor**, you must enable the feature on these entries:
    - [ ] `/chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com <feature-flag-name> true`
- If you're using [group-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
+  - If you're using **group-actor**, you must enable the feature on these entries:
    - [ ] `/chatops run feature set --group=gitlab-org,gitlab-com <feature-flag-name> true`
- If you're using [user-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
+  - If you're using **user-actor**, you must enable the feature on these entries:
    - [ ] `/chatops run feature set --user=<your-username> <feature-flag-name> true`
 - [ ] Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable.
@ -101,18 +107,21 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
 - [ ] Leave a comment on [the feature issue][main-issue] announcing estimated time when this feature flag will be enabled on GitLab.com. 
 - [ ] Ensure that any breaking changes have been announced following the [release post process](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes) to ensure GitLab customers are aware.
 - [ ] Notify `#support_gitlab-com` and your team channel ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#communicate-the-change)).
 - [ ] Ensure that the feature flag rollout plan is reviewed by another developer familiar with the domain.
 ### Global rollout on production
 For visibility, all `/chatops` commands that target production should be executed in the `#production` slack channel and cross-posted (with the command results) to the responsible team's slack channel (`#g_TEAM_NAME`).
 - [ ] [Incrementally roll out](https://docs.gitlab.com/ee/development/feature_flags/controls.html#process) the feature.
  - [ ] Between every step wait for at least 15 minutes and monitor the appropriate graphs on https://dashboards.gitlab.net.
  - If the feature flag in code has [an actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), perform **actor-based** rollout.
    - [ ] `/chatops run feature set <feature-flag-name> <rollout-percentage> --actors`
  - If the feature flag in code does **NOT** have [an actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), perform time-based rollout (**random** rollout).
    - [ ] `/chatops run feature set <feature-flag-name> <rollout-percentage> --random`
  - Enable the feature globally on production environment.
    - [ ] `/chatops run feature set <feature-flag-name> true`
 - [ ] Observe appropriate graphs on https://dashboards.gitlab.net and verify that services are not affected.
 - [ ] Leave a comment on [the feature issue][main-issue] announcing that the feature has been globally enabled.
 - [ ] Wait for [at least one day for the verification term](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#including-a-feature-behind-feature-flag-in-the-final-release).
@ -124,7 +133,7 @@ To do so, follow these steps:
 - [ ] Create a merge request with the following changes. Ask for review and merge it.
    - [ ] Set the `default_enabled` attribute in [the feature flag definition](https://docs.gitlab.com/ee/development/feature_flags/#feature-flag-definition-and-validation) to `true`.
-    - [ ] Create [a changelog entry](https://docs.gitlab.com/ee/development/feature_flags/#changelog).
+    - [ ] Review [what warrants a changelog entry](https://docs.gitlab.com/ee/development/changelog.html#what-warrants-a-changelog-entry) and decide if [a changelog entry](https://docs.gitlab.com/ee/development/feature_flags/#changelog) is needed.
 - [ ] Ensure that the default-enabling MR has been included in the release package.
      If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1),
      the feature can be officially announced in a release blog post.
@ -165,7 +174,7 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla
      the feature can be officially announced in a release blog post.
    - [ ] `/chatops run release check <merge-request-url> <milestone>`
 - [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone.
- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel:
+- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel:
    - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production`
 - [ ] Close this rollout issue.
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -9,6 +9,7 @@
 <!-- Label reminders
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -48,6 +48,7 @@ Create tracking issue using the Snowplow event tracking template. See https://gi
 <!-- Label reminders
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -125,6 +125,7 @@ In which enterprise tier should this feature go? See https://about.gitlab.com/ha
 <!-- Label reminders - you should have one of each of the following labels.
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Geo
+++ b/.gitlab/issue_templates/Geo
@ -18,7 +18,7 @@ If your Model's pluralized form is non-standard, i.e. it doesn't just end in `s`
 -->
-## Replicate Cool Widgets
+## Replicate Cool Widgets - Repository
 This issue is for implementing Geo replication and verification of Cool Widgets.
@ -39,8 +39,6 @@ You can look into the following example for implementing replication/verificatio
 ### Modify database schemas to prepare to add Geo support for Cool Widgets
 You might do this section in its own merge request, but it is not required.
 #### Add the registry table to track replication and verification state
 Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/geo.md#tracking-database) independent of the main database. It is used to track the replication and verification state of all replicables. Every Model has a corresponding "registry" table in the Geo tracking database.
@ -56,7 +54,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.0]
+  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.1]
    def change
      create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t|
        t.bigint :cool_widget_id, null: false
@ -82,11 +80,19 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
        t.index :retry_at
        t.index :state
        # To optimize performance of CoolWidgetRegistry.verification_failed_batch
-        t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))"
+        t.index :verification_retry_at,
          name: :cool_widget_registry_failed_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 3))"
        # To optimize performance of CoolWidgetRegistry.needs_verification_count
-        t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
+        t.index :verification_state,
          name: :cool_widget_registry_needs_verification,
          where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
        # To optimize performance of CoolWidgetRegistry.verification_pending_batch
-        t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))"
+        t.index :verified_at,
          name: :cool_widget_registry_pending_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 0))"
      end
    end
  end
@ -94,11 +100,19 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
- [ ] Add the new table to the GitLab Schema defined in [`ee/lib/ee/gitlab/database/gitlab_schemas.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/ee/gitlab/database/gitlab_schemas.yml).
+- [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`ee/db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/db/docs):
-   ```yaml
+  ```yaml
-   cool_widget_registry: :gitlab_geo
+  table_name: cool_widget_registry
-   ```
+  description: Description example
  introduced_by_url: Merge request link
  milestone: Milestone example
  feature_categories:
   - Feature category example
  classes:
   - Class example
  gitlab_schema: gitlab_geo
  ```
 - [ ] Run Geo tracking database migrations:
@ -106,7 +120,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  bin/rake db:migrate:geo
  ```
- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql`
+- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` and the file under `ee/db/geo/schema_migrations`
 ### Add verification state to the Model
@ -123,7 +137,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.0]
+  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.1]
    VERIFICATION_STATE_INDEX_NAME = "index_cool_widget_states_on_verification_state"
    PENDING_VERIFICATION_INDEX_NAME = "index_cool_widget_states_pending_verification"
    FAILED_VERIFICATION_INDEX_NAME = "index_cool_widget_states_failed_verification"
@ -138,14 +152,22 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
        t.datetime_with_timezone :verified_at
        t.references :cool_widget, primary_key: true, default: nil, index: false, foreign_key: { on_delete: :cascade }
        t.integer :verification_state, default: 0, limit: 2, null: false
-        t.integer :verification_retry_count, limit: 2
+        t.integer :verification_retry_count, default: 0, limit: 2, null: false
        t.binary :verification_checksum, using: 'verification_checksum::bytea'
        t.text :verification_failure, limit: 255
        t.index :verification_state, name: VERIFICATION_STATE_INDEX_NAME
-        t.index :verified_at, where: "(verification_state = 0)", order: { verified_at: 'ASC NULLS FIRST' }, name: PENDING_VERIFICATION_INDEX_NAME
+        t.index :verified_at,
-        t.index :verification_retry_at, where: "(verification_state = 3)", order: { verification_retry_at: 'ASC NULLS FIRST' }, name: FAILED_VERIFICATION_INDEX_NAME
+          where: "(verification_state = 0)",
-        t.index :verification_state, where: "(verification_state = 0 OR verification_state = 3)", name: NEEDS_VERIFICATION_INDEX_NAME
+          order: { verified_at: 'ASC NULLS FIRST' },
          name: PENDING_VERIFICATION_INDEX_NAME
        t.index :verification_retry_at,
          where: "(verification_state = 3)",
          order: { verification_retry_at: 'ASC NULLS FIRST' },
          name: FAILED_VERIFICATION_INDEX_NAME
        t.index :verification_state,
          where: "(verification_state = 0 OR verification_state = 3)",
          name: NEEDS_VERIFICATION_INDEX_NAME
      end
    end
@ -157,11 +179,22 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
- [ ] Add the new table to the GitLab Schema defined in [`lib/gitlab/database/gitlab_schemas.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/gitlab_schemas.yml) with the databases they need to be added to.
+- [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
-   ```yaml
+- [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/db/docs):
-   cool_widget_states: :gitlab_main
+
-   ```
+  ```yaml
  ---
  table_name: cool_widget_states
  description: Separate table for cool widget verification states
  introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/XXXXX
  milestone: 'XX.Y'
  feature_categories:
   - geo_replication
  classes:
   - Geo::CoolWidgetState
  gitlab_schema: gitlab_main
  ```
 - [ ] Run database migrations:
@ -169,7 +202,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  bin/rake db:migrate
  ```
- [ ] Be sure to commit the relevant changes in `db/structure.sql`
+- [ ] Be sure to commit the relevant changes in `db/structure.sql` and the file under `db/schema_migrations`
 That's all of the required database changes.
@ -202,23 +235,30 @@ That's all of the required database changes.
    with_replicator Geo::CoolWidgetReplicator
    mount_uploader :file, CoolWidgetUploader
    has_one :cool_widget_state, autosave: false, inverse_of: :cool_widget, class_name: 'Geo::CoolWidgetState'
    after_save :save_verification_details
    scope :with_verification_state, ->(state) { joins(:cool_widget_state).where(cool_widget_states: { verification_state: verification_state_value(state) }) }
    scope :checksummed, -> { joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil } ) }
    scope :not_checksummed, -> { joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil } ) }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    # Override the `all` default if not all records can be replicated. For an
    # example of an existing Model that needs to do this, see
    # `EE::MergeRequestDiff`.
    # scope :available_replicables, -> { all }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    scope :checksummed, -> {
      joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil })
    }
    scope :not_checksummed, -> {
      joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil })
    }
    scope :with_verification_state, ->(state) {
      joins(:cool_widget_state)
        .where(cool_widget_states: { verification_state: verification_state_value(state) })
    }
    def verification_state_object
      cool_widget_state
    end
@ -229,7 +269,8 @@ That's all of the required database changes.
      ...
      # @param primary_key_in [Range, CoolWidget] arg to pass to primary_key_in scope
-      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced to this node, restricted by primary key
+      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced
      #         to this node, restricted by primary key
      def replicables_for_current_secondary(primary_key_in)
        # This issue template does not help you write this method.
        #
@ -237,7 +278,8 @@ That's all of the required database changes.
        # we want to know which records to replicate. This is not easy to automate
        # because for example:
        #
-        # * The "selective sync" feature allows admins to choose which namespaces #   to replicate, per secondary site. Most Models are scoped to a
+        # * The "selective sync" feature allows admins to choose which namespaces
        #   to replicate, per secondary site. Most Models are scoped to a
        #   namespace, but the nature of the relationship to a namespace varies
        #   between Models.
        # * The "selective sync" feature allows admins to choose which shards to
@ -276,8 +318,8 @@ That's all of the required database changes.
  ```ruby
    include_examples 'a replicable model with a separate table for verification state' do
-      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is included in `available_verifiables`
+      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is in `Geo::ReplicableModel.verifiables` scope
-      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `available_verifiables`
+      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `Geo::ReplicableModel.verifiables` scope
    end
  ```
@ -295,10 +337,6 @@ That's all of the required database changes.
        ::CoolWidget
      end
      def repository
        model_record.repository
      end
      def self.git_access_class
        ::Gitlab::GitAccessCoolWidget
      end
@ -316,6 +354,19 @@ That's all of the required database changes.
        true
      end
      override :housekeeping_enabled?
      def self.housekeeping_enabled?
        # Remove this method if the new Git repository type supports git
        # repository housekeeping and the ::CoolWidget#git_garbage_collect_worker_klass
        # is implemented. If the data type requires any action to be performed
        # before running the housekeeping override the `before_housekeeping` method
        # (see `RepositoryReplicatorStrategy#before_housekeeping`)
        false
      end
      def repository
        model_record.repository
      end
    end
  end
  ```
@ -346,7 +397,6 @@ That's all of the required database changes.
  ```shell
  bin/feature-flag --ee geo_cool_widget_replication --type development --group 'group::geo'
  bin/feature-flag --ee geo_cool_widget_verification --type development --group 'group::geo'
  ```
 - [ ] Add this replicator class to the method `replicator_classes` in
@ -357,7 +407,6 @@ That's all of the required database changes.
    ::Geo::PackageFileReplicator,
    ::Geo::CoolWidgetReplicator
  ]
  end
  ```
 - [ ] Create `ee/spec/replicators/geo/cool_widget_replicator_spec.rb` and perform the necessary setup to define the `model_record` variable for the shared examples:
@ -367,7 +416,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetReplicator do
+  RSpec.describe Geo::CoolWidgetReplicator, feature_category: :geo_replication do
    let(:model_record) { build(:cool_widget) }
    include_examples 'a repository replicator'
@ -441,7 +490,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model do
+  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model, feature_category: :geo_replication do
    let_it_be(:registry) { create(:geo_cool_widget_registry) }
    specify 'factory is valid' do
@ -453,32 +502,39 @@ That's all of the required database changes.
  end
  ```
- [ ] Add the following to `spec/factories/cool_widgets.rb`:
+- [ ] Add the following to `ee/spec/factories/cool_widgets.rb`:
  ```ruby
-  trait :verification_succeeded do
+  # frozen_string_literal: true
    with_file
    verification_checksum { 'abc' }
    verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
  end
-  trait :verification_failed do
+  FactoryBot.modify do
-    with_file
+    factory :cool_widget do
-    verification_failure { 'Could not calculate the checksum' }
+      trait :verification_succeeded do
-    verification_state { CoolWidget.verification_state_value(:verification_failed) }
+          with_file
          verification_checksum { 'abc' }
          verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
      end
      trait :verification_failed do
          with_file
          verification_failure { 'Could not calculate the checksum' }
          verification_state { CoolWidget.verification_state_value(:verification_failed) }
      end
    end
  end
  ```
  If there is not an existing factory for the object in `spec/factories/cool_widgets.rb`, wrap the traits in `FactoryBot.create` instead of `FactoryBot.modify`.
 - [ ] Make sure the factory also allows setting a `project` attribute. If the model does not have a direct relation to a project, you can use a `transient` attribute. Check out `spec/factories/merge_request_diffs.rb` for an example.
- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/ee/geo/cool_widget_state.rb`:
+- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/geo/cool_widget_state.rb`:
  ``` ruby
  # frozen_string_literal: true
  module Geo
    class CoolWidgetState < ApplicationRecord
      include EachBatch
      include ::Geo::VerificationStateDefinition
      self.primary_key = :cool_widget_id
@ -511,6 +567,8 @@ That's all of the required database changes.
  end
  ```
 - [ ] Add `[:geo_cool_widget_state, any]` to `skipped` in `spec/models/factories_spec.rb`
 #### Step 2. Implement metrics gathering
 Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` for display in the UI, and sent to Prometheus:
@ -531,18 +589,20 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
 - [ ] Add the same fields to `GET /geo_nodes/status` example response in
  `ee/spec/fixtures/api/schemas/public_api/v4/geo_node_status.json`.
 - [ ] Add the following fields to the `Sidekiq metrics` table in `doc/administration/monitoring/prometheus/gitlab_metrics.md`:
-  - `geo_cool_widgets`
+  ```markdown
-  - `geo_cool_widgets_checksum_total`
+  | `geo_cool_widgets` | Gauge | XX.Y | Number of Cool Widgets on primary | `url` |
-  - `geo_cool_widgets_checksummed`
+  | `geo_cool_widgets_checksum_total` | Gauge | XX.Y | Number of Cool Widgets to checksum on primary | `url` |
-  - `geo_cool_widgets_checksum_failed`
+  | `geo_cool_widgets_checksummed` | Gauge | XX.Y | Number of Cool Widgets that successfully calculated the checksum on primary | `url` |
-  - `geo_cool_widgets_synced`
+  | `geo_cool_widgets_checksum_failed` | Gauge | XX.Y | Number of Cool Widgets that failed to calculate the checksum on primary | `url` |
-  - `geo_cool_widgets_failed`
+  | `geo_cool_widgets_synced` | Gauge | XX.Y | Number of syncable Cool Widgets synced on secondary | `url` |
-  - `geo_cool_widgets_registry`
+  | `geo_cool_widgets_failed` | Gauge | XX.Y | Number of syncable Cool Widgets failed to sync on secondary | `url` |
-  - `geo_cool_widgets_verification_total`
+  | `geo_cool_widgets_registry` | Gauge | XX.Y | Number of Cool Widgets in the registry | `url` |
-  - `geo_cool_widgets_verified`
+  | `geo_cool_widgets_verification_total` | Gauge | XX.Y | Number of Cool Widgets to attempt to verify on secondary | `url` |
-  - `geo_cool_widgets_verification_failed`
+  | `geo_cool_widgets_verified` | Gauge | XX.Y | Number of Cool Widgets successfully verified on secondary | `url` |
  | `geo_cool_widgets_verification_failed` | Gauge | XX.Y | Number of Cool Widgets that failed verification on secondary | `url` |
  ```
-Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.
+Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Sites` view, and Prometheus.
 #### Step 3. Implement the GraphQL API
@ -583,7 +643,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver do
+  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver, feature_category: :geo_replication do
    it_behaves_like 'a Geo registries resolver', :geo_cool_widget_registry
  end
  ```
@ -607,7 +667,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistryFinder do
+  RSpec.describe Geo::CoolWidgetRegistryFinder, feature_category: :geo_replication do
    it_behaves_like 'a framework registry finder', :geo_cool_widget_registry
  end
  ```
@ -641,7 +701,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'] do
+  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'], feature_category: :geo_replication do
    it_behaves_like 'a Geo registry type'
    it 'has the expected fields (other than those included in RegistryType)' do
@ -706,6 +766,14 @@ As illustrated by the above two examples, batch destroy logic cannot be handled
    end
  end
 ```
 ### Code Review
 When requesting review from database reviewers:
 - [ ] Include a comment mentioning that the change is based on a documented template.
 - [ ] `replicables_for_current_secondary` and `available_replicables` may differ per Model. If their queries are new, then add [query plans](https://docs.gitlab.com/ee/development/database_review.html#query-plans) to the MR description. An easy place to gather SQL queries is your GDK's `log/test.log` when running tests of these methods.
 ### Release Geo support of Cool Widgets
 - [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps:
--- a/.gitlab/issue_templates/Geo
+++ b/.gitlab/issue_templates/Geo
@ -18,7 +18,7 @@ If your Model's pluralized form is non-standard, i.e. it doesn't just end in `s`
 -->
-## Replicate Cool Widgets
+## Replicate Cool Widgets - Blob
 This issue is for implementing Geo replication and verification of Cool Widgets.
@ -41,8 +41,6 @@ You can look into the following examples of MRs for implementing replication/ver
 ### Modify database schemas to prepare to add Geo support for Cool Widgets
 You might do this section in its own merge request, but it is not required.
 #### Add the registry table to track replication and verification state
 Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/geo.md#tracking-database) independent of the main database. It is used to track the replication and verification state of all replicables. Every Model has a corresponding "registry" table in the Geo tracking database.
@ -58,7 +56,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.0]
+  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.1]
    def change
      create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t|
        t.bigint :cool_widget_id, null: false
@ -82,11 +80,19 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
        t.index :retry_at
        t.index :state
        # To optimize performance of CoolWidgetRegistry.verification_failed_batch
-        t.index :verification_retry_at, name: :cool_widget_registry_failed_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 3))"
+        t.index :verification_retry_at,
          name: :cool_widget_registry_failed_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 3))"
        # To optimize performance of CoolWidgetRegistry.needs_verification_count
-        t.index :verification_state, name: :cool_widget_registry_needs_verification, where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
+        t.index :verification_state,
          name: :cool_widget_registry_needs_verification,
          where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
        # To optimize performance of CoolWidgetRegistry.verification_pending_batch
-        t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))"
+        t.index :verified_at,
          name: :cool_widget_registry_pending_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 0))"
      end
    end
  end
@ -94,11 +100,19 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
- [ ] Add the new table to the GitLab Schema defined in [`ee/lib/ee/gitlab/database/gitlab_schemas.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/ee/gitlab/database/gitlab_schemas.yml).
+- [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`ee/db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/db/docs):
-   ```yaml
+  ```yaml
-   cool_widget_registry: :gitlab_geo
+  table_name: cool_widget_registry
-   ```
+  description: Description example
  introduced_by_url: Merge request link
  milestone: Milestone example
  feature_categories:
   - Feature category example
  classes:
   - Class example
  gitlab_schema: gitlab_geo
  ```
 - [ ] Run Geo tracking database migrations:
@ -106,7 +120,7 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  bin/rake db:migrate:geo
  ```
- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql`
+- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` and the file created under `ee/db/geo/schema_migrations`
 ### Add verification state fields on the Geo primary site
@ -125,7 +139,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.0]
+  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.1]
    VERIFICATION_STATE_INDEX_NAME = "index_cool_widget_states_on_verification_state"
    PENDING_VERIFICATION_INDEX_NAME = "index_cool_widget_states_pending_verification"
    FAILED_VERIFICATION_INDEX_NAME = "index_cool_widget_states_failed_verification"
@ -138,16 +152,28 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
        t.datetime_with_timezone :verification_started_at
        t.datetime_with_timezone :verification_retry_at
        t.datetime_with_timezone :verified_at
-        t.references :cool_widget, primary_key: true, default: nil, index: false, foreign_key: { on_delete: :cascade }
+        t.references :cool_widget,
          primary_key: true,
          default: nil,
          index: false,
          foreign_key: { on_delete: :cascade }
        t.integer :verification_state, default: 0, limit: 2, null: false
-        t.integer :verification_retry_count, limit: 2
+        t.integer :verification_retry_count, default: 0, limit: 2, null: false
        t.binary :verification_checksum, using: 'verification_checksum::bytea'
        t.text :verification_failure, limit: 255
        t.index :verification_state, name: VERIFICATION_STATE_INDEX_NAME
-        t.index :verified_at, where: "(verification_state = 0)", order: { verified_at: 'ASC NULLS FIRST' }, name: PENDING_VERIFICATION_INDEX_NAME
+        t.index :verified_at,
-        t.index :verification_retry_at, where: "(verification_state = 3)", order: { verification_retry_at: 'ASC NULLS FIRST' }, name: FAILED_VERIFICATION_INDEX_NAME
+          where: "(verification_state = 0)",
-        t.index :verification_state, where: "(verification_state = 0 OR verification_state = 3)", name: NEEDS_VERIFICATION_INDEX_NAME
+          order: { verified_at: 'ASC NULLS FIRST' },
          name: PENDING_VERIFICATION_INDEX_NAME
        t.index :verification_retry_at,
          where: "(verification_state = 3)",
          order: { verification_retry_at: 'ASC NULLS FIRST' },
          name: FAILED_VERIFICATION_INDEX_NAME
        t.index :verification_state,
          where: "(verification_state = 0 OR verification_state = 3)",
          name: NEEDS_VERIFICATION_INDEX_NAME
      end
    end
@ -159,11 +185,22 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
- [ ] Add the new table to the GitLab Schema defined in [`lib/gitlab/database/gitlab_schemas.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/database/gitlab_schemas.yml) with the databases they need to be added to.
+- [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
-   ```yaml
+- [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/db/docs):
-   cool_widget_states: :gitlab_main
+
-   ```
+  ```yaml
  ---
  table_name: cool_widget_states
  description: Separate table for cool widget verification states
  introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/XXXXX
  milestone: 'XX.Y'
  feature_categories:
   - geo_replication
  classes:
   - Geo::CoolWidgetState
  gitlab_schema: gitlab_main
  ```
 - [ ] Run database migrations:
@ -171,9 +208,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  bin/rake db:migrate
  ```
- [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
+- [ ] Be sure to commit the relevant changes in `db/structure.sql` and the file under `db/schema_migrations`
 - [ ] Be sure to commit the relevant changes in `db/structure.sql`
 That's all of the required database changes.
@ -210,17 +245,26 @@ That's all of the required database changes.
    after_save :save_verification_details
    scope :with_verification_state, ->(state) { joins(:cool_widget_state).where(cool_widget_states: { verification_state: verification_state_value(state) }) }
    scope :checksummed, -> { joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil } ) }
    scope :not_checksummed, -> { joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil } ) }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    # Override the `all` default if not all records can be replicated. For an
    # example of an existing Model that needs to do this, see
    # `EE::MergeRequestDiff`.
    # scope :available_replicables, -> { all }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    scope :checksummed, -> {
      joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil })
    }
    scope :not_checksummed, -> {
      joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil })
    }
    scope :with_verification_state, ->(state) {
      joins(:cool_widget_state)
        .where(cool_widget_states: { verification_state: verification_state_value(state) })
    }
    def verification_state_object
      cool_widget_state
    end
@ -231,8 +275,9 @@ That's all of the required database changes.
      ...
      # @param primary_key_in [Range, CoolWidget] arg to pass to primary_key_in scope
-      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced to this node, restricted by primary key
+      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced
-      def self.replicables_for_current_secondary(primary_key_in)
+      #         to this node, restricted by primary key
      def replicables_for_current_secondary(primary_key_in)
        # This issue template does not help you write this method.
        #
        # This method is called only on Geo secondary sites. It is called when
@ -273,8 +318,8 @@ That's all of the required database changes.
  ```ruby
    include_examples 'a replicable model with a separate table for verification state' do
-      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is included in `available_verifiables`
+      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is in `Geo::ReplicableModel.verifiables` scope
-      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `available_verifiables`
+      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `Geo::ReplicableModel.verifiables` scope
    end
  ```
@ -304,7 +349,6 @@ That's all of the required database changes.
        # (see `VerifiableReplicator.verification_enabled?`)
        true
      end
    end
  end
  ```
@ -313,7 +357,6 @@ That's all of the required database changes.
  ```shell
  bin/feature-flag --ee geo_cool_widget_replication --type development --group 'group::geo'
  bin/feature-flag --ee geo_cool_widget_verification --type development --group 'group::geo'
  ```
 - [ ] Add this replicator class to the method `replicator_classes` in
@ -324,7 +367,6 @@ That's all of the required database changes.
    ::Geo::PackageFileReplicator,
    ::Geo::CoolWidgetReplicator
  ]
  end
  ```
 - [ ] Create `ee/spec/replicators/geo/cool_widget_replicator_spec.rb` and perform the necessary setup to define the `model_record` variable for the shared examples:
@ -334,7 +376,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetReplicator do
+  RSpec.describe Geo::CoolWidgetReplicator, feature_category: :geo_replication do
    let(:model_record) { build(:cool_widget) }
    include_examples 'a blob replicator'
@ -408,7 +450,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model do
+  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model, feature_category: :geo_replication do
    let_it_be(:registry) { create(:geo_cool_widget_registry) }
    specify 'factory is valid' do
@ -423,29 +465,43 @@ That's all of the required database changes.
 - [ ] Add the following to `spec/factories/cool_widgets.rb`:
  ```ruby
-  trait :verification_succeeded do
+  # frozen_string_literal: true
    with_file
    verification_checksum { 'abc' }
    verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
  end
-  trait :verification_failed do
+  FactoryBot.modify do
-    with_file
+    factory :cool_widget do
-    verification_failure { 'Could not calculate the checksum' }
+      trait :verification_succeeded do
-    verification_state { CoolWidget.verification_state_value(:verification_failed) }
+          with_file
          verification_checksum { 'abc' }
          verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
      end
      trait :verification_failed do
          with_file
          verification_failure { 'Could not calculate the checksum' }
          verification_state { CoolWidget.verification_state_value(:verification_failed) }
      end
    end
  end
  ```
  If there is not an existing factory for the object in `spec/factories/cool_widgets.rb`, wrap the traits in `FactoryBot.create` instead of `FactoryBot.modify`
 [ ] Make sure the factory supports the `:remote_store` trait. If not, add something like
  ```ruby
  trait :remote_store do
    file_store { CoolWidget::FileUploader::Store::REMOTE }
  end
  ```
 - [ ] Make sure the factory also allows setting a `project` attribute. If the model does not have a direct relation to a project, you can use a `transient` attribute. Check out `spec/factories/merge_request_diffs.rb` for an example.
- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/ee/geo/cool_widget_state.rb`:
+- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/geo/cool_widget_state.rb`:
  ``` ruby
  # frozen_string_literal: true
  module Geo
    class CoolWidgetState < ApplicationRecord
      include EachBatch
      include ::Geo::VerificationStateDefinition
      self.primary_key = :cool_widget_id
@ -478,6 +534,8 @@ That's all of the required database changes.
  end
  ```
 - [ ] Add `[:cool_widget, :remote_store]` and `[:geo_cool_widget_state, any]` to `skipped` in `spec/models/factories_spec.rb`
 #### Step 2. Implement metrics gathering
 Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` for display in the UI, and sent to Prometheus:
@ -498,18 +556,21 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
 - [ ] Add the same fields to `GET /geo_nodes/status` example response in
  `ee/spec/fixtures/api/schemas/public_api/v4/geo_node_status.json`.
 - [ ] Add the following fields to the `Sidekiq metrics` table in `doc/administration/monitoring/prometheus/gitlab_metrics.md`:
  - `geo_cool_widgets`
  - `geo_cool_widgets_checksum_total`
  - `geo_cool_widgets_checksummed`
  - `geo_cool_widgets_checksum_failed`
  - `geo_cool_widgets_synced`
  - `geo_cool_widgets_failed`
  - `geo_cool_widgets_registry`
  - `geo_cool_widgets_verification_total`
  - `geo_cool_widgets_verified`
  - `geo_cool_widgets_verification_failed`
-Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.
+  ```markdown
  | `geo_cool_widgets` | Gauge | XX.Y | Number of Cool Widgets on primary | `url` |
  | `geo_cool_widgets_checksum_total` | Gauge | XX.Y | Number of Cool Widgets to checksum on primary | `url` |
  | `geo_cool_widgets_checksummed` | Gauge | XX.Y | Number of Cool Widgets that successfully calculated the checksum on primary | `url` |
  | `geo_cool_widgets_checksum_failed` | Gauge | XX.Y | Number of Cool Widgets that failed to calculate the checksum on primary | `url` |
  | `geo_cool_widgets_synced` | Gauge | XX.Y | Number of syncable Cool Widgets synced on secondary | `url` |
  | `geo_cool_widgets_failed` | Gauge | XX.Y | Number of syncable Cool Widgets failed to sync on secondary | `url` |
  | `geo_cool_widgets_registry` | Gauge | XX.Y | Number of Cool Widgets in the registry | `url` |
  | `geo_cool_widgets_verification_total` | Gauge | XX.Y | Number of Cool Widgets to attempt to verify on secondary | `url` |
  | `geo_cool_widgets_verified` | Gauge | XX.Y | Number of Cool Widgets successfully verified on secondary | `url` |
  | `geo_cool_widgets_verification_failed` | Gauge | XX.Y | Number of Cool Widgets that failed verification on secondary | `url` |
  ```
 Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Sites` view, and Prometheus.
 #### Step 3. Implement the GraphQL API
@ -550,7 +611,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver do
+  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver, feature_category: :geo_replication do
    it_behaves_like 'a Geo registries resolver', :geo_cool_widget_registry
  end
  ```
@ -574,7 +635,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistryFinder do
+  RSpec.describe Geo::CoolWidgetRegistryFinder, feature_category: :geo_replication do
    it_behaves_like 'a framework registry finder', :geo_cool_widget_registry
  end
  ```
@ -608,7 +669,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'] do
+  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'], feature_category: :geo_replication do
    it_behaves_like 'a Geo registry type'
    it 'has the expected fields (other than those included in RegistryType)' do
@ -674,6 +735,13 @@ As illustrated by the above two examples, batch destroy logic cannot be handled
  end
 ```
 ### Code Review
 When requesting review from database reviewers:
 - [ ] Include a comment mentioning that the change is based on a documented template.
 - [ ] `replicables_for_current_secondary` and `available_replicables` may differ per Model. If their queries are new, then add [query plans](https://docs.gitlab.com/ee/development/database_review.html#query-plans) to the MR description. An easy place to gather SQL queries is your GDK's `log/test.log` when running tests of these methods.
 ### Release Geo support of Cool Widgets
 - [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps:
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -0,0 +1,30 @@
 ## Summary
 <!-- Summarize the bug encountered concisely. -->
 ## Steps to reproduce
 <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
 ## What is the current *bug* behavior?
 <!-- Describe what actually happens. -->
 ## What is the expected *correct* behavior?
 <!-- Describe what you should see instead. -->
 ## Relevant logs and/or screenshots
 <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
 as it's tough to read otherwise. -->
 ## Possible fixes
 <!-- If you can, link to the line of code that might be responsible for the problem. -->
 <!-- Please add a label for the type of bug as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::bug"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -0,0 +1,13 @@
 ## Problem to solve
 <!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Please add a label for the type of feature as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::feature"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -0,0 +1,11 @@
 ## Background
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Please add a label for the type of maintenance as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::maintenance"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Navigation
+++ b/.gitlab/issue_templates/Navigation
@ -1,14 +0,0 @@
 <!-- This template is used for proposing changes to the left sidebar contextual navigation. This could include additions, removals, or general changes to overall hierarchy.-->
 ### Proposal 
 <!-- Use this section to explain the proposed changes, including details around usage and business drivers. -->
 ### Checklist
 - [ ] If your proposal includes changes to the menu items within the left sidebar, engage the [Foundations Product Manager](https://about.gitlab.com/handbook/product/categories/#foundations-group) for approval. The Foundations DRI will work with UX partners in product design, research, and technical writing, as applicable.
 - [ ] Follow the [product development workflow](https://about.gitlab.com/handbook/product-development-flow/#validation-phase-2-problem-validation) validation process to ensure you are solving a well understood problem and that the proposed change is understandable and non-disruptive to users. Navigation-specific research is strongly encouraged.
 - [ ] Engage the [Foundations](https://about.gitlab.com/handbook/product/categories/#foundations-group) team to ensure your proposal is in alignment with holistic changes happening to the left side bar.
 - [ ] Consider whether you need to communicate the change somehow, or if you will have an interim period in the UI where your nav item will live in more than one place.
 /label ~UX ~"UI text" ~"documentation" ~"documentation" ~"Category:Navigation & Settings" ~"Category:Foundations" ~navigation 
--- a/.gitlab/issue_templates/Navigation
+++ b/.gitlab/issue_templates/Navigation
@ -0,0 +1,15 @@
 <!-- This template is used for proposing changes to the left sidebar contextual navigation. This could include additions, removals, or general changes to overall hierarchy.-->
 ### Proposal 
 <!-- Use this section to explain the proposed changes, including details around usage and business drivers. -->
 ### Checklist
 - [ ] Add relevant information to the issue description detailing your proposal, including usage and business drivers.
 - [ ] Follow the [product development workflow](https://about.gitlab.com/handbook/product-development-flow/#validation-phase-2-problem-validation) validation process to ensure you are solving a well understood problem and that the proposed change is understandable and non-disruptive to users. Navigation-specific research is strongly encouraged.
 - [ ] Engage the [Foundations Product Manager](https://about.gitlab.com/handbook/product/categories/#foundations-group) for approval. The Foundations DRI will work with UX partners in product design, research, and technical writing, as applicable.
 - [ ] Engage the [Foundations](https://about.gitlab.com/handbook/product/categories/#foundations-group) team to ensure your proposal is in alignment with holistic changes happening to the left side bar.
 - [ ] Consider whether you need to communicate the change somehow, or if you will have an interim period in the UI where your nav item will live in more than one place.
 /label ~UX ~"UI text" ~"documentation" ~"documentation" ~"Category:Navigation & Settings" ~"Category:Foundations" ~navigation 
--- a/.gitlab/issue_templates/Pipeline
+++ b/.gitlab/issue_templates/Pipeline
@ -50,4 +50,4 @@ _NOTE: This section is optional, but can be used for easy access to any relevant
-/label ~"group::pipeline authoring" ~"Category:Pipeline Authoring" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"
+/label ~"group::pipeline authoring" ~"Category:Pipeline Composition" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -0,0 +1,43 @@
 ## Summary
 <!-- Summarize the bug encountered concisely. -->
 ## Steps to reproduce
 <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
 ## What is the current *bug* behavior?
 <!-- Describe what actually happens. -->
 ## What is the expected *correct* behavior?
 <!-- Describe what you should see instead. -->
 ## Relevant logs and/or screenshots
 <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
 as it's tough to read otherwise. -->
 ## Possible fixes
 <!-- If you can, link to the line of code that might be responsible for the problem. -->
 <!-- Default labels -->
 /label ~"group::release"
 /label ~"type::bug"
 /label ~"workflow::planning breakdown"
 <!-- Optional labels -->
 /label ~backend ~frontend ~UX
 <!-- https://about.gitlab.com/handbook/engineering/quality/issue-triage/#severity -->
 /label ~"severity::3" ~"priority::3"
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -0,0 +1,26 @@
 ## Problem to solve
 <!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Default labels -->
 /label ~"group::release"
 /label ~"type::feature"
 /label ~"workflow::problem validation" 
 /label ~UX
 <!-- Optional labels -->
 /label ~backend ~frontend
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -0,0 +1,18 @@
 ## Background
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Set labels and other metadata -->
 /label ~"group::release"
 /label ~"type::maintenance"
 /label ~"workflow::planning breakdown"
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Security
+++ b/.gitlab/issue_templates/Security
@ -10,11 +10,11 @@ Set the title to: `Description of the original issue`
 - [ ] Read the [security process for developers] if you are not familiar with it.
 - [ ] Make sure the [issue really needs to follow the security release workflow].
 - [ ] Add a `~severity::x` label to the issue and all associated merge requests.
 - [ ] **IMPORTANT**: Mark this [issue as linked] to the Security Release Tracking Issue. You can find it [here](https://gitlab.com/gitlab-org/gitlab/-/issues?sort=created_date&state=opened&label_name[]=upcoming+security+release). This issue
 MUST be linked for the release bot to know that the associated merge requests should be merged for this security release.
 - Fill out the [Links section](#links):
  - [ ] Next to **Issue on GitLab**, add a link to the `gitlab-org/gitlab` issue that describes the security vulnerability.
 - [ ] Add one of the `~severity::x` labels to the issue and all associated merge requests.
 - [ ] If this change affects the public interface (public API or UI) of the product, post in the `#support_gitlab-com` Slack channel  to explain the impact and discuss a mitigation plan for users that might be affected. If you need Support feedback or approval, reach out in `#spt_managers` Slack channel or mention `@gitlab-com/support/managers`.
 ## Development
@ -22,6 +22,7 @@ MUST be linked for the release bot to know that the associated merge requests sh
 - [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`.
 - [ ] Create a new branch prefixing it with `security-`.
 - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
 - [ ] If this includes a breaking change, make sure to include a mention of it for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
 After your merge request has been approved according to our [approval guidelines] and by a team member of the AppSec team, you're ready to prepare the backports
@ -38,13 +39,14 @@ After your merge request has been approved according to our [approval guidelines
 ## Documentation and final details
 - [ ] To avoid release delays, please nominate a developer in a different timezone who will be able to respond to any pipeline or merge failures in your absence `@gitlab-username`
 - [ ] Ensure `~severity::x` label is on this issue, all associated issues, and merge requests
 - [ ] Ensure the [Links section](#links) is completed.
 - [ ] Add the GitLab [versions](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#versions-affected) and editions affected to the [details section](#details)
  * The Git history of the files affected may help you associate the issue with a [release](https://about.gitlab.com/releases/)
 - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)
 - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)
 - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details)
 - [ ] If this includes a breaking change, make sure it is mentioned for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
 ## Summary
--- a/.gitlab/issue_templates/Synchronous
+++ b/.gitlab/issue_templates/Synchronous
@ -0,0 +1,11 @@
 <!-- Title suggestion: <async-index-name> synchronous database index(es) addition/removal -->
 ## Summary
 This issue is to add a migration(s) to create/destroy the `<async-index-name>` database index(es) synchronously after it has been created/destroyed on GitLab.com.
 The asynchronous index(es) was introduced in <!-- Link to MR that introduced the asynchronous index -->.
 /assign me
 /due in 2 weeks
 /label ~database ~"type::maintenance" ~"maintenance::scalability"
--- a/.gitlab/issue_templates/UX
+++ b/.gitlab/issue_templates/UX
@ -1,39 +1,25 @@
-<!-- A majority of the work designers do will be on themes in the (Now) Next 1-3 milestone column. These themes are comprised of high-confidence outcomes and validated needs. The UX theme issue is where collaboration should occur, including plans and discussion on subthemes, research, and design feedback. Related issues for design exploration and solution validation should stem from the theme issue. 
+<!-- Most of the work designers do will be on themes in the (Now) Next 1-3 milestone column of their UX Roadmap. These themes are comprised of high-confidence outcomes and validated needs. The UX theme issue is where collaboration should occur, including plans and discussion on subthemes, research, and design feedback. Related design exploration and solution validation issues should stem from the theme issue. 
-One of the advantages of working with UX themes is that it allows us to think and design holistically by designing the theme as a whole as opposed to a single issue at a time trying to piece them together as you go. For more details please refer to this section of the handbook when creating UX Themes: https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#theme-structure -->
+One of the advantages of working with UX themes is that it allows us to think and design holistically by designing the theme as a whole instead of a single issue at a time, trying to piece them together as we go. For more details, please refer to this section of the handbook when creating UX Themes: https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#ux-theme-structure -->
-### UX Theme 
+<!--
-<!-- A theme is written as a statement that combines the beneficiary, their need, and the expected outcome when the work is delivered. Well-defined statements are concise without sacrificing the substance of the theme so that anyone can understand it at a glance. (For instance; Reduce the effort for security teams to identify and escalate business-critical risks) 
+!!Note: The theme statement is the defacto title that will reference the theme and serve as the theme issue title.!! It should be something that is easily understood that quickly communicates the intent of the theme allowing team members to easily understand and recognize the expected work that will be done.
 !!Note: The theme statement is the defacto title that will be used to reference the theme and serve as the theme issue title.!!
 -->
 ----
-### Problem to solve
+### Theme statement
-<!-- In a brief statement, summerize the problem we are intending to address with this theme. For instance, users are unable to complete [task], or, users struggle with the amount of steps required to complete [task] -->
+<!-- A theme statement combines the beneficiary, their job, and their expected outcome when the work is delivered and serves as the design goal for the team who owns the theme. Well-defined statements are concise without sacrificing the substance of the theme so that anyone can understand it at a glance. Well-defined statements are concise without sacrificing the substance of the theme so that anyone can understand it at a glance. (For instance, Reduce the effort for security teams when prioritizing business-critical risks in their assets.) -->
 <!-- Also Theme issue tile -->
 {`Need/outcome` } + {`Beneficiary`} + {`Job/Small Job`} 
-### Beneficiary 
+#### Main Job story
-<!-- Who is the recipient(s) of the value this theme provides; a customer, end-user, or buyer. Who benefits from this theme being executed? This can be a role, a team, or a persona. For instance: "Development teams, [or] Developers, [or], Sasha the Software Engineer". --> 
+<!-- What is the [Main Job story](https://about.gitlab.com/handbook/product/ux/jobs-to-be-done/#how-to-write-a-jtbd) that this theme was derived from? (For instance, When I am on triage rotation, I want to address all the business-critical risks in my assets, So I can minimize the likelihood of my organization being compromised by a security breach.) -->
 - **[Direct beneficiary]**
 #### Need & Primary JTBD
 <!-- What is the JTBD and what are the needs related to the beneficiary and theme? 
 - JTBD = The JTBD statement, for instance, (When I am triaging vulns, I want to address business-critical risks, So I can ensure there is no unattended risk in my orgs assets.) 
 - Need = Abstracted from the JTBD, for instance, (Identify and escalate business-critical risks detected in my orgs assets.)
 --> 
 - **JTBD:** 
 - **Need:**   
 #### Expected outcome
 <!-- What will the user be able to achieve when this theme is executed? For instance, (Users will be able to effectively triage vulnerabilities at scale across all their orgs assets.) -->
 #### Business objective
-<!-- What business objective will result from delivering this theme? This answers why we are working on this theme from a business perspective. Examples of objectives are but are not limited to: Sales rate / conversion rate, Success rate / completion rate, Traffic / visitor count, Engagement, or other business-oriented goals. --> 
+<!-- Objectives (from a business point of view) that will be achieved upon completion. (For instance, Increase engagement by making the experience efficient while reducing the chances of users overlooking high-priority items. --> 
 #### Confidence
@ -42,30 +28,24 @@ One of the advantages of working with UX themes is that it allows us to think an
 | Confidence | Research | 
 | --- | --- | 
-| [High/Medium/Low] | [research/insight issue](Link) |
+| [High/Medium/Low] | [research/insight issue](Link) | 
-### Subthemes & Requirements
+### Requirements
-<!-- Subthemes are more granular validated needs, goals, and additional details that the theme encompasses. These are typically reserved for themes in the next (1-3 milestones) column. Subthemes may also consist of existing feature or design issues that exist in GitLab and directly relate to the theme. Subthemes answer “how” we are going to solve the user need while the theme itself answers “what” the need is and “who” will be benefiting from the solution.
+<!-- Requirements can be taken from existing features or design issues used to build this theme. Any related issues should be linked with this issue in the Feature/solution issues section below. They are more granular validated needs, goals, and additional details that the theme encompasses. These are typically reserved for themes in the next (1-3 milestones) column. Requirements should answer “what” the beneficiary of this theme needs from the solution.
-Note: This is not a backlog. If the subthemes can not be delivered in the theme timeframe then the theme is too big and needs to be broken down into multiple themes. -->
+Note: This is not a backlog. If the issue can not be delivered in the theme timeframe, then the theme is too big and needs to be broken down into multiple themes. -->
-#### Feature/solution subthemes
+>⚠️ Related feature and research issues should be linked in the related issues section (Delete this line when this is done)
 <!-- Use this table to track feature issues related to this theme (if applicable). Not all themes require subthemes as subthemes are typically discovered while working on the theme itself. Think of subthemes as if they were the result of design breaking down the issue into discrete work items. 
-Note: if feature issues already exist then you can add them to this table. Keep in mind that subthemes require validation if they are assumptive 
+#### The beneficiary needs to be able to:
 - [Small job statement]
  - [Micro job statement]
  - [Micro job statement]
 - [etc.]
-Refer to https://about.gitlab.com/handbook/product/ux/product-designer/#ux-issue-weights for calculating UX weights.
+#### Research
--> 
+<!-- Researchers and Designers; Use this table to track UX research related to this theme. This may include problem validation and solution validation activities. 
 | Issue | UX Weight |  
 | ---------- | --------- | 
 | [Issue](link) | `0 - 10` | 
 | [Issue](link) | `0 - 10` | 
 | [Issue](link) | `0 - 10` | 
 #### Research subthemes
 <!-- Use this table to track UX research related to this theme. This may include, problem validation and/or solution validation activities. 
 --> 
 | Issue | Research type | Research status |
@ -73,5 +53,36 @@ Refer to https://about.gitlab.com/handbook/product/ux/product-designer/#ux-issue
 | [Issue]()  | <!--Solution validation, Problem validation, etc., --> |  <!-- Planned, In Progress, Complete, etc.,-->  |  
 | [Issue]()  | <!--Solution validation, Problem validation, etc., --> |  <!-- Planned, In Progress, Complete, etc.,-->  |
 #### Ready for design checklist
 The items are self-check suggestions; they could be contributed by designers, product managers, or researchers
 * [ ] The `theme` has high confidence (derived from research or other data-gathering techniques)
 * [ ] The `Related issues`, features, research, and other background information are linked to the related issues section
 * [ ] The `Business objective` has been defined
 * [ ] The `Requirements` have been defined, and the scope has been agreed upon
 * [ ] This UX Theme contains everything necessary to complete a design solution and is ready for design
 #### [Thematic design workflow checklist](https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#suggested-workflow)
 <!-- please refer to the [suggested workflow](https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#suggested-workflow) when working on UX themes-->
 * [ ] **Theme assessed** Ready for design checklist complete
 * [ ] **Ideate and Iterate**
  * [ ] User flow diagram generated
  * [ ] Low-fidelity wireframes of the entire theme created
  * [ ] [Feedback requested](https://about.gitlab.com/handbook/product/ux/product-designer/#design-reviews) and incorporated into flow diagram and wireframes
 * [ ] **Validate**
  * [ ] [Solution validation](https://about.gitlab.com/handbook/product/ux/ux-research/solution-validation-and-methods/) conducted on Low/mid-fidelity flow 
 * [ ] **Refine**  
  * [ ] Resaerch findings incorporated into design
  * [ ] All micro-interactions are defined
  * [ ] All edge-cases are accounted for and defined
  * [ ] All copy has been reviewed by tech writing
  * [ ] Accessibnility guidelines have been considered
  * [ ] High-fidelity designs posted
  * [ ] Feedback requested from counterparts
    * [ ] (If necessary) Validate high-fidelity flow in a 2nd round of user testing
  * [ ] Refine final design from feedback and user research
 * [ ] **Hand-off**
  * [ ] Designs broken down based on the their ability to stand alone and that they provide value to the user.
  * [ ] MVC plan agreement reached 
  * [ ] Planning breakdown complete
 /label ~"UX"  ~"UX Theme"
--- a/.gitlab/merge_request_templates/Default.md
+++ b/.gitlab/merge_request_templates/Default.md
@ -44,3 +44,5 @@ This checklist encourages us to confirm any changes have been analyzed to reduce
 * [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.
 <!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md -->
 /assign me
--- a/.gitlab/merge_request_templates/Deprecations.md
+++ b/.gitlab/merge_request_templates/Deprecations.md
@ -1,10 +1,5 @@
 <!-- Set the correct label and milestone using autocomplete for guidance. Please @mention only the DRI(s) for each stage or group rather than an entire department. -->
 /label ~"release post" ~"release post item" ~"Technical Writing" ~devops:: ~group:: ~"release post item::deprecation"
 /label ~"type::maintenance"
 /milestone %
 /assign `@EM/PM` (choose the DRI; remove backticks here, and below)
 **Be sure to link this MR to the relevant deprecation issue(s).**
 - Deprecation Issue:
@ -42,15 +37,18 @@ They are frequently updated, and everyone should make sure they are aware of the
 - [ ] Set yourself as the Assignee, meaning you are the DRI.
 - [ ] If the deprecation is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`.
 - [ ] Confirm this MR is labeled ~"release post item::deprecation"
 - [ ] Follow the process to [create a deprecation YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry).
 - [ ] Add reviewers by the 10th.
- [ ] When ready to be merged and not later than the 15th, add the `~ready` label and @ message the TW for final review and merge.
+- [ ] Add scoped `devops::` and `group::` labels as necessary.
 - [ ] Add the appropriate milestone to this MR.
 - [ ] When ready to be merged (and no later than the 15th) `@mention` the TW for final review and merge.
 ## Reviewers
 When the content is ready for review, it must be reviewed by a Technical Writer and Engineering Manager, but can also be reviewed by
 Product Marketing, Product Design, and the Product Leaders for this area. Please use the
-[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer)
+[reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/)
 feature for all reviews. Reviewers will then `approve` the MR and remove themselves from Reviewers when their review is complete.
 - [ ] (Recommended) PMM
@ -73,7 +71,8 @@ yourself as a reviewer if it's not ready for merge yet.
 - [ ] Title:
  - Length limit: 7 words (not including articles or prepositions).
  - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case).
-  - Rewrite to exclude the words `deprecation`, `deprecate`, `removal`, and `remove` if necessary.
+- [ ] Dates:
  - Make sure that the milestone dates are based on the dates in [Product milestone creation](https://about.gitlab.com/handbook/product/milestones/#product-milestone-creation).
 - [ ] Consistency:
  - Ensure that all resources (docs, deprecation, etc.) refer to the feature with the same term / feature name.
 - [ ] Content:
@ -104,3 +103,7 @@ must be updated before this MR is merged:
 1. Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete).
 If you have trouble running the Rake task, check the [troubleshooting steps](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecation-rake-task-troubleshooting).
 /label ~"release post" ~"release post item" ~"Technical Writing" ~"release post item::deprecation"
 /label ~"type::maintenance"
 /label ~"maintenance::refactor"
--- a/.gitlab/merge_request_templates/New
+++ b/.gitlab/merge_request_templates/New
@ -1,6 +1,6 @@
 <!--
 When creating a new cop that could be applied to multiple applications,
-we encourage you to add it to https://gitlab.com/gitlab-org/gitlab-styles gem.
+we encourage you to add it to https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles gem.
 -->
 ## Description of the proposal
--- a/.gitlab/merge_request_templates/New
+++ b/.gitlab/merge_request_templates/New
@ -0,0 +1,44 @@
 <!-- Title suggestion: Upgrade `gitlab-styles` to <VERSION X.Y.Z> - dry-run -->
 ## What does this MR do and why?
 Validating upcoming release of `gitlab-styles` <VERSION X.Y.Z>. See <LINK TO RELEASE MR>.
 This MR can be reused to upgrade `gitlab-styles` in this project after a new version of `gitlab-styles` is released.
 ### Checklist
 - [ ] Verify upcoming release of `gitlab-styles`
  - [ ] Point to "Release" MR of `gitlab-styles` in `Gemfile`
    - For example, `gem 'gitlab-styles', '~> 9.1.0', require: false, git: 'https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles.git', ref: 'ddieulivol-upgrade_to_9.1.0'`
  - [ ] Update [bundler's checksum file](https://docs.gitlab.com/ee/development/gemfile.html#updating-the-checksum-file) via `bundle exec bundler-checksum init`
  - [ ] `rubocop` job
    - [ ] Inspect any warnings/errors
    - [ ] (Optional) [Generate TODOs](https://docs.gitlab.com/ee/development/rubocop_development_guide.html#resolving-rubocop-exceptions) for pending offenses
      - [ ] Put :new: cop rules (or if configuration is changed) in "grace period". See [docs](https://docs.gitlab.com/ee/development/rubocop_development_guide.html#enabling-a-new-cop).
      - [ ] (Optional) Remove any offenses for disabled cops
      - Use `grep --perl-regexp -o ":\d+\d+: \w: \[\S+\] ([\w/]+)" raw_job_output.log | awk '{print $4}' | sort | uniq -c` to get a list of cop rules with offenses. Where `raw_job_output.log` is the raw output of the `rubocop` job
      - [ ] Ignore offenses related to temporary changes in `Gemfile`
    - [ ] (Optional) Autocorrect offenses 
    - [ ] Compare the total runtime of `rubocop --parallel` scan with previous runs
  - [ ] Make sure CI passes :green_heart: 
  - [ ] Don't merge this MR yet!
  - [ ] Wait for `gitlab-styles` to be released
 - [ ] Upgrade released version of `gitlab-styles`
  - [ ] Make sure release is complete
  - [ ] Rephrase the title and MR description to match final upgrade
  - [ ] Point to released version in `Gemfile`
    - [ ] `gem 'gitlab-styles', '~> 9.1.0', require: false`
    - [ ] Update [bundler's checksum file](https://docs.gitlab.com/ee/development/gemfile.html#updating-the-checksum-file) via `bundle exec bundler-checksum init`
  - [ ] (Optional) Regenerate TODOs for new/changed cop rules
  - [ ] Make sure CI passes :green_heart: 
  - [ ] Let the MR being reviewed again and merged
  - [ ] (Optional) Refine this [MR template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/New%20Version%20of%20gitlab-styles.md).
 ## MR acceptance checklist
 This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
 * [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.
 /label ~"type::maintenance" ~"maintenance::dependency"  ~backend ~"Engineering Productivity" ~"static code analysis" 
--- a/.gitlab/merge_request_templates/Quarantine
+++ b/.gitlab/merge_request_templates/Quarantine
@ -29,7 +29,7 @@ the noise (due to constantly failing tests, flaky tests, and so on) so that new
 - [ ] To ensure a faster turnaround, ask in the `#quality_maintainers` Slack channel for someone to review and merge the merge request, rather than assigning it directly.
 <!-- Base labels. -->
-/label ~"Quality" ~"QA" ~"type::maintenance"
+/label ~"Quality" ~"QA" ~"type::maintenance" ~"maintenance::pipelines"
 <!--
 Choose the stage that appears in the test path, e.g. ~"devops::create" for
--- a/.gitlab/merge_request_templates/Removals.md
+++ b/.gitlab/merge_request_templates/Removals.md
@ -46,6 +46,7 @@ Please review:
 - [ ] Set yourself as the Assignee, meaning you are the DRI.
 - [ ] If the removal is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`.
 - [ ] Follow the process to [create a removal YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-removal-entry).
 - [ ] Make sure that the milestone dates are based on the dates in [Product milestone creation](https://about.gitlab.com/handbook/product/milestones/#product-milestone-creation).
 - [ ] Add reviewers by the 10th.
 - [ ] When ready to be merged and not later than the 15th, add the ~ready label and @ message the TW for final review and merge.
  - Removal notices should not be merged before the code is removed from the product. Do not mark ~ready until the removal is complete, or you are certain it will be completed within the current milestone and released. If PMs are not sure, they should confirm with their Engineering Manager.
@ -55,7 +56,7 @@ Please review:
 When the content is ready for review, the Technical Writer and Engineering Manager _must_
 review it. Optional reviewers can include Product Marketing, Product Design, and the Product Leaders
 for this area. Use the
-[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer)
+[reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/)
 feature for all reviews. Reviewers will `approve` the MR and remove themselves from the reviewers list when their review is complete.
 - [ ] (Recommended) PMM
@ -78,7 +79,8 @@ yourself as a reviewer if it's not yet ready for merge.
 - [ ] Title:
  - Length limit: 7 words (not including articles or prepositions).
  - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case).
-  - Rewrite to exclude the words `removal` and `remove` if necessary.
+- [ ] Dates:
  - Make sure that the milestone dates are based on the dates in [Product milestone creation](https://about.gitlab.com/handbook/product/milestones/#product-milestone-creation).
 - [ ] Consistency:
  - Ensure that all resources (docs, removal, etc.) refer to the feature with the same term / feature name.
 - [ ] Content:
--- a/.gitlab/merge_request_templates/Revert
+++ b/.gitlab/merge_request_templates/Revert
@ -0,0 +1,32 @@
 <!--
   IMPORTANT: Add appropriate labels BEFORE you save the merge request. CI/CD jobs
   can be skipped only if the labels are applied BEFORE the CI/CD pipeline is created.
   See https://docs.gitlab.com/ee/development/pipelines#revert-mrs for more info.
 -->
 ## Purpose of revert
 <!-- Please link to the relevant incident -->
 ### Checklist
 - [ ] Create an issue to reinstate the merge request and assign it to the author of the reverted merge request.
 - [ ] If the revert is to resolve a [broken 'master' incident](https://about.gitlab.com/handbook/engineering/workflow/#broken-master), please read through the [Responsibilities of the Broken `master` resolution DRI](https://about.gitlab.com/handbook/engineering/workflow/#responsibilities-of-the-resolution-dri).
 - [ ] If the revert involves a database migration, please read through [Deleting existing migrations](https://docs.gitlab.com/ee/development/database/deleting_migrations.html).
 - [ ] Add the appropriate labels **before** the MR is created. We can skip CI/CD jobs only if the labels are added **before** the CI/CD pipeline is created.
 ### Milestone info
 - [ ] I am reverting something in the **current** milestone. No changelog is needed, and I've added a `~"regression:*"` label.
 - [ ] I am reverting something in a **different** milestone. A changelog is needed, and I've removed the `~"regression:*"` label.
 ### Related issues and merge requests
 /label ~"pipeline:expedite" ~"master:broken"
 <!--
   Regression label: if applicable, specify the milestone-specific regression label
   (such as ~regression:15.8) to skip additional CI/CD jobs, like Danger changelog checks. -->
 <!-- /label ~regression: -->
--- a/.gitlab/merge_request_templates/Security
+++ b/.gitlab/merge_request_templates/Security
@ -25,13 +25,15 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 - [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`).
  - [ ] Milestone is set to the version this backport applies to. A closed milestone can be assigned via [quick actions].
  - [ ] Ensure it's approved by a maintainer.
 - [ ] Ensure this merge request and the related security issue have a `~severity::x` label
-**Note:** Reviewer/maintainer should not be a Release Manager.
+**Note:** Reviewer/maintainer should not be a [Release Manager].
 ## Maintainer checklist
 - [ ] Correct milestone is applied and the title is matching across all backports.
 - [ ] Assigned (_not_ as reviewer) to `@gitlab-release-tools-bot` with passing CI pipelines.
 - [ ] Correct `~severity::x` label is applied to this merge request and the related security issue.
 /label ~security
@ -43,3 +45,4 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
 [Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
 [Canonical repository]: https://gitlab.com/gitlab-org/gitlab
 [`e2e:package-and-test` job]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-test-job
 [Release Manager]: https://about.gitlab.com/community/release-managers/
--- a/.gitlab/merge_request_templates/Stable
+++ b/.gitlab/merge_request_templates/Stable
@ -0,0 +1,35 @@
 <!--
 Merging into stable branches in canonical projects is reserved for
 GitLab patch releases https://docs.gitlab.com/ee/policy/maintenance.html#patch-releases
 If you're backporting a security fix, please refer to the security merge request
 template https://gitlab.com/gitlab-org/security/gitlab/blob/master/.gitlab/merge_request_templates/Security%20Release.md.
 Security backport merge requests should not be opened on the GitLab canonical project.
 -->
 ## What does this MR do and why?
 _Describe in detail what merge request is being backported and why_
 ## MR acceptance checklist
 This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
 * [ ] This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
 * [ ] The original MR has been deployed to GitLab.com (not applicable for documentation or spec changes).
 * [ ] This MR has a [severity label] assigned (if applicable).
 * [ ] Ensure the `e2e:package-and-test` job has either succeeded or been approved by a Software Engineer in Test.
 #### Note to the merge request author and maintainer
 The process of backporting bug fixes into stable branches is tracked as part of an
 [internal pilot]. If you have questions about this process, please:
 * Refer to the [internal pilot] issue for feedback or questions.
 * Refer to the [patch release runbook for engineers and maintainers] for guidance.
 [severity label]: https://about.gitlab.com/handbook/engineering/quality/issue-triage/#severity
 [internal pilot]: https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/2886
 [patch release runbook for engineers and maintainers]: https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/patch/process_new.md
 /assign me
--- a/.gitleaksignore
+++ b/.gitleaksignore
@ -0,0 +1,2 @@
 7e07fe42d34916b276a7b068f4faa8bdc0ebc984:doc/architecture/blueprints/runner_tokens/index.md:gitlab-rrt:485
 f6504b498548380198ad38295d9caa71412115f0:doc/architecture/blueprints/runner_tokens/index.md:generic-api-key:506
--- a/.gitpod.yml
+++ b/.gitpod.yml
@ -2,6 +2,7 @@
 # https://www.gitpod.io/docs/configure/workspaces/tasks
 image: registry.gitlab.com/gitlab-org/gitlab-development-kit/gitpod-workspace:stable
 checkoutLocation: gitlab-development-kit/gitlab
 tasks:
@ -24,8 +25,6 @@ tasks:
        echo "$(date) – Copying GDK" | tee -a /workspace/startup.log
        cp -r $HOME/gitlab-development-kit /workspace/
        cd /workspace/gitlab-development-kit
        # ensure GitLab directory is symlinked under the GDK
        ln -nfs "$GITPOD_REPO_ROOT" /workspace/gitlab-development-kit/gitlab
        mv -v /workspace/gitlab-development-kit/secrets.yml /workspace/gitlab-development-kit/gitlab/config
        # ensure gdk.yml has correct instance settings
        gdk config set gitlab.rails.port 443  |& tee -a /workspace/startup.log
--- a/.haml-lint.yml
+++ b/.haml-lint.yml
@ -120,9 +120,12 @@ linters:
      - Layout/SpaceInsideHashLiteralBraces
      - Layout/SpaceInsideStringInterpolation
      - Layout/TrailingEmptyLines
      - Lint/AmbiguousOperatorPrecedence
      - Lint/LiteralInInterpolation
      - Lint/ParenthesesAsGroupedExpression
      - Lint/SafeNavigationConsistency
      - Lint/SymbolConversion
      - Lint/UnusedBlockArgument
      - Metrics/BlockNesting
      - Naming/VariableName
      - Performance/RedundantMatch
--- a/.lefthook/pre-push/merge_conflicts
+++ b/.lefthook/pre-push/merge_conflicts
@ -0,0 +1,23 @@
 #!/bin/bash
 # Adjusted from https://gitlab.com/fdegier/pre-push-hooks with hardcoded values for speed
 ORIGIN=origin
 DEFAULT_BRANCH=master
 if [[ -n "$ORIGIN" ]]
 then
  # Pull the default branch from remote
  git fetch --quiet origin "$DEFAULT_BRANCH":"$DEFAULT_BRANCH"
 fi
 # Check for merge conflicts and abort
 if git merge --autostash --no-commit --no-ff --no-edit "$DEFAULT_BRANCH" > /dev/null 2>&1
 then
  # Able to merge without conflicts
  git merge --abort > /dev/null 2>&1
  exit 0
 else
  echo "Merge conflicts detected when merging to $DEFAULT_BRANCH!"
  git merge --abort > /dev/null 2>&1
  exit 1
 fi
--- a/.markdownlint.yml
+++ b/.markdownlint.yml
@ -33,7 +33,6 @@ proper-names:
    "API",
    "Asana",
    "Auth0",
    "Authentiq",
    "Azure",
    "Bamboo",
    "Bitbucket",
@ -109,6 +108,7 @@ proper-names:
    "PgBouncer",
    "Postfix",
    "PostgreSQL",
    "PowerShell",
    "Praefect",
    "Prometheus",
    "Puma",
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -13,9 +13,15 @@ inherit_from:
    <% end %>
  - '.rubocop_todo.yml'
  <% end %>
  <% if RUBY_VERSION[/^\d+\.\d+/, 0] == '2.7' %>
  - ./rubocop/rubocop-ruby27.yml
  <% end %>
  <% if RUBY_VERSION[/^\d+\.\d+/, 0] == '3.0' %>
  - ./rubocop/rubocop-ruby30.yml
  <% end %>
  <% if RUBY_VERSION[/^\d+\.\d+/, 0] == '3.1' %>
  - ./rubocop/rubocop-ruby31.yml
  <% end %>
  - ./rubocop/rubocop-migrations.yml
  - ./rubocop/rubocop-usage-data.yml
  - ./rubocop/rubocop-code_reuse.yml
@ -27,6 +33,7 @@ inherit_mode:
  merge:
    - Include
    - Exclude
    - AllowedPatterns
 AllCops:
  # Target the current Ruby version. For example, "2.7" or "3.0".
@ -49,10 +56,20 @@ AllCops:
    - 'db/ci_migrate/*.rb'      # since the `db/ci_migrate` is a symlinked to `db/migrate`
  # Use absolute path to avoid orphan directories with changed workspace root.
  CacheRootDirectory: <%= Dir.getwd %>/tmp
-  MaxFilesInCache: 35000
+  MaxFilesInCache: 1_000_000
  NewCops: disable
  SuggestExtensions: false
 Rails:
  Exclude:
    # User defined excludes on top (department) level don't cancel default
    # includes set by child cops. Directories below are not affected (tested
    # manually). Watch https://github.com/rubocop/rubocop/issues/11148 to
    # know when this comment can be removed.
    - 'danger/**/*'
    - 'tooling/danger/**/*'
    - 'rubocop/**/*'
 RSpec:
  Language:
    Includes:
@ -84,8 +101,10 @@ InternalAffairs/DeprecateCopHelper:
  Include:
    - spec/rubocop/**/*.rb
 Layout/LineLength:
  AllowedPatterns: ['^RSpec\.describe\s.*\sdo']
 Lint/LastKeywordArgument:
  Enabled: true
  Safe: false
 Lint/EmptyFile:
@ -159,6 +178,7 @@ Naming/FileName:
    - 'qa/tasks/**/*.rake'
    - '**/*.ru'
    - 'app/graphql/types/issue_connection.rb'
    - 'app/graphql/types/group_connection.rb'
  IgnoreExecutableScripts: true
  AllowedAcronyms:
@ -272,10 +292,6 @@ Rails/FindBy:
    - 'spec/**/*.rb'
    - 'ee/spec/**/*.rb'
 Rails/IndexBy:
  Exclude:
    - 'tooling/danger/**/*.rb'
 Rails/InverseOf:
  Include:
    - app/models/**/*.rb
@ -299,6 +315,10 @@ Rails/MailerName:
    # See for the context on why it's excluded https://gitlab.com/gitlab-org/gitlab/-/issues/239356#note_956419227
    - 'app/mailers/notify.rb'
 Rails/Pluck:
  # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94047#note_1179689274
  AutoCorrect: false
 Rails/RakeEnvironment:
  # Context on why it's disabled: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/93419#note_1048223982
  Enabled: false
@ -376,6 +396,18 @@ Gitlab/EventStoreSubscriber:
    - 'spec/**/*'
    - 'ee/spec/**/*'
 Gitlab/DocUrl:
  Enabled: true
  Exclude:
    - danger/**/*
    - ee/spec/**/*
    - haml_lint/**/*
    - qa/**/*
    - rubocop/**/*
    - scripts/**/*
    - spec/**/*
    - tooling/**/*
 GitlabSecurity/PublicSend:
  Enabled: true
  Exclude:
@ -398,6 +430,24 @@ Database/MultipleDatabases:
    - 'ee/lib/ee/gitlab/background_migration/**/*.rb'
    - 'spec/lib/gitlab/background_migration/**/*.rb'
    - 'spec/lib/gitlab/database/**/*.rb'
    - 'spec/tasks/gitlab/db_rake_spec.rb'
 Migration/BatchMigrationsPostOnly:
  Enabled: true
  Include:
    - 'db/migrate/*.rb'
    - 'db/post_migrate/*.rb'
 BackgroundMigration/FeatureCategory:
  Enabled: true
  Include:
    - 'lib/gitlab/background_migration/*.rb'
 BackgroundMigration/MissingDictionaryFile:
  Enabled: true
  EnforcedSince: 20230307160251
  Include:
    - 'db/post_migrate/*.rb'
 # See https://gitlab.com/gitlab-org/gitlab/-/issues/373194
 Gitlab/RSpec/AvoidSetup:
@ -440,22 +490,6 @@ Cop/ActiveModelErrorsDirectManipulation:
 Gitlab/AvoidFeatureGet:
  Enabled: true
 RSpec/TimecopFreeze:
  Enabled: true
  AutoCorrect: true
  Include:
    - 'spec/**/*.rb'
    - 'ee/spec/**/*.rb'
    - 'qa/spec/**/*.rb'
 RSpec/TimecopTravel:
  Enabled: true
  AutoCorrect: true
  Include:
    - 'spec/**/*.rb'
    - 'ee/spec/**/*.rb'
    - 'qa/spec/**/*.rb'
 RSpec/WebMockEnable:
  Enabled: true
  Include:
@ -474,6 +508,14 @@ Naming/PredicateName:
 Naming/RescuedExceptionsVariableName:
  Enabled: false
 RSpec/AvoidTestProf:
  Include:
    - 'spec/migrations/**/*.rb'
    - 'ee/spec/migrations/**/*.rb'
    - 'spec/lib/gitlab/background_migration/**/*.rb'
    - 'ee/spec/lib/gitlab/background_migration/**/*.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/**/*.rb'
 RSpec/FactoriesInMigrationSpecs:
  Enabled: true
  Include:
@ -483,13 +525,28 @@ RSpec/FactoriesInMigrationSpecs:
    - 'spec/lib/ee/gitlab/background_migration/**/*.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/**/*.rb'
 RSpec/MissingFeatureCategory:
  Enabled: true
  Exclude:
    - 'qa/**/*.rb'
 RSpec/FactoryBot/AvoidCreate:
  Enabled: true
  Include:
    - 'spec/presenters/**/*.rb'
    - 'spec/serializers/**/*.rb'
    - 'spec/helpers/**/*.rb'
    - 'spec/views/**/*.rb'
    - 'spec/components/**/*.rb'
    - 'spec/mailers/**/*.rb'
    - 'spec/routes/directs/*.rb'
    - 'ee/spec/presenters/**/*.rb'
    - 'ee/spec/serializers/**/*.rb'
    - 'ee/spec/helpers/**/*.rb'
    - 'ee/spec/views/**/*.rb'
    - 'ee/spec/components/**/*.rb'
    - 'ee/spec/mailers/**/*.rb'
    - 'ee/spec/routes/directs/*.rb'
 RSpec/FactoryBot/StrategyInCallback:
  Enabled: true
@ -588,6 +645,19 @@ RSpec/EnvAssignment:
    - 'ee/spec/**/fast_spec_helper.rb'
    - 'spec/**/spec_helper.rb'
    - 'ee/spec/**/spec_helper.rb'
 RSpec/EnvMocking:
  Enable: true
  Include:
    - 'spec/**/*.rb'
    - 'ee/spec/**/*.rb'
  Exclude:
    - 'spec/**/fast_spec_helper.rb'
    - 'ee/spec/**/fast_spec_helper.rb'
    - 'spec/**/spec_helper.rb'
    - 'ee/spec/**/spec_helper.rb'
    - 'spec/support/helpers/stub_env.rb'
 RSpec/BeSuccessMatcher:
  Enabled: true
  Include:
@ -886,3 +956,13 @@ Rake/Require:
  Include:
    - '{,ee/,jh/}lib/**/*.rake'
    - 'qa/tasks/**/*.rake'
 Cop/FeatureFlagUsage:
  Include:
    - 'lib/gitlab/redis/**/*.rb'
    - 'lib/gitlab/patch/**/*.rb'
    - 'lib/gitlab/instrumentation/**/*.rb'
 Style/ArgumentsForwarding:
  Enabled: true
  AllowOnlyRestArgument: false
--- a/.rubocop_todo/background_migration/missing_dictionary_file.yml
+++ b/.rubocop_todo/background_migration/missing_dictionary_file.yml
@ -0,0 +1,4 @@
 ---
 # Grace period will be removed in https://gitlab.com/gitlab-org/gitlab/-/issues/395354
 BackgroundMigration/MissingDictionaryFile:
  Details: grace period
--- a/.rubocop_todo/rspec/capybara/visibility_matcher.yml
+++ b/.rubocop_todo/rspec/capybara/visibility_matcher.yml
@ -1,5 +1,5 @@
 ---
-RSpec/Capybara/VisibilityMatcher:
+Capybara/VisibilityMatcher:
  Exclude:
    - 'ee/spec/features/boards/sidebar_spec.rb'
    - 'ee/spec/features/epics/epic_show_spec.rb'
@ -7,7 +7,6 @@ RSpec/Capybara/VisibilityMatcher:
    - 'ee/spec/features/epics/update_epic_spec.rb'
    - 'ee/spec/features/groups/analytics/cycle_analytics/filters_and_data_spec.rb'
    - 'ee/spec/features/groups/issues_spec.rb'
    - 'ee/spec/features/groups/saml_enforcement_spec.rb'
    - 'ee/spec/features/groups/settings/protected_environments_spec.rb'
    - 'ee/spec/features/issues/related_issues_spec.rb'
    - 'ee/spec/features/projects/integrations/user_activates_jira_spec.rb'
@ -15,7 +14,6 @@ RSpec/Capybara/VisibilityMatcher:
    - 'ee/spec/features/projects/requirements_management/requirements_list_spec.rb'
    - 'ee/spec/features/projects/settings/ee/repository_mirrors_settings_spec.rb'
    - 'ee/spec/features/promotion_spec.rb'
    - 'ee/spec/features/registrations/welcome_spec.rb'
    - 'ee/spec/support/helpers/billing_plans_helpers.rb'
    - 'ee/spec/support/shared_examples/features/password_complexity_shared_examples.rb'
    - 'ee/spec/support/shared_examples/views/issuable_bulk_dropdown_shared_examples.rb'
@ -46,7 +44,6 @@ RSpec/Capybara/VisibilityMatcher:
    - 'spec/features/projects/issues/design_management/user_views_designs_with_svg_xss_spec.rb'
    - 'spec/features/projects/jobs_spec.rb'
    - 'spec/features/projects/network_graph_spec.rb'
    - 'spec/features/projects/pipelines/legacy_pipeline_spec.rb'
    - 'spec/features/projects/pipelines/pipeline_spec.rb'
    - 'spec/features/projects/settings/lfs_settings_spec.rb'
    - 'spec/features/projects/settings/packages_settings_spec.rb'
--- a/.rubocop_todo/cop/redirect_with_status.yml
+++ b/.rubocop_todo/cop/redirect_with_status.yml
@ -0,0 +1,6 @@
 ---
 Cop/RedirectWithStatus:
  Details: grace period
  Exclude:
    - 'app/controllers/concerns/issuable_actions.rb'
    - 'app/controllers/concerns/membership_actions.rb'
--- a/.rubocop_todo/cop/user_admin.yml
+++ b/.rubocop_todo/cop/user_admin.yml
@ -1,63 +1,30 @@
 ---
 Cop/UserAdmin:
  Exclude:
-  - app/controllers/admin/impersonations_controller.rb
+    - 'app/controllers/admin/impersonations_controller.rb'
-  - app/controllers/sessions_controller.rb
+    - 'app/controllers/sessions_controller.rb'
-  - app/finders/autocomplete/routes_finder.rb
+    - 'app/graphql/mutations/admin/sidekiq_queues/delete_jobs.rb'
-  - app/finders/ci/jobs_finder.rb
+    - 'app/graphql/resolvers/admin/analytics/usage_trends/measurements_resolver.rb'
-  - app/finders/ci/runners_finder.rb
+    - 'app/models/concerns/protected_ref_access.rb'
-  - app/finders/personal_access_tokens_finder.rb
+    - 'app/models/concerns/spammable.rb'
-  - app/finders/users_finder.rb
+    - 'app/models/merge_requests_closing_issues.rb'
-  - app/graphql/mutations/admin/sidekiq_queues/delete_jobs.rb
+    - 'app/models/protected_branch.rb'
-  - app/graphql/resolvers/admin/analytics/usage_trends/measurements_resolver.rb
+    - 'app/models/user.rb'
-  - app/helpers/application_helper.rb
+    - 'app/services/auth/container_registry_authentication_service.rb'
-  - app/helpers/import_helper.rb
+    - 'app/services/emails/create_service.rb'
-  - app/helpers/nav_helper.rb
+    - 'app/services/projects/enable_deploy_key_service.rb'
-  - app/helpers/projects_helper.rb
+    - 'app/services/projects/fork_service.rb'
-  - app/helpers/search_helper.rb
+    - 'app/services/users/build_service.rb'
-  - app/helpers/users/callouts_helper.rb
+    - 'ee/app/controllers/ee/projects_controller.rb'
-  - app/helpers/users_helper.rb
+    - 'ee/app/models/concerns/ee/protected_ref_access.rb'
-  - app/helpers/visibility_level_helper.rb
+    - 'ee/app/models/ee/user.rb'
-  - app/models/concerns/protected_ref_access.rb
+    - 'ee/app/policies/ee/group_policy.rb'
-  - app/models/concerns/spammable.rb
+    - 'ee/app/services/ee/groups/create_service.rb'
-  - app/models/issue_collection.rb
+    - 'ee/app/services/ee/groups/update_service.rb'
-  - app/models/merge_requests_closing_issues.rb
+    - 'ee/app/services/ee/projects/update_service.rb'
-  - app/models/protected_branch.rb
+    - 'ee/lib/ee/api/helpers.rb'
-  - app/models/user.rb
+    - 'ee/lib/ee/gitlab/git_access.rb'
-  - app/policies/note_policy.rb
+    - 'lib/constraints/admin_constrainer.rb'
-  - app/services/auth/container_registry_authentication_service.rb
+    - 'lib/gitlab/import_export/members_mapper.rb'
-  - app/services/emails/create_service.rb
+    - 'lib/gitlab/performance_bar.rb'
-  - app/services/projects/enable_deploy_key_service.rb
+    - 'lib/gitlab/visibility_level.rb'
  - app/services/projects/fork_service.rb
  - app/services/users/build_service.rb
  - ee/app/controllers/ee/projects_controller.rb
  - ee/app/helpers/ee/dashboard_helper.rb
  - ee/app/helpers/ee/import_helper.rb
  - ee/app/helpers/ee/subscribable_banner_helper.rb
  - ee/app/helpers/ee/users/callouts_helper.rb
  - ee/app/helpers/license_monitoring_helper.rb
  - ee/app/helpers/push_rules_helper.rb
  - ee/app/models/concerns/ee/protected_ref_access.rb
  - ee/app/models/ee/user.rb
  - ee/app/models/protected_environment/deploy_access_level.rb
  - ee/app/policies/ee/group_policy.rb
  - ee/app/policies/ee/project_policy.rb
  - ee/app/services/ee/groups/create_service.rb
  - ee/app/services/ee/groups/update_service.rb
  - ee/app/services/ee/projects/update_service.rb
  - ee/lib/ee/api/helpers.rb
  - ee/lib/ee/gitlab/git_access.rb
  - lib/api/award_emoji.rb
  - lib/api/ci/runners.rb
  - lib/api/entities/ci/runner_details.rb
  - lib/api/groups.rb
  - lib/api/helpers.rb
  - lib/api/users.rb
  - lib/api/v3/github.rb
  - lib/constraints/admin_constrainer.rb
  - lib/gitlab/auth.rb
  - lib/gitlab/ci/runner_instructions.rb
  - lib/gitlab/import_export/members_mapper.rb
  - lib/gitlab/performance_bar.rb
  - lib/gitlab/visibility_level.rb
  - qa/qa/runtime/api/client.rb
--- a/.rubocop_todo/database/multiple_databases.yml
+++ b/.rubocop_todo/database/multiple_databases.yml
@ -1,24 +0,0 @@
 ---
 Database/MultipleDatabases:
  Exclude:
    - 'config/initializers/active_record_data_types.rb'
    - 'db/post_migrate/20210317104032_set_iteration_cadence_automatic_to_false.rb'
    - 'db/post_migrate/20210811122206_update_external_project_bots.rb'
    - 'db/post_migrate/20210812013042_remove_duplicate_project_authorizations.rb'
    - 'ee/spec/services/ee/merge_requests/update_service_spec.rb'
    - 'lib/gitlab/background_migration/backfill_projects_with_coverage.rb'
    - 'spec/db/schema_spec.rb'
    - 'spec/initializers/database_config_spec.rb'
    - 'spec/lib/gitlab/database_spec.rb'
    - 'spec/lib/gitlab/metrics/subscribers/active_record_spec.rb'
    - 'spec/lib/gitlab/profiler_spec.rb'
    - 'spec/lib/gitlab/usage/metrics/names_suggestions/relation_parsers/constraints_spec.rb'
    - 'spec/lib/gitlab/usage/metrics/names_suggestions/relation_parsers/joins_spec.rb'
    - 'spec/support/caching.rb'
    - 'spec/support/gitlab/usage/metrics_instrumentation_shared_examples.rb'
    - 'spec/support/helpers/database/database_helpers.rb'
    - 'spec/support/helpers/database/table_schema_helpers.rb'
    - 'spec/support/helpers/migrations_helpers.rb'
    - 'spec/support/helpers/query_recorder.rb'
    - 'spec/support/helpers/usage_data_helpers.rb'
    - 'spec/tasks/gitlab/db_rake_spec.rb'
--- a/.rubocop_todo/database/rescue_query_canceled.yml
+++ b/.rubocop_todo/database/rescue_query_canceled.yml
@ -6,4 +6,3 @@ Database/RescueQueryCanceled:
    - 'lib/gitlab/background_migration/backfill_work_item_type_id_for_issues.rb'
    - 'lib/gitlab/database/batch_counter.rb'
    - 'lib/gitlab/issuables_count_for_state.rb'
    - 'lib/tasks/gitlab/db/lock_writes.rake'
--- a/.rubocop_todo/fips/md5.yml
+++ b/.rubocop_todo/fips/md5.yml
@ -8,8 +8,6 @@ Fips/MD5:
    - 'app/services/packages/go/create_package_service.rb'
    - 'app/services/packages/maven/metadata/append_package_file_service.rb'
    - 'app/services/packages/rubygems/create_gemspec_service.rb'
    - 'config/application.rb'
    - 'config/initializers/wikicloth_redos_patch.rb'
    - 'ee/app/models/license.rb'
    - 'ee/spec/lib/ee/gitlab/usage_data_spec.rb'
    - 'lib/tasks/migrate/setup_postgresql.rake'
@ -19,7 +17,5 @@ Fips/MD5:
    - 'spec/lib/gitlab/ci/trace/remote_checksum_spec.rb'
    - 'spec/models/concerns/checksummable_spec.rb'
    - 'spec/services/gravatar_service_spec.rb'
    - 'spec/support/matchers/match_file.rb'
    - 'spec/support/shared_examples/services/packages/debian/generate_distribution_shared_examples.rb'
    - 'spec/tooling/rspec_flaky/example_spec.rb'
    - 'tooling/rspec_flaky/example.rb'
--- a/.rubocop_todo/fips/sha1.yml
+++ b/.rubocop_todo/fips/sha1.yml
@ -21,7 +21,6 @@ Fips/SHA1:
    - 'ee/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings.rb'
    - 'ee/spec/factories/vulnerabilities/feedback.rb'
    - 'ee/spec/factories/vulnerabilities/finding_signatures.rb'
    - 'ee/spec/finders/security/pipeline_vulnerabilities_finder_spec.rb'
    - 'ee/spec/lib/ee/gitlab/alert_management/payload/generic_spec.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/populate_uuids_for_security_findings_spec.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
@ -37,7 +36,6 @@ Fips/SHA1:
    - 'ee/spec/models/vulnerabilities/finding_spec.rb'
    - 'ee/spec/services/alert_management/process_prometheus_alert_service_spec.rb'
    - 'ee/spec/services/merge_trains/check_status_service_spec.rb'
    - 'ee/spec/services/projects/alerting/notify_service_spec.rb'
    - 'ee/spec/services/security/ingestion/tasks/ingest_identifiers_spec.rb'
    - 'ee/spec/services/security/override_uuids_service_spec.rb'
    - 'ee/spec/services/vulnerabilities/manually_create_service_spec.rb'
@ -85,13 +83,10 @@ Fips/SHA1:
    - 'spec/lib/gitlab/ci/reports/security/locations/secret_detection_spec.rb'
    - 'spec/lib/gitlab/diff/file_spec.rb'
    - 'spec/lib/gitlab/diff/position_spec.rb'
    - 'spec/lib/gitlab/diff/position_tracer/image_strategy_spec.rb'
    - 'spec/lib/gitlab/diff/position_tracer/line_strategy_spec.rb'
    - 'spec/lib/gitlab/git/branch_spec.rb'
    - 'spec/lib/gitlab/git/tag_spec.rb'
    - 'spec/migrations/20220107064845_populate_vulnerability_reads_spec.rb'
    - 'spec/migrations/20220524074947_finalize_backfill_null_note_discussion_ids_spec.rb'
    - 'spec/migrations/delete_security_findings_without_uuid_spec.rb'
    - 'spec/migrations/schedule_recalculate_vulnerability_finding_signatures_for_findings_spec.rb'
    - 'spec/models/ci/artifact_blob_spec.rb'
    - 'spec/models/ci/job_artifact_spec.rb'
--- a/.rubocop_todo/gitlab/delegate_predicate_methods.yml
+++ b/.rubocop_todo/gitlab/delegate_predicate_methods.yml
@ -1,4 +0,0 @@
 ---
 Gitlab/DelegatePredicateMethods:
  Exclude:
  - app/models/clusters/cluster.rb
--- a/.rubocop_todo/gitlab/deprecate_track_redis_hll_event.yml
+++ b/.rubocop_todo/gitlab/deprecate_track_redis_hll_event.yml
@ -1,29 +1,13 @@
 ---
 Gitlab/DeprecateTrackRedisHLLEvent:
  Exclude:
    - 'app/controllers/admin/dev_ops_report_controller.rb'
    - 'app/controllers/admin/usage_trends_controller.rb'
    - 'app/controllers/concerns/snippets_actions.rb'
    - 'app/controllers/concerns/wiki_actions.rb'
    - 'app/controllers/projects/blob_controller.rb'
    - 'app/controllers/projects/cycle_analytics_controller.rb'
    - 'app/controllers/projects/graphs_controller.rb'
    - 'app/controllers/projects/pipelines_controller.rb'
    - 'ee/app/controllers/admin/audit_logs_controller.rb'
    - 'ee/app/controllers/admin/credentials_controller.rb'
    - 'ee/app/controllers/ee/admin/dev_ops_report_controller.rb'
    - 'ee/app/controllers/groups/analytics/ci_cd_analytics_controller.rb'
    - 'ee/app/controllers/groups/analytics/devops_adoption_controller.rb'
    - 'ee/app/controllers/groups/analytics/productivity_analytics_controller.rb'
    - 'ee/app/controllers/groups/audit_events_controller.rb'
    - 'ee/app/controllers/groups/contribution_analytics_controller.rb'
    - 'ee/app/controllers/groups/epic_boards_controller.rb'
    - 'ee/app/controllers/groups/insights_controller.rb'
    - 'ee/app/controllers/groups/issues_analytics_controller.rb'
    - 'ee/app/controllers/groups/security/compliance_dashboards_controller.rb'
    - 'ee/app/controllers/projects/analytics/code_reviews_controller.rb'
    - 'ee/app/controllers/projects/analytics/issues_analytics_controller.rb'
    - 'ee/app/controllers/projects/analytics/merge_request_analytics_controller.rb'
    - 'ee/app/controllers/projects/insights_controller.rb'
    - 'ee/app/controllers/projects/integrations/jira/issues_controller.rb'
    - 'spec/controllers/concerns/redis_tracking_spec.rb'
--- a/.rubocop_todo/gitlab/doc_url.yml
+++ b/.rubocop_todo/gitlab/doc_url.yml
@ -0,0 +1,55 @@
 ---
 Gitlab/DocUrl:
  Details: grace period
  Exclude:
    - 'app/controllers/jira_connect/app_descriptor_controller.rb'
    - 'app/graphql/types/merge_request_type.rb'
    - 'app/graphql/types/notes/diff_position_input_type.rb'
    - 'app/graphql/types/query_complexity_type.rb'
    - 'app/models/integrations/apple_app_store.rb'
    - 'app/models/integrations/microsoft_teams.rb'
    - 'app/presenters/dev_ops_report/metric_presenter.rb'
    - 'app/serializers/build_details_entity.rb'
    - 'app/services/security/ci_configuration/container_scanning_create_service.rb'
    - 'app/services/security/ci_configuration/dependency_scanning_create_service.rb'
    - 'app/services/security/ci_configuration/sast_create_service.rb'
    - 'app/services/security/ci_configuration/sast_iac_create_service.rb'
    - 'app/services/security/ci_configuration/secret_detection_create_service.rb'
    - 'app/services/tasks_to_be_done/create_ci_task_service.rb'
    - 'app/services/tasks_to_be_done/create_code_task_service.rb'
    - 'app/services/tasks_to_be_done/create_issues_task_service.rb'
    - 'ee/app/graphql/mutations/requirements_management/export_requirements.rb'
    - 'ee/app/graphql/types/vulnerability_state_enum.rb'
    - 'ee/app/helpers/projects/learn_gitlab_helper.rb'
    - 'ee/app/mailers/emails/user_cap.rb'
    - 'ee/app/workers/concerns/elastic/migration_obsolete.rb'
    - 'ee/lib/ee/gitlab/ci/pipeline/quota/size.rb'
    - 'ee/lib/slack/block_kit/app_home_opened.rb'
    - 'ee/lib/system_check/app/advanced_search_migrations_check.rb'
    - 'ee/lib/tasks/gitlab/geo.rake'
    - 'lib/backup/database.rb'
    - 'lib/feature.rb'
    - 'lib/gitlab/audit/auditor.rb'
    - 'lib/gitlab/ci/config/entry/processable.rb'
    - 'lib/gitlab/config_checker/external_database_checker.rb'
    - 'lib/gitlab/config_checker/puma_rugged_checker.rb'
    - 'lib/gitlab/database.rb'
    - 'lib/gitlab/database/migration_helpers/automatic_lock_writes_on_tables.rb'
    - 'lib/gitlab/database/migration_helpers/v2.rb'
    - 'lib/gitlab/database/migrations/batched_background_migration_helpers.rb'
    - 'lib/gitlab/database/migrations/extension_helpers.rb'
    - 'lib/gitlab/database/query_analyzers/prevent_cross_database_modification.rb'
    - 'lib/gitlab/database/query_analyzers/restrict_allowed_schemas.rb'
    - 'lib/gitlab/i18n/po_linter.rb'
    - 'lib/gitlab/instrumentation/redis_base.rb'
    - 'lib/gitlab/pagination/keyset/unsupported_scope_order.rb'
    - 'lib/gitlab/redis/hll.rb'
    - 'lib/gitlab/slash_commands/presenters/help.rb'
    - 'lib/gitlab/utils/strong_memoize.rb'
    - 'lib/initializer_connections.rb'
    - 'lib/security/ci_configuration/base_build_action.rb'
    - 'lib/tasks/db_obsolete_ignored_columns.rake'
    - 'lib/tasks/gitlab/docs/redirect.rake'
    - 'lib/tasks/gitlab/shell.rake'
    - 'lib/tasks/migrate/schema_check.rake'
    - 'lib/tasks/test.rake'
--- a/.rubocop_todo/gitlab/feature_available_usage.yml
+++ b/.rubocop_todo/gitlab/feature_available_usage.yml
@ -1,152 +1,115 @@
 ---
 Gitlab/FeatureAvailableUsage:
  Exclude:
-  - app/controllers/projects/application_controller.rb
+    - 'app/controllers/projects/application_controller.rb'
-  - app/graphql/types/project_type.rb
+    - 'app/graphql/types/project_type.rb'
-  - app/helpers/events_helper.rb
+    - 'app/helpers/events_helper.rb'
-  - app/helpers/labels_helper.rb
+    - 'app/helpers/labels_helper.rb'
-  - app/policies/project_policy.rb
+    - 'ee/app/controllers/concerns/description_diff_actions.rb'
-  - ee/app/controllers/concerns/description_diff_actions.rb
+    - 'ee/app/controllers/concerns/ee/boards_actions.rb'
-  - ee/app/controllers/concerns/ee/boards_actions.rb
+    - 'ee/app/controllers/concerns/security_dashboards_permissions.rb'
-  - ee/app/controllers/concerns/security_dashboards_permissions.rb
+    - 'ee/app/controllers/ee/projects/autocomplete_sources_controller.rb'
-  - ee/app/controllers/ee/boards/lists_controller.rb
+    - 'ee/app/controllers/ee/projects/issues_controller.rb'
-  - ee/app/controllers/ee/projects/autocomplete_sources_controller.rb
+    - 'ee/app/controllers/ee/projects/security/configuration_controller.rb'
-  - ee/app/controllers/ee/projects/issues_controller.rb
+    - 'ee/app/controllers/ee/projects/settings/ci_cd_controller.rb'
-  - ee/app/controllers/ee/projects/security/configuration_controller.rb
+    - 'ee/app/controllers/ee/projects/settings/operations_controller.rb'
-  - ee/app/controllers/ee/projects/settings/ci_cd_controller.rb
+    - 'ee/app/controllers/ee/projects/settings/repository_controller.rb'
-  - ee/app/controllers/ee/projects/settings/operations_controller.rb
+    - 'ee/app/controllers/projects/audit_events_controller.rb'
-  - ee/app/controllers/ee/projects/settings/repository_controller.rb
+    - 'ee/app/controllers/projects/iterations_controller.rb'
-  - ee/app/controllers/projects/audit_events_controller.rb
+    - 'ee/app/controllers/projects/path_locks_controller.rb'
-  - ee/app/controllers/projects/iterations_controller.rb
+    - 'ee/app/controllers/projects/subscriptions_controller.rb'
-  - ee/app/controllers/projects/path_locks_controller.rb
+    - 'ee/app/finders/autocomplete/vulnerabilities_autocomplete_finder.rb'
-  - ee/app/controllers/projects/subscriptions_controller.rb
+    - 'ee/app/finders/ee/alert_management/http_integrations_finder.rb'
-  - ee/app/finders/autocomplete/vulnerabilities_autocomplete_finder.rb
+    - 'ee/app/graphql/ee/types/group_type.rb'
-  - ee/app/finders/ee/alert_management/http_integrations_finder.rb
+    - 'ee/app/graphql/mutations/instance_security_dashboard/remove_project.rb'
-  - ee/app/graphql/ee/types/group_type.rb
+    - 'ee/app/helpers/ee/application_helper.rb'
-  - ee/app/graphql/mutations/dast/profiles/create.rb
+    - 'ee/app/helpers/ee/boards_helper.rb'
-  - ee/app/graphql/mutations/dast/profiles/run.rb
+    - 'ee/app/helpers/ee/dashboard_helper.rb'
-  - ee/app/graphql/mutations/dast/profiles/update.rb
+    - 'ee/app/helpers/ee/form_helper.rb'
-  - ee/app/graphql/mutations/instance_security_dashboard/remove_project.rb
+    - 'ee/app/helpers/ee/graph_helper.rb'
-  - ee/app/helpers/ee/application_helper.rb
+    - 'ee/app/helpers/ee/issues_helper.rb'
-  - ee/app/helpers/ee/boards_helper.rb
+    - 'ee/app/helpers/ee/lock_helper.rb'
-  - ee/app/helpers/ee/dashboard_helper.rb
+    - 'ee/app/helpers/ee/operations_helper.rb'
-  - ee/app/helpers/ee/form_helper.rb
+    - 'ee/app/helpers/ee/projects/incidents_helper.rb'
-  - ee/app/helpers/ee/graph_helper.rb
+    - 'ee/app/helpers/ee/projects_helper.rb'
-  - ee/app/helpers/ee/issues_helper.rb
+    - 'ee/app/helpers/ee/releases_helper.rb'
-  - ee/app/helpers/ee/lock_helper.rb
+    - 'ee/app/helpers/ee/search_helper.rb'
-  - ee/app/helpers/ee/operations_helper.rb
+    - 'ee/app/helpers/ee/tree_helper.rb'
-  - ee/app/helpers/ee/projects/incidents_helper.rb
+    - 'ee/app/models/approval_state.rb'
-  - ee/app/helpers/ee/projects_helper.rb
+    - 'ee/app/models/concerns/ee/approvable.rb'
-  - ee/app/helpers/ee/releases_helper.rb
+    - 'ee/app/models/concerns/ee/project_security_scanners_information.rb'
-  - ee/app/helpers/ee/search_helper.rb
+    - 'ee/app/models/concerns/ee/protected_ref_access.rb'
-  - ee/app/helpers/ee/tree_helper.rb
+    - 'ee/app/models/concerns/insights_feature.rb'
-  - ee/app/models/approval_state.rb
+    - 'ee/app/models/ee/board.rb'
-  - ee/app/models/concerns/ee/approvable.rb
+    - 'ee/app/models/ee/ci/build.rb'
-  - ee/app/models/concerns/ee/project_security_scanners_information.rb
+    - 'ee/app/models/ee/ci/build_dependencies.rb'
-  - ee/app/models/concerns/ee/protected_ref_access.rb
+    - 'ee/app/models/ee/ci/pipeline.rb'
-  - ee/app/models/concerns/insights_feature.rb
+    - 'ee/app/models/ee/group.rb'
-  - ee/app/models/ee/board.rb
+    - 'ee/app/models/ee/group_member.rb'
-  - ee/app/models/ee/ci/build.rb
+    - 'ee/app/models/ee/issue.rb'
-  - ee/app/models/ee/ci/build_dependencies.rb
+    - 'ee/app/models/ee/list.rb'
-  - ee/app/models/ee/ci/pipeline.rb
+    - 'ee/app/models/ee/merge_request.rb'
-  - ee/app/models/ee/group.rb
+    - 'ee/app/models/ee/milestone_release.rb'
-  - ee/app/models/ee/group_member.rb
+    - 'ee/app/models/ee/namespace.rb'
-  - ee/app/models/ee/issue.rb
+    - 'ee/app/models/ee/namespace_setting.rb'
-  - ee/app/models/ee/list.rb
+    - 'ee/app/models/ee/project.rb'
-  - ee/app/models/ee/merge_request.rb
+    - 'ee/app/models/ee/project_ci_cd_setting.rb'
-  - ee/app/models/ee/milestone_release.rb
+    - 'ee/app/models/project_security_setting.rb'
-  - ee/app/models/ee/namespace.rb
+    - 'ee/app/policies/compliance_management/framework_policy.rb'
-  - ee/app/models/ee/namespace_setting.rb
+    - 'ee/app/policies/ee/group_policy.rb'
-  - ee/app/models/ee/project.rb
+    - 'ee/app/policies/ee/project_policy.rb'
-  - ee/app/models/ee/project_ci_cd_setting.rb
+    - 'ee/app/presenters/ee/label_presenter.rb'
-  - ee/app/models/project_security_setting.rb
+    - 'ee/app/presenters/merge_request_approver_presenter.rb'
-  - ee/app/policies/compliance_management/framework_policy.rb
+    - 'ee/app/serializers/dashboard_operations_project_entity.rb'
-  - ee/app/policies/ee/group_policy.rb
+    - 'ee/app/serializers/ee/environment_entity.rb'
-  - ee/app/policies/ee/project_policy.rb
+    - 'ee/app/serializers/ee/evidences/release_entity.rb'
-  - ee/app/policies/ee/protected_branch_policy.rb
+    - 'ee/app/serializers/ee/note_entity.rb'
-  - ee/app/presenters/ee/label_presenter.rb
+    - 'ee/app/services/boards/epic_boards/update_service.rb'
-  - ee/app/presenters/merge_request_approver_presenter.rb
+    - 'ee/app/services/ci/audit_variable_change_service.rb'
-  - ee/app/serializers/dashboard_operations_project_entity.rb
+    - 'ee/app/services/dashboard/projects/create_service.rb'
-  - ee/app/serializers/ee/environment_entity.rb
+    - 'ee/app/services/dashboard/projects/list_service.rb'
-  - ee/app/serializers/ee/evidences/release_entity.rb
+    - 'ee/app/services/ee/alert_management/http_integrations/create_service.rb'
-  - ee/app/serializers/ee/note_entity.rb
+    - 'ee/app/services/ee/audit_event_service.rb'
-  - ee/app/services/boards/epic_boards/update_service.rb
+    - 'ee/app/services/ee/boards/issues/list_service.rb'
-  - ee/app/services/ci/audit_variable_change_service.rb
+    - 'ee/app/services/ee/boards/lists/create_service.rb'
-  - ee/app/services/dashboard/projects/create_service.rb
+    - 'ee/app/services/ee/boards/update_service.rb'
-  - ee/app/services/dashboard/projects/list_service.rb
+    - 'ee/app/services/ee/ide/schemas_config_service.rb'
-  - ee/app/services/ee/alert_management/http_integrations/create_service.rb
+    - 'ee/app/services/ee/issuable_base_service.rb'
-  - ee/app/services/ee/audit_event_service.rb
+    - 'ee/app/services/ee/issue_links/create_service.rb'
-  - ee/app/services/ee/boards/issues/list_service.rb
+    - 'ee/app/services/ee/issues/build_service.rb'
-  - ee/app/services/ee/boards/lists/create_service.rb
+    - 'ee/app/services/ee/lfs/lock_file_service.rb'
-  - ee/app/services/ee/boards/update_service.rb
+    - 'ee/app/services/ee/lfs/unlock_file_service.rb'
-  - ee/app/services/ee/ide/schemas_config_service.rb
+    - 'ee/app/services/ee/merge_requests/build_service.rb'
-  - ee/app/services/ee/issuable_base_service.rb
+    - 'ee/app/services/ee/merge_requests/merge_base_service.rb'
-  - ee/app/services/ee/issue_links/create_service.rb
+    - 'ee/app/services/ee/merge_requests/refresh_service.rb'
-  - ee/app/services/ee/issues/build_service.rb
+    - 'ee/app/services/ee/projects/create_service.rb'
-  - ee/app/services/ee/lfs/lock_file_service.rb
+    - 'ee/app/services/ee/protected_branches/create_service.rb'
-  - ee/app/services/ee/lfs/unlock_file_service.rb
+    - 'ee/app/services/ee/releases/create_evidence_service.rb'
-  - ee/app/services/ee/merge_requests/approval_service.rb
+    - 'ee/app/services/iterations/create_service.rb'
-  - ee/app/services/ee/merge_requests/build_service.rb
+    - 'ee/app/services/iterations/update_service.rb'
-  - ee/app/services/ee/merge_requests/merge_base_service.rb
+    - 'ee/app/services/merge_requests/update_blocks_service.rb'
-  - ee/app/services/ee/merge_requests/refresh_service.rb
+    - 'ee/app/services/projects/mark_for_deletion_service.rb'
-  - ee/app/services/ee/merge_requests/update_service.rb
+    - 'ee/app/services/requirements_management/process_test_reports_service.rb'
-  - ee/app/services/ee/projects/create_service.rb
+    - 'ee/app/services/security/store_scans_service.rb'
-  - ee/app/services/ee/protected_branches/create_service.rb
+    - 'ee/app/workers/analytics/code_review_metrics_worker.rb'
-  - ee/app/services/ee/releases/create_evidence_service.rb
+    - 'ee/app/workers/group_saml_group_sync_worker.rb'
-  - ee/app/services/iterations/create_service.rb
+    - 'ee/lib/ee/api/entities/approval_state.rb'
-  - ee/app/services/iterations/update_service.rb
+    - 'ee/lib/ee/api/entities/board.rb'
-  - ee/app/services/merge_requests/sync_report_approver_approval_rules.rb
+    - 'ee/lib/ee/api/entities/issue.rb'
-  - ee/app/services/merge_requests/update_blocks_service.rb
+    - 'ee/lib/ee/api/entities/project.rb'
-  - ee/app/services/projects/mark_for_deletion_service.rb
+    - 'ee/lib/ee/api/helpers.rb'
-  - ee/app/services/quality_management/test_cases/create_service.rb
+    - 'ee/lib/ee/api/projects.rb'
-  - ee/app/services/requirements_management/process_test_reports_service.rb
+    - 'ee/lib/ee/gitlab/alert_management/payload/generic.rb'
-  - ee/app/services/security/store_scans_service.rb
+    - 'ee/lib/ee/gitlab/checks/diff_check.rb'
-  - ee/app/views/projects/_merge_request_approvals_settings.html.haml
+    - 'ee/lib/ee/gitlab/gon_helper.rb'
-  - ee/app/views/projects/_merge_request_settings.html.haml
+    - 'ee/lib/ee/gitlab/tree_summary.rb'
-  - ee/app/views/projects/_merge_request_settings_description_text.html.haml
+    - 'ee/lib/gitlab/alert_management.rb'
-  - ee/app/views/projects/audit_events/index.html.haml
+    - 'ee/lib/gitlab/ci/project_config/compliance.rb'
-  - ee/app/views/projects/blob/_header_file_locks.html.haml
+    - 'ee/lib/gitlab/code_owners.rb'
-  - ee/app/views/projects/issues/_related_issues.html.haml
+    - 'ee/lib/gitlab/path_locks_finder.rb'
-  - ee/app/views/projects/merge_requests/show.html.haml
+    - 'ee/lib/incident_management/incident_sla.rb'
-  - ee/app/views/projects/pipelines/_tabs_content.html.haml
+    - 'ee/spec/models/ee/project_spec.rb'
-  - ee/app/views/projects/protected_branches/ee/_code_owner_approval_form.html.haml
+    - 'ee/spec/models/instance_security_dashboard_spec.rb'
-  - ee/app/views/projects/protected_branches/ee/_code_owner_approval_table.html.haml
+    - 'ee/spec/models/license_spec.rb'
-  - ee/app/views/projects/protected_branches/ee/_code_owner_approval_table_head.html.haml
+    - 'lib/api/helpers/related_resources_helpers.rb'
-  - ee/app/views/projects/push_rules/_index.html.haml
+    - 'spec/models/concerns/featurable_spec.rb'
  - ee/app/views/projects/settings/_default_issue_template.html.haml
  - ee/app/views/projects/settings/_marked_for_removal.html.haml
  - ee/app/views/projects/settings/_restore.html.haml
  - ee/app/views/projects/settings/ci_cd/_auto_rollback.html.haml
  - ee/app/views/projects/settings/ci_cd/_pipeline_subscriptions.html.haml
  - ee/app/views/projects/settings/operations/_status_page.html.haml
  - ee/app/views/projects/settings/repository/_protected_branches.html.haml
  - ee/app/views/shared/issuable/_group_bulk_update_sidebar.html.haml
  - ee/app/views/shared/issuable/form/_default_templates.html.haml
  - ee/app/views/shared/labels/_create_label_help_text.html.haml
  - ee/app/views/shared/promotions/_promote_mr_features.html.haml
  - ee/app/views/shared/promotions/_promote_repository_features.html.haml
  - ee/app/workers/analytics/code_review_metrics_worker.rb
  - ee/app/workers/group_saml_group_sync_worker.rb
  - ee/lib/ee/api/entities/approval_state.rb
  - ee/lib/ee/api/entities/board.rb
  - ee/lib/ee/api/entities/issue.rb
  - ee/lib/ee/api/entities/project.rb
  - ee/lib/ee/api/helpers.rb
  - ee/lib/ee/api/internal/kubernetes.rb
  - ee/lib/ee/api/projects.rb
  - ee/lib/ee/gitlab/alert_management/payload/generic.rb
  - ee/lib/ee/gitlab/checks/diff_check.rb
  - ee/lib/ee/gitlab/gon_helper.rb
  - ee/lib/ee/gitlab/tree_summary.rb
  - ee/lib/gitlab/alert_management.rb
  - ee/lib/gitlab/ci/pipeline/chain/config/content/compliance.rb
  - ee/lib/gitlab/ci/project_config/compliance.rb
  - ee/lib/gitlab/code_owners.rb
  - ee/lib/gitlab/incident_management.rb
  - ee/lib/gitlab/path_locks_finder.rb
  - ee/lib/incident_management/incident_sla.rb
  - ee/spec/models/instance_security_dashboard_spec.rb
  - ee/spec/models/license_spec.rb
  - ee/spec/models/project_spec.rb
  - lib/api/helpers/related_resources_helpers.rb
  - spec/models/concerns/featurable_spec.rb
--- a/.rubocop_todo/gitlab/json.yml
+++ b/.rubocop_todo/gitlab/json.yml
@ -1,465 +0,0 @@
 ---
 # Cop supports --autocorrect.
 Gitlab/Json:
  Exclude:
    - 'app/controllers/admin/application_settings_controller.rb'
    - 'app/controllers/concerns/authenticates_with_two_factor.rb'
    - 'app/controllers/projects/commit_controller.rb'
    - 'app/controllers/projects/google_cloud/configuration_controller.rb'
    - 'app/controllers/projects/google_cloud/databases_controller.rb'
    - 'app/controllers/projects/google_cloud/deployments_controller.rb'
    - 'app/controllers/projects/google_cloud/gcp_regions_controller.rb'
    - 'app/controllers/projects/google_cloud/service_accounts_controller.rb'
    - 'app/controllers/projects/graphs_controller.rb'
    - 'app/controllers/projects/merge_requests_controller.rb'
    - 'app/controllers/projects/notes_controller.rb'
    - 'app/controllers/projects/settings/ci_cd_controller.rb'
    - 'app/controllers/projects/templates_controller.rb'
    - 'app/controllers/projects_controller.rb'
    - 'app/controllers/search_controller.rb'
    - 'app/helpers/access_tokens_helper.rb'
    - 'app/helpers/application_settings_helper.rb'
    - 'app/helpers/breadcrumbs_helper.rb'
    - 'app/helpers/ci/builds_helper.rb'
    - 'app/helpers/ci/pipelines_helper.rb'
    - 'app/helpers/compare_helper.rb'
    - 'app/helpers/emails_helper.rb'
    - 'app/helpers/environment_helper.rb'
    - 'app/helpers/groups_helper.rb'
    - 'app/helpers/ide_helper.rb'
    - 'app/helpers/integrations_helper.rb'
    - 'app/helpers/invite_members_helper.rb'
    - 'app/helpers/issuables_description_templates_helper.rb'
    - 'app/helpers/issuables_helper.rb'
    - 'app/helpers/jira_connect_helper.rb'
    - 'app/helpers/learn_gitlab_helper.rb'
    - 'app/helpers/namespaces_helper.rb'
    - 'app/helpers/notes_helper.rb'
    - 'app/helpers/operations_helper.rb'
    - 'app/helpers/packages_helper.rb'
    - 'app/helpers/projects/project_members_helper.rb'
    - 'app/helpers/projects_helper.rb'
    - 'app/helpers/search_helper.rb'
    - 'app/helpers/terms_helper.rb'
    - 'app/helpers/users_helper.rb'
    - 'app/mailers/emails/members.rb'
    - 'app/presenters/packages/composer/packages_presenter.rb'
    - 'app/presenters/projects/security/configuration_presenter.rb'
    - 'app/workers/google_cloud/create_cloudsql_instance_worker.rb'
    - 'config/initializers/rack_multipart_patch.rb'
    - 'ee/app/controllers/admin/geo/nodes_controller.rb'
    - 'ee/app/controllers/ee/admin/application_settings_controller.rb'
    - 'ee/app/controllers/ee/search_controller.rb'
    - 'ee/app/controllers/subscriptions_controller.rb'
    - 'ee/app/graphql/types/json_string_type.rb'
    - 'ee/app/helpers/billing_plans_helper.rb'
    - 'ee/app/helpers/ee/environments_helper.rb'
    - 'ee/app/helpers/ee/geo_helper.rb'
    - 'ee/app/helpers/ee/groups/analytics/cycle_analytics_helper.rb'
    - 'ee/app/helpers/ee/invite_members_helper.rb'
    - 'ee/app/helpers/ee/operations_helper.rb'
    - 'ee/app/helpers/ee/projects/pipeline_helper.rb'
    - 'ee/app/helpers/ee/projects_helper.rb'
    - 'ee/app/helpers/ee/security_orchestration_helper.rb'
    - 'ee/app/helpers/groups/ldap_sync_helper.rb'
    - 'ee/app/helpers/groups/security_features_helper.rb'
    - 'ee/app/helpers/incident_management/oncall_schedule_helper.rb'
    - 'ee/app/helpers/projects/on_demand_scans_helper.rb'
    - 'ee/app/helpers/projects/security/dast_profiles_helper.rb'
    - 'ee/app/helpers/security_helper.rb'
    - 'ee/app/helpers/subscriptions_helper.rb'
    - 'ee/app/helpers/users/identity_verification_helper.rb'
    - 'ee/app/helpers/vulnerabilities_helper.rb'
    - 'ee/app/models/product_analytics/jitsu_authentication.rb'
    - 'ee/app/presenters/epic_presenter.rb'
    - 'ee/app/services/arkose/blocked_users_report_service.rb'
    - 'ee/app/services/elastic/indexing_control_service.rb'
    - 'ee/app/services/elastic/process_bookkeeping_service.rb'
    - 'ee/app/services/security/token_revocation_service.rb'
    - 'ee/app/services/status_page/publish_base_service.rb'
    - 'ee/app/services/upcoming_reconciliations/update_service.rb'
    - 'ee/app/services/vulnerabilities/create_service_base.rb'
    - 'ee/app/workers/concerns/elastic/migration_state.rb'
    - 'ee/app/workers/sync_seat_link_request_worker.rb'
    - 'ee/db/fixtures/development/20_vulnerabilities.rb'
    - 'ee/lib/api/analytics/product_analytics.rb'
    - 'ee/lib/ee/gitlab/background_migration/update_vulnerability_occurrences_location.rb'
    - 'ee/lib/gitlab/elastic/indexer.rb'
    - 'ee/lib/gitlab/geo/signed_data.rb'
    - 'ee/lib/gitlab/subscription_portal/clients/graphql.rb'
    - 'ee/lib/gitlab/subscription_portal/clients/rest.rb'
    - 'ee/lib/slack/api.rb'
    - 'ee/lib/tasks/gitlab/elastic.rake'
    - 'ee/lib/tasks/gitlab/spdx.rake'
    - 'ee/spec/controllers/admin/application_settings_controller_spec.rb'
    - 'ee/spec/controllers/countries_controller_spec.rb'
    - 'ee/spec/controllers/country_states_controller_spec.rb'
    - 'ee/spec/controllers/ee/search_controller_spec.rb'
    - 'ee/spec/controllers/groups/analytics/cycle_analytics_controller_spec.rb'
    - 'ee/spec/controllers/groups/security/policies_controller_spec.rb'
    - 'ee/spec/controllers/projects/integrations/jira/issues_controller_spec.rb'
    - 'ee/spec/controllers/subscriptions_controller_spec.rb'
    - 'ee/spec/factories/vulnerabilities/findings.rb'
    - 'ee/spec/features/admin/subscriptions/admin_views_subscription_spec.rb'
    - 'ee/spec/features/billings/billing_plans_spec.rb'
    - 'ee/spec/features/billings/extend_reactivate_trial_spec.rb'
    - 'ee/spec/features/billings/qrtly_reconciliation_alert_spec.rb'
    - 'ee/spec/features/projects/integrations/jira_issues_list_spec.rb'
    - 'ee/spec/features/projects/integrations/user_activates_github_spec.rb'
    - 'ee/spec/features/projects/integrations/user_activates_jira_spec.rb'
    - 'ee/spec/frontend/fixtures/dast_profiles.rb'
    - 'ee/spec/frontend/fixtures/epic.rb'
    - 'ee/spec/graphql/api/vulnerabilities_spec.rb'
    - 'ee/spec/graphql/types/json_string_type_spec.rb'
    - 'ee/spec/helpers/ee/groups/group_members_helper_spec.rb'
    - 'ee/spec/helpers/ee/projects/pipeline_helper_spec.rb'
    - 'ee/spec/helpers/ee/security_orchestration_helper_spec.rb'
    - 'ee/spec/helpers/incident_management/oncall_schedule_helper_spec.rb'
    - 'ee/spec/helpers/projects/on_demand_scans_helper_spec.rb'
    - 'ee/spec/helpers/projects/security/dast_profiles_helper_spec.rb'
    - 'ee/spec/helpers/users/identity_verification_helper_spec.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/drop_invalid_remediations_spec.rb'
    - 'ee/spec/lib/ee/gitlab/background_migration/update_vulnerability_occurrences_location_spec.rb'
    - 'ee/spec/lib/gitlab/analytics/cycle_analytics/request_params_spec.rb'
    - 'ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb'
    - 'ee/spec/lib/gitlab/ci/parsers/security/dast_spec.rb'
    - 'ee/spec/lib/gitlab/ci/parsers/security/dependency_scanning_spec.rb'
    - 'ee/spec/lib/gitlab/elastic/bulk_indexer_spec.rb'
    - 'ee/spec/lib/gitlab/elastic/indexer_spec.rb'
    - 'ee/spec/lib/gitlab/geo/replication/blob_downloader_spec.rb'
    - 'ee/spec/lib/gitlab/tracking/standard_context_spec.rb'
    - 'ee/spec/lib/slack/api_spec.rb'
    - 'ee/spec/migrations/update_vulnerability_occurrences_location_spec.rb'
    - 'ee/spec/models/ee/integrations/jira_spec.rb'
    - 'ee/spec/models/gitlab/seat_link_data_spec.rb'
    - 'ee/spec/models/group_member_spec.rb'
    - 'ee/spec/models/integrations/github/status_notifier_spec.rb'
    - 'ee/spec/models/integrations/github_spec.rb'
    - 'ee/spec/models/license_spec.rb'
    - 'ee/spec/models/product_analytics/jitsu_authentication_spec.rb'
    - 'ee/spec/models/vulnerabilities/finding_spec.rb'
    - 'ee/spec/presenters/audit_event_presenter_spec.rb'
    - 'ee/spec/requests/api/analytics/product_analytics_spec.rb'
    - 'ee/spec/requests/api/experiments_spec.rb'
    - 'ee/spec/requests/api/geo_spec.rb'
    - 'ee/spec/requests/api/graphql/mutations/alert_management/http_integration/create_spec.rb'
    - 'ee/spec/requests/api/graphql/mutations/alert_management/http_integration/update_spec.rb'
    - 'ee/spec/requests/api/graphql/mutations/vulnerabilities/create_external_issue_link_spec.rb'
    - 'ee/spec/requests/api/graphql/project/alert_management/http_integrations_spec.rb'
    - 'ee/spec/requests/api/graphql/vulnerabilities/external_issue_links_spec.rb'
    - 'ee/spec/requests/api/graphql/vulnerabilities/location_spec.rb'
    - 'ee/spec/requests/api/integrations/slack/events_spec.rb'
    - 'ee/spec/requests/api/releases_spec.rb'
    - 'ee/spec/requests/api/settings_spec.rb'
    - 'ee/spec/requests/git_http_geo_spec.rb'
    - 'ee/spec/requests/projects/on_demand_scans_controller_spec.rb'
    - 'ee/spec/requests/projects/security/policies_controller_spec.rb'
    - 'ee/spec/requests/users/identity_verification_controller_spec.rb'
    - 'ee/spec/serializers/clusters/environment_entity_spec.rb'
    - 'ee/spec/serializers/clusters/environment_serializer_spec.rb'
    - 'ee/spec/serializers/dependency_list_serializer_spec.rb'
    - 'ee/spec/serializers/epics/related_epic_entity_spec.rb'
    - 'ee/spec/serializers/evidences/evidence_entity_spec.rb'
    - 'ee/spec/serializers/issue_serializer_spec.rb'
    - 'ee/spec/serializers/licenses_list_serializer_spec.rb'
    - 'ee/spec/serializers/member_entity_spec.rb'
    - 'ee/spec/serializers/member_user_entity_spec.rb'
    - 'ee/spec/serializers/status_page/incident_entity_spec.rb'
    - 'ee/spec/serializers/status_page/incident_serializer_spec.rb'
    - 'ee/spec/serializers/test_reports_comparer_serializer_spec.rb'
    - 'ee/spec/services/arkose/blocked_users_report_service_spec.rb'
    - 'ee/spec/services/arkose/token_verification_service_spec.rb'
    - 'ee/spec/services/gitlab_subscriptions/fetch_subscription_plans_service_spec.rb'
    - 'ee/spec/services/integrations/slack_events/app_home_opened_service_spec.rb'
    - 'ee/spec/services/jira/requests/issues/list_service_spec.rb'
    - 'ee/spec/services/projects/slack_application_install_service_spec.rb'
    - 'ee/spec/services/security/token_revocation_service_spec.rb'
    - 'ee/spec/support/helpers/subscription_portal_helpers.rb'
    - 'ee/spec/support/shared_examples/controllers/cluster_metrics_shared_examples.rb'
    - 'ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb'
    - 'ee/spec/support/shared_examples/status_page/publish_shared_examples.rb'
    - 'ee/spec/tasks/gitlab/spdx_rake_spec.rb'
    - 'ee/spec/workers/audit_events/audit_event_streaming_worker_spec.rb'
    - 'ee/spec/workers/scan_security_report_secrets_worker_spec.rb'
    - 'ee/spec/workers/sync_seat_link_request_worker_spec.rb'
    - 'ee/spec/workers/vulnerability_exports/export_worker_spec.rb'
    - 'lib/api/api.rb'
    - 'lib/api/feature_flags_user_lists.rb'
    - 'lib/api/helpers.rb'
    - 'lib/api/terraform/state.rb'
    - 'lib/atlassian/jira_connect/client.rb'
    - 'lib/atlassian/jira_connect/serializers/base_entity.rb'
    - 'lib/backup/gitaly_backup.rb'
    - 'lib/bitbucket_server/client.rb'
    - 'lib/bulk_imports/clients/graphql.rb'
    - 'lib/error_tracking/sentry_client.rb'
    - 'lib/gitlab/alert_management/payload/prometheus.rb'
    - 'lib/gitlab/analytics/cycle_analytics/request_params.rb'
    - 'lib/gitlab/auth/otp/strategies/forti_authenticator/manual_otp.rb'
    - 'lib/gitlab/auth/otp/strategies/forti_authenticator/push_otp.rb'
    - 'lib/gitlab/auth/otp/strategies/forti_token_cloud.rb'
    - 'lib/gitlab/background_migration/fix_vulnerability_occurrences_with_hashes_as_raw_metadata.rb'
    - 'lib/gitlab/bitbucket_import/importer.rb'
    - 'lib/gitlab/bitbucket_server_import/importer.rb'
    - 'lib/gitlab/chat/responder/mattermost.rb'
    - 'lib/gitlab/chat/responder/slack.rb'
    - 'lib/gitlab/chat_name_token.rb'
    - 'lib/gitlab/ci/ansi2html.rb'
    - 'lib/gitlab/ci/ansi2json/state.rb'
    - 'lib/gitlab/ci/build/releaser.rb'
    - 'lib/gitlab/ci/config/external/mapper.rb'
    - 'lib/gitlab/ci/pipeline/chain/validate/external.rb'
    - 'lib/gitlab/ci/reports/security/finding.rb'
    - 'lib/gitlab/composer/cache.rb'
    - 'lib/gitlab/database/background_migration/batched_migration.rb'
    - 'lib/gitlab/database/background_migration_job.rb'
    - 'lib/gitlab/database/migration_helpers.rb'
    - 'lib/gitlab/database/migrations/batched_background_migration_helpers.rb'
    - 'lib/gitlab/database/migrations/instrumentation.rb'
    - 'lib/gitlab/database/migrations/runner.rb'
    - 'lib/gitlab/database/postgres_hll/buckets.rb'
    - 'lib/gitlab/database/reindexing/grafana_notifier.rb'
    - 'lib/gitlab/database/rename_reserved_paths_migration/v1/rename_base.rb'
    - 'lib/gitlab/diff/highlight_cache.rb'
    - 'lib/gitlab/discussions_diff/highlight_cache.rb'
    - 'lib/gitlab/external_authorization/client.rb'
    - 'lib/gitlab/file_hook.rb'
    - 'lib/gitlab/gitaly_client/conflicts_service.rb'
    - 'lib/gitlab/graphql/pagination/active_record_array_connection.rb'
    - 'lib/gitlab/graphql/pagination/keyset/connection.rb'
    - 'lib/gitlab/health_checks/middleware.rb'
    - 'lib/gitlab/import_export/after_export_strategies/base_after_export_strategy.rb'
    - 'lib/gitlab/import_export/json/legacy_writer.rb'
    - 'lib/gitlab/import_export/json/ndjson_writer.rb'
    - 'lib/gitlab/import_export/lfs_saver.rb'
    - 'lib/gitlab/jira/http_client.rb'
    - 'lib/gitlab/json_cache.rb'
    - 'lib/gitlab/legacy_github_import/importer.rb'
    - 'lib/gitlab/lfs/client.rb'
    - 'lib/gitlab/merge_requests/mergeability/redis_interface.rb'
    - 'lib/gitlab/middleware/read_only/controller.rb'
    - 'lib/gitlab/patch/hangouts_chat_http_override.rb'
    - 'lib/gitlab/puma_logging/json_formatter.rb'
    - 'lib/gitlab/sidekiq_config.rb'
    - 'lib/gitlab/sidekiq_daemon/monitor.rb'
    - 'lib/gitlab/sidekiq_logging/json_formatter.rb'
    - 'lib/gitlab/usage/metrics/aggregates/sources/postgres_hll.rb'
    - 'lib/gitlab/utils/json_size_estimator.rb'
    - 'lib/gitlab/version_info.rb'
    - 'lib/gitlab/workhorse.rb'
    - 'lib/mattermost/command.rb'
    - 'lib/mattermost/team.rb'
    - 'lib/microsoft_teams/notifier.rb'
    - 'lib/tasks/gitlab/background_migrations.rake'
    - 'lib/version_check.rb'
    - 'spec/commands/diagnostic_reports/uploader_smoke_spec.rb'
    - 'spec/controllers/admin/integrations_controller_spec.rb'
    - 'spec/controllers/concerns/product_analytics_tracking_spec.rb'
    - 'spec/controllers/groups/settings/integrations_controller_spec.rb'
    - 'spec/controllers/jira_connect/subscriptions_controller_spec.rb'
    - 'spec/controllers/profiles/personal_access_tokens_controller_spec.rb'
    - 'spec/controllers/projects/alerting/notifications_controller_spec.rb'
    - 'spec/controllers/projects/jobs_controller_spec.rb'
    - 'spec/controllers/projects/merge_requests/drafts_controller_spec.rb'
    - 'spec/factories/ci/pipeline_artifacts.rb'
    - 'spec/features/dashboard/issues_spec.rb'
    - 'spec/features/error_tracking/user_filters_errors_by_status_spec.rb'
    - 'spec/features/file_uploads/graphql_add_design_spec.rb'
    - 'spec/features/groups/dependency_proxy_for_containers_spec.rb'
    - 'spec/features/markdown/copy_as_gfm_spec.rb'
    - 'spec/features/markdown/metrics_spec.rb'
    - 'spec/features/projects/integrations/user_activates_jira_spec.rb'
    - 'spec/features/projects/settings/monitor_settings_spec.rb'
    - 'spec/frontend/fixtures/timezones.rb'
    - 'spec/helpers/access_tokens_helper_spec.rb'
    - 'spec/helpers/breadcrumbs_helper_spec.rb'
    - 'spec/helpers/ci/builds_helper_spec.rb'
    - 'spec/helpers/environment_helper_spec.rb'
    - 'spec/helpers/environments_helper_spec.rb'
    - 'spec/helpers/groups/group_members_helper_spec.rb'
    - 'spec/helpers/groups_helper_spec.rb'
    - 'spec/helpers/ide_helper_spec.rb'
    - 'spec/helpers/invite_members_helper_spec.rb'
    - 'spec/helpers/issuables_description_templates_helper_spec.rb'
    - 'spec/helpers/listbox_helper_spec.rb'
    - 'spec/helpers/namespaces_helper_spec.rb'
    - 'spec/helpers/projects/project_members_helper_spec.rb'
    - 'spec/helpers/projects_helper_spec.rb'
    - 'spec/initializers/hangouts_chat_http_override_spec.rb'
    - 'spec/lib/api/entities/merge_request_basic_spec.rb'
    - 'spec/lib/api/helpers/caching_spec.rb'
    - 'spec/lib/api/helpers/common_helpers_spec.rb'
    - 'spec/lib/atlassian/jira_connect/client_spec.rb'
    - 'spec/lib/atlassian/jira_connect/serializers/build_entity_spec.rb'
    - 'spec/lib/atlassian/jira_connect/serializers/deployment_entity_spec.rb'
    - 'spec/lib/atlassian/jira_connect/serializers/feature_flag_entity_spec.rb'
    - 'spec/lib/atlassian/jira_connect/serializers/repository_entity_spec.rb'
    - 'spec/lib/bitbucket_server/connection_spec.rb'
    - 'spec/lib/bulk_imports/common/pipelines/lfs_objects_pipeline_spec.rb'
    - 'spec/lib/bulk_imports/projects/pipelines/snippets_pipeline_spec.rb'
    - 'spec/lib/container_registry/client_spec.rb'
    - 'spec/lib/container_registry/gitlab_api_client_spec.rb'
    - 'spec/lib/gitlab/background_migration/encrypt_integration_properties_spec.rb'
    - 'spec/lib/gitlab/bitbucket_import/importer_spec.rb'
    - 'spec/lib/gitlab/chat/responder/mattermost_spec.rb'
    - 'spec/lib/gitlab/chat/responder/slack_spec.rb'
    - 'spec/lib/gitlab/ci/build/releaser_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/accessibility/pa11y_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/codequality/code_climate_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/coverage/sax_document_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/sbom/cyclonedx_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/security/common_spec.rb'
    - 'spec/lib/gitlab/ci/parsers/test/junit_spec.rb'
    - 'spec/lib/gitlab/ci/runner_upgrade_check_spec.rb'
    - 'spec/lib/gitlab/composer/cache_spec.rb'
    - 'spec/lib/gitlab/composer/version_index_spec.rb'
    - 'spec/lib/gitlab/data_builder/pipeline_spec.rb'
    - 'spec/lib/gitlab/database/load_balancing/sidekiq_server_middleware_spec.rb'
    - 'spec/lib/gitlab/database/postgres_hll/buckets_spec.rb'
    - 'spec/lib/gitlab/database/reindexing/grafana_notifier_spec.rb'
    - 'spec/lib/gitlab/diff/position_spec.rb'
    - 'spec/lib/gitlab/diff/stats_cache_spec.rb'
    - 'spec/lib/gitlab/discussions_diff/highlight_cache_spec.rb'
    - 'spec/lib/gitlab/error_tracking/context_payload_generator_spec.rb'
    - 'spec/lib/gitlab/error_tracking/processor/sidekiq_processor_spec.rb'
    - 'spec/lib/gitlab/external_authorization/client_spec.rb'
    - 'spec/lib/gitlab/external_authorization/response_spec.rb'
    - 'spec/lib/gitlab/file_hook_spec.rb'
    - 'spec/lib/gitlab/git/rugged_impl/use_rugged_spec.rb'
    - 'spec/lib/gitlab/github_import/client_spec.rb'
    - 'spec/lib/gitlab/gitlab_import/importer_spec.rb'
    - 'spec/lib/gitlab/grape_logging/loggers/exception_logger_spec.rb'
    - 'spec/lib/gitlab/harbor/client_spec.rb'
    - 'spec/lib/gitlab/import_export/after_export_strategies/base_after_export_strategy_spec.rb'
    - 'spec/lib/gitlab/import_export/json/streaming_serializer_spec.rb'
    - 'spec/lib/gitlab/json_cache_spec.rb'
    - 'spec/lib/gitlab/legacy_github_import/client_spec.rb'
    - 'spec/lib/gitlab/legacy_github_import/importer_spec.rb'
    - 'spec/lib/gitlab/lfs/client_spec.rb'
    - 'spec/lib/gitlab/merge_requests/mergeability/redis_interface_spec.rb'
    - 'spec/lib/gitlab/middleware/multipart_spec.rb'
    - 'spec/lib/gitlab/sidekiq_migrate_jobs_spec.rb'
    - 'spec/lib/gitlab/tracking/service_ping_context_spec.rb'
    - 'spec/lib/gitlab/tracking/standard_context_spec.rb'
    - 'spec/lib/gitlab/tracking_spec.rb'
    - 'spec/lib/gitlab/usage/service_ping/legacy_metric_timing_decorator_spec.rb'
    - 'spec/lib/gitlab/utils/json_size_estimator_spec.rb'
    - 'spec/lib/gitlab/version_info_spec.rb'
    - 'spec/lib/gitlab/webpack/manifest_spec.rb'
    - 'spec/lib/gitlab/workhorse_spec.rb'
    - 'spec/lib/gitlab/zentao/client_spec.rb'
    - 'spec/lib/grafana/client_spec.rb'
    - 'spec/lib/json_web_token/hmac_token_spec.rb'
    - 'spec/lib/mattermost/command_spec.rb'
    - 'spec/lib/mattermost/team_spec.rb'
    - 'spec/lib/microsoft_teams/notifier_spec.rb'
    - 'spec/lib/object_storage/direct_upload_spec.rb'
    - 'spec/lib/service_ping/devops_report_spec.rb'
    - 'spec/lib/version_check_spec.rb'
    - 'spec/mailers/notify_spec.rb'
    - 'spec/migrations/20220204194347_encrypt_integration_properties_spec.rb'
    - 'spec/migrations/20220412143552_consume_remaining_encrypt_integration_property_jobs_spec.rb'
    - 'spec/models/blob_viewer/package_json_spec.rb'
    - 'spec/models/ci/runner_spec.rb'
    - 'spec/models/concerns/prometheus_adapter_spec.rb'
    - 'spec/models/concerns/redis_cacheable_spec.rb'
    - 'spec/models/concerns/sensitive_serializable_hash_spec.rb'
    - 'spec/models/diff_discussion_spec.rb'
    - 'spec/models/diff_note_spec.rb'
    - 'spec/models/hooks/web_hook_spec.rb'
    - 'spec/models/integrations/datadog_spec.rb'
    - 'spec/models/integrations/jira_spec.rb'
    - 'spec/models/integrations/mattermost_slash_commands_spec.rb'
    - 'spec/models/integrations/mock_ci_spec.rb'
    - 'spec/models/merge_request_diff_commit_spec.rb'
    - 'spec/models/packages/composer/metadatum_spec.rb'
    - 'spec/models/terraform/state_spec.rb'
    - 'spec/presenters/packages/composer/packages_presenter_spec.rb'
    - 'spec/requests/api/ci/runner/jobs_request_post_spec.rb'
    - 'spec/requests/api/composer_packages_spec.rb'
    - 'spec/requests/api/conan_instance_packages_spec.rb'
    - 'spec/requests/api/conan_project_packages_spec.rb'
    - 'spec/requests/api/container_registry_event_spec.rb'
    - 'spec/requests/api/graphql/mutations/design_management/upload_spec.rb'
    - 'spec/requests/api/integrations/jira_connect/subscriptions_spec.rb'
    - 'spec/requests/api/internal/base_spec.rb'
    - 'spec/requests/api/merge_requests_spec.rb'
    - 'spec/requests/api/namespaces_spec.rb'
    - 'spec/requests/api/project_snapshots_spec.rb'
    - 'spec/requests/groups/settings/access_tokens_controller_spec.rb'
    - 'spec/requests/projects/incident_management/pagerduty_incidents_spec.rb'
    - 'spec/requests/projects/settings/access_tokens_controller_spec.rb'
    - 'spec/requests/users_controller_spec.rb'
    - 'spec/requests/whats_new_controller_spec.rb'
    - 'spec/scripts/pipeline_test_report_builder_spec.rb'
    - 'spec/serializers/ci/dag_job_entity_spec.rb'
    - 'spec/serializers/ci/dag_job_group_entity_spec.rb'
    - 'spec/serializers/ci/dag_pipeline_entity_spec.rb'
    - 'spec/serializers/ci/dag_pipeline_serializer_spec.rb'
    - 'spec/serializers/ci/dag_stage_entity_spec.rb'
    - 'spec/serializers/ci/daily_build_group_report_result_serializer_spec.rb'
    - 'spec/serializers/ci/lint/result_serializer_spec.rb'
    - 'spec/serializers/ci/trigger_entity_spec.rb'
    - 'spec/serializers/ci/trigger_serializer_spec.rb'
    - 'spec/serializers/diff_line_serializer_spec.rb'
    - 'spec/serializers/evidences/evidence_entity_spec.rb'
    - 'spec/serializers/feature_flags_client_serializer_spec.rb'
    - 'spec/serializers/group_link/group_group_link_entity_spec.rb'
    - 'spec/serializers/group_link/group_group_link_serializer_spec.rb'
    - 'spec/serializers/group_link/group_link_entity_spec.rb'
    - 'spec/serializers/group_link/project_group_link_entity_spec.rb'
    - 'spec/serializers/group_link/project_group_link_serializer_spec.rb'
    - 'spec/serializers/member_entity_spec.rb'
    - 'spec/serializers/member_serializer_spec.rb'
    - 'spec/serializers/member_user_entity_spec.rb'
    - 'spec/serializers/test_reports_comparer_serializer_spec.rb'
    - 'spec/services/ci/runners/process_runner_version_update_service_spec.rb'
    - 'spec/services/draft_notes/create_service_spec.rb'
    - 'spec/services/error_tracking/issue_details_service_spec.rb'
    - 'spec/services/error_tracking/issue_latest_event_service_spec.rb'
    - 'spec/services/error_tracking/list_issues_service_spec.rb'
    - 'spec/services/git/branch_push_service_spec.rb'
    - 'spec/services/jira/requests/projects/list_service_spec.rb'
    - 'spec/services/metrics/dashboard/transient_embed_service_spec.rb'
    - 'spec/services/packages/composer/create_package_service_spec.rb'
    - 'spec/services/packages/rubygems/metadata_extraction_service_spec.rb'
    - 'spec/services/projects/container_repository/third_party/cleanup_tags_service_spec.rb'
    - 'spec/services/projects/lfs_pointers/lfs_download_link_list_service_spec.rb'
    - 'spec/services/service_ping/submit_service_ping_service_spec.rb'
    - 'spec/services/webauthn/authenticate_service_spec.rb'
    - 'spec/services/webauthn/register_service_spec.rb'
    - 'spec/support/frontend_fixtures.rb'
    - 'spec/support/google_api/cloud_platform_helpers.rb'
    - 'spec/support/helpers/ci_artifact_metadata_generator.rb'
    - 'spec/support/helpers/dependency_proxy_helpers.rb'
    - 'spec/support/helpers/fake_webauthn_device.rb'
    - 'spec/support/helpers/features/two_factor_helpers.rb'
    - 'spec/support/helpers/graphql_helpers.rb'
    - 'spec/support/helpers/input_helper.rb'
    - 'spec/support/helpers/jira_integration_helpers.rb'
    - 'spec/support/helpers/kubernetes_helpers.rb'
    - 'spec/support/helpers/prometheus_helpers.rb'
    - 'spec/support/helpers/sentry_client_helpers.rb'
    - 'spec/support/helpers/usage_data_helpers.rb'
    - 'spec/support/import_export/configuration_helper.rb'
    - 'spec/support/shared_contexts/bulk_imports_requests_shared_context.rb'
    - 'spec/support/shared_contexts/features/error_tracking_shared_context.rb'
    - 'spec/support/shared_contexts/prometheus/alert_shared_context.rb'
    - 'spec/support/shared_contexts/services/projects/container_repository/delete_tags_service_shared_context.rb'
    - 'spec/support/shared_examples/blocks_unsafe_serialization_shared_examples.rb'
    - 'spec/support/shared_examples/controllers/rate_limited_endpoint_shared_examples.rb'
    - 'spec/support/shared_examples/controllers/snowplow_event_tracking_examples.rb'
    - 'spec/support/shared_examples/harbor/artifacts_controller_shared_examples.rb'
    - 'spec/support/shared_examples/harbor/repositories_controller_shared_examples.rb'
    - 'spec/support/shared_examples/harbor/tags_controller_shared_examples.rb'
    - 'spec/support/shared_examples/models/diff_positionable_note_shared_examples.rb'
    - 'spec/support/shared_examples/requests/api/conan_packages_shared_examples.rb'
    - 'spec/support/shared_examples/requests/rack_attack_shared_examples.rb'
    - 'spec/support_specs/helpers/graphql_helpers_spec.rb'
    - 'spec/tasks/gitlab/update_templates_rake_spec.rb'
    - 'spec/tasks/gitlab/usage_data_rake_spec.rb'
    - 'spec/tooling/lib/tooling/kubernetes_client_spec.rb'
    - 'spec/tooling/rspec_flaky/listener_spec.rb'
    - 'spec/workers/ci/runners/process_runner_version_update_worker_spec.rb'
    - 'spec/workers/gitlab/jira_import/stage/import_labels_worker_spec.rb'
    - 'spec/workers/packages/composer/cache_update_worker_spec.rb'
--- a/.rubocop_todo/gitlab/namespaced_class.yml
+++ b/.rubocop_todo/gitlab/namespaced_class.yml
@ -48,7 +48,6 @@ Gitlab/NamespacedClass:
    - 'app/finders/feature_flags_user_lists_finder.rb'
    - 'app/finders/fork_projects_finder.rb'
    - 'app/finders/fork_targets_finder.rb'
    - 'app/finders/freeze_periods_finder.rb'
    - 'app/finders/git_refs_finder.rb'
    - 'app/finders/group_descendants_finder.rb'
    - 'app/finders/group_finder.rb'
@ -134,7 +133,6 @@ Gitlab/NamespacedClass:
    - 'app/models/commit_status.rb'
    - 'app/models/commit_user_mention.rb'
    - 'app/models/compare.rb'
    - 'app/models/concerns/uniquify.rb'
    - 'app/models/container_expiration_policy.rb'
    - 'app/models/container_repository.rb'
    - 'app/models/context_commits_diff.rb'
@ -162,9 +160,6 @@ Gitlab/NamespacedClass:
    - 'app/models/epic.rb'
    - 'app/models/event.rb'
    - 'app/models/event_collection.rb'
    - 'app/models/experiment.rb'
    - 'app/models/experiment_subject.rb'
    - 'app/models/experiment_user.rb'
    - 'app/models/exported_protected_branch.rb'
    - 'app/models/external_issue.rb'
    - 'app/models/external_pull_request.rb'
@ -201,7 +196,6 @@ Gitlab/NamespacedClass:
    - 'app/models/issuable_severity.rb'
    - 'app/models/issue.rb'
    - 'app/models/issue_assignee.rb'
    - 'app/models/issue_collection.rb'
    - 'app/models/issue_email_participant.rb'
    - 'app/models/issue_link.rb'
    - 'app/models/issue_user_mention.rb'
@ -374,6 +368,7 @@ Gitlab/NamespacedClass:
    - 'app/policies/deploy_keys_project_policy.rb'
    - 'app/policies/deploy_token_policy.rb'
    - 'app/policies/deployment_policy.rb'
    - 'app/policies/description_version_policy.rb'
    - 'app/policies/draft_note_policy.rb'
    - 'app/policies/environment_policy.rb'
    - 'app/policies/external_issue_policy.rb'
@ -396,18 +391,21 @@ Gitlab/NamespacedClass:
    - 'app/policies/personal_access_token_policy.rb'
    - 'app/policies/personal_snippet_policy.rb'
    - 'app/policies/project_ci_cd_setting_policy.rb'
    - 'app/policies/project_hook_policy.rb'
    - 'app/policies/project_label_policy.rb'
    - 'app/policies/project_member_policy.rb'
    - 'app/policies/project_policy.rb'
    - 'app/policies/project_snippet_policy.rb'
    - 'app/policies/project_statistics_policy.rb'
    - 'app/policies/project_hook_policy.rb'
    - 'app/policies/prometheus_alert_policy.rb'
    - 'app/policies/protected_branch_policy.rb'
    - 'app/policies/protected_branch_access_policy.rb'
    - 'app/policies/protected_branch_policy.rb'
    - 'app/policies/release_policy.rb'
    - 'app/policies/repository_policy.rb'
    - 'app/policies/resource_event_policy.rb'
    - 'app/policies/resource_label_event_policy.rb'
    - 'app/policies/resource_milestone_event_policy.rb'
    - 'app/policies/resource_state_event_policy.rb'
    - 'app/policies/suggestion_policy.rb'
    - 'app/policies/system_hook_policy.rb'
    - 'app/policies/timebox_policy.rb'
@ -430,6 +428,7 @@ Gitlab/NamespacedClass:
    - 'app/presenters/group_clusterable_presenter.rb'
    - 'app/presenters/group_member_presenter.rb'
    - 'app/presenters/instance_clusterable_presenter.rb'
    - 'app/presenters/issue_email_participant_presenter.rb'
    - 'app/presenters/issue_presenter.rb'
    - 'app/presenters/label_presenter.rb'
    - 'app/presenters/member_presenter.rb'
@ -472,8 +471,6 @@ Gitlab/NamespacedClass:
    - 'app/serializers/base_discussion_entity.rb'
    - 'app/serializers/base_serializer.rb'
    - 'app/serializers/blob_entity.rb'
    - 'app/serializers/board_serializer.rb'
    - 'app/serializers/board_simple_entity.rb'
    - 'app/serializers/build_action_entity.rb'
    - 'app/serializers/build_artifact_entity.rb'
    - 'app/serializers/build_coverage_entity.rb'
@ -497,8 +494,6 @@ Gitlab/NamespacedClass:
    - 'app/serializers/container_tag_entity.rb'
    - 'app/serializers/container_tags_serializer.rb'
    - 'app/serializers/context_commits_diff_entity.rb'
    - 'app/serializers/current_board_entity.rb'
    - 'app/serializers/current_board_serializer.rb'
    - 'app/serializers/current_user_entity.rb'
    - 'app/serializers/deploy_keys_project_entity.rb'
    - 'app/serializers/deployment_cluster_entity.rb'
@ -690,7 +685,7 @@ Gitlab/NamespacedClass:
    - 'app/validators/addressable_url_validator.rb'
    - 'app/validators/any_field_validator.rb'
    - 'app/validators/array_members_validator.rb'
-    - 'app/validators/branch_filter_validator.rb'
+    - 'app/validators/bytesize_validator.rb'
    - 'app/validators/certificate_fingerprint_validator.rb'
    - 'app/validators/certificate_key_validator.rb'
    - 'app/validators/certificate_validator.rb'
@ -708,6 +703,7 @@ Gitlab/NamespacedClass:
    - 'app/validators/gitlab/zoom_url_validator.rb'
    - 'app/validators/html_safety_validator.rb'
    - 'app/validators/ip_address_validator.rb'
    - 'app/validators/iso8601_date_validator.rb'
    - 'app/validators/js_regex_validator.rb'
    - 'app/validators/json_schema_validator.rb'
    - 'app/validators/key_restriction_validator.rb'
@ -725,15 +721,12 @@ Gitlab/NamespacedClass:
    - 'app/validators/top_level_group_validator.rb'
    - 'app/validators/untrusted_regexp_validator.rb'
    - 'app/validators/x509_certificate_credentials_validator.rb'
    - 'app/validators/bytesize_validator.rb'
    - 'app/workers/admin_email_worker.rb'
    - 'app/workers/approve_blocked_pending_approval_users_worker.rb'
    - 'app/workers/archive_trace_worker.rb'
    - 'app/workers/authorized_keys_worker.rb'
    - 'app/workers/authorized_projects_worker.rb'
    - 'app/workers/auto_merge_process_worker.rb'
    - 'app/workers/background_migration_worker.rb'
    - 'app/workers/build_finished_worker.rb'
    - 'app/workers/build_hooks_worker.rb'
    - 'app/workers/build_queue_worker.rb'
    - 'app/workers/build_success_worker.rb'
@ -964,13 +957,15 @@ Gitlab/NamespacedClass:
    - 'ee/app/policies/dast_site_validation_policy.rb'
    - 'ee/app/policies/epic_policy.rb'
    - 'ee/app/policies/geo_node_policy.rb'
    - 'ee/app/policies/group_hook_policy.rb'
    - 'ee/app/policies/instance_security_dashboard_policy.rb'
    - 'ee/app/policies/issuable_metric_image_policy.rb'
    - 'ee/app/policies/iteration_policy.rb'
    - 'ee/app/policies/push_rule_policy.rb'
    - 'ee/app/policies/resource_iteration_event_policy.rb'
    - 'ee/app/policies/resource_weight_event_policy.rb'
    - 'ee/app/policies/saml_provider_policy.rb'
    - 'ee/app/policies/vulnerability_policy.rb'
    - 'ee/app/policies/group_hook_policy.rb'
    - 'ee/app/presenters/approval_rule_presenter.rb'
    - 'ee/app/presenters/audit_event_presenter.rb'
    - 'ee/app/presenters/epic_issue_presenter.rb'
@ -982,9 +977,6 @@ Gitlab/NamespacedClass:
    - 'ee/app/serializers/audit_event_entity.rb'
    - 'ee/app/serializers/audit_event_serializer.rb'
    - 'ee/app/serializers/blocking_merge_request_entity.rb'
    - 'ee/app/serializers/board_assignee_entity.rb'
    - 'ee/app/serializers/board_label_entity.rb'
    - 'ee/app/serializers/board_milestone_entity.rb'
    - 'ee/app/serializers/dashboard_environment_entity.rb'
    - 'ee/app/serializers/dashboard_environments_project_entity.rb'
    - 'ee/app/serializers/dashboard_environments_serializer.rb'
@ -1078,17 +1070,14 @@ Gitlab/NamespacedClass:
    - 'ee/app/workers/sync_seat_link_worker.rb'
    - 'ee/app/workers/update_all_mirrors_worker.rb'
    - 'ee/app/workers/update_max_seats_used_for_gitlab_com_subscriptions_worker.rb'
    - 'ee/lib/gitlab/auth_logger.rb'
    - 'ee/lib/gitlab/authority_analyzer.rb'
    - 'ee/lib/gitlab/cidr.rb'
    - 'ee/lib/gitlab/custom_file_templates.rb'
    - 'ee/lib/gitlab/expiring_subscription_message.rb'
    - 'ee/lib/gitlab/geo_logger.rb'
    - 'ee/lib/gitlab/group_plans_preloader.rb'
    - 'ee/lib/gitlab/ip_address_state.rb'
    - 'ee/lib/gitlab/items_collection.rb'
    - 'ee/lib/gitlab/manual_quarterly_co_term_banner.rb'
    - 'ee/lib/gitlab/pagination_delegate.rb'
    - 'ee/lib/gitlab/path_locks_finder.rb'
    - 'ee/lib/gitlab/proxy.rb'
    - 'ee/lib/gitlab/return_to_location.rb'
@ -1114,7 +1103,6 @@ Gitlab/NamespacedClass:
    - 'lib/gitlab/avatar_cache.rb'
    - 'lib/gitlab/backup_logger.rb'
    - 'lib/gitlab/base_doorkeeper_controller.rb'
    - 'lib/gitlab/batch_pop_queueing.rb'
    - 'lib/gitlab/batch_worker_context.rb'
    - 'lib/gitlab/blame.rb'
    - 'lib/gitlab/branch_push_merge_commit_analyzer.rb'
@ -1141,13 +1129,14 @@ Gitlab/NamespacedClass:
    - 'lib/gitlab/empty_search_results.rb'
    - 'lib/gitlab/encrypted_command_base.rb'
    - 'lib/gitlab/encrypted_configuration.rb'
    - 'lib/gitlab/encrypted_incoming_email_command.rb'
    - 'lib/gitlab/encrypted_ldap_command.rb'
    - 'lib/gitlab/encrypted_service_desk_email_command.rb'
    - 'lib/gitlab/encrypted_smtp_command.rb'
    - 'lib/gitlab/environment_logger.rb'
    - 'lib/gitlab/exceptions_app.rb'
    - 'lib/gitlab/exclusive_lease.rb'
    - 'lib/gitlab/experiment/rollout/feature.rb'
    - 'lib/gitlab/experimentation_logger.rb'
    - 'lib/gitlab/fake_application_settings.rb'
    - 'lib/gitlab/favicon.rb'
    - 'lib/gitlab/feature_categories.rb'
@ -1269,7 +1258,6 @@ Gitlab/NamespacedClass:
    - 'lib/gitlab/wiki_file_finder.rb'
    - 'lib/gitlab/workhorse.rb'
    - 'lib/gitlab/zoom_link_extractor.rb'
    - 'lib/tasks/gitlab/graphql.rake'
    - 'lib/tasks/gitlab/seed/group_seed.rake'
    - 'lib/tasks/import.rake'
    - 'lib/tasks/tokens.rake'
@ -1279,10 +1267,7 @@ Gitlab/NamespacedClass:
    - 'spec/lib/bitbucket/collection_spec.rb'
    - 'spec/lib/gitlab/multi_destination_logger_spec.rb'
    - 'spec/lib/marginalia_spec.rb'
    - 'spec/mailers/notify_spec.rb'
    - 'spec/models/concerns/batch_destroy_dependent_associations_spec.rb'
    - 'spec/models/concerns/bulk_insertable_associations_spec.rb'
    - 'spec/models/concerns/triggerable_hooks_spec.rb'
    - 'spec/support/helpers/ci_artifact_metadata_generator.rb'
    - 'spec/support/helpers/fake_migration_classes.rb'
    - 'spec/support/helpers/fake_u2f_device.rb'
--- a/.rubocop_todo/gitlab/no_code_coverage_comment.yml
+++ b/.rubocop_todo/gitlab/no_code_coverage_comment.yml
@ -13,6 +13,5 @@ Gitlab/NoCodeCoverageComment:
    - 'lib/gitlab/database/background_migration/health_status/signals.rb'
    - 'lib/gitlab/seeder.rb'
    - 'lib/gitlab/webpack/dev_server_middleware.rb'
    - 'lib/tasks/dev.rake'
    - 'lib/tasks/gems.rake'
    - 'lib/tasks/gitlab/db.rake'
--- a/.rubocop_todo/gitlab/service_response.yml
+++ b/.rubocop_todo/gitlab/service_response.yml
@ -64,7 +64,6 @@ Gitlab/ServiceResponse:
    - 'ee/app/services/vulnerability_issue_links/create_service.rb'
    - 'ee/app/services/vulnerability_issue_links/delete_service.rb'
    - 'ee/spec/graphql/mutations/security/finding/dismiss_spec.rb'
    - 'spec/controllers/boards/issues_controller_spec.rb'
    - 'spec/controllers/import/bulk_imports_controller_spec.rb'
    - 'spec/controllers/import/fogbugz_controller_spec.rb'
    - 'spec/controllers/projects/alerting/notifications_controller_spec.rb'
--- a/.rubocop_todo/gitlab/strong_memoize_attr.yml
+++ b/.rubocop_todo/gitlab/strong_memoize_attr.yml
@ -0,0 +1,710 @@
 ---
 # Cop supports --autocorrect.
 Gitlab/StrongMemoizeAttr:
  Details: grace period
  Exclude:
    - 'app/components/pajamas/avatar_component.rb'
    - 'app/controllers/application_controller.rb'
    - 'app/controllers/concerns/boards_actions.rb'
    - 'app/controllers/concerns/creates_commit.rb'
    - 'app/controllers/concerns/find_snippet.rb'
    - 'app/controllers/concerns/impersonation.rb'
    - 'app/controllers/concerns/issuable_actions.rb'
    - 'app/controllers/concerns/issuable_collections.rb'
    - 'app/controllers/concerns/known_sign_in.rb'
    - 'app/controllers/concerns/wiki_actions.rb'
    - 'app/controllers/groups/dependency_proxy_for_containers_controller.rb'
    - 'app/controllers/ide_controller.rb'
    - 'app/controllers/import/github_controller.rb'
    - 'app/controllers/invites_controller.rb'
    - 'app/controllers/jira_connect/application_controller.rb'
    - 'app/controllers/jwt_controller.rb'
    - 'app/controllers/oauth/authorizations_controller.rb'
    - 'app/controllers/projects/analytics/cycle_analytics/stages_controller.rb'
    - 'app/controllers/projects/boards_controller.rb'
    - 'app/controllers/projects/compare_controller.rb'
    - 'app/controllers/projects/forks_controller.rb'
    - 'app/controllers/projects/import/jira_controller.rb'
    - 'app/controllers/projects/incidents_controller.rb'
    - 'app/controllers/projects/merge_requests/drafts_controller.rb'
    - 'app/controllers/projects/merge_requests_controller.rb'
    - 'app/controllers/projects/metrics_dashboard_controller.rb'
    - 'app/controllers/projects/milestones_controller.rb'
    - 'app/controllers/projects/pipelines/application_controller.rb'
    - 'app/controllers/projects/pipelines_controller.rb'
    - 'app/controllers/projects/todos_controller.rb'
    - 'app/controllers/repositories/git_http_client_controller.rb'
    - 'app/controllers/repositories/lfs_api_controller.rb'
    - 'app/controllers/sessions_controller.rb'
    - 'app/controllers/whats_new_controller.rb'
    - 'app/finders/autocomplete/users_finder.rb'
    - 'app/finders/ci/commit_statuses_finder.rb'
    - 'app/finders/ci/pipelines_for_merge_request_finder.rb'
    - 'app/finders/cluster_ancestors_finder.rb'
    - 'app/finders/concerns/finder_with_group_hierarchy.rb'
    - 'app/finders/crm/contacts_finder.rb'
    - 'app/finders/crm/organizations_finder.rb'
    - 'app/finders/groups/accepting_group_transfers_finder.rb'
    - 'app/finders/issuable_finder.rb'
    - 'app/finders/issuable_finder/params.rb'
    - 'app/finders/issuables/label_filter.rb'
    - 'app/finders/issues_finder/params.rb'
    - 'app/finders/license_template_finder.rb'
    - 'app/finders/merge_requests_finder/params.rb'
    - 'app/finders/projects/members/effective_access_level_finder.rb'
    - 'app/finders/releases/evidence_pipeline_finder.rb'
    - 'app/finders/releases_finder.rb'
    - 'app/finders/snippets_finder.rb'
    - 'app/finders/todos_finder.rb'
    - 'app/graphql/resolvers/issue_status_counts_resolver.rb'
    - 'app/graphql/resolvers/issues/base_parent_resolver.rb'
    - 'app/graphql/resolvers/namespace_projects_resolver.rb'
    - 'app/graphql/resolvers/work_items_resolver.rb'
    - 'app/graphql/types/board_list_type.rb'
    - 'app/helpers/appearances_helper.rb'
    - 'app/helpers/broadcast_messages_helper.rb'
    - 'app/helpers/diff_helper.rb'
    - 'app/helpers/operations_helper.rb'
    - 'app/helpers/page_layout_helper.rb'
    - 'app/helpers/projects_helper.rb'
    - 'app/helpers/sessions_helper.rb'
    - 'app/helpers/timeboxes_helper.rb'
    - 'app/models/alert_management/alert.rb'
    - 'app/models/application_setting_implementation.rb'
    - 'app/models/blob_viewer/go_mod.rb'
    - 'app/models/blob_viewer/metrics_dashboard_yml.rb'
    - 'app/models/bulk_imports/export.rb'
    - 'app/models/bulk_imports/export_status.rb'
    - 'app/models/bulk_imports/file_transfer/base_config.rb'
    - 'app/models/ci/bridge.rb'
    - 'app/models/ci/build.rb'
    - 'app/models/ci/build_dependencies.rb'
    - 'app/models/ci/build_metadata.rb'
    - 'app/models/ci/commit_with_pipeline.rb'
    - 'app/models/ci/group.rb'
    - 'app/models/ci/job_artifact.rb'
    - 'app/models/ci/pipeline.rb'
    - 'app/models/ci/processable.rb'
    - 'app/models/ci/runner.rb'
    - 'app/models/clusters/cluster.rb'
    - 'app/models/commit.rb'
    - 'app/models/commit_collection.rb'
    - 'app/models/compare.rb'
    - 'app/models/concerns/avatarable.rb'
    - 'app/models/concerns/cascading_namespace_setting_attribute.rb'
    - 'app/models/concerns/ci/contextable.rb'
    - 'app/models/concerns/discussion_on_diff.rb'
    - 'app/models/concerns/has_repository.rb'
    - 'app/models/concerns/has_wiki.rb'
    - 'app/models/concerns/has_wiki_page_meta_attributes.rb'
    - 'app/models/concerns/redis_cacheable.rb'
    - 'app/models/concerns/resolvable_discussion.rb'
    - 'app/models/concerns/security/latest_pipeline_information.rb'
    - 'app/models/container_registry/event.rb'
    - 'app/models/container_repository.rb'
    - 'app/models/customer_relations/contact_state_counts.rb'
    - 'app/models/deploy_token.rb'
    - 'app/models/deployment.rb'
    - 'app/models/deployment_metrics.rb'
    - 'app/models/design_management/design.rb'
    - 'app/models/design_management/design_at_version.rb'
    - 'app/models/design_management/version.rb'
    - 'app/models/diff_note.rb'
    - 'app/models/draft_note.rb'
    - 'app/models/environment.rb'
    - 'app/models/environment_status.rb'
    - 'app/models/error_tracking/project_error_tracking_setting.rb'
    - 'app/models/event.rb'
    - 'app/models/event_collection.rb'
    - 'app/models/group.rb'
    - 'app/models/incident_management/project_incident_management_setting.rb'
    - 'app/models/integrations/jira.rb'
    - 'app/models/internal_id.rb'
    - 'app/models/member.rb'
    - 'app/models/merge_request.rb'
    - 'app/models/merge_request_diff.rb'
    - 'app/models/namespace.rb'
    - 'app/models/namespaces/traversal/linear.rb'
    - 'app/models/namespaces/traversal/recursive.rb'
    - 'app/models/note.rb'
    - 'app/models/packages/go/module.rb'
    - 'app/models/packages/go/module_version.rb'
    - 'app/models/packages/package.rb'
    - 'app/models/pages/lookup_path.rb'
    - 'app/models/project.rb'
    - 'app/models/release.rb'
    - 'app/models/resource_event.rb'
    - 'app/models/service_desk_setting.rb'
    - 'app/models/snippet.rb'
    - 'app/models/snippet_input_action_collection.rb'
    - 'app/models/state_note.rb'
    - 'app/models/tree.rb'
    - 'app/models/uploads/fog.rb'
    - 'app/models/user.rb'
    - 'app/models/wiki_page.rb'
    - 'app/models/work_item.rb'
    - 'app/policies/application_setting/term_policy.rb'
    - 'app/policies/note_policy.rb'
    - 'app/presenters/blobs/unfold_presenter.rb'
    - 'app/presenters/ci/build_runner_presenter.rb'
    - 'app/presenters/ci/pipeline_artifacts/code_coverage_presenter.rb'
    - 'app/presenters/ci/pipeline_presenter.rb'
    - 'app/presenters/clusters/cluster_presenter.rb'
    - 'app/presenters/merge_request_presenter.rb'
    - 'app/presenters/packages/conan/package_presenter.rb'
    - 'app/presenters/packages/nuget/packages_metadata_presenter.rb'
    - 'app/presenters/packages/nuget/search_results_presenter.rb'
    - 'app/presenters/project_presenter.rb'
    - 'app/presenters/projects/settings/deploy_keys_presenter.rb'
    - 'app/serializers/ci/pipeline_entity.rb'
    - 'app/serializers/linked_project_issue_entity.rb'
    - 'app/services/alert_management/alerts/update_service.rb'
    - 'app/services/alert_management/create_alert_issue_service.rb'
    - 'app/services/alert_management/process_prometheus_alert_service.rb'
    - 'app/services/auth/dependency_proxy_authentication_service.rb'
    - 'app/services/authorized_project_update/project_recalculate_service.rb'
    - 'app/services/auto_merge/base_service.rb'
    - 'app/services/award_emojis/add_service.rb'
    - 'app/services/base_project_service.rb'
    - 'app/services/boards/base_items_list_service.rb'
    - 'app/services/ci/create_downstream_pipeline_service.rb'
    - 'app/services/ci/create_web_ide_terminal_service.rb'
    - 'app/services/ci/job_artifacts/destroy_batch_service.rb'
    - 'app/services/ci/parse_dotenv_artifact_service.rb'
    - 'app/services/ci/pipeline_artifacts/coverage_report_service.rb'
    - 'app/services/ci/pipeline_artifacts/create_code_quality_mr_diff_report_service.rb'
    - 'app/services/ci/pipeline_artifacts/destroy_all_expired_service.rb'
    - 'app/services/ci/pipeline_processing/atomic_processing_service/status_collection.rb'
    - 'app/services/ci/pipeline_schedules/calculate_next_run_service.rb'
    - 'app/services/ci/pipeline_trigger_service.rb'
    - 'app/services/ci/pipelines/hook_service.rb'
    - 'app/services/ci/queue/build_queue_service.rb'
    - 'app/services/ci/update_build_state_service.rb'
    - 'app/services/clusters/agents/refresh_authorization_service.rb'
    - 'app/services/clusters/integrations/prometheus_health_check_service.rb'
    - 'app/services/concerns/alert_management/alert_processing.rb'
    - 'app/services/concerns/incident_management/settings.rb'
    - 'app/services/concerns/issues/resolve_discussions.rb'
    - 'app/services/concerns/suggestible.rb'
    - 'app/services/concerns/update_repository_storage_methods.rb'
    - 'app/services/container_expiration_policies/update_service.rb'
    - 'app/services/dependency_proxy/image_ttl_group_policies/update_service.rb'
    - 'app/services/discussions/resolve_service.rb'
    - 'app/services/error_tracking/collect_error_service.rb'
    - 'app/services/error_tracking/issue_details_service.rb'
    - 'app/services/feature_flags/base_service.rb'
    - 'app/services/git/base_hooks_service.rb'
    - 'app/services/git/branch_hooks_service.rb'
    - 'app/services/git/branch_push_service.rb'
    - 'app/services/git/tag_hooks_service.rb'
    - 'app/services/git/wiki_push_service/change.rb'
    - 'app/services/groups/open_issues_count_service.rb'
    - 'app/services/import/github_service.rb'
    - 'app/services/import/gitlab_projects/file_acquisition_strategies/remote_file_s3.rb'
    - 'app/services/incident_management/issuable_escalation_statuses/prepare_update_service.rb'
    - 'app/services/incident_management/pager_duty/process_webhook_service.rb'
    - 'app/services/integrations/test/project_service.rb'
    - 'app/services/issuable/discussions_list_service.rb'
    - 'app/services/issues/reorder_service.rb'
    - 'app/services/jira_connect_subscriptions/create_service.rb'
    - 'app/services/jira_import/users_mapper_service.rb'
    - 'app/services/lfs/push_service.rb'
    - 'app/services/markdown_content_rewriter_service.rb'
    - 'app/services/members/invitation_reminder_email_service.rb'
    - 'app/services/merge_requests/build_service.rb'
    - 'app/services/merge_requests/merge_base_service.rb'
    - 'app/services/merge_requests/mergeability/detailed_merge_status_service.rb'
    - 'app/services/merge_requests/mergeability/logger.rb'
    - 'app/services/merge_requests/mergeability/run_checks_service.rb'
    - 'app/services/merge_requests/mergeability_check_service.rb'
    - 'app/services/merge_requests/outdated_discussion_diff_lines_service.rb'
    - 'app/services/merge_requests/pushed_branches_service.rb'
    - 'app/services/merge_requests/refresh_service.rb'
    - 'app/services/metrics/dashboard/clone_dashboard_service.rb'
    - 'app/services/metrics/dashboard/custom_metric_embed_service.rb'
    - 'app/services/metrics/dashboard/dynamic_embed_service.rb'
    - 'app/services/metrics/dashboard/gitlab_alert_embed_service.rb'
    - 'app/services/namespaces/package_settings/update_service.rb'
    - 'app/services/packages/cleanup/execute_policy_service.rb'
    - 'app/services/packages/cleanup/update_policy_service.rb'
    - 'app/services/packages/composer/create_package_service.rb'
    - 'app/services/packages/debian/extract_changes_metadata_service.rb'
    - 'app/services/packages/debian/find_or_create_package_service.rb'
    - 'app/services/packages/debian/generate_distribution_key_service.rb'
    - 'app/services/packages/debian/generate_distribution_service.rb'
    - 'app/services/packages/debian/process_changes_service.rb'
    - 'app/services/packages/helm/process_file_service.rb'
    - 'app/services/packages/maven/metadata/base_create_xml_service.rb'
    - 'app/services/packages/maven/metadata/create_plugins_xml_service.rb'
    - 'app/services/packages/maven/metadata/create_versions_xml_service.rb'
    - 'app/services/packages/maven/metadata/sync_service.rb'
    - 'app/services/packages/npm/create_package_service.rb'
    - 'app/services/packages/npm/create_tag_service.rb'
    - 'app/services/packages/nuget/metadata_extraction_service.rb'
    - 'app/services/packages/nuget/search_service.rb'
    - 'app/services/packages/nuget/sync_metadatum_service.rb'
    - 'app/services/packages/nuget/update_package_from_metadata_service.rb'
    - 'app/services/packages/pypi/create_package_service.rb'
    - 'app/services/packages/rpm/parse_package_service.rb'
    - 'app/services/packages/rubygems/dependency_resolver_service.rb'
    - 'app/services/packages/rubygems/process_gem_service.rb'
    - 'app/services/packages/terraform_module/create_package_service.rb'
    - 'app/services/packages/update_tags_service.rb'
    - 'app/services/projects/container_repository/cleanup_tags_base_service.rb'
    - 'app/services/projects/container_repository/third_party/cleanup_tags_service.rb'
    - 'app/services/projects/create_from_template_service.rb'
    - 'app/services/projects/gitlab_projects_import_service.rb'
    - 'app/services/projects/lfs_pointers/lfs_object_download_list_service.rb'
    - 'app/services/projects/open_issues_count_service.rb'
    - 'app/services/projects/record_target_platforms_service.rb'
    - 'app/services/projects/update_statistics_service.rb'
    - 'app/services/prometheus/proxy_service.rb'
    - 'app/services/quick_actions/interpret_service.rb'
    - 'app/services/releases/base_service.rb'
    - 'app/services/resource_access_tokens/revoke_service.rb'
    - 'app/services/resource_events/base_synthetic_notes_builder_service.rb'
    - 'app/services/search/global_service.rb'
    - 'app/services/search/project_service.rb'
    - 'app/services/search_service.rb'
    - 'app/services/security/ci_configuration/sast_parser_service.rb'
    - 'app/services/test_hooks/project_service.rb'
    - 'app/services/test_hooks/system_service.rb'
    - 'app/uploaders/file_mover.rb'
    - 'app/uploaders/object_storage/cdn.rb'
    - 'app/uploaders/object_storage/cdn/google_cdn.rb'
    - 'app/workers/concerns/each_shard_worker.rb'
    - 'app/workers/concerns/limited_capacity/worker.rb'
    - 'app/workers/concerns/packages/cleanup_artifact_worker.rb'
    - 'app/workers/container_expiration_policies/cleanup_container_repository_worker.rb'
    - 'app/workers/container_registry/delete_container_repository_worker.rb'
    - 'app/workers/container_registry/migration/enqueuer_worker.rb'
    - 'app/workers/database/batched_background_migration/execution_worker.rb'
    - 'app/workers/database/batched_background_migration/single_database_worker.rb'
    - 'app/workers/error_tracking_issue_link_worker.rb'
    - 'app/workers/merge_request_cleanup_refs_worker.rb'
    - 'app/workers/packages/cleanup/execute_policy_worker.rb'
    - 'app/workers/packages/debian/generate_distribution_worker.rb'
    - 'app/workers/packages/debian/process_changes_worker.rb'
    - 'app/workers/packages/maven/metadata/sync_worker.rb'
    - 'app/workers/projects/inactive_projects_deletion_cron_worker.rb'
    - 'ee/app/controllers/admin/audit_logs_controller.rb'
    - 'ee/app/controllers/concerns/description_diff_actions.rb'
    - 'ee/app/controllers/concerns/ee/lfs_request.rb'
    - 'ee/app/controllers/concerns/ee/routable_actions/sso_enforcement_redirect.rb'
    - 'ee/app/controllers/concerns/epic_relations.rb'
    - 'ee/app/controllers/ee/admin/health_check_controller.rb'
    - 'ee/app/controllers/ee/groups/settings/repository_controller.rb'
    - 'ee/app/controllers/ee/groups_controller.rb'
    - 'ee/app/controllers/ee/repositories/git_http_controller.rb'
    - 'ee/app/controllers/groups/audit_events_controller.rb'
    - 'ee/app/controllers/groups/epic_boards_controller.rb'
    - 'ee/app/controllers/groups/push_rules_controller.rb'
    - 'ee/app/controllers/groups/todos_controller.rb'
    - 'ee/app/controllers/projects/audit_events_controller.rb'
    - 'ee/app/controllers/projects/subscriptions_controller.rb'
    - 'ee/app/controllers/subscriptions_controller.rb'
    - 'ee/app/finders/approval_rules/group_finder.rb'
    - 'ee/app/finders/concerns/epics/with_access_check.rb'
    - 'ee/app/finders/ee/issues_finder.rb'
    - 'ee/app/finders/epics_finder.rb'
    - 'ee/app/finders/incident_management/oncall_users_finder.rb'
    - 'ee/app/finders/security/pipeline_vulnerabilities_finder.rb'
    - 'ee/app/finders/security/training_providers/base_url_finder.rb'
    - 'ee/app/graphql/resolvers/epics_resolver.rb'
    - 'ee/app/graphql/resolvers/vulnerabilities_base_resolver.rb'
    - 'ee/app/helpers/admin/emails_helper.rb'
    - 'ee/app/helpers/auditor_user_helper.rb'
    - 'ee/app/helpers/ee/ci/runners_helper.rb'
    - 'ee/app/helpers/ee/preferences_helper.rb'
    - 'ee/app/helpers/ee/registrations_helper.rb'
    - 'ee/app/helpers/ee/timeboxes_helper.rb'
    - 'ee/app/helpers/ee/trial_helper.rb'
    - 'ee/app/helpers/ee/welcome_helper.rb'
    - 'ee/app/helpers/license_monitoring_helper.rb'
    - 'ee/app/helpers/subscriptions_helper.rb'
    - 'ee/app/models/approval_merge_request_rule.rb'
    - 'ee/app/models/approval_state.rb'
    - 'ee/app/models/approval_wrapped_any_approver_rule.rb'
    - 'ee/app/models/approval_wrapped_code_owner_rule.rb'
    - 'ee/app/models/approval_wrapped_rule.rb'
    - 'ee/app/models/approvals/scan_finding_wrapped_rule_set.rb'
    - 'ee/app/models/approvals/wrapped_rule_set.rb'
    - 'ee/app/models/burndown.rb'
    - 'ee/app/models/concerns/deprecated_approvals_before_merge.rb'
    - 'ee/app/models/concerns/ee/approvable.rb'
    - 'ee/app/models/concerns/ee/issue_available_features.rb'
    - 'ee/app/models/concerns/insights_feature.rb'
    - 'ee/app/models/concerns/security/scan_execution_policy.rb'
    - 'ee/app/models/deployments/approval_summary.rb'
    - 'ee/app/models/ee/audit_event.rb'
    - 'ee/app/models/ee/ci/bridge.rb'
    - 'ee/app/models/ee/ci/build.rb'
    - 'ee/app/models/ee/ci/build_dependencies.rb'
    - 'ee/app/models/ee/ci/pipeline.rb'
    - 'ee/app/models/ee/ci/runner.rb'
    - 'ee/app/models/ee/deployment.rb'
    - 'ee/app/models/ee/environment.rb'
    - 'ee/app/models/ee/group.rb'
    - 'ee/app/models/ee/integrations/jira.rb'
    - 'ee/app/models/ee/list.rb'
    - 'ee/app/models/ee/merge_request.rb'
    - 'ee/app/models/ee/namespace.rb'
    - 'ee/app/models/ee/project.rb'
    - 'ee/app/models/ee/snippet.rb'
    - 'ee/app/models/ee/user.rb'
    - 'ee/app/models/ee/work_item.rb'
    - 'ee/app/models/gitlab/seat_link_data.rb'
    - 'ee/app/models/gitlab_subscription.rb'
    - 'ee/app/models/issuables_analytics.rb'
    - 'ee/app/models/license.rb'
    - 'ee/app/models/namespaces/storage/root_excess_size.rb'
    - 'ee/app/models/sca/license_compliance.rb'
    - 'ee/app/models/security/orchestration_policy_configuration.rb'
    - 'ee/app/models/security/orchestration_policy_rule_schedule.rb'
    - 'ee/app/models/vulnerabilities/finding.rb'
    - 'ee/app/presenters/approval_rule_presenter.rb'
    - 'ee/app/presenters/ci/minutes/usage_presenter.rb'
    - 'ee/app/presenters/merge_request_approver_presenter.rb'
    - 'ee/app/serializers/dashboard_operations_project_entity.rb'
    - 'ee/app/serializers/ee/member_user_entity.rb'
    - 'ee/app/services/app_sec/dast/pipelines/find_latest_service.rb'
    - 'ee/app/services/app_sec/dast/scan_configs/build_service.rb'
    - 'ee/app/services/approval_rules/params_filtering_service.rb'
    - 'ee/app/services/boards/epics/position_create_service.rb'
    - 'ee/app/services/ci/compare_license_scanning_reports_collapsed_service.rb'
    - 'ee/app/services/ci/minutes/update_project_and_namespace_usage_service.rb'
    - 'ee/app/services/ci/subscribe_bridge_service.rb'
    - 'ee/app/services/ci/sync_reports_to_approval_rules_service.rb'
    - 'ee/app/services/deployments/approval_service.rb'
    - 'ee/app/services/ee/allowed_email_domains/update_service.rb'
    - 'ee/app/services/ee/auto_merge_service.rb'
    - 'ee/app/services/ee/ci/retry_pipeline_service.rb'
    - 'ee/app/services/ee/incident_management/issuable_escalation_statuses/prepare_update_service.rb'
    - 'ee/app/services/ee/integrations/test/project_service.rb'
    - 'ee/app/services/ee/ip_restrictions/update_service.rb'
    - 'ee/app/services/ee/issuable_base_service.rb'
    - 'ee/app/services/ee/issues/export_csv_service.rb'
    - 'ee/app/services/ee/merge_requests/merge_base_service.rb'
    - 'ee/app/services/ee/post_receive_service.rb'
    - 'ee/app/services/ee/projects/create_from_template_service.rb'
    - 'ee/app/services/ee/projects/gitlab_projects_import_service.rb'
    - 'ee/app/services/ee/protected_branches/create_service.rb'
    - 'ee/app/services/ee/search/global_service.rb'
    - 'ee/app/services/ee/search/group_service.rb'
    - 'ee/app/services/ee/search_service.rb'
    - 'ee/app/services/ee/users/authorized_build_service.rb'
    - 'ee/app/services/ee/users/build_service.rb'
    - 'ee/app/services/ee/users/update_service.rb'
    - 'ee/app/services/elastic/cluster_reindexing_service.rb'
    - 'ee/app/services/epic_issues/list_service.rb'
    - 'ee/app/services/epics/descendant_count_service.rb'
    - 'ee/app/services/epics/related_epic_links/destroy_service.rb'
    - 'ee/app/services/geo/container_repository_sync.rb'
    - 'ee/app/services/geo/event_service.rb'
    - 'ee/app/services/geo/file_registry_removal_service.rb'
    - 'ee/app/services/geo/repository_destroy_service.rb'
    - 'ee/app/services/gitlab_subscriptions/activate_service.rb'
    - 'ee/app/services/gitlab_subscriptions/create_service.rb'
    - 'ee/app/services/gitlab_subscriptions/fetch_purchase_eligible_namespaces_service.rb'
    - 'ee/app/services/gitlab_subscriptions/reconciliations/calculate_seat_count_data_service.rb'
    - 'ee/app/services/groups/sync_service.rb'
    - 'ee/app/services/incident_management/escalation_policies/update_service.rb'
    - 'ee/app/services/incident_management/pending_escalations/process_service.rb'
    - 'ee/app/services/iterations/create_service.rb'
    - 'ee/app/services/merge_commits/export_csv_service.rb'
    - 'ee/app/services/merge_requests/update_blocks_service.rb'
    - 'ee/app/services/projects/restore_service.rb'
    - 'ee/app/services/protected_environments/base_service.rb'
    - 'ee/app/services/security/ingestion/tasks/ingest_vulnerabilities/mark_resolved_as_detected.rb'
    - 'ee/app/services/security/report_fetch_service.rb'
    - 'ee/app/services/security/report_summary_service.rb'
    - 'ee/app/services/security/security_orchestration_policies/on_demand_scan_pipeline_configuration_service.rb'
    - 'ee/app/services/security/security_orchestration_policies/operational_vulnerabilities_configuration_service.rb'
    - 'ee/app/services/security/security_orchestration_policies/validate_policy_service.rb'
    - 'ee/app/services/status_page/publish_attachments_service.rb'
    - 'ee/app/services/status_page/publish_base_service.rb'
    - 'ee/app/services/status_page/publish_service.rb'
    - 'ee/app/services/status_page/trigger_publish_service.rb'
    - 'ee/app/services/timebox_report_service.rb'
    - 'ee/app/services/vulnerabilities/create_service.rb'
    - 'ee/app/services/vulnerability_feedback/create_service.rb'
    - 'ee/app/services/vulnerability_feedback/destroy_service.rb'
    - 'ee/app/workers/auth/saml_group_sync_worker.rb'
    - 'ee/app/workers/geo/repository_cleanup_worker.rb'
    - 'ee/app/workers/geo/scheduler/scheduler_worker.rb'
    - 'ee/app/workers/group_saml_group_sync_worker.rb'
    - 'ee/app/workers/status_page/publish_worker.rb'
    - 'ee/lib/api/analytics/project_deployment_frequency.rb'
    - 'ee/lib/api/epic_links.rb'
    - 'ee/lib/api/geo_nodes.rb'
    - 'ee/lib/api/vulnerability_exports.rb'
    - 'ee/lib/api/vulnerability_findings.rb'
    - 'ee/lib/ee/api/geo.rb'
    - 'ee/lib/ee/api/helpers.rb'
    - 'ee/lib/ee/banzai/filter/references/reference_cache.rb'
    - 'ee/lib/ee/container_registry/client.rb'
    - 'ee/lib/ee/gitlab/alert_management/payload/generic.rb'
    - 'ee/lib/ee/gitlab/analytics/cycle_analytics/data_collector.rb'
    - 'ee/lib/ee/gitlab/analytics/cycle_analytics/stage_events.rb'
    - 'ee/lib/ee/gitlab/auth/o_auth/auth_hash.rb'
    - 'ee/lib/ee/gitlab/background_migration/backfill_project_statistics_container_repository_size.rb'
    - 'ee/lib/ee/gitlab/background_migration/migrate_approver_to_approval_rules.rb'
    - 'ee/lib/ee/gitlab/background_migration/populate_resolved_on_default_branch_column.rb'
    - 'ee/lib/ee/gitlab/checks/base_checker.rb'
    - 'ee/lib/ee/gitlab/checks/diff_check.rb'
    - 'ee/lib/ee/gitlab/ci/matching/runner_matcher.rb'
    - 'ee/lib/ee/gitlab/ci/pipeline/chain/validate/external.rb'
    - 'ee/lib/ee/gitlab/ci/pipeline/quota/activity.rb'
    - 'ee/lib/ee/gitlab/ci/pipeline/quota/size.rb'
    - 'ee/lib/ee/gitlab/etag_caching/router/rails.rb'
    - 'ee/lib/ee/gitlab/git_access.rb'
    - 'ee/lib/ee/gitlab/gitaly_client/with_feature_flag_actors.rb'
    - 'ee/lib/ee/gitlab/import_export/after_export_strategies/custom_template_export_import_strategy.rb'
    - 'ee/lib/ee/gitlab/issuable_metadata.rb'
    - 'ee/lib/ee/gitlab/security/scan_configuration.rb'
    - 'ee/lib/ee/gitlab/web_hooks/rate_limiter.rb'
    - 'ee/lib/ee/sidebars/groups/menus/issues_menu.rb'
    - 'ee/lib/ee/sidebars/groups/menus/settings_menu.rb'
    - 'ee/lib/elastic/multi_version_util.rb'
    - 'ee/lib/gitlab/auth/group_saml/auth_hash.rb'
    - 'ee/lib/gitlab/auth/group_saml/membership_updater.rb'
    - 'ee/lib/gitlab/auth/group_saml/user.rb'
    - 'ee/lib/gitlab/auth/saml/membership_updater.rb'
    - 'ee/lib/gitlab/auth/smartcard/certificate.rb'
    - 'ee/lib/gitlab/ci/minutes/build_consumption.rb'
    - 'ee/lib/gitlab/ci/minutes/cached_quota.rb'
    - 'ee/lib/gitlab/ci/minutes/gitlab_contribution_cost_factor.rb'
    - 'ee/lib/gitlab/ci/minutes/runners_availability.rb'
    - 'ee/lib/gitlab/ci/parsers/security/container_scanning.rb'
    - 'ee/lib/gitlab/ci/project_config/compliance.rb'
    - 'ee/lib/gitlab/ci/reports/license_scanning/reports_comparer.rb'
    - 'ee/lib/gitlab/ci/reports/metrics/reports_comparer.rb'
    - 'ee/lib/gitlab/code_owners/entry.rb'
    - 'ee/lib/gitlab/code_owners/loader.rb'
    - 'ee/lib/gitlab/custom_file_templates.rb'
    - 'ee/lib/gitlab/elastic/document_reference.rb'
    - 'ee/lib/gitlab/elastic/indexer.rb'
    - 'ee/lib/gitlab/elastic/project_search_results.rb'
    - 'ee/lib/gitlab/elastic/search_results.rb'
    - 'ee/lib/gitlab/expiring_subscription_message.rb'
    - 'ee/lib/gitlab/geo/health_check.rb'
    - 'ee/lib/gitlab/geo/jwt_request_decoder.rb'
    - 'ee/lib/gitlab/geo/oauth/logout_state.rb'
    - 'ee/lib/gitlab/geo/oauth/logout_token.rb'
    - 'ee/lib/gitlab/geo/oauth/session.rb'
    - 'ee/lib/gitlab/geo/replication/blob_retriever.rb'
    - 'ee/lib/gitlab/graphql/aggregations/epics/epic_node.rb'
    - 'ee/lib/gitlab/ingestion/bulk_insertable_task.rb'
    - 'ee/lib/gitlab/ingestion/bulk_updatable_task.rb'
    - 'ee/lib/gitlab/insights/finders/issuable_finder.rb'
    - 'ee/lib/gitlab/insights/finders/projects_finder.rb'
    - 'ee/lib/gitlab/manual_quarterly_co_term_banner.rb'
    - 'ee/lib/gitlab/return_to_location.rb'
    - 'ee/lib/gitlab_subscriptions/upcoming_reconciliation_entity.rb'
    - 'ee/lib/incident_management/oncall_shift_generator.rb'
    - 'ee/lib/sidebars/groups/menus/analytics_menu.rb'
    - 'ee/lib/sidebars/groups/menus/epics_menu.rb'
    - 'ee/lib/world.rb'
    - 'lib/api/api_guard.rb'
    - 'lib/api/ci/helpers/runner.rb'
    - 'lib/api/ci/pipelines.rb'
    - 'lib/api/commit_statuses.rb'
    - 'lib/api/composer_packages.rb'
    - 'lib/api/container_repositories.rb'
    - 'lib/api/entities/basic_project_details.rb'
    - 'lib/api/helpers/authentication.rb'
    - 'lib/api/helpers/packages/basic_auth_helpers.rb'
    - 'lib/api/helpers/packages/conan/api_helpers.rb'
    - 'lib/api/helpers/packages/npm.rb'
    - 'lib/api/helpers/packages_helpers.rb'
    - 'lib/api/terraform/modules/v1/packages.rb'
    - 'lib/api/unleash.rb'
    - 'lib/atlassian/jira_connect/jwt/asymmetric.rb'
    - 'lib/atlassian/jira_connect/jwt/symmetric.rb'
    - 'lib/banzai/filter/base_sanitization_filter.rb'
    - 'lib/banzai/filter/custom_emoji_filter.rb'
    - 'lib/banzai/filter/inline_metrics_redactor_filter.rb'
    - 'lib/banzai/filter/issuable_reference_expansion_filter.rb'
    - 'lib/banzai/filter/references/reference_cache.rb'
    - 'lib/banzai/filter/repository_link_filter.rb'
    - 'lib/bulk_imports/pipeline.rb'
    - 'lib/bulk_imports/users_mapper.rb'
    - 'lib/container_registry/client.rb'
    - 'lib/container_registry/gitlab_api_client.rb'
    - 'lib/container_registry/tag.rb'
    - 'lib/gitlab/alert_management/alert_status_counts.rb'
    - 'lib/gitlab/alert_management/payload/base.rb'
    - 'lib/gitlab/alert_management/payload/managed_prometheus.rb'
    - 'lib/gitlab/analytics/cycle_analytics/aggregated/data_collector.rb'
    - 'lib/gitlab/analytics/cycle_analytics/aggregated/records_fetcher.rb'
    - 'lib/gitlab/analytics/cycle_analytics/average.rb'
    - 'lib/gitlab/analytics/cycle_analytics/data_collector.rb'
    - 'lib/gitlab/analytics/cycle_analytics/records_fetcher.rb'
    - 'lib/gitlab/analytics/cycle_analytics/request_params.rb'
    - 'lib/gitlab/application_context.rb'
    - 'lib/gitlab/auth/atlassian/identity_linker.rb'
    - 'lib/gitlab/auth/auth_finders.rb'
    - 'lib/gitlab/auth/ip_rate_limiter.rb'
    - 'lib/gitlab/auth/key_status_checker.rb'
    - 'lib/gitlab/auth/otp/strategies/forti_token_cloud.rb'
    - 'lib/gitlab/auth/request_authenticator.rb'
    - 'lib/gitlab/background_migration/legacy_upload_mover.rb'
    - 'lib/gitlab/bare_repository_import/repository.rb'
    - 'lib/gitlab/blob_helper.rb'
    - 'lib/gitlab/cache/ci/project_pipeline_status.rb'
    - 'lib/gitlab/chat/command.rb'
    - 'lib/gitlab/checks/changes_access.rb'
    - 'lib/gitlab/checks/diff_check.rb'
    - 'lib/gitlab/ci/artifacts/metrics.rb'
    - 'lib/gitlab/ci/build/auto_retry.rb'
    - 'lib/gitlab/ci/build/cache.rb'
    - 'lib/gitlab/ci/build/context/base.rb'
    - 'lib/gitlab/ci/build/context/global.rb'
    - 'lib/gitlab/ci/build/prerequisite/kubernetes_namespace.rb'
    - 'lib/gitlab/ci/build/rules/rule/clause/changes.rb'
    - 'lib/gitlab/ci/config/entry/product/matrix.rb'
    - 'lib/gitlab/ci/config/entry/root.rb'
    - 'lib/gitlab/ci/config/extendable/entry.rb'
    - 'lib/gitlab/ci/config/external/context.rb'
    - 'lib/gitlab/ci/config/external/file/artifact.rb'
    - 'lib/gitlab/ci/config/external/file/base.rb'
    - 'lib/gitlab/ci/config/external/file/local.rb'
    - 'lib/gitlab/ci/config/external/file/project.rb'
    - 'lib/gitlab/ci/config/external/file/remote.rb'
    - 'lib/gitlab/ci/config/external/file/template.rb'
    - 'lib/gitlab/ci/config/normalizer.rb'
    - 'lib/gitlab/ci/config/normalizer/factory.rb'
    - 'lib/gitlab/ci/pipeline/chain/command.rb'
    - 'lib/gitlab/ci/pipeline/chain/config/content.rb'
    - 'lib/gitlab/ci/pipeline/chain/create.rb'
    - 'lib/gitlab/ci/pipeline/chain/evaluate_workflow_rules.rb'
    - 'lib/gitlab/ci/pipeline/chain/limit/active_jobs.rb'
    - 'lib/gitlab/ci/pipeline/chain/limit/rate_limit.rb'
    - 'lib/gitlab/ci/pipeline/chain/seed.rb'
    - 'lib/gitlab/ci/pipeline/chain/skip.rb'
    - 'lib/gitlab/ci/pipeline/expression/lexer.rb'
    - 'lib/gitlab/ci/pipeline/quota/deployments.rb'
    - 'lib/gitlab/ci/pipeline/seed/processable/resource_group.rb'
    - 'lib/gitlab/ci/project_config/auto_devops.rb'
    - 'lib/gitlab/ci/project_config/external_project.rb'
    - 'lib/gitlab/ci/project_config/parameter.rb'
    - 'lib/gitlab/ci/project_config/remote.rb'
    - 'lib/gitlab/ci/project_config/repository.rb'
    - 'lib/gitlab/ci/project_config/source.rb'
    - 'lib/gitlab/ci/reports/accessibility_reports_comparer.rb'
    - 'lib/gitlab/ci/reports/codequality_reports_comparer.rb'
    - 'lib/gitlab/ci/reports/security/locations/base.rb'
    - 'lib/gitlab/ci/reports/test_reports_comparer.rb'
    - 'lib/gitlab/ci/reports/test_suite_comparer.rb'
    - 'lib/gitlab/ci/reports/test_suite_summary.rb'
    - 'lib/gitlab/ci/status/composite.rb'
    - 'lib/gitlab/ci/tags/bulk_insert.rb'
    - 'lib/gitlab/ci/trace.rb'
    - 'lib/gitlab/ci/trace/archive.rb'
    - 'lib/gitlab/ci/trace/checksum.rb'
    - 'lib/gitlab/ci/trace/remote_checksum.rb'
    - 'lib/gitlab/ci/variables/builder.rb'
    - 'lib/gitlab/ci/variables/builder/group.rb'
    - 'lib/gitlab/ci/variables/builder/release.rb'
    - 'lib/gitlab/ci/variables/collection/item.rb'
    - 'lib/gitlab/ci/variables/collection/sort.rb'
    - 'lib/gitlab/cleanup/orphan_job_artifact_files.rb'
    - 'lib/gitlab/cleanup/orphan_job_artifact_files_batch.rb'
    - 'lib/gitlab/code_navigation_path.rb'
    - 'lib/gitlab/config/entry/composable_array.rb'
    - 'lib/gitlab/config/loader/yaml.rb'
    - 'lib/gitlab/conflict/file.rb'
    - 'lib/gitlab/database/background_migration/health_status/indicators/write_ahead_log.rb'
    - 'lib/gitlab/database/bulk_update.rb'
    - 'lib/gitlab/database/load_balancing/srv_resolver.rb'
    - 'lib/gitlab/database/metrics.rb'
    - 'lib/gitlab/database/postgres_index.rb'
    - 'lib/gitlab/diff/char_diff.rb'
    - 'lib/gitlab/diff/file.rb'
    - 'lib/gitlab/diff/file_collection/base.rb'
    - 'lib/gitlab/diff/file_collection/merge_request_diff_base.rb'
    - 'lib/gitlab/diff/highlight_cache.rb'
    - 'lib/gitlab/diff/lines_unfolder.rb'
    - 'lib/gitlab/diff/rendered/notebook/diff_file.rb'
    - 'lib/gitlab/diff/stats_cache.rb'
    - 'lib/gitlab/diff/suggestion.rb'
    - 'lib/gitlab/discussions_diff/file_collection.rb'
    - 'lib/gitlab/email/handler/service_desk_handler.rb'
    - 'lib/gitlab/email/receiver.rb'
    - 'lib/gitlab/external_authorization/response.rb'
    - 'lib/gitlab/gfm/reference_rewriter.rb'
    - 'lib/gitlab/gfm/uploads_rewriter.rb'
    - 'lib/gitlab/git/commit.rb'
    - 'lib/gitlab/git/diff_stats_collection.rb'
    - 'lib/gitlab/git/merge_base.rb'
    - 'lib/gitlab/git/push.rb'
    - 'lib/gitlab/git/repository.rb'
    - 'lib/gitlab/git/wiki_page_version.rb'
    - 'lib/gitlab/git_access.rb'
    - 'lib/gitlab/git_access_project.rb'
    - 'lib/gitlab/gitaly_client/with_feature_flag_actors.rb'
    - 'lib/gitlab/github_import/client.rb'
    - 'lib/gitlab/github_import/representation/diff_notes/suggestion_formatter.rb'
    - 'lib/gitlab/gl_repository/identifier.rb'
    - 'lib/gitlab/gpg/commit.rb'
    - 'lib/gitlab/graphql/lazy.rb'
    - 'lib/gitlab/graphql/pagination/keyset/connection.rb'
    - 'lib/gitlab/import_export/base/relation_factory.rb'
    - 'lib/gitlab/import_export/base/relation_object_saver.rb'
    - 'lib/gitlab/import_export/decompressed_archive_size_validator.rb'
    - 'lib/gitlab/import_export/fast_hash_serializer.rb'
    - 'lib/gitlab/import_export/group/tree_restorer.rb'
    - 'lib/gitlab/import_export/importer.rb'
    - 'lib/gitlab/import_export/json/legacy_reader.rb'
    - 'lib/gitlab/import_export/lfs_restorer.rb'
    - 'lib/gitlab/import_export/project/sample/date_calculator.rb'
    - 'lib/gitlab/import_export/project/tree_restorer.rb'
    - 'lib/gitlab/inactive_projects_deletion_warning_tracker.rb'
    - 'lib/gitlab/instrumentation/redis_base.rb'
    - 'lib/gitlab/instrumentation/redis_payload.rb'
    - 'lib/gitlab/issuable_metadata.rb'
    - 'lib/gitlab/jwt_authenticatable.rb'
    - 'lib/gitlab/kubernetes/deployment.rb'
    - 'lib/gitlab/kubernetes/ingress.rb'
    - 'lib/gitlab/kubernetes/rollout_instances.rb'
    - 'lib/gitlab/language_data.rb'
    - 'lib/gitlab/lets_encrypt/client.rb'
    - 'lib/gitlab/metrics/dashboard/stages/grafana_formatter.rb'
    - 'lib/gitlab/metrics/dashboard/url.rb'
    - 'lib/gitlab/metrics/prometheus.rb'
    - 'lib/gitlab/pages/cache_control.rb'
    - 'lib/gitlab/prometheus_client.rb'
    - 'lib/gitlab/rack_attack/request.rb'
    - 'lib/gitlab/redis/multi_store.rb'
    - 'lib/gitlab/relative_positioning/ending_at.rb'
    - 'lib/gitlab/relative_positioning/item_context.rb'
    - 'lib/gitlab/relative_positioning/starting_from.rb'
    - 'lib/gitlab/request_context.rb'
    - 'lib/gitlab/search/found_blob.rb'
    - 'lib/gitlab/serverless/service.rb'
    - 'lib/gitlab/sidekiq_middleware/duplicate_jobs/duplicate_job.rb'
    - 'lib/gitlab/sidekiq_middleware/duplicate_jobs/strategies/deduplicates_when_scheduling.rb'
    - 'lib/gitlab/sidekiq_queue.rb'
    - 'lib/gitlab/signed_commit.rb'
    - 'lib/gitlab/ssh/signature.rb'
    - 'lib/gitlab/suggestions/file_suggestion.rb'
    - 'lib/gitlab/task_helpers.rb'
    - 'lib/gitlab/template/gitlab_ci_yml_template.rb'
    - 'lib/gitlab/tracking/destinations/snowplow_micro.rb'
    - 'lib/gitlab/usage_data.rb'
    - 'lib/gitlab/web_hooks/rate_limiter.rb'
    - 'lib/gitlab/web_ide/config/entry/terminal.rb'
    - 'lib/gitlab/webpack/graphql_known_operations.rb'
    - 'lib/gitlab/webpack/manifest.rb'
    - 'lib/gitlab/wiki_pages/front_matter_parser.rb'
    - 'lib/gitlab/x509/signature.rb'
    - 'lib/gitlab/x509/tag.rb'
    - 'lib/grafana/time_window.rb'
    - 'lib/object_storage/direct_upload.rb'
    - 'lib/safe_zip/extract_params.rb'
    - 'lib/sidebars/groups/menus/issues_menu.rb'
    - 'lib/sidebars/groups/menus/merge_requests_menu.rb'
    - 'lib/sidebars/projects/menus/analytics_menu.rb'
    - 'lib/sidebars/projects/menus/issues_menu.rb'
    - 'lib/unnested_in_filters/rewriter.rb'
    - 'tooling/graphql/docs/helper.rb'
--- a/.rubocop_todo/gitlab_security/public_send.yml
+++ b/.rubocop_todo/gitlab_security/public_send.yml
@ -0,0 +1,9 @@
 ---
 GitlabSecurity/PublicSend:
  Details: grace period
  Exclude:
    - 'ee/app/helpers/push_rules_helper.rb'
    - 'ee/app/models/ee/namespace_setting.rb'
    - 'ee/app/models/ee/project.rb'
    - 'ee/app/models/push_rule.rb'
    - 'lib/gitlab/diff/file.rb'
--- a/.rubocop_todo/graphql/argument_uniqueness.yml
+++ b/.rubocop_todo/graphql/argument_uniqueness.yml
@ -1,4 +1,4 @@
 ---
 GraphQL/ArgumentUniqueness:
  Exclude:
-    - app/graphql/resolvers/merge_requests_resolver.rb
+    - 'app/graphql/resolvers/merge_requests_resolver.rb'
--- a/.rubocop_todo/graphql/descriptions.yml
+++ b/.rubocop_todo/graphql/descriptions.yml
@ -0,0 +1,90 @@
 ---
 # Cop supports --autocorrect.
 Graphql/Descriptions:
  Details: grace period
  Exclude:
    - 'app/graphql/resolvers/admin/analytics/usage_trends/measurements_resolver.rb'
    - 'app/graphql/resolvers/alert_management/alert_resolver.rb'
    - 'app/graphql/resolvers/concerns/issues/sort_arguments.rb'
    - 'app/graphql/resolvers/concerns/resolves_pipelines.rb'
    - 'app/graphql/resolvers/container_repositories_resolver.rb'
    - 'app/graphql/resolvers/design_management/design_at_version_resolver.rb'
    - 'app/graphql/resolvers/group_packages_resolver.rb'
    - 'app/graphql/resolvers/issues/base_parent_resolver.rb'
    - 'app/graphql/resolvers/issues/base_resolver.rb'
    - 'app/graphql/resolvers/issues_resolver.rb'
    - 'app/graphql/resolvers/merge_requests_resolver.rb'
    - 'app/graphql/resolvers/milestones_resolver.rb'
    - 'app/graphql/resolvers/namespace_projects_resolver.rb'
    - 'app/graphql/resolvers/packages_base_resolver.rb'
    - 'app/graphql/resolvers/users_resolver.rb'
    - 'app/graphql/resolvers/work_items_resolver.rb'
    - 'app/graphql/types/alert_management/alert_type.rb'
    - 'app/graphql/types/award_emojis/award_emoji_type.rb'
    - 'app/graphql/types/board_list_type.rb'
    - 'app/graphql/types/branch_protections/base_access_level_type.rb'
    - 'app/graphql/types/branch_rules/branch_protection_type.rb'
    - 'app/graphql/types/ci/job_token_scope_type.rb'
    - 'app/graphql/types/ci/pipeline_type.rb'
    - 'app/graphql/types/ci/runner_status_enum.rb'
    - 'app/graphql/types/ci/runner_type.rb'
    - 'app/graphql/types/ci/runner_web_url_edge.rb'
    - 'app/graphql/types/ci/status_action_type.rb'
    - 'app/graphql/types/clusters/agent_token_type.rb'
    - 'app/graphql/types/clusters/agent_type.rb'
    - 'app/graphql/types/container_expiration_policy_type.rb'
    - 'app/graphql/types/container_repository_tag_type.rb'
    - 'app/graphql/types/container_repository_type.rb'
    - 'app/graphql/types/deployment_tag_type.rb'
    - 'app/graphql/types/design_management/design_at_version_type.rb'
    - 'app/graphql/types/design_management/design_fields.rb'
    - 'app/graphql/types/diff_stats_type.rb'
    - 'app/graphql/types/event_type.rb'
    - 'app/graphql/types/group_type.rb'
    - 'app/graphql/types/issue_type.rb'
    - 'app/graphql/types/issues/negated_issue_filter_input_type.rb'
    - 'app/graphql/types/label_type.rb'
    - 'app/graphql/types/merge_request_type.rb'
    - 'app/graphql/types/merge_requests/interacts_with_merge_request.rb'
    - 'app/graphql/types/milestone_sort_enum.rb'
    - 'app/graphql/types/milestone_type.rb'
    - 'app/graphql/types/namespace/package_settings_type.rb'
    - 'app/graphql/types/notes/discussion_type.rb'
    - 'app/graphql/types/notes/note_type.rb'
    - 'app/graphql/types/notes/noteable_interface.rb'
    - 'app/graphql/types/packages/cleanup/policy_type.rb'
    - 'app/graphql/types/packages/package_details_type.rb'
    - 'app/graphql/types/project_type.rb'
    - 'app/graphql/types/projects/branch_rule_type.rb'
    - 'app/graphql/types/release_links_type.rb'
    - 'app/graphql/types/repository/blob_type.rb'
    - 'app/graphql/types/snippet_type.rb'
    - 'app/graphql/types/terraform/state_version_type.rb'
    - 'app/graphql/types/todo_type.rb'
    - 'app/graphql/types/todoable_interface.rb'
    - 'app/graphql/types/user_interface.rb'
    - 'app/graphql/types/user_merge_request_interaction_type.rb'
    - 'ee/app/graphql/ee/types/branch_protections/base_access_level_type.rb'
    - 'ee/app/graphql/ee/types/branch_rules/branch_protection_type.rb'
    - 'ee/app/graphql/ee/types/issue_type.rb'
    - 'ee/app/graphql/ee/types/merge_request_type.rb'
    - 'ee/app/graphql/ee/types/projects/branch_rule_type.rb'
    - 'ee/app/graphql/ee/types/user_merge_request_interaction_type.rb'
    - 'ee/app/graphql/resolvers/epics_resolver.rb'
    - 'ee/app/graphql/types/access_levels/user_type.rb'
    - 'ee/app/graphql/types/boards/epic_list_type.rb'
    - 'ee/app/graphql/types/branch_rules/approval_project_rule_type.rb'
    - 'ee/app/graphql/types/burnup_chart_daily_totals_type.rb'
    - 'ee/app/graphql/types/ci/namespace_ci_cd_setting_type.rb'
    - 'ee/app/graphql/types/compliance_management/compliance_framework_input_type.rb'
    - 'ee/app/graphql/types/compliance_management/merge_requests/compliance_violation_input_type.rb'
    - 'ee/app/graphql/types/epic_descendant_weight_sum_type.rb'
    - 'ee/app/graphql/types/epic_type.rb'
    - 'ee/app/graphql/types/geo/geo_node_type.rb'
    - 'ee/app/graphql/types/iterations/cadence_type.rb'
    - 'ee/app/graphql/types/network_policy_type.rb'
    - 'ee/app/graphql/types/path_lock_type.rb'
    - 'ee/app/graphql/types/security_orchestration/group_security_policy_source_type.rb'
    - 'ee/app/graphql/types/security_orchestration/orchestration_policy_type.rb'
    - 'ee/app/graphql/types/vulnerability_type.rb'
    - 'ee/app/graphql/types/vulnerable_projects_by_grade_type.rb'
--- a/.rubocop_todo/graphql/field_definitions.yml
+++ b/.rubocop_todo/graphql/field_definitions.yml
@ -1,4 +1,5 @@
 ---
 # Cop supports --autocorrect.
 GraphQL/FieldDefinitions:
  Exclude:
-  - ee/app/graphql/types/vulnerability_type.rb
+    - 'ee/app/graphql/types/vulnerability_type.rb'
--- a/.rubocop_todo/graphql/field_hash_key.yml
+++ b/.rubocop_todo/graphql/field_hash_key.yml
@ -1,7 +1,5 @@
 ---
 # Cop supports --autocorrect.
 GraphQL/FieldHashKey:
  Exclude:
-  - app/graphql/types/ci/config/job_type.rb
+    - 'app/graphql/types/error_tracking/sentry_error_stack_trace_entry_type.rb'
  - app/graphql/types/ci/status_action_type.rb
  - app/graphql/types/error_tracking/sentry_error_stack_trace_entry_type.rb
  - app/graphql/types/packages/helm/dependency_type.rb
--- a/.rubocop_todo/graphql/field_method.yml
+++ b/.rubocop_todo/graphql/field_method.yml
@ -1,4 +1,5 @@
 ---
 # Cop supports --autocorrect.
 GraphQL/FieldMethod:
  Exclude:
-  - app/graphql/types/packages/package_details_type.rb
+    - 'app/graphql/types/packages/package_details_type.rb'
--- a/.rubocop_todo/graphql/ordered_fields.yml
+++ b/.rubocop_todo/graphql/ordered_fields.yml
@ -1,12 +0,0 @@
 ---
 GraphQL/OrderedFields:
  Exclude:
  - app/graphql/types/ci/runner_type.rb
  - app/graphql/types/container_repository_type.rb
  - app/graphql/types/dependency_proxy/manifest_type.rb
  - app/graphql/types/merge_request_type.rb
  - app/graphql/types/project_statistics_type.rb
  - app/graphql/types/release_type.rb
  - app/graphql/types/root_storage_statistics_type.rb
  - ee/app/graphql/types/scan_type.rb
  - ee/app/graphql/types/timebox_report_type.rb
--- a/.rubocop_todo/graphql/resolver_method_length.yml
+++ b/.rubocop_todo/graphql/resolver_method_length.yml
@ -1,6 +1,6 @@
 ---
 GraphQL/ResolverMethodLength:
  Exclude:
-  - app/graphql/types/ci/detailed_status_type.rb
+    - 'app/graphql/types/ci/detailed_status_type.rb'
-  - app/graphql/types/ci/runner_type.rb
+    - 'app/graphql/types/ci/runner_type.rb'
-  - app/graphql/types/ci/stage_type.rb
+    - 'app/graphql/types/ci/stage_type.rb'
--- a/Show more
+++ b/Show more
`@ -21,4 +21,4 @@ Please read the below documentations for a workflow of triaging and resolving br`

	`Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.`	`Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.`

	`/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1"`	`/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1" ~"type::maintenance" ~"maintenance::pipelines"`
`@ -50,4 +50,4 @@ _NOTE: This section is optional, but can be used for easy access to any relevant`



	`/label ~"group::pipeline authoring" ~"Category:Pipeline Authoring" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"`	`/label ~"group::pipeline authoring" ~"Category:Pipeline Composition" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"`
		`@ -0,0 +1,2 @@`
							`7e07fe42d34916b276a7b068f4faa8bdc0ebc984:doc/architecture/blueprints/runner_tokens/index.md:gitlab-rrt:485`
							`f6504b498548380198ad38295d9caa71412115f0:doc/architecture/blueprints/runner_tokens/index.md:generic-api-key:506`