35753 changed files with 978629 additions and 2655322 deletions
--- a/.csscomb.json
+++ b/.csscomb.json
@ -0,0 +1,20 @@
 {
  "exclude": [
    "app/assets/stylesheets/framework/tw_bootstrap_variables.scss",
    "app/assets/stylesheets/framework/fonts.scss"
  ],
  "always-semicolon": true,
  "color-case": "lower",
  "block-indent": "  ",
  "color-shorthand": false,
  "element-case": "lower",
  "space-before-colon": "",
  "space-after-colon": " ",
  "space-before-combinator": " ",
  "space-after-combinator": " ",
  "space-between-declarations": "\n",
  "space-before-opening-brace": " ",
  "space-after-opening-brace": "\n",
  "space-before-closing-brace": "\n",
  "unitless-zero": true
 }
--- a/.dockerignore
+++ b/.dockerignore
@ -49,6 +49,7 @@
 /lib/registry/
 /lib/policy/
 /lib/feature/
 /lib/flowdock/
 /lib/generators/
 /lib/gitaly/
 /lib/api/
--- a/.editorconfig
+++ b/.editorconfig
@ -17,18 +17,5 @@ charset = utf-8
 [*.{md,markdown,js.snap}]
 trim_trailing_whitespace = false
 [doc/**/*.md]
 trim_trailing_whitespace = true
 [*.rb]
 max_line_length = 120
 # Don't apply editorconfig rules to vendor/ resources
 [vendor/**]
 charset = unset
 end_of_line = unset
 indent_size = unset
 indent_style = unset
 insert_final_newline = unset
 trim_trailing_whitespace = unset
 max_line_length = unset
--- a/.eslintignore
+++ b/.eslintignore
@ -8,6 +8,4 @@
 /vendor/
 /sitespeed-result/
 /fixtures/**/*.graphql
 # Storybook build artifacts
 /storybook/public
 spec/fixtures/**/*.graphql
--- a/.eslintrc.yml
+++ b/.eslintrc.yml
@ -3,7 +3,6 @@ extends:
  - plugin:@gitlab/i18n
  - plugin:no-jquery/slim
  - plugin:no-jquery/deprecated-3.4
  - plugin:no-unsanitized/DOM
  - ./tooling/eslint-config/conditionally_ignore.js
 globals:
  __webpack_public_path__: true
@ -54,6 +53,7 @@ rules:
      - '^$'
      - '^variables$'
      - 'attrs?$'
  '@gitlab/vue-prefer-dollar-scopedslots': error
  no-param-reassign:
    - error
    - props: true
@ -75,8 +75,6 @@ rules:
        - sibling
        - index
      pathGroups:
        - pattern: '@sentry/browser'
          group: external
        - pattern: ~/**
          group: internal
        - pattern: emojis/**
@ -115,32 +113,16 @@ rules:
    - error
    - selector: ImportSpecifier[imported.name='GlSkeletonLoading']
      message: 'Migrate to GlSkeletonLoader, or import GlDeprecatedSkeletonLoading.'
    - selector: ImportSpecifier[imported.name='GlSafeHtmlDirective']
      message: 'Use directive at ~/vue_shared/directives/safe_html.js instead.'
  no-restricted-imports:
    - error
    - paths:
        - name: mousetrap
          message: 'Import { Mousetrap } from ~/lib/mousetrap instead.'
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/360551
  vue/multi-word-component-names: off
  unicorn/prefer-dom-node-dataset:
    - error
  no-unsanitized/method:
    - error
    - escape:
        methods: 'sanitize'
  no-unsanitized/property:
    - error
    - escape:
        methods: 'sanitize'
 overrides:
  - files:
    - '{,ee/,jh/}spec/frontend*/**/*'
    rules:
      '@gitlab/require-i18n-strings': off
      '@gitlab/no-runtime-template-compiler': off
      'require-await': error
      'import/no-dynamic-require': off
      'no-import-assign': off
      'no-restricted-syntax':
@ -153,10 +135,6 @@ overrides:
          message: 'Prefer explicit waitForPromises (or equivalent), or jest.runAllTimers (or equivalent) to vague setImmediate calls.'
        - selector: ImportSpecifier[imported.name='GlSkeletonLoading']
          message: 'Migrate to GlSkeletonLoader, or import GlDeprecatedSkeletonLoading.'
        - selector: CallExpression[arguments.length=1][arguments.0.type='Literal'] CallExpression[callee.property.name='toBe'] CallExpression[callee.property.name='attributes'][arguments.length=1][arguments.0.value='disabled']
          message: Avoid asserting disabled attribute exact value, because Vue.js 2 and Vue.js 3 renders it differently. Use toBeDefined / toBeUndefined instead
      no-unsanitized/method: off
      no-unsanitized/property: off
  - files:
      - 'config/**/*'
      - 'scripts/**/*'
@ -175,14 +153,14 @@ overrides:
      - '*.stories.js'
    rules:
      filenames/match-regex: off
      '@gitlab/require-i18n-strings': off
  - files:
      - '*.graphql'
    plugins:
      - '@graphql-eslint'
    parserOptions:
      parser: '@graphql-eslint/eslint-plugin'
-      operations: '{,ee/,jh/}app/**/*.graphql'
+      operations:
        - '{,ee/,jh/}app/**/*.graphql'
      schema: './tmp/tests/graphql/gitlab_schema_apollo.graphql'
    rules:
      filenames/match-regex: off
@ -196,10 +174,3 @@ overrides:
      '@graphql-eslint/no-anonymous-operations': error
      '@graphql-eslint/unique-operation-name': error
      '@graphql-eslint/require-id-when-available': error
      '@graphql-eslint/no-unused-variables': error
      '@graphql-eslint/no-unused-fragments': error
      '@graphql-eslint/no-duplicate-fields': error
  - files:
      - '{,ee/}spec/contracts/consumer/**/*'
    rules:
      '@gitlab/require-i18n-strings': off
--- a/.gitattributes
+++ b/.gitattributes
@ -1,4 +1,5 @@
 VERSION merge=ours
 Dangerfile gitlab-language=ruby
 *.pdf filter=lfs diff=lfs merge=lfs -text
 *.rb diff=ruby
 workhorse/testdata/*.pdf -filter -diff -merge
--- a/.gitignore
+++ b/.gitignore
@ -42,7 +42,6 @@ eslint-report.html
 /config/initializers/relative_url.rb
 /config/resque.yml
 /config/redis.*.yml
 /config/redis.yml
 /config/unicorn.rb
 /config/puma.rb
 /config/secrets.yml
@ -69,18 +68,16 @@ eslint-report.html
 /rails_best_practices_output.html
 /tags
 /vendor/bundle/*
-/vendor/package_metadata_db/
+/vendor/gitaly-ruby
 /builds*
 /.gitlab_workhorse_secret
 /.gitlab_pages_secret
 /.gitlab_kas_secret
 /.gitlab_suggested_reviewers_secret
 /webpack-report/
 /crystalball/
 /test_results/
 /deprecations/
 /knapsack/
 /query_recorder/
 /rspec_flaky/
 /rspec/
 /locale/**/LC_MESSAGES
@ -93,11 +90,15 @@ package-lock.json
 /coverage-frontend/
 jsdoc/
 **/tmp/rubocop_cache/**
 .overcommit.yml
 .overcommit.yml.backup
 .projections.json
 /qa/.rakeTasks
 webpack-dev-server.json
 /.nvimrc
 .solargraph.yml
 /tmp/matching_foss_tests.txt
 /tmp/matching_tests.txt
 ee/changelogs/unreleased-ee
 /sitespeed-result
 tags.lock
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,6 +1,5 @@
 stages:
  - sync
  - preflight
  - prepare
  - build-images
  - fixtures
@ -12,7 +11,6 @@ stages:
  - post-qa
  - pages
  - notify
  - release-environments
 # always use `gitlab-org` runners, however
 # in cases where jobs require Docker-in-Docker, the job
@ -26,27 +24,10 @@ default:
  # Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
  timeout: 90m
 .default-ruby-variables: &default-ruby-variables
  RUBY_VERSION: "3.0"
  OMNIBUS_GITLAB_RUBY3_BUILD: "true"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY3"
 .backcompat-ruby-variables: &backcompat-ruby-variables
  RUBY_VERSION: "2.7"
  OMNIBUS_GITLAB_RUBY2_BUILD: "true"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB_RUBY2"
 .default-branch-pipeline-failure-variables: &default-branch-pipeline-failure-variables
  CREATE_ISSUES_FOR_FAILING_TESTS: "true"
 workflow:
  name: '$PIPELINE_NAME'
  rules:
    # If `$FORCE_GITLAB_CI` is set, create a pipeline.
    - if: '$FORCE_GITLAB_CI'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION forced pipeline'
    # As part of the process of creating RCs automatically, we update stable
    # branches with the changes of the most recent production deployment. The
    # merge requests used for this merge a branch release-tools/X into a stable
@ -54,152 +35,120 @@ workflow:
    # they serve no purpose and will run anyway when the changes are merged.
    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^release-tools\/\d+\.\d+\.\d+-rc\d+$/ && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^[\d-]+-stable(-ee)?$/ && $CI_PROJECT_PATH == "gitlab-org/gitlab"'
      when: never
-    # For merge requests running exclusively in Ruby 2.7
+    # For merged result pipelines, set $QA_IMAGE, since $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA is only available for merged result pipelines.
-    - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby2/'
+    # AND
    # For merge requests running exclusively in Ruby 3.0
    - if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train") && $CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/'
      variables:
-        <<: *backcompat-ruby-variables
+        QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}"
-        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline'
+        RUBY_VERSION: "3.0"
-        NO_SOURCEMAPS: 'true'
+    # For merged result pipelines, set $QA_IMAGE, since $CI_MERGE_REQUEST_SOURCE_BRANCH_SHA is only available for merged result pipelines.
-    - if: '$CI_MERGE_REQUEST_LABELS =~ /Community contribution/'
+    - if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "merge_train")'
      variables:
-        <<: *default-ruby-variables
+        QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA}"
-        GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
+    # For merge requests running exclusively in Ruby 3.0
-        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline (community contribution)'
+    - if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-in-ruby3/'
-        NO_SOURCEMAPS: 'true'
+      variables:
        RUBY_VERSION: "3.0"
    # For (detached) merge request pipelines.
    - if: '$CI_MERGE_REQUEST_IID'
    # For the maintenance scheduled pipelines, we set specific variables.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "maintenance"'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_MERGE_REQUEST_EVENT_TYPE MR pipeline'
        NO_SOURCEMAPS: 'true'
    # For the scheduled pipelines, we set specific variables.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule"'
      variables:
        <<: *default-ruby-variables
        <<: *default-branch-pipeline-failure-variables
        CRYSTALBALL: "true"
        PIPELINE_NAME: 'Scheduled Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
    # Run pipelines for ruby2 branch
    - if: '$CI_COMMIT_BRANCH == "ruby2" && $CI_PIPELINE_SOURCE == "schedule"'
      variables:
        <<: *backcompat-ruby-variables
        PIPELINE_NAME: 'Scheduled Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
    # This work around https://gitlab.com/gitlab-org/gitlab/-/issues/332411 whichs prevents usage of dependency proxy
    # when pipeline is triggered by a project access token.
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $GITLAB_USER_LOGIN =~ /project_\d+_bot\d*/'
      variables:
        <<: *default-ruby-variables
        <<: *default-branch-pipeline-failure-variables
        GITLAB_DEPENDENCY_PROXY_ADDRESS: ""
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline (triggered by a project token)'
    # For `$CI_DEFAULT_BRANCH` branch, create a pipeline (this includes on schedules, pushes, merges, etc.).
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
      variables:
        <<: *default-ruby-variables
        <<: *default-branch-pipeline-failure-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
    # For tags, create a pipeline.
    - if: '$CI_COMMIT_TAG'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_TAG tag pipeline'
    # If `$GITLAB_INTERNAL` isn't set, don't create a pipeline.
    - if: '$GITLAB_INTERNAL == null'
      when: never
    # For stable, auto-deploy, and security branches, create a pipeline.
    - if: '$CI_COMMIT_BRANCH =~ /^[\d-]+-stable(-ee)?$/'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
    - if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
    - if: '$CI_COMMIT_BRANCH =~ /^security\//'
      variables:
        <<: *default-ruby-variables
        PIPELINE_NAME: 'Ruby $RUBY_VERSION $CI_COMMIT_BRANCH branch pipeline'
 variables:
-  PG_VERSION: "13"
+  PG_VERSION: "12"
-  DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-${GO_VERSION}-rust-${RUST_VERSION}-node-16.14-postgresql-${PG_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36"
+  DEFAULT_CI_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}.patched-golang-1.17-node-16.14-postgresql-${PG_VERSION}:rubygems-3.2-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-yarn-1.22-graphicsmagick-1.3.36"
  # We set $GITLAB_DEPENDENCY_PROXY to another variable (since it's set at the group level and has higher precedence than .gitlab-ci.yml)
  # so that we can override $GITLAB_DEPENDENCY_PROXY_ADDRESS in workflow rules.
  GITLAB_DEPENDENCY_PROXY_ADDRESS: "${GITLAB_DEPENDENCY_PROXY}"
  RAILS_ENV: "test"
  NODE_ENV: "test"
  BUNDLE_WITHOUT: "production:development"
-  BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3"
+  BUNDLE_INSTALL_FLAGS: "--jobs=$(nproc) --retry=3 --quiet"
  BUNDLE_FROZEN: "true"
  # we override the max_old_space_size to prevent OOM errors
-  NODE_OPTIONS: --max_old_space_size=4096
+  NODE_OPTIONS: --max_old_space_size=3584
  GIT_DEPTH: "20"
  # 'GIT_STRATEGY: clone' optimizes the pack-objects cache hit ratio
  GIT_STRATEGY: "clone"
  GIT_SUBMODULE_STRATEGY: "none"
  GET_SOURCES_ATTEMPTS: "3"
  DEBIAN_VERSION: "bullseye"
-  UBI_VERSION: "8.6"
+  CHROME_VERSION: "101"
-  CHROME_VERSION: "109"
+  DOCKER_VERSION: "20.10.14"
  DOCKER_VERSION: "23.0.1"
  RUBY_VERSION: "2.7"
  RUBYGEMS_VERSION: "3.4"
  GO_VERSION: "1.19"
  RUST_VERSION: "1.65"
-  FLAKY_RSPEC_SUITE_REPORT_PATH: rspec/flaky/report-suite.json
+  TMP_TEST_FOLDER: "${CI_PROJECT_DIR}/tmp/tests"
  FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json
  GITLAB_WORKHORSE_FOLDER: "gitlab-workhorse"
-  JUNIT_RESULT_FILE: rspec/junit_rspec.xml
+  TMP_TEST_GITLAB_WORKHORSE_PATH: "${TMP_TEST_FOLDER}/${GITLAB_WORKHORSE_FOLDER}"
  JUNIT_RETRY_FILE: rspec/junit_rspec-retry.xml
  KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/report-master.json
-  RSPEC_CHANGED_FILES_PATH: rspec/changed_files.txt
+  FLAKY_RSPEC_SUITE_REPORT_PATH: rspec/flaky/report-suite.json
-  RSPEC_FOSS_IMPACT_PIPELINE_TEMPLATE_YML: .gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
+  RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
  RSPEC_PREDICTIVE_PIPELINE_TEMPLATE_YML: .gitlab/ci/rails/rspec-predictive.gitlab-ci.yml.erb
  RSPEC_LAST_RUN_RESULTS_FILE: rspec/rspec_last_run_results.txt
  RSPEC_MATCHING_JS_FILES_PATH: rspec/js_matching_files.txt
  RSPEC_VIEWS_INCLUDING_PARTIALS_PATH: rspec/views_including_partials.txt
  RSPEC_MATCHING_TESTS_PATH: rspec/matching_tests.txt
  RSPEC_MATCHING_TESTS_FOSS_PATH: rspec/matching_tests-foss.txt
  RSPEC_MATCHING_TESTS_EE_PATH: rspec/matching_tests-ee.txt
  RSPEC_PACKED_TESTS_MAPPING_PATH: crystalball/packed-mapping.json
  RSPEC_PROFILING_FOLDER_PATH: rspec/profiling
-  RSPEC_TESTS_MAPPING_PATH: crystalball/mapping.json
+  FRONTEND_FIXTURES_MAPPING_PATH: crystalball/frontend_fixtures_mapping.json
-  RSPEC_FAST_QUARANTINE_LOCAL_PATH: rspec/fast_quarantine-gitlab.txt
+  RSPEC_LAST_RUN_RESULTS_FILE: rspec/rspec_last_run_results.txt
-  TMP_TEST_FOLDER: "${CI_PROJECT_DIR}/tmp/tests"
+  JUNIT_RESULT_FILE: rspec/junit_rspec.xml
-  TMP_TEST_GITLAB_WORKHORSE_PATH: "${TMP_TEST_FOLDER}/${GITLAB_WORKHORSE_FOLDER}"
+  JUNIT_RETRY_FILE: rspec/junit_rspec-retry.xml
  ES_JAVA_OPTS: "-Xms256m -Xmx256m"
  ELASTIC_URL: "http://elastic:changeme@elasticsearch:9200"
  BUNDLER_CHECKSUM_VERIFICATION_OPT_IN: "1"
  CACHE_CLASSES: "true"
  CHECK_PRECOMPILED_ASSETS: "true"
  FF_USE_FASTZIP: "true"
  SKIP_FLAKY_TESTS_AUTOMATICALLY: "true"
  RETRY_FAILED_TESTS_IN_NEW_PROCESS: "true"
  # Run with decomposed databases by default
  DECOMPOSED_DB: "true"
-  DOCS_REVIEW_APPS_DOMAIN: "docs.gitlab-review.app"
+  DOCS_REVIEW_APPS_DOMAIN: "35.193.151.162.nip.io"
  DOCS_GITLAB_REPO_SUFFIX: "ee"
  REVIEW_APPS_IMAGE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5"
  REVIEW_APPS_DOMAIN: "gitlab-review.app"
  REVIEW_APPS_GCP_PROJECT: "gitlab-review-apps"
  REVIEW_APPS_GCP_REGION: "us-central1"
  CACHE_ASSETS_AS_PACKAGE: "true"
  BUILD_ASSETS_IMAGE: "true"  # Set it to "false" to disable assets image building, used in `build-assets-image`
  SIMPLECOV: "true"
  # For the default QA image, we use $CI_COMMIT_SHA as tag since it's always available and we override it for specific workflow.rules (see above)
  QA_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_SHA}"
  # Default latest tag for particular branch
  QA_IMAGE_BRANCH: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
  REGISTRY_HOST: "registry.gitlab.com"
  REGISTRY_GROUP: "gitlab-org"
-  # Disable useless network connections when installing some NPM packages.
+  # Preparing custom clone path to reduce space used by all random forks
-  # See https://gitlab.com/gitlab-com/gl-security/engineering-and-research/inventory/-/issues/827#note_1203181407
+  # on GitLab.com's Shared Runners. Our main forks - especially the security
-  DISABLE_OPENCOLLECTIVE: "true"
+  # ones - will have this variable overwritten in the project settings, so that
-
+  # a security-related code or code using our protected variables will be never
-  # This is set at the gitlab-org level, but we set it here for forks
+  # stored on the same path as the community forks.
-  DANGER_DO_NOT_POST_INVALID_DANGERFILE_ERROR: "1"
+  # Part of the solution for the `no space left on device` problem described at
  # https://gitlab.com/gitlab-org/gitlab/issues/197876.
  #
  # For this purpose the https://gitlab.com/gitlab-org-forks group was created
  # to host a placeholder for the `/builds/gitlab-org-forks` path and ensure
  # that no legitimate project will ever use it and - by mistake - execute its
  # job on a shared working directory. It also requires proper configuration of
  # the Runner that executes the job (which was prepared for our shared runners
  # by https://ops.gitlab.net/gitlab-cookbooks/chef-repo/-/merge_requests/3977).
  #
  # Because of all of that PLEASE DO NOT CHANGE THE PATH.
  #
  # For more details and reasoning that brought this change please check
  # https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24887
  GIT_CLONE_PATH: "/builds/gitlab-org-forks/${CI_PROJECT_NAME}"
 include:
  - local: .gitlab/ci/*.gitlab-ci.yml
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
--- a/.gitlab/agents/review-apps/config.yaml
+++ b/.gitlab/agents/review-apps/config.yaml
@ -1 +0,0 @@
 # This empty file is used for agent-based integration with Kubernetes
--- a/.gitlab/ci/_skip.yml
+++ b/.gitlab/ci/_skip.yml
@ -1,11 +0,0 @@
 # no-op pipeline template for skipping whole child pipeline execution
 no-op:
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:latest
  stage: test
  variables:
    GIT_STRATEGY: none
  script:
    - echo "${SKIP_MESSAGE:-no-op run, nothing will be executed!}"
  rules:
    - when: always
--- a/.gitlab/ci/as-if-jh.gitlab-ci.yml
+++ b/.gitlab/ci/as-if-jh.gitlab-ci.yml
@ -1,106 +0,0 @@
 .as-if-jh-sandbox-variables:
  variables:
    AS_IF_JH_BRANCH: "as-if-jh/${CI_COMMIT_REF_NAME}"
    SANDBOX_REPOSITORY: "https://dummy:${AS_IF_JH_TOKEN}@gitlab.com/gitlab-org-sandbox/gitlab-jh-validation.git"
 .shared-as-if-jh:
  extends:
    - .as-if-jh-sandbox-variables
  variables:
    GITLAB_JH_MIRROR_PROJECT: "33019816"
    JH_FILES_TO_COMMIT: "jh package.json yarn.lock"
 add-jh-files:
  extends:
    - .shared-as-if-jh
    - .as-if-jh:rules:prepare-as-if-jh
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  stage: prepare
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/setup/as-if-jh.sh
    - install_gitlab_gem
  script:
    - prepare_jh_branch
    - download_jh_path ${JH_FILES_TO_COMMIT}
    - echoinfo "Changes after downloading JiHu files:"
    - git diff
    - git status
  artifacts:
    expire_in: 2d
    paths:
      # This should match JH_FILES_TO_COMMIT
      - jh/
      - package.json
      - yarn.lock
 prepare-as-if-jh-branch:
  extends:
    - .shared-as-if-jh
    - .as-if-jh:rules:prepare-as-if-jh
  stage: prepare
  needs:
    - add-jh-files
  variables:
    # We can't apply --filter=tree:0 for runner to set up the repository,
    # so instead we tell runner to not clone anything, and we set up the
    # repository by ourselves.
    GIT_STRATEGY: "none"
  before_script:
    - git clone --filter=tree:0 "${CI_REPOSITORY_URL}" gitlab
    # We should checkout before moving/changing files
    - cd gitlab
    - git checkout -b "${AS_IF_JH_BRANCH}" "${CI_COMMIT_SHA}"
    - cd ..
    - mv ${JH_FILES_TO_COMMIT} gitlab/
  script:
    - cd gitlab
    - git add ${JH_FILES_TO_COMMIT}
    - git commit -m 'Add JH files'  # TODO: Mark which SHA we add
    - git push -f "${SANDBOX_REPOSITORY}" "${AS_IF_JH_BRANCH}"
 sync-as-if-jh-branch:
  extends:
    - .as-if-jh-sandbox-variables
    - .as-if-jh:rules:sync-as-if-jh
  stage: prepare
  needs: ["prepare-as-if-jh-branch"]
  inherit:
    variables:
      # From .gitlab-ci.yml for the default Docker image and cache
      - DEFAULT_CI_IMAGE
      - REGISTRY_HOST
      - REGISTRY_GROUP
      - DEBIAN_VERSION
      - RUBY_VERSION
      - GO_VERSION
      - RUST_VERSION
      - PG_VERSION
      - RUBYGEMS_VERSION
      - CHROME_VERSION
      - NODE_ENV
  variables:
    MERGE_FROM: "${CI_COMMIT_SHA}"  # This is used in https://jihulab.com/gitlab-cn/gitlab/-/blob/e98bcb37aea4cfe1e78e1daef1b58b5f732cf289/jh/bin/build_packagejson where we run in https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation
  trigger:
    # What this runs can be found at:
    # https://gitlab.com/gitlab-org-sandbox/gitlab-jh-validation/-/blob/as-if-jh-code-sync/jh/.gitlab-ci.yml
    project: gitlab-org-sandbox/gitlab-jh-validation
    branch: as-if-jh-code-sync
    strategy: depend
 start-as-if-jh:
  extends:
    - .as-if-jh:rules:start-as-if-jh
  stage: prepare
  needs:
    - job: "prepare-as-if-jh-branch"
    - job: "sync-as-if-jh-branch"
      optional: true
  inherit:
    variables: false
  variables:
    FORCE_GITLAB_CI: "true"  # TODO: Trigger a merge request pipeline
  trigger:
    project: gitlab-org-sandbox/gitlab-jh-validation
    branch: as-if-jh/${CI_COMMIT_REF_NAME}
    strategy: depend
--- a/.gitlab/ci/build-images.gitlab-ci.yml
+++ b/.gitlab/ci/build-images.gitlab-ci.yml
@ -1,61 +1,41 @@
 .base-image-build:
  extends: .use-kaniko
  variables:
-    GIT_LFS_SKIP_SMUDGE: 1  # disable pulling objects from lfs
+    GIT_LFS_SKIP_SMUDGE: 1
-  retry: 2
+  script:
-
+    - scripts/checkout-mr-source-sha
 .base-image-build-buildx:
  extends: .use-buildx
  variables:
    GIT_LFS_SKIP_SMUDGE: 1  # disable pulling objects from lfs
  retry: 2
 # This image is used by:
 # - The `review-qa-*` jobs
-# - The `e2e:package-and-test` child pipeline test stage jobs
+# - The downstream `omnibus-gitlab-mirror` pipeline triggered by `package-and-qa` so that it doesn't have to rebuild it again.
 #   The downstream `omnibus-gitlab-mirror` pipeline itself passes the image name to the `gitlab-qa-mirror` pipeline so that
 #   it can use it instead of inferring an end-to-end imag from the GitLab image built by the downstream `omnibus-gitlab-mirror` pipeline.
 # See https://docs.gitlab.com/ee/development/testing_guide/end_to_end/index.html#testing-code-in-merge-requests for more details.
 build-qa-image:
  extends:
-    - .base-image-build-buildx
+    - .base-image-build
    - .build-images:rules:build-qa-image
  stage: build-images
  needs: []
  script:
-    - run_timed_command "scripts/build_qa_image"
+    - !reference [.base-image-build, script]
-
+    - echo $QA_IMAGE
-build-qa-image as-if-foss:
+    - echo $QA_IMAGE_BRANCH
  extends:
    - build-qa-image
    - .as-if-foss
    - .build-images:rules:build-qa-image-as-if-foss
 # Prepares an image with GDK configured based on code in master. This saves some time in MRs because some installation
 # and complilation will have already been performed.
 build-qa-on-gdk-master-image:
  extends:
    - .base-image-build-buildx
    - .build-images:rules:build-qa-on-gdk-master-image
  tags:
    - e2e
  stage: build-images
  needs: []
  variables:
    QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk"
  before_script:
    - !reference [.use-buildx, before_script]
    - sysctl -n -w fs.inotify.max_user_watches=524288
  script:
    - |
-      docker buildx build \
+      /kaniko/executor \
-        --cache-to=type=inline \
+        --context=${CI_PROJECT_DIR} \
-        --cache-from ${QA_GDK_IMAGE}:master \
+        --dockerfile=${CI_PROJECT_DIR}/qa/Dockerfile \
-        --platform=${ARCH:-amd64} \
+        --destination=${QA_IMAGE} \
-        --add-host gdk.test:127.0.0.1 \
+        --destination=${QA_IMAGE_BRANCH} \
-        --tag ${QA_GDK_IMAGE}:master \
+        --build-arg=CHROME_VERSION=${CHROME_VERSION} \
-        --file="qa/gdk/Dockerfile" \
+        --build-arg=DOCKER_VERSION=${DOCKER_VERSION} \
-        --push \
+        --build-arg=QA_BUILD_TARGET=${QA_BUILD_TARGET:-qa} \
-        ${CI_PROJECT_DIR}
+        --cache=true
 # This image is used by:
 # - The `CNG` pipelines (via the `review-build-cng` job): https://gitlab.com/gitlab-org/build/CNG/-/blob/cfc67136d711e1c8c409bf8e57427a644393da2f/.gitlab-ci.yml#L335
 # - The `omnibus-gitlab` pipelines (via the `package-and-qa` job): https://gitlab.com/gitlab-org/omnibus-gitlab/-/blob/dfd1ad475868fc84e91ab7b5706aa03e46dc3a86/.gitlab-ci.yml#L130
 build-assets-image:
  extends:
    - .base-image-build
@ -63,18 +43,8 @@ build-assets-image:
  stage: build-images
  needs: ["compile-production-assets"]
  script:
-    - skopeo login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - !reference [.base-image-build, script]
    # TODO: Change the image tag to be the MD5 of assets files and skip image building if the image exists
    # We'll also need to pass GITLAB_ASSETS_TAG to the trigerred omnibus-gitlab pipeline similarly to how we do it for trigerred CNG pipelines
    # https://gitlab.com/gitlab-org/gitlab/issues/208389
    - run_timed_command "scripts/build_assets_image"
  artifacts:
    expire_in: 7 days
    paths:
      # The `cached-assets-hash.txt` file is used in `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`)
      # to pass the assets image tag to the CNG downstream pipeline.
      - cached-assets-hash.txt
 build-assets-image as-if-foss:
  extends:
    - build-assets-image
    - .as-if-foss
    - .build-images:rules:build-assets-image-as-if-foss
  needs: ["compile-production-assets as-if-foss"]
--- a/.gitlab/ci/caching.gitlab-ci.yml
+++ b/.gitlab/ci/caching.gitlab-ci.yml
@ -1,64 +0,0 @@
 cache-workhorse:
  extends:
    - .default-retry
    - .default-before_script
    - .rails-cache
    - .setup-test-env-cache
    - .caching:rules:cache-workhorse
  stage: prepare
  variables:
    SETUP_DB: "false"
  script:
    - source scripts/gitlab_component_helpers.sh
    - 'gitlab_workhorse_archive_doesnt_exist || { echoinfo "INFO: Exiting early as package exists."; exit 0; }'
    - run_timed_command "scripts/setup-test-env"
    - run_timed_command "select_gitlab_workhorse_essentials"
    - run_timed_command "create_gitlab_workhorse_package"
    - run_timed_command "upload_gitlab_workhorse_package"
  artifacts:
    expire_in: 7d
    paths:
      - ${TMP_TEST_GITLAB_WORKHORSE_PATH}/
 .cache-assets-base:
  extends:
    - .compile-assets-base
    - .assets-compile-cache
    - .caching:rules:cache-assets
  stage: prepare
  variables:
    WEBPACK_REPORT: "false"
  script:
    - yarn_install_script
    - export GITLAB_ASSETS_HASH=$(bundle exec rake gitlab:assets:hash_sum)
    - source scripts/gitlab_component_helpers.sh
    - 'gitlab_assets_archive_doesnt_exist || { echoinfo "INFO: Exiting early as package exists."; exit 0; }'
    - assets_compile_script
    - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt"
    - run_timed_command "create_gitlab_assets_package"
    - run_timed_command "upload_gitlab_assets_package"
 cache-assets:test:
  extends: .cache-assets-base
 cache-assets:test as-if-foss:
  extends:
    - .cache-assets-base
    - .as-if-foss
 cache-assets:production:
  extends:
    - .cache-assets-base
    - .production
 packages-cleanup:
  extends:
    - .default-retry
    - .caching:rules:packages-cleanup
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  stage: prepare
  before_script:
    - source scripts/utils.sh
    - install_gitlab_gem
  script:
    - scripts/packages/automated_cleanup.rb
--- a/.gitlab/ci/ci-templates.gitlab-ci.yml
+++ b/.gitlab/ci/ci-templates.gitlab-ci.yml
@ -4,7 +4,7 @@ templates-shellcheck:
    - .default-before_script
    - .default-retry
    - .ruby-cache
-    - .use-pg14
+    - .use-pg13
  stage: test
  needs:
    - setup-test-env
--- a/.gitlab/ci/database.gitlab-ci.yml
+++ b/.gitlab/ci/database.gitlab-ci.yml
@ -1,147 +0,0 @@
 include:
  - local: .gitlab/ci/rails/shared.gitlab-ci.yml
 db:rollback single-db-ci-connection:
  extends:
    - db:rollback
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:migrate:reset single-db-ci-connection:
  extends:
    - db:migrate:reset
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:check-schema-single-db-ci-connection:
  extends:
    - db:check-schema
    - .single-db-ci-connection
    - .rails:rules:single-db-ci-connection
 db:post_deployment_migrations_validator-single-db-ci-connection:
  extends:
    - db:post_deployment_migrations_validator
    - .single-db-ci-connection
    - .rails:rules:db:check-migrations-single-db-ci-connection
 db:backup_and_restore single-db-ci-connection:
  extends:
    - db:backup_and_restore
    - .single-db-ci-connection
    - .rails:rules:db-backup
 db:rollback:
  extends:
    - .db-job-base
    - .rails:rules:db-rollback
  script:
    - bundle exec rake db:migrate VERSION=20220502173045  # 14.10 (last 14.x version)
    - bundle exec rake db:migrate
 db:rollback single-db:
  extends:
    - db:rollback
    - .single-db
    - .rails:rules:single-db
 db:migrate:reset:
  extends: .db-job-base
  script:
    - bundle exec rake db:migrate:reset
 db:migrate:reset single-db:
  extends:
    - db:migrate:reset
    - .single-db
    - .rails:rules:single-db
 db:check-schema:
  extends:
    - .db-job-base
    - .rails:rules:ee-mr-and-default-branch-only
  script:
    - run_timed_command "bundle exec rake db:drop db:create db:migrate"
 db:check-schema-single-db:
  extends:
    - db:check-schema
    - .single-db
    - .rails:rules:single-db
 db:check-migrations:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/validate_migration_schema
  allow_failure: true
 db:check-migrations-single-db:
  extends:
    - db:check-migrations
    - .single-db
    - .rails:rules:db:check-migrations-single-db
 db:post_deployment_migrations_validator:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - git fetch origin $CI_MERGE_REQUEST_TARGET_BRANCH_NAME:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --depth 20
    - scripts/post_deployment_migrations_validator
  allow_failure: true
 db:post_deployment_migrations_validator-single-db:
  extends:
    - db:post_deployment_migrations_validator
    - .single-db
    - .rails:rules:db:check-migrations-single-db
 db:migrate-non-superuser:
  extends:
    - .db-job-base
    - .rails:rules:ee-and-foss-mr-with-migration
  script:
    - bundle exec rake gitlab:db:reset_as_non_superuser
 db:gitlabcom-database-testing:
  extends: .rails:rules:db:gitlabcom-database-testing
  stage: test
  image: ruby:${RUBY_VERSION}-alpine
  needs: []
  allow_failure: true
  script:
    - source scripts/utils.sh
    - install_gitlab_gem
    - ./scripts/trigger-build.rb gitlab-com-database-testing
 db:backup_and_restore:
  extends:
    - .db-job-base
    - .rails:rules:db-backup
  variables:
    SETUP_DB: "false"
    GITLAB_ASSUME_YES: "1"
  script:
    - . scripts/prepare_build.sh
    - bundle exec rake db:drop db:create db:schema:load db:seed_fu
    - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages}
    - bundle exec rake gitlab:backup:create
    - date
    - bundle exec rake gitlab:backup:restore
 db:backup_and_restore single-db:
  extends:
    - db:backup_and_restore
    - .single-db
    - .rails:rules:db-backup
 db:rollback geo:
  extends:
    - db:rollback
    - .rails:rules:ee-only-migration
  script:
    - bundle exec rake db:migrate:geo VERSION=20170627195211
    - bundle exec rake db:migrate:geo
--- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml
+++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml
@ -3,7 +3,7 @@
    - .default-retry
    - .rails-cache
    - .default-before_script
-    - .use-pg13
+    - .use-pg12
  stage: test
  needs: ["setup-test-env"]
  variables:
@ -15,8 +15,8 @@
    # SEED_NESTED_GROUPS: "false" # requires network connection
 .run-dev-fixtures-script: &run-dev-fixtures-script
-  - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn";  # Do not use 'bundle exec' here
+  - run_timed_command "scripts/gitaly-test-spawn"
-  - section_start "seeding-db" "Seeding DB"; bundle exec rake db:seed_fu; section_end "seeding-db";
+  - run_timed_command "RAILS_ENV=test bundle exec rake db:seed_fu"
 run-dev-fixtures:
  extends:
@ -29,7 +29,7 @@ run-dev-fixtures-ee:
  extends:
    - .run-dev-fixtures
    - .dev-fixtures:rules:ee-only
-    - .use-pg13-es7-ee
+    - .use-pg12-ee
  script:
    - cp ee/db/fixtures/development/* $FIXTURE_PATH
    - *run-dev-fixtures-script
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@ -2,7 +2,7 @@
  extends:
    - .default-retry
    - .docs:rules:review-docs
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine
  stage: review
  needs: []
  variables:
@ -39,10 +39,21 @@ review-docs-cleanup:
  script:
    - ./scripts/trigger-build.rb docs cleanup
 docs-lint markdown:
  extends:
    - .default-retry
    - .docs:rules:docs-lint
  # When updating the image version here, update it in /scripts/lint-doc.sh too.
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.16-vale-2.17.0-markdownlint-0.31.1
  stage: lint
  needs: []
  script:
    - scripts/lint-doc.sh
 docs-lint links:
  extends:
    - .docs:rules:docs-lint
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.17-ruby-3.2.1-f53af000
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-html:alpine-3.16-ruby-2.7.6-0bc327a4
  stage: lint
  needs: []
  script:
@ -56,51 +67,6 @@ docs-lint links:
    # Check the internal links and anchors (in parallel)
    - "parallel time bundle exec nanoc check ::: internal_links internal_anchors"
 .docs-markdown-lint-image:
  # When updating the image version here, update it in /scripts/lint-doc.sh too.
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-docs/lint-markdown:alpine-3.17-vale-2.24.0-markdownlint-0.33.0-markdownlint2-0.6.0
 docs-lint markdown:
  extends:
    - .default-retry
    - .docs:rules:docs-lint
    - .docs-markdown-lint-image
    - .yarn-cache
  stage: lint
  needs: []
  script:
    - source ./scripts/utils.sh
    - yarn_install_script
    - scripts/lint-doc.sh
 docs-lint blueprint:
  extends:
    - .default-retry
    - .docs:rules:docs-blueprints-lint
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  stage: lint
  needs: []
  script:
    - scripts/lint-docs-blueprints.rb
 docs code_quality:
  extends:
    - .reports:rules:code_quality
    - .docs-markdown-lint-image
  stage: lint
  needs: []
  dependencies: []
  allow_failure: true
  script:
    - vale --output=doc/.vale/vale-json.tmpl --minAlertLevel warning doc > gl-code-quality-report-docs.json || exit_code=$?
  artifacts:
    reports:
      codequality: gl-code-quality-report-docs.json
    paths:
      - gl-code-quality-report-docs.json
    expire_in: 2 weeks
    when: always
 ui-docs-links lint:
  extends:
    - .docs:rules:docs-lint
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@ -1,40 +1,37 @@
 .yarn-install: &yarn-install
  - source scripts/utils.sh
  - run_timed_command "retry yarn install --frozen-lockfile"
 .storybook-yarn-install: &storybook-yarn-install
  - source scripts/utils.sh
  - run_timed_command "retry yarn run storybook:install --frozen-lockfile"
 .compile-assets-base:
  extends:
    - .default-retry
    - .default-before_script
    - .assets-compile-cache
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-16.14:rubygems-${RUBYGEMS_VERSION}-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-16.14:rubygems-3.2-git-2.33-lfs-2.9-yarn-1.22-graphicsmagick-1.3.36
  variables:
    SETUP_DB: "false"
    WEBPACK_VENDOR_DLL: "true"
    # Disable warnings in browserslist which can break on backports
    # https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
    BROWSERSLIST_IGNORE_OLD_DATA: "true"
    WEBPACK_COMPILE_LOG_PATH: "tmp/webpack-output.log"
  stage: prepare
  script:
-    - yarn_install_script
+    - *yarn-install
-    - export GITLAB_ASSETS_HASH=$(bin/rake gitlab:assets:hash_sum)
+    - run_timed_command "bin/rake gitlab:assets:compile"
-    - 'echo "CACHE_ASSETS_AS_PACKAGE: ${CACHE_ASSETS_AS_PACKAGE}"'
+    - run_timed_command "scripts/clean-old-cached-assets"
    # The new strategy to cache assets as generic packages is experimental and can be disabled by removing the `CACHE_ASSETS_AS_PACKAGE` variable
    - |
      if [[ "${CACHE_ASSETS_AS_PACKAGE}" == "true" ]]; then
        source scripts/gitlab_component_helpers.sh
        if ! gitlab_assets_archive_doesnt_exist; then
          # We remove all assets from the native cache as they could pollute the fresh assets from the package
          rm -rf public/assets/ app/assets/javascripts/locale/**/app.js
          run_timed_command "download_and_extract_gitlab_assets"
        fi
      fi
    - assets_compile_script
    - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt"
 compile-production-assets:
  extends:
    - .compile-assets-base
    - .production
    - .frontend:rules:compile-production-assets
  variables:
    NODE_ENV: "production"
    RAILS_ENV: "production"
    WEBPACK_REPORT: "true"
  artifacts:
    name: webpack-report
    expire_in: 31d
@ -42,19 +39,15 @@ compile-production-assets:
      # These assets are used in multiple locations:
      # - in `build-assets-image` job to create assets image for packaging systems
      # - GitLab UI for integration tests: https://gitlab.com/gitlab-org/gitlab-ui/-/blob/e88493b3c855aea30bf60baee692a64606b0eb1e/.storybook/preview-head.pug#L1
      - cached-assets-hash.txt
      - public/assets/
-      - "${WEBPACK_COMPILE_LOG_PATH}"
+      - webpack-report/
    when: always
  before_script:
    - scripts/checkout-mr-source-sha
    - !reference [.default-before_script, before_script]
  after_script:
    - rm -f /etc/apt/sources.list.d/google*.list  # We don't need to update Chrome here
 compile-production-assets as-if-foss:
  extends:
    - compile-production-assets
    - .as-if-foss
    - .frontend:rules:compile-production-assets-as-if-foss
 compile-test-assets:
  extends:
    - .compile-assets-base
@ -64,7 +57,6 @@ compile-test-assets:
    paths:
      - public/assets/
      - node_modules/@gitlab/svgs/dist/icons.json  # app/helpers/icons_helper.rb uses this file
      - "${WEBPACK_COMPILE_LOG_PATH}"
    when: always
 compile-test-assets as-if-foss:
@ -73,6 +65,12 @@ compile-test-assets as-if-foss:
    - .frontend:rules:compile-test-assets-as-if-foss
    - .as-if-foss
 compile-test-assets as-if-jh:
  extends:
    - compile-test-assets
    - .frontend:rules:compile-test-assets-as-if-jh
  needs: ["add-jh-folder"]
 update-assets-compile-production-cache:
  extends:
    - compile-production-assets
@ -87,65 +85,39 @@ update-assets-compile-test-cache:
    - .assets-compile-cache-push
    - .shared:rules:update-cache
  stage: prepare
  script:
    - !reference [compile-test-assets, script]
    - echo -n "${GITLAB_ASSETS_HASH}" > "cached-assets-hash.txt"
  artifacts: {}  # This job's purpose is only to update the cache.
 update-yarn-cache:
  extends:
    - .default-retry
    - .yarn-cache-push
    - .shared:rules:update-cache
  stage: prepare
  script:
    - *yarn-install
 update-storybook-yarn-cache:
  extends:
    - .default-retry
    - .default-utils-before_script
    - .storybook-yarn-cache-push
    - .shared:rules:update-cache
  stage: prepare
  script:
-    - yarn_install_script
+    - *storybook-yarn-install
 retrieve-frontend-fixtures:
  variables:
    SETUP_DB: "false"
  extends:
    - .default-retry
    - .frontend:rules:default-frontend-jobs
  stage: prepare
  script:
    - source scripts/utils.sh
    - source scripts/gitlab_component_helpers.sh
    - install_gitlab_gem
    - export_fixtures_sha_for_download
    - |
      if check_fixtures_download; then
        run_timed_command "download_and_extract_fixtures"
      fi
  artifacts:
    paths:
      - tmp/tests/frontend/
 # Download fixtures only when a merge request contains changes to only JS files
 # and fixtures are present in the package registry.
 .frontend-fixtures-base:
  extends:
    - .default-retry
    - .default-before_script
    - .rails-cache
-    - .use-pg13
+    - .use-pg12
  stage: fixtures
-  needs: ["setup-test-env", "retrieve-tests-metadata", "retrieve-frontend-fixtures"]
+  needs: ["setup-test-env", "retrieve-tests-metadata"]
  variables:
    # Don't add `CRYSTALBALL: "false"` here as we're enabling Crystalball for scheduled pipelines (in `.gitlab-ci.yml`), so that we get coverage data
    # for the `frontend fixture RSpec files` that will be added to the Crystalball mapping in `update-tests-metadata`.
    # More information in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/74003.
    WEBPACK_VENDOR_DLL: "true"
  script:
    - source scripts/gitlab_component_helpers.sh
    - |
      if check_fixtures_reuse; then
        echoinfo "INFO: Reusing frontend fixtures from 'retrieve-frontend-fixtures'."
        exit 0
      fi
    - run_timed_command "gem install knapsack --no-document"
-    - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn";  # Do not use 'bundle exec' here
+    - run_timed_command "scripts/gitaly-test-spawn"
    - source ./scripts/rspec_helpers.sh
    - rspec_paralellized_job
  artifacts:
@ -166,40 +138,29 @@ rspec-all frontend_fixture:
  needs:
    - !reference [.frontend-fixtures-base, needs]
    - "compile-test-assets"
-  parallel: 7
+  parallel: 5
 # Builds FOSS fixtures in the EE project, with the `ee/` folder removed (due to `as-if-foss`).
 rspec-all frontend_fixture as-if-foss:
  extends:
    - .frontend-fixtures-base
-    - .frontend:rules:frontend_fixture-as-if-foss
+    - .frontend:rules:default-frontend-jobs-as-if-foss
    - .as-if-foss
  variables:
    # We explicitely disable Crystalball here so as even in scheduled pipelines we don't need it since it's already enabled for `rspec-all frontend_fixture` there.
    CRYSTALBALL: "false"
    WEBPACK_VENDOR_DLL: "true"
    KNAPSACK_GENERATE_REPORT: ""
    FLAKY_RSPEC_GENERATE_REPORT: ""
  needs:
    - !reference [.frontend-fixtures-base, needs]
    - "compile-test-assets as-if-foss"
-# Uploads EE fixtures in the EE project.
+# Builds FOSS, EE, and JH fixtures in the EE project, with the `jh/` folder added (due to `as-if-jh`).
-# Uploads FOSS fixtures in the FOSS project.
+rspec-all frontend_fixture as-if-jh:
 upload-frontend-fixtures:
  extends:
    - .frontend-fixtures-base
-    - .frontend:rules:upload-frontend-fixtures
+    - .frontend:rules:default-frontend-jobs-as-if-jh
-  stage: fixtures
+  needs:
-  needs: ["rspec-all frontend_fixture"]
+    - !reference [.frontend-fixtures-base, needs]
    - "compile-test-assets as-if-jh"
    - "add-jh-folder"
  script:
-    - source scripts/utils.sh
+    - echo "This job is currently doing nothing since there's no specific JH fixtures yet. To enable this job, remove this line."
    - source scripts/gitlab_component_helpers.sh
    - export_fixtures_sha_for_upload
    - 'fixtures_archive_doesnt_exist || { echoinfo "INFO: Exiting early as package exists."; exit 0; }'
    - run_timed_command "create_fixtures_package"
    - run_timed_command "upload_fixtures_package"
  artifacts: {}
 graphql-schema-dump:
  variables:
@ -222,7 +183,7 @@ graphql-schema-dump:
 graphql-schema-dump as-if-foss:
  extends:
    - graphql-schema-dump
-    - .frontend:rules:default-frontend-jobs-as-if-foss
+    - .frontend:rules:eslint-as-if-foss
    - .as-if-foss
 .frontend-test-base:
@ -233,11 +194,8 @@ graphql-schema-dump as-if-foss:
    # Disable warnings in browserslist which can break on backports
    # https://github.com/browserslist/browserslist/blob/a287ec6/node.js#L367-L384
    BROWSERSLIST_IGNORE_OLD_DATA: "true"
    USE_BUNDLE_INSTALL: "false"
    SETUP_DB: "false"
  before_script:
-    - !reference [.default-before_script, before_script]
+    - *yarn-install
    - yarn_install_script
  stage: test
 .jest-base:
@ -260,36 +218,17 @@ jest:
      - tmp/tests/frontend/
    reports:
      junit: junit_jest.xml
-  parallel: 7
+  parallel: 5
-jest predictive:
+jest minimal:
  extends:
    - jest
-    - .frontend:rules:jest:predictive
+    - .frontend:rules:jest:minimal
  needs:
    - !reference [jest, needs]
    - "detect-tests"
  script:
-    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]] || [[ -s "$RSPEC_MATCHING_JS_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:predictive"; fi
+    - run_timed_command "yarn jest:ci:minimal"
 jest as-if-foss:
  extends:
    - .jest-base
    - .frontend:rules:jest:as-if-foss
    - .as-if-foss
  needs: ["rspec-all frontend_fixture as-if-foss"]
  parallel: 4
 jest predictive as-if-foss:
  extends:
    - .jest-base
    - .frontend:rules:jest:predictive:as-if-foss
    - .as-if-foss
  needs:
    - "rspec-all frontend_fixture as-if-foss"
    - "detect-tests"
  script:
    - if [[ -s "$RSPEC_CHANGED_FILES_PATH" ]] || [[ -s "$RSPEC_MATCHING_JS_FILES_PATH" ]]; then run_timed_command "yarn jest:ci:predictive"; fi
 jest-integration:
  extends:
@ -297,27 +236,43 @@ jest-integration:
    - .frontend:rules:default-frontend-jobs
  script:
    - run_timed_command "yarn jest:integration --ci"
-  needs: ["rspec-all frontend_fixture", "graphql-schema-dump"]
+  needs:
    - job: "rspec-all frontend_fixture"
    - job: "graphql-schema-dump"
 jest-as-if-foss:
  extends:
    - .jest-base
    - .frontend:rules:default-frontend-jobs-as-if-foss
    - .as-if-foss
  needs: ["rspec-all frontend_fixture as-if-foss"]
  parallel: 2
 jest-as-if-jh:
  extends:
    - .jest-base
    - .frontend:rules:default-frontend-jobs-as-if-jh
  needs: ["rspec-all frontend_fixture as-if-jh", "add-jh-folder"]
  script:
    - echo "This job is currently doing nothing since there's no specific JH Jest tests yet. To enable this job, remove this line."
 coverage-frontend:
  extends:
    - .default-retry
    - .default-utils-before_script
    - .yarn-cache
-    - .frontend:rules:coverage-frontend
+    - .frontend:rules:ee-mr-and-default-branch-only
  needs:
    - job: "jest"
      optional: true
-    - job: "jest predictive"
+    - job: "jest minimal"
      optional: true
  stage: post-test
  before_script:
    - *yarn-install
  script:
    - yarn_install_script
    - run_timed_command "yarn node scripts/frontend/merge_coverage_frontend.js"
    # Removing the individual coverage results, as we just merged them.
-    - if ls coverage-frontend/jest-* > /dev/null 2>&1; then
+    - rm -r coverage-frontend/jest-*
        rm -r coverage-frontend/jest-*;
      fi
  coverage: '/^Statements\s*:\s*?(\d+(?:\.\d+)?)%/'
  artifacts:
    name: coverage-frontend
@ -329,10 +284,34 @@ coverage-frontend:
        coverage_format: cobertura
        path: coverage-frontend/cobertura-coverage.xml
 .qa-frontend-node:
  extends:
    - .default-retry
    - .yarn-cache
    - .frontend:rules:qa-frontend-node
  stage: test
  dependencies: []
  script:
    - *yarn-install
    - run_timed_command "retry yarn run webpack-prod"
 qa-frontend-node:14:
  extends: .qa-frontend-node
  image: ${GITLAB_DEPENDENCY_PROXY}node:14
 qa-frontend-node:16:
  extends: .qa-frontend-node
  image: ${GITLAB_DEPENDENCY_PROXY}node:16
 qa-frontend-node:latest:
  extends:
    - .qa-frontend-node
    - .frontend:rules:qa-frontend-node-latest
  image: ${GITLAB_DEPENDENCY_PROXY}node:latest
 webpack-dev-server:
  extends:
    - .default-retry
    - .default-utils-before_script
    - .yarn-cache
    - .frontend:rules:default-frontend-jobs
  stage: test
@ -341,7 +320,7 @@ webpack-dev-server:
    WEBPACK_MEMORY_TEST: "true"
    WEBPACK_VENDOR_DLL: "true"
  script:
-    - yarn_install_script
+    - *yarn-install
    - run_timed_command "retry yarn webpack-vendor"
    - run_timed_command "node --expose-gc node_modules/.bin/webpack-dev-server --config config/webpack.config.js"
  artifacts:
@ -353,21 +332,24 @@ webpack-dev-server:
 bundle-size-review:
  extends:
    - .default-retry
    - .default-utils-before_script
    - .assets-compile-cache
    - .frontend:rules:bundle-size-review
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:danger
  stage: test
-  needs: []
+  needs: ["compile-production-assets"]
  script:
-    - yarn_install_script
+    - source scripts/utils.sh
-    - scripts/bundle_size_review
+    - mkdir -p bundle-size-review
    - cp webpack-report/index.html bundle-size-review/bundle-report.html
    - yarn global add https://gitlab.com/gitlab-org/frontend/playground/webpack-memory-metrics.git
    - |
      danger_id=$(echo -n ${DANGER_GITLAB_API_TOKEN} | md5sum | awk '{print $1}' | cut -c5-10)
      run_timed_command "danger --dangerfile=danger/Dangerfile-bundle_size --fail-on-errors=true --verbose --danger_id=bundle-size-review-${danger_id}"
  artifacts:
    when: always
    name: bundle-size-review
    expire_in: 31d
    paths:
-      - bundle-size-review/
+      - bundle-size-review
 .startup-css-check-base:
  extends:
@ -380,7 +362,9 @@ startup-css-check:
  extends:
    - .startup-css-check-base
    - .frontend:rules:default-frontend-jobs
-  needs: ["compile-test-assets", "rspec-all frontend_fixture"]
+  needs:
    - job: "compile-test-assets"
    - job: "rspec-all frontend_fixture"
 startup-css-check as-if-foss:
  extends:
@ -396,8 +380,8 @@ startup-css-check as-if-foss:
    - .frontend-test-base
    - .storybook-yarn-cache
  script:
-    - run_timed_command "retry yarn run storybook:install --frozen-lockfile"
+    - *storybook-yarn-install
-    - run_timed_command "yarn run storybook:build"
+    - yarn run storybook:build
  needs: ["graphql-schema-dump"]
 compile-storybook:
@ -420,5 +404,5 @@ compile-storybook as-if-foss:
    - .as-if-foss
    - .frontend:rules:default-frontend-jobs-as-if-foss
  needs:
-    - job: "graphql-schema-dump as-if-foss"
+    - !reference [.compile-storybook-base, needs]
    - job: "rspec-all frontend_fixture as-if-foss"
--- a/.gitlab/ci/glfm.gitlab-ci.yml
+++ b/.gitlab/ci/glfm.gitlab-ci.yml
@ -1,16 +0,0 @@
 glfm-verify:
  extends:
    - .rails-job-base
    - .glfm:rules:glfm-verify
    - .use-pg13
  stage: test
  needs: ["setup-test-env"]
  script:
    - !reference [.base-script, script]
    - bundle exec scripts/glfm/verify-all-generated-files-are-up-to-date.rb
  artifacts:
    name: changed-files
    when: on_failure
    expire_in: 31d
    paths:
      - glfm_specification/
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@ -2,33 +2,21 @@
  retry:
    max: 2  # This is confusing but this means "3 runs at max".
    when:
      - api_failure
      - data_integrity_failure
      - job_execution_timeout
      - runner_system_failure
      - scheduler_failure
      - stuck_or_timeout_failure
      - unknown_failure
      - api_failure
      - runner_system_failure
      - job_execution_timeout
      - stuck_or_timeout_failure
-.default-utils-before_script:
+.default-before_script:
  before_script:
    - echo $FOSS_ONLY
    - '[ "$FOSS_ONLY" = "1" ] && rm -rf ee/ qa/spec/ee/ qa/qa/specs/features/ee/ qa/qa/ee/ qa/qa/ee.rb'
    - export GOPATH=$CI_PROJECT_DIR/.go
    - mkdir -p $GOPATH
    - source scripts/utils.sh
 .default-before_script:
  before_script:
    - !reference [.default-utils-before_script, before_script]
    - source scripts/prepare_build.sh
 .production:
  variables:
    RAILS_ENV: "production"
    NODE_ENV: "production"
    GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true"
 .ruby-gems-cache: &ruby-gems-cache
  key: "ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
  paths:
@ -39,12 +27,22 @@
  <<: *ruby-gems-cache
  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 .gitaly-ruby-gems-cache: &gitaly-ruby-gems-cache
  key: "gitaly-ruby-gems-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
  paths:
    - vendor/gitaly-ruby/
  policy: pull
 .gitaly-ruby-gems-cache-push: &gitaly-ruby-gems-cache-push
  <<: *gitaly-ruby-gems-cache
  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 .gitaly-binaries-cache: &gitaly-binaries-cache
  key:
    files:
      - GITALY_SERVER_VERSION
      - lib/gitlab/setup_helper.rb
-    prefix: "gitaly-binaries-debian-${DEBIAN_VERSION}"
+    prefix: "gitaly-binaries-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}"
  paths:
    - ${TMP_TEST_FOLDER}/gitaly/_build/bin/
    - ${TMP_TEST_FOLDER}/gitaly/_build/deps/git/install/
@ -56,6 +54,7 @@
    - ${TMP_TEST_FOLDER}/gitaly/Makefile
    - ${TMP_TEST_FOLDER}/gitaly/praefect.config.toml
    - ${TMP_TEST_FOLDER}/gitaly/praefect-db.config.toml
    - ${TMP_TEST_FOLDER}/gitaly/ruby/
  policy: pull
 .go-pkg-cache: &go-pkg-cache
@ -79,17 +78,19 @@
  <<: *node-modules-cache
  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
-.assets-tmp-cache: &assets-tmp-cache
+.assets-cache: &assets-cache
-  key: "assets-tmp-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v1"
+  key: "assets-debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-node-${NODE_ENV}-v2"
  paths:
    - assets-hash.txt
    - public/assets/webpack/
    - tmp/cache/assets/sprockets/
    - tmp/cache/babel-loader/
    - tmp/cache/vue-loader/
  policy: pull
-.assets-tmp-cache-push: &assets-tmp-cache-push
+.assets-cache-push: &assets-cache-push
-  <<: *assets-tmp-cache
+  <<: *assets-cache
-  policy: push  # We want to rebuild the cache from scratch to ensure we don't pile up outdated cache files.
+  policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 .storybook-node-modules-cache: &storybook-node-modules-cache
  key: "storybook-node-modules-${DEBIAN_VERSION}-${NODE_ENV}"
@ -129,12 +130,14 @@
 .setup-test-env-cache:
  cache:
    - *ruby-gems-cache
    - *gitaly-ruby-gems-cache
    - *gitaly-binaries-cache
    - *go-pkg-cache
 .setup-test-env-cache-push:
  cache:
    - *ruby-gems-cache-push
    - *gitaly-ruby-gems-cache-push
    - *go-pkg-cache-push
 .gitaly-binaries-cache-push:
@ -149,6 +152,7 @@
 .rails-cache:
  cache:
    - *ruby-gems-cache
    - *gitaly-ruby-gems-cache
 .static-analysis-cache:
  cache:
@ -170,7 +174,7 @@
  cache:
    - *ruby-gems-cache
-.ruby-node-cache:
+.danger-review-cache:
  cache:
    - *ruby-gems-cache
    - *node-modules-cache
@ -195,17 +199,21 @@
  cache:
    - *node-modules-cache
 .yarn-cache-push:
  cache:
    - *node-modules-cache-push
 .assets-compile-cache:
  cache:
    - *ruby-gems-cache
    - *node-modules-cache
-    - *assets-tmp-cache
+    - *assets-cache
 .assets-compile-cache-push:
  cache:
    - *ruby-gems-cache  # We don't push this cache as it's already rebuilt by `update-setup-test-env-cache`
    - *node-modules-cache-push
-    - *assets-tmp-cache-push
+    - *assets-cache-push
 .storybook-yarn-cache:
  cache:
@ -214,14 +222,22 @@
 .storybook-yarn-cache-push:
  cache:
-    - *node-modules-cache  # We don't push this cache as it's already rebuilt by `update-assets-compile-*-cache`
+    - *node-modules-cache  # We don't push this cache as it's already rebuilt by `update-yarn-cache`
    - *storybook-node-modules-cache-push
 .use-pg11:
  services:
    - name: postgres:11.6
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
    - name: redis:5.0-alpine
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "11"
 .use-pg12:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-12-pgvector-0.4.1
+    - name: postgres:12
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
@ -229,173 +245,69 @@
 .use-pg13:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1
+    - name: postgres:13
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.2-alpine
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "13"
-.use-pg14:
+.use-pg11-ee:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1
+    - name: postgres:11.6
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
-      alias: postgres
+    - name: redis:5.0-alpine
-    - name: redis:6.2-alpine
+    - name: elasticsearch:7.17.0
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
-    PG_VERSION: "14"
+    PG_VERSION: "11"
-.use-pg12-es7-ee:
+.use-pg12-ee:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-12-pgvector-0.4.1
+    - name: postgres:12
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
-    - name: elasticsearch:7.17.6
+    - name: elasticsearch:7.17.0
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "12"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
-.use-pg13-es7-ee:
+.use-pg13-ee:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1
+    - name: postgres:13
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.2-alpine
-    - name: elasticsearch:7.17.6
+    - name: elasticsearch:7.17.0
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "13"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
-.use-pg14-es7-ee:
+.use-pg12-es8-ee:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1
+    - name: postgres:12
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.2-alpine
    - name: elasticsearch:7.17.6
      command: ["elasticsearch", "-E", "discovery.type=single-node", "-E", "xpack.security.enabled=false"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "14"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg13-es8-ee:
  services:
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
-    - name: elasticsearch:8.6.2
+    - name: elasticsearch:8.2.0
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
-    PG_VERSION: "13"
+    PG_VERSION: "12"
    ES_SETTING_DISCOVERY_TYPE: "single-node"
    ES_SETTING_XPACK_SECURITY_ENABLED: "false"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
-.use-pg14-es8-ee:
+.use-pg12-opensearch1-ee:
  services:
-    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1
+    - name: postgres:12
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
-    - name: elasticsearch:8.6.2
+    - name: opensearchproject/opensearch:1.2.4
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "14"
    ES_SETTING_DISCOVERY_TYPE: "single-node"
    ES_SETTING_XPACK_SECURITY_ENABLED: "false"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg13-opensearch1-ee:
  services:
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
    - name: opensearchproject/opensearch:1.3.5
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
-    PG_VERSION: "13"
+    PG_VERSION: "12"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg13-opensearch2-ee:
  services:
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-13-pgvector-0.4.1
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
    - name: opensearchproject/opensearch:2.2.1
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "13"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg14-opensearch1-ee:
  services:
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
    - name: opensearchproject/opensearch:1.3.5
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "14"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-pg14-opensearch2-ee:
  services:
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:postgres-14-pgvector-0.4.1
      command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
      alias: postgres
    - name: redis:6.0-alpine
    - name: opensearchproject/opensearch:2.2.1
      alias: elasticsearch
      command: ["bin/opensearch", "-E", "discovery.type=single-node", "-E", "plugins.security.disabled=true"]
    - name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:zoekt-ci-image-1.0
      alias: zoekt-ci-image
  variables:
    POSTGRES_HOST_AUTH_METHOD: trust
    PG_VERSION: "14"
    ZOEKT_INDEX_BASE_URL: http://zoekt-ci-image:6060
    ZOEKT_SEARCH_BASE_URL: http://zoekt-ci-image:6070
 .use-kaniko:
  image:
@ -411,7 +323,7 @@
    FOSS_ONLY: '1'
 .use-docker-in-docker:
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}docker:${DOCKER_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY}docker:${DOCKER_VERSION}
  services:
    - docker:${DOCKER_VERSION}-dind
  variables:
@ -421,25 +333,3 @@
  tags:
    # See https://gitlab.com/gitlab-com/www-gitlab-com/-/issues/7019 for tag descriptions
    - gitlab-org-docker
 .use-buildx:
  extends: .use-docker-in-docker
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-slim:docker-${DOCKER_VERSION}
  variables:
    QEMU_IMAGE: tonistiigi/binfmt:qemu-v7.0.0
  before_script:
    - !reference [.default-utils-before_script, before_script]
    - echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
    - |
      if [[ "${ARCH}" =~ arm64 ]]; then
        echo -e "\033[1;33mInstalling latest qemu emulators\033[0m"
        docker pull -q ${QEMU_IMAGE};
        docker run --rm --privileged ${QEMU_IMAGE} --uninstall qemu-*;
        docker run --rm --privileged ${QEMU_IMAGE} --install all;
      fi
    - docker buildx create --use  # creates and set's to active buildkit builder
 .use-kube-context:
  before_script:
    - export KUBE_CONTEXT="gitlab-org/gitlab:review-apps"
    - kubectl config use-context ${KUBE_CONTEXT}
--- a/.gitlab/ci/memory.gitlab-ci.yml
+++ b/.gitlab/ci/memory.gitlab-ci.yml
@ -19,11 +19,12 @@
 memory-on-boot:
  extends:
    - .only-code-memory-job-base
-    - .production
+    - .use-pg12
    - .use-pg13
  stage: test
  needs: ["setup-test-env", "compile-test-assets"]
  variables:
    NODE_ENV: "production"
    RAILS_ENV: "production"
    SETUP_DB: "true"
    MEMORY_ON_BOOT_FILE_PREFIX: "tmp/memory_on_boot_"
    TEST_COUNT: 5
--- a/.gitlab/ci/notify.gitlab-ci.yml
+++ b/.gitlab/ci/notify.gitlab-ci.yml
@ -1,41 +1,36 @@
-.notify-defaults:
+.notify-slack:
  image: ${GITLAB_DEPENDENCY_PROXY}alpine
  stage: notify
  dependencies: []
  cache: {}
 create-issues-for-failing-tests:
  extends:
    - .notify-defaults
    - .notify:rules:create-issues-for-failing-tests
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
  variables:
-    FAILED_TESTS_DIR: "${CI_PROJECT_DIR}/tmp/failed_tests"
+    MERGE_REQUEST_URL: ${CI_MERGE_REQUEST_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}
    FAILING_ISSUES_PROJECT: "gitlab-org/quality/engineering-productivity/flaky-tests-playground"
    FAILING_ISSUE_JSON_DIR: "${CI_PROJECT_DIR}/tmp/issues"
  before_script:
-    - source ./scripts/utils.sh
+    - apk update && apk add git curl bash
    - source ./scripts/rspec_helpers.sh
    - install_gitlab_gem
  script:
    - mkdir -p "${FAILING_ISSUE_JSON_DIR}"
    - retrieve_failed_tests "${FAILED_TESTS_DIR}" "json" "latest"
    - scripts/pipeline/create_test_failure_issues.rb --project "${FAILING_ISSUES_PROJECT}" --tests-report-file "${FAILED_TESTS_DIR}/rspec_failed_tests.json" --issues-json-folder "${FAILING_ISSUE_JSON_DIR}" --api-token "${FAILING_ISSUES_PROJECT_TOKEN}"
    - scripts/pipeline/create_test_failure_issues.rb --project "${FAILING_ISSUES_PROJECT}" --tests-report-file "${FAILED_TESTS_DIR}/rspec_ee_failed_tests.json" --issues-json-folder "${FAILING_ISSUE_JSON_DIR}" --api-token "${FAILING_ISSUES_PROJECT_TOKEN}"
  artifacts:
    paths:
      - ${FAILED_TESTS_DIR}/
      - ${FAILING_ISSUE_JSON_DIR}/
    when: always
    expire_in: 2 days
-notify-package-and-test-failure:
+notify-update-gitaly:
  extends:
-    - .notify-defaults
+    - .notify-slack
-    - .notify:rules:notify-package-and-test-failure
+  rules:
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == $GITALY_UPDATE_BRANCH'
-  before_script:
+      when: on_failure
-    - source scripts/utils.sh
+      allow_failure: true
-    - apt-get update
+  variables:
-    - install_gitlab_gem
+    NOTIFY_CHANNEL: g_create_gitaly
    GITALY_UPDATE_BRANCH: release-tools/update-gitaly
  script:
-    - scripts/generate-failed-package-and-test-mr-message.rb
+    - echo "NOTIFY_CHANNEL is ${NOTIFY_CHANNEL}"
    - echo "CI_PIPELINE_URL is ${CI_PIPELINE_URL}"
    - scripts/slack ${NOTIFY_CHANNEL} "☠️ \`${GITALY_UPDATE_BRANCH}\` failed! ☠️ See ${CI_PIPELINE_URL} (triggered from ${MERGE_REQUEST_URL})" ci_failing "GitLab QA Bot"
 notify-security-pipeline:
  extends:
    - .notify-slack
    - .delivery:rules:security-pipeline-merge-result-failure
  variables:
    NOTIFY_CHANNEL: f_upcoming_release
  script:
    - echo "NOTIFY_CHANNEL is ${NOTIFY_CHANNEL}"
    - echo "CI_PIPELINE_URL is ${CI_PIPELINE_URL}"
    # <!subteam^S0127FU8PDE> mentions the `@release-managers` group
    - scripts/slack ${NOTIFY_CHANNEL} "<!subteam^S0127FU8PDE> ☠️  Pipeline for merged result failed! ☠️ See ${CI_PIPELINE_URL} (triggered from ${MERGE_REQUEST_URL})" ci_failing "GitLab Release Tools Bot"
--- a/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test-nightly/main.gitlab-ci.yml
@ -1,87 +0,0 @@
 include:
  - local: .gitlab/ci/qa-common/main.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/rules.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/variables.gitlab-ci.yml
 workflow:
  rules:
    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "nightly"'
 .ce:
  variables:
    RELEASE: ${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ce:${CI_COMMIT_SHA}
 .ee:
  variables:
    RELEASE: ${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}
 # ==========================================
 # Prepare stage
 # ==========================================
 # TODO: enable once ee jobs are added
 # trigger-omnibus-env:
 #   extends:
 #     - .trigger-omnibus-env
 trigger-omnibus-env-ce:
  extends:
    - .trigger-omnibus-env-ce
  variables:
    FOSS_ONLY: "1"  # set FOSS_ONLY because we don't pass it via trigger job
 # TODO: enable once ee jobs are added
 # trigger-omnibus:
 #   extends:
 #     - .trigger-omnibus
 #   needs:
 #     - trigger-omnibus-env
 trigger-omnibus-ce:
  extends:
    - .trigger-omnibus-ce
  needs:
    - trigger-omnibus-env-ce
 # TODO: enable when first parallel job is added
 # download-knapsack-report:
 #   extends:
 #     - .download-knapsack-report
 #     - .rules:download-knapsack
 # ==========================================
 # Test stage
 # ==========================================
 update-ee-to-ce:
  extends:
    - .qa
    - .update-script
    - .ce
  variables:
    UPDATE_TYPE: minor
    UPDATE_FROM_EDITION: ee
    QA_RSPEC_TAGS: --tag smoke
 # ==========================================
 # Post test stage
 # ==========================================
 e2e-test-report:
  extends:
    - .e2e-test-report
 # TODO: enable when first parallel job is added
 # upload-knapsack-report:
 #   extends:
 #     - .upload-knapsack-report
 #     - .rules:report:process-results
 export-test-metrics:
  extends:
    - .export-test-metrics
 relate-test-failures:
  extends:
    - .relate-test-failures
 notify-slack:
  extends:
    - .notify-slack
--- a/.gitlab/ci/package-and-test/main.gitlab-ci.yml
+++ b/.gitlab/ci/package-and-test/main.gitlab-ci.yml
@ -1,525 +0,0 @@
 # E2E tests pipeline loaded dynamically by script: scripts/generate-e2e-pipeline
 # For adding new tests, refer to: doc/development/testing_guide/end_to_end/package_and_test_pipeline.md
 include:
  - local: .gitlab/ci/qa-common/main.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/rules.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/variables.gitlab-ci.yml
 # ==========================================
 # Prepare stage
 # ==========================================
 check-release-set:
  extends: .rules:prepare
  stage: .pre
  script:
    - |
      if [ -z "$RELEASE" ]; then
        echo "E2E test pipeline requires omnibus installation docker image to be set via $RELEASE environment variable"
        exit 1
      else
        echo "Omnibus installation image is set to '$RELEASE'"
      fi
 trigger-omnibus-env:
  extends:
    - .trigger-omnibus-env
    - .rules:omnibus-build
 trigger-omnibus-env-ce:
  extends:
    - .trigger-omnibus-env-ce
    - .rules:omnibus-build-ce
 trigger-omnibus:
  extends:
    - .trigger-omnibus
    - .rules:omnibus-build
  needs:
    - trigger-omnibus-env
 trigger-omnibus-ce:
  extends:
    - .trigger-omnibus-ce
    - .rules:omnibus-build-ce
  needs:
    - trigger-omnibus-env-ce
 download-knapsack-report:
  extends:
    - .download-knapsack-report
    - .rules:download-knapsack
 cache-gems:
  extends:
    - .qa-install
    - .ruby-image
    - .rules:update-cache
  stage: .pre
  tags:
    - e2e
  script:
    - echo "Populated qa cache"
  cache:
    policy: pull-push
 # ==========================================
 # Test stage
 # ==========================================
 # ------------------------------------------
 # Manual jobs
 # ------------------------------------------
 # Run manual quarantine job
 #   this job requires passing QA_SCENARIO variable
 #   and optionally QA_TESTS to run specific quarantined tests
 _quarantine:
  extends:
    - .qa
    - .rules:test:manual
  needs:
    - job: trigger-omnibus
      optional: true
  stage: test
  variables:
    QA_RSPEC_TAGS: --tag quarantine
 # ------------------------------------------
 # FF changes
 # ------------------------------------------
 # Run specs with feature flags set to the opposite of the default state
 instance-ff-inverse:
  extends:
    - .qa
    - .parallel
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_KNAPSACK_REPORT_NAME: ee-instance
    GITLAB_QA_OPTS: --set-feature-flags $QA_FEATURE_FLAGS
  rules:
    - !reference [.rules:test:feature-flags-set, rules]
 # ------------------------------------------
 # Jobs with parallel variant
 # ------------------------------------------
 instance-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 instance:
  extends:
    - .parallel
    - instance-selective
  rules:
    - !reference [.rules:test:feature-flags-set, rules]  # always run instance to validate ff change
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 praefect-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Praefect
    QA_CAN_TEST_PRAEFECT: "true"
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 praefect:
  extends:
    - .parallel
    - praefect-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 relative-url-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::RelativeUrl
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 relative-url:
  extends:
    - .parallel
    - relative-url-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 decomposition-single-db-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    GITLAB_QA_OPTS: --omnibus-config decomposition_single_db $EXTRA_GITLAB_QA_OPTS
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 decomposition-single-db:
  extends:
    - .parallel
    - decomposition-single-db-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 decomposition-multiple-db-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    GITLAB_ALLOW_SEPARATE_CI_DATABASE: "true"
    GITLAB_QA_OPTS: --omnibus-config decomposition_multiple_db $EXTRA_GITLAB_QA_OPTS
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 decomposition-multiple-db:
  extends:
    - .parallel
    - decomposition-multiple-db-selective
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::All/
 object-storage-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag object_storage
    GITLAB_QA_OPTS: --omnibus-config object_storage $EXTRA_GITLAB_QA_OPTS
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/
 object-storage:
  extends: object-storage-selective
  parallel: 2
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::ObjectStorage/
 object-storage-aws-selective:
  extends: object-storage-selective
  variables:
    AWS_S3_ACCESS_KEY: $QA_AWS_S3_ACCESS_KEY
    AWS_S3_BUCKET_NAME: $QA_AWS_S3_BUCKET_NAME
    AWS_S3_KEY_ID: $QA_AWS_S3_KEY_ID
    AWS_S3_REGION: $QA_AWS_S3_REGION
    GITLAB_QA_OPTS: --omnibus-config object_storage_aws $EXTRA_GITLAB_QA_OPTS
 object-storage-aws:
  extends: object-storage-aws-selective
  parallel: 2
  rules:
    - !reference [object-storage, rules]
 object-storage-gcs-selective:
  extends: object-storage-selective
  variables:
    GCS_BUCKET_NAME: $QA_GCS_BUCKET_NAME
    GOOGLE_PROJECT: $QA_GOOGLE_PROJECT
    GOOGLE_JSON_KEY: $QA_GOOGLE_JSON_KEY
    GOOGLE_CLIENT_EMAIL: $QA_GOOGLE_CLIENT_EMAIL
    GITLAB_QA_OPTS: --omnibus-config object_storage_gcs $EXTRA_GITLAB_QA_OPTS
 object-storage-gcs:
  extends: object-storage-gcs-selective
  parallel: 2
  rules:
    - !reference [object-storage, rules]
 packages-selective:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag packages
    GITLAB_QA_OPTS: --omnibus-config packages $EXTRA_GITLAB_QA_OPTS
  rules:
    - !reference [.rules:test:qa-selective, rules]
    - if: $QA_SUITES =~ /Test::Instance::Packages/
 packages:
  extends: packages-selective
  parallel: 2
  rules:
    - !reference [.rules:test:qa-parallel, rules]
    - if: $QA_SUITES =~ /Test::Instance::Packages/
 # ------------------------------------------
 # Non parallel jobs
 # ------------------------------------------
 update-minor:
  extends:
    - .qa
    - .update-script
  variables:
    UPDATE_TYPE: minor
    QA_RSPEC_TAGS: --tag smoke
  rules:
    - !reference [.rules:test:update, rules]
    - if: $QA_SUITES =~ /Test::Instance::Smoke/
    - !reference [.rules:test:manual, rules]
 update-major:
  extends:
    - .qa
    - .update-script
  variables:
    UPDATE_TYPE: major
    QA_RSPEC_TAGS: --tag smoke
  rules:
    - !reference [.rules:test:update, rules]
    - if: $QA_SUITES =~ /Test::Instance::Smoke/
    - !reference [.rules:test:manual, rules]
 gitlab-pages:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GitlabPages
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Instance::GitlabPages/
    - !reference [.rules:test:manual, rules]
 gitaly-cluster:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GitalyCluster
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::GitalyCluster/
    - !reference [.rules:test:manual, rules]
 group-saml:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::GroupSAML
  rules:
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::GroupSAML/
    - !reference [.rules:test:manual, rules]
 oauth:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::OAuth
  rules:
    - !reference [.rules:test:qa-default-branch, rules]
    - if: $QA_SUITES =~ /Test::Integration::OAuth/
    - !reference [.rules:test:manual, rules]
 instance-saml:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::InstanceSAML
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::InstanceSAML/
    - !reference [.rules:test:manual, rules]
 jira:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Jira
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Jira/
    - !reference [.rules:test:manual, rules]
 integrations:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Integrations
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Integrations/
    - !reference [.rules:test:manual, rules]
 ldap-no-server:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPNoServer
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::LDAPNoServer/
    - !reference [.rules:test:manual, rules]
 ldap-tls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPTLS
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::LDAPTLS/
    - !reference [.rules:test:manual, rules]
 ldap-no-tls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::LDAPNoTLS
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::LDAPNoTLS/
    - !reference [.rules:test:manual, rules]
 mtls:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::MTLS
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Mtls/
    - !reference [.rules:test:manual, rules]
 mattermost:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Mattermost
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Mattermost/
    - !reference [.rules:test:manual, rules]
 registry:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Registry
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Registry/
    - !reference [.rules:test:manual, rules]
 registry-with-cdn:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::RegistryWithCDN
    GCS_CDN_BUCKET_NAME: $QA_GCS_CDN_BUCKET_NAME
    GOOGLE_CDN_LB: $QA_GOOGLE_CDN_LB
    GOOGLE_CDN_JSON_KEY: $QA_GOOGLE_CDN_JSON_KEY
    GOOGLE_CDN_SIGNURL_KEY: $QA_GOOGLE_CDN_SIGNURL_KEY
    GOOGLE_CDN_SIGNURL_KEY_NAME: $QA_GOOGLE_CDN_SIGNURL_KEY_NAME
  before_script:
    - unset GITLAB_QA_ADMIN_ACCESS_TOKEN
    - !reference [.qa, before_script]
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::RegistryWithCDN/
    - !reference [.rules:test:manual, rules]
 repository-storage:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::RepositoryStorage
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Instance::RepositoryStorage/
    - !reference [.rules:test:manual, rules]
 service-ping-disabled:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::ServicePingDisabled
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::ServicePingDisabled/
    - !reference [.rules:test:manual, rules]
 smtp:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::SMTP
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::SMTP/
    - !reference [.rules:test:manual, rules]
 cloud-activation:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag cloud_activation
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Instance::CloudActivation/
    - !reference [.rules:test:manual, rules]
 large-setup:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Instance::Image
    QA_RSPEC_TAGS: --tag can_use_large_setup
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Instance::LargeSetup/
    - !reference [.rules:test:manual, rules]
 metrics:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Metrics
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Instance::Metrics/
    - !reference [.rules:test:manual, rules]
 elasticsearch:
  extends: .qa
  variables:
    QA_SCENARIO: "Test::Integration::Elasticsearch"
  before_script:
    - !reference [.qa, before_script]
  rules:
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Elasticsearch/
    - !reference [.rules:test:manual, rules]
 registry-object-storage-tls:
  extends: object-storage-aws-selective
  variables:
    QA_SCENARIO: Test::Integration::RegistryTLS
    QA_RSPEC_TAGS: ""
    GITLAB_TLS_CERTIFICATE: $QA_GITLAB_TLS_CERTIFICATE
    GITLAB_QA_OPTS: --omnibus-config registry_object_storage $EXTRA_GITLAB_QA_OPTS
 importers:
  extends: .qa
  variables:
    QA_SCENARIO: Test::Integration::Import
    QA_MOCK_GITHUB: "true"
  rules:
    - !reference [.rules:test:qa, rules]
    - if: $QA_SUITES =~ /Test::Integration::Import/
    - !reference [.rules:test:manual, rules]
 # ==========================================
 # Post test stage
 # ==========================================
 e2e-test-report:
  extends:
    - .e2e-test-report
    - .rules:report:allure-report
 upload-knapsack-report:
  extends:
    - .upload-knapsack-report
    - .rules:report:process-results
 export-test-metrics:
  extends:
    - .export-test-metrics
    - .rules:report:process-results
 relate-test-failures:
  extends:
    - .relate-test-failures
    - .rules:report:process-results
 generate-test-session:
  extends:
    - .generate-test-session
    - .rules:report:process-results
 notify-slack:
  extends:
    - .notify-slack
    - .rules:report:process-results
--- a/.gitlab/ci/pages.gitlab-ci.yml
+++ b/.gitlab/ci/pages.gitlab-ci.yml
@ -10,18 +10,20 @@ pages:
  environment: pages
  resource_group: pages
  needs:
-    - "rspec:coverage"
+    - job: "rspec:coverage"
-    - "coverage-frontend"
+    - job: "coverage-frontend"
-    - "compile-production-assets"
+    - job: "compile-production-assets"
-    - "compile-storybook"
+    - job: "compile-storybook"
-    - "update-tests-metadata"
+    # `update-tests-metadata` only runs on GitLab.com's EE schedules pipelines
-    - "generate-frontend-fixtures-mapping"
+    # while `pages` runs for all the maintenance scheduled pipelines.
    - job: "update-tests-metadata"
      optional: true
  before_script:
    - apt-get update && apt-get -y install brotli gzip
  script:
    - mv public/ .public/
    - mkdir public/
-    - mkdir -p public/$(dirname "$KNAPSACK_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$FLAKY_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$RSPEC_PACKED_TESTS_MAPPING_PATH") public/$(dirname "$FRONTEND_FIXTURES_MAPPING_PATH")
+    - mkdir -p public/$(dirname "$KNAPSACK_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$FLAKY_RSPEC_SUITE_REPORT_PATH") public/$(dirname "$RSPEC_PACKED_TESTS_MAPPING_PATH")
    - mv coverage/ public/coverage-ruby/ || true
    - mv coverage-frontend/ public/coverage-frontend/ || true
    - mv storybook/public public/storybook || true
@ -29,7 +31,6 @@ pages:
    - mv $KNAPSACK_RSPEC_SUITE_REPORT_PATH public/$KNAPSACK_RSPEC_SUITE_REPORT_PATH || true
    - mv $FLAKY_RSPEC_SUITE_REPORT_PATH public/$FLAKY_RSPEC_SUITE_REPORT_PATH || true
    - mv $RSPEC_PACKED_TESTS_MAPPING_PATH.gz public/$RSPEC_PACKED_TESTS_MAPPING_PATH.gz || true
    - mv $FRONTEND_FIXTURES_MAPPING_PATH public/$FRONTEND_FIXTURES_MAPPING_PATH || true
    - *compress-public
  artifacts:
    paths:
--- a/.gitlab/ci/preflight.gitlab-ci.yml
+++ b/.gitlab/ci/preflight.gitlab-ci.yml
@ -1,66 +0,0 @@
 .preflight-job-base:
  stage: preflight
  extends:
    - .default-retry
  needs: []
 .qa-preflight-job:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}
  extends:
    - .preflight-job-base
    - .qa-cache
  variables:
    USE_BUNDLE_INSTALL: "false"
    SETUP_DB: "false"
  before_script:
    - !reference [.default-before_script, before_script]
    - cd qa && bundle install
 rails-production-server-boot:
  extends:
    - .preflight-job-base
    - .default-before_script
    - .production
    - .ruby-cache
    - .setup:rules:rails-production-server-boot
    - .use-pg13
  variables:
    BUNDLE_WITHOUT: "development:test"
    BUNDLE_WITH: "production"
  needs: []
  script:
    - source scripts/utils.sh
    - cp config/puma.rb.example config/puma.rb
    - sed --in-place "s:/home/git/gitlab:${PWD}:" config/puma.rb
    - echo 'bind "tcp://127.0.0.1:3000"' >> config/puma.rb
    - bundle exec puma --environment production --config config/puma.rb &
    - sleep 40  # See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/114124#note_1309506358
    - retry_times_sleep 10 5 "curl http://127.0.0.1:3000"
    - kill $(jobs -p)
 no-ee-check:
  extends:
    - .preflight-job-base
    - .setup:rules:no-ee-check
  script:
    - scripts/no-dir-check ee
 no-jh-check:
  extends:
    - .preflight-job-base
    - .setup:rules:no-jh-check
  script:
    - scripts/no-dir-check jh
 qa:selectors:
  extends:
    - .qa-preflight-job
    - .qa:rules:ee-and-foss
  script:
    - bundle exec bin/qa Test::Sanity::Selectors
 qa:selectors-as-if-foss:
  extends:
    - qa:selectors
    - .qa:rules:as-if-foss
    - .as-if-foss
--- a/.gitlab/ci/qa-common/main.gitlab-ci.yml
+++ b/.gitlab/ci/qa-common/main.gitlab-ci.yml
@ -1,280 +0,0 @@
 default:
  interruptible: true
 workflow:
  name: $PIPELINE_NAME
 include:
  - project: gitlab-org/quality/pipeline-common
    ref: 5.1.1
    file:
      - /ci/base.gitlab-ci.yml
      - /ci/allure-report.yml
      - /ci/knapsack-report.yml
 stages:
  - test
  - report
  - notify
 # ==========================================
 # Templates
 # ==========================================
 .parallel:
  parallel: 5
  variables:
    QA_KNAPSACK_REPORT_PATH: $CI_PROJECT_DIR/qa/knapsack
 .ruby-image:
  # Because this pipeline template can be included directly in other projects,
  # image path and registry needs to be defined explicitly
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3
 .qa-install:
  variables:
    BUNDLE_SUPPRESS_INSTALL_USING_MESSAGES: "true"
    BUNDLE_SILENCE_ROOT_WARNING: "true"
  extends:
    - .gitlab-qa-install
 .update-script:
  script:
    - !reference [.bundle-prefix]
    - export QA_COMMAND="$BUNDLE_PREFIX gitlab-qa Test::Omnibus::UpdateFromPrevious $RELEASE $GITLAB_SEMVER_VERSION $UPDATE_TYPE $UPDATE_FROM_EDITION -- $QA_RSPEC_TAGS $RSPEC_REPORT_OPTS"
    - echo "Running - '$QA_COMMAND'"
    - eval "$QA_COMMAND"
 .qa:
  extends:
    - .qa-base
    - .qa-install
    - .gitlab-qa-report
  stage: test
  tags:
    - e2e
  variables:
    QA_GENERATE_ALLURE_REPORT: "true"
    QA_CAN_TEST_PRAEFECT: "false"
    QA_INTERCEPT_REQUESTS: "true"
    GITLAB_LICENSE_MODE: test
    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
    GITLAB_QA_OPTS: $EXTRA_GITLAB_QA_OPTS
    # todo: remove in 16.1 milestone when not needed for backwards compatibility anymore
    EE_LICENSE: $QA_EE_LICENSE
    GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN
  # Allow QA jobs to fail as they are flaky. The top level `package-and-e2e:ee`
  # pipeline is not allowed to fail, so without allowing QA to fail, we will be
  # blocking merges due to flaky tests.
  allow_failure: true
 .trigger-omnibus-env:
  stage: .pre
  needs:
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream omnibus-gitlab pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - |
      # This is duplicating the function from `scripts/utils.sh` since `.gitlab/ci/package-and-test/main.gitlab-ci.yml` can be included in other projects.
      function assets_image_tag() {
        local cache_assets_hash_file="cached-assets-hash.txt"
        if [[ -n "${CI_COMMIT_TAG}" ]]; then
          echo -n "${CI_COMMIT_REF_NAME}"
        elif [[ -f "${cache_assets_hash_file}" ]]; then
          echo -n "assets-hash-$(cat ${cache_assets_hash_file} | cut -c1-10)"
        else
          echo -n "${CI_COMMIT_SHA}"
        fi
      }
  script:
    - |
      SECURITY_SOURCES=$([[ ! "$CI_PROJECT_NAMESPACE" =~ ^gitlab-org\/security ]] || echo "true")
      echo "SECURITY_SOURCES=${SECURITY_SOURCES:-false}" > $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_UPDATE=${OMNIBUS_GITLAB_CACHE_UPDATE:-false}" >> $BUILD_ENV
      for version_file in *_VERSION; do echo "$version_file=$(cat $version_file)" >> $BUILD_ENV; done
      echo "OMNIBUS_GITLAB_RUBY3_BUILD=${OMNIBUS_GITLAB_RUBY3_BUILD:-false}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_RUBY2_BUILD=${OMNIBUS_GITLAB_RUBY2_BUILD:-false}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_CACHE_EDITION=${OMNIBUS_GITLAB_CACHE_EDITION:-GITLAB}" >> $BUILD_ENV
      echo "OMNIBUS_GITLAB_BUILD_ON_ALL_OS=${OMNIBUS_GITLAB_BUILD_ON_ALL_OS:-false}" >> $BUILD_ENV
      echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
      echo "EE=$([[ $FOSS_ONLY == '1' ]] && echo 'false' || echo 'true')" >> $BUILD_ENV
      target_branch_name="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:-${CI_COMMIT_REF_NAME}}"
      echo "TRIGGER_BRANCH=$([[ "${target_branch_name}" =~ ^[0-9-]+-stable(-ee)?$ ]] && echo ${target_branch_name%-ee} || echo 'master')" >> $BUILD_ENV
    - |
      echo "Built environment file for omnibus build:"
      cat $BUILD_ENV
  artifacts:
    expire_in: 3 days
    reports:
      dotenv: $BUILD_ENV
    paths:
      - $BUILD_ENV
 .trigger-omnibus-env-ce:
  extends: .trigger-omnibus-env
  needs:
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image as-if-foss
 .trigger-omnibus:
  stage: .pre
  inherit:
    variables: false
  variables:
    GITALY_SERVER_VERSION: $GITALY_SERVER_VERSION
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: $GITLAB_ELASTICSEARCH_INDEXER_VERSION
    GITLAB_KAS_VERSION: $GITLAB_KAS_VERSION
    GITLAB_METRICS_EXPORTER_VERSION: $GITLAB_METRICS_EXPORTER_VERSION
    GITLAB_PAGES_VERSION: $GITLAB_PAGES_VERSION
    GITLAB_SHELL_VERSION: $GITLAB_SHELL_VERSION
    GITLAB_WORKHORSE_VERSION: $GITLAB_WORKHORSE_VERSION
    GITLAB_VERSION: $CI_COMMIT_SHA
    GITLAB_ASSETS_TAG: $GITLAB_ASSETS_TAG
    IMAGE_TAG: $CI_COMMIT_SHA
    TOP_UPSTREAM_SOURCE_PROJECT: $CI_PROJECT_PATH
    SECURITY_SOURCES: $SECURITY_SOURCES
    CACHE_UPDATE: $OMNIBUS_GITLAB_CACHE_UPDATE
    RUBY3_BUILD: $OMNIBUS_GITLAB_RUBY3_BUILD
    RUBY2_BUILD: $OMNIBUS_GITLAB_RUBY2_BUILD
    CACHE_EDITION: $OMNIBUS_GITLAB_CACHE_EDITION
    BUILD_ON_ALL_OS: $OMNIBUS_GITLAB_BUILD_ON_ALL_OS
    SKIP_QA_TEST: "true"
    ee: $EE
  trigger:
    project: gitlab-org/build/omnibus-gitlab-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend
 .trigger-omnibus-ce:
  extends:
    - .trigger-omnibus
  variables:
    # Override gitlab repository so that omnibus doesn't use foss repository for CE build
    GITLAB_ALTERNATIVE_REPO: $CI_PROJECT_URL
 .download-knapsack-report:
  extends:
    - .gitlab-qa-image
  stage: .pre
  variables:
    KNAPSACK_DIR: ${CI_PROJECT_DIR}/qa/knapsack
    GIT_STRATEGY: none
  script:
    # when using qa-image, code runs in /home/gitlab/qa folder
    - bundle exec rake "knapsack:download[test]"
    - mkdir -p "$KNAPSACK_DIR" && cp knapsack/*.json "${KNAPSACK_DIR}/"
  allow_failure: true
  artifacts:
    paths:
      - qa/knapsack/*.json
    expire_in: 1 day
 .e2e-test-report:
  extends:
    - .generate-allure-report-base
  stage: report
  variables:
    GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE
    ALLURE_PROJECT_PATH: $CI_PROJECT_PATH
    ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
 .upload-knapsack-report:
  extends:
    - .generate-knapsack-report-base
    - .qa-install
    - .ruby-image
  stage: report
  when: always
 .export-test-metrics:
  extends:
    - .qa-install
    - .ruby-image
  stage: report
  when: always
  variables:
    QA_METRICS_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/gitlab-qa-run-*/**/test-metrics-*.json
  script:
    - bundle exec rake "ci:export_test_metrics[$QA_METRICS_REPORT_FILE_PATTERN]"
 .relate-test-failures:
  extends:
    - .qa-install
    - .ruby-image
  stage: report
  when: always
  variables:
    QA_RSPEC_JSON_FILE_PATTERN: "${CI_PROJECT_DIR}/gitlab-qa-run-*/**/rspec-*.json"
  script:
    - |
      if [ "$SUITE_FAILED" != "true" ] && [ "$SUITE_RAN" == "true" ]; then
        echo "Test suite passed. Exiting..."
        exit 0
      fi
    - |
      bundle exec relate-failure-issue \
        --input-files "${QA_RSPEC_JSON_FILE_PATTERN}" \
        --project "gitlab-org/gitlab" \
        --token "${QA_RELATE_FAILURE_ISSUE_TOKEN}"
 .generate-test-session:
  extends:
    - .qa-install
    - .ruby-image
  stage: report
  when: always
  variables:
    QA_RSPEC_JSON_FILE_PATTERN: "${CI_PROJECT_DIR}/gitlab-qa-run-*/**/rspec-*.json"
  script:
    - |
      bundle exec generate-test-session \
        --input-files "${QA_RSPEC_JSON_FILE_PATTERN}" \
        --project "gitlab-org/quality/testcase-sessions" \
        --token "${QA_TEST_SESSION_TOKEN}" \
        --ci-project-token "${GENERATE_TEST_SESSION_READ_API_REPORTER_TOKEN}" \
        --issue-url-file report_issue_url.txt
  artifacts:
    when: always
    expire_in: 1d
    paths:
      - qa/report_issue_url.txt
 .notify-slack:
  extends:
    - .notify-slack-qa
    - .qa-install
    - .ruby-image
  stage: notify
  variables:
    QA_RSPEC_XML_FILE_PATTERN: "${CI_PROJECT_DIR}/gitlab-qa-run-*/**/rspec-*.xml"
    SLACK_ICON_EMOJI: ci_failing
    STATUS_SYM: ☠️
    STATUS: failed
    TYPE: "($QA_RUN_TYPE) "
  when: always
  script:
    - |
      if [ "$SUITE_FAILED" != "true" ] && [ "$SUITE_RAN" == "true" ]; then
        echo "Test suite passed. Exiting..."
        exit 0
      fi
    - bundle exec prepare-stage-reports --input-files "${QA_RSPEC_XML_FILE_PATTERN}"
    - !reference [.notify-slack-qa, script]
 # ==========================================
 # Pre stage
 # ==========================================
 dont-interrupt-me:
  stage: .pre
  interruptible: false
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
  rules:
    - if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $CI_MERGE_REQUEST_IID == null'
      allow_failure: true
    - if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
      when: manual
      allow_failure: true
--- a/.gitlab/ci/qa-common/rules.gitlab-ci.yml
+++ b/.gitlab/ci/qa-common/rules.gitlab-ci.yml
@ -1,154 +0,0 @@
 # Specific specs passed
 .specific-specs: &specific-specs
  if: $QA_TESTS != ""
 # No specific specs passed
 .all-specs: &all-specs
  if: $QA_TESTS == ""
 # FF changes
 .feature-flags-set: &feature-flags-set
  if: $QA_FEATURE_FLAGS =~ /enabled|disabled/
 # Manually trigger job on ff changes but with default ff state instead of inverted
 .feature-flags-set-manual: &feature-flags-set-manual
  <<: *feature-flags-set
  when: manual
  allow_failure: true
 # Run the job on master pipeline
 .default-branch: &default-branch
  if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
 # Run all tests when QA framework changes present, full suite execution is explicitly enabled or a feature flag file is removed
 .qa-run-all-tests: &qa-run-all-tests
  if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_RUN_ALL_E2E_LABEL == "true" || $QA_FEATURE_FLAGS =~ /deleted/
 # Run job when MR has pipeline:run-all-e2e label
 .qa-run-all-e2e-label: &qa-run-all-e2e-label
  if: $QA_RUN_ALL_E2E_LABEL == "true"
 # Process test results (notify failure to slack, create test session report, relate test failures)
 .process-test-results: &process-test-results
  if: $PROCESS_TEST_RESULTS == "true"
 .not-canonical-project: &not-canonical-project
  if: '$CI_PROJECT_PATH != "gitlab-org/gitlab" && $CI_PROJECT_PATH != "gitlab-cn/gitlab"'
 # Selective test execution against omnibus instance have following execution scenarios:
 #   * only e2e spec files changed - runs only changed specs
 #   * qa framework changes - runs full test suite
 #   * feature flag changed - runs full test suite with base gitlab instance configuration with both ff states
 #   * quarantined e2e spec - skips execution of e2e tests by creating a no-op pipeline
 # ------------------------------------------
 # Prepare
 # ------------------------------------------
 .rules:prepare:
  rules:
    - when: always
 .rules:omnibus-build:
  rules:
    - if: $SKIP_OMNIBUS_TRIGGER == "true"
      when: never
    - if: $FOSS_ONLY != "1"
 .rules:omnibus-build-ce:
  rules:
    - if: $SKIP_OMNIBUS_TRIGGER == "true"
      when: never
    - if: $FOSS_ONLY == "1"
 .rules:update-cache:
  rules:
    - if: '$UPDATE_QA_CACHE == "true"'
 .rules:download-knapsack:
  rules:
    - when: always
 # ------------------------------------------
 # Test
 # ------------------------------------------
 .rules:test:manual:
  rules:
    - when: manual
      allow_failure: true
      variables:
        QA_TESTS: ""
 .rules:test:feature-flags-set:
  rules:
    # unset specific specs if pipeline has feature flag changes and run full suite
    - <<: *feature-flags-set
      variables:
        QA_TESTS: ""
 # parallel and non parallel rules are used for jobs that require parallel execution and thus need to switch
 # between parallel and non parallel when only certain specs are executed
 .rules:test:qa-selective:
  rules:
    # always run parallel with full suite when framework changes present or ff state changed
    - <<: *qa-run-all-tests
      when: never
    - <<: *all-specs
      when: never
    - <<: *feature-flags-set
      when: never
 .rules:test:qa-parallel:
  rules:
    - *qa-run-all-tests
    - <<: *specific-specs
      when: manual
      allow_failure: true
      variables:
        QA_TESTS: ""
    - *feature-flags-set-manual
 # general qa job rule for jobs without the need to run in parallel
 .rules:test:qa:
  rules:
    - *qa-run-all-tests
    - *feature-flags-set-manual
 .rules:test:ee-only:
  rules:
    - if: $FOSS_ONLY == "1"
      when: never
 .rules:test:update:
  rules:
    # skip upgrade jobs if gitlab version is not in semver compatible format
    # these jobs need gitlab version because we can't reliably detect it from just the image
    - if: $GITLAB_SEMVER_VERSION !~ /^\d+\.\d+\.\d+/
      when: never
    # update type tests are used to check if gitlab upgrade can be performed correctly (mainly migrations)
    # there isn't much benefit in running tests after update with new sidebar enabled and there
    # is also an issue to properly pass feature toggle to this job due to how gitlab-qa parses cli args
    - if: $QA_SUPER_SIDEBAR_ENABLED == "true"
      when: never
    - !reference [.rules:test:ee-only, rules]
    - !reference [.rules:test:qa, rules]
 .rules:test:qa-default-branch:
  rules:
    - *qa-run-all-e2e-label
    - *default-branch
    - *feature-flags-set-manual
 # ------------------------------------------
 # Report
 # ------------------------------------------
 .rules:report:allure-report:
  rules:
    - if: $SKIP_ALLURE_REPORT == "true"
      when: never
    - when: always
 .rules:report:process-results:
  rules:
    - <<: *not-canonical-project
      when: never
    - *process-test-results
--- a/.gitlab/ci/qa-common/variables.gitlab-ci.yml
+++ b/.gitlab/ci/qa-common/variables.gitlab-ci.yml
@ -1,20 +0,0 @@
 # Default variables for package-and-test
 variables:
  REGISTRY_HOST: "registry.gitlab.com"
  REGISTRY_GROUP: "gitlab-org"
  SKIP_REPORT_IN_ISSUES: "true"
  SKIP_OMNIBUS_TRIGGER: "true"
  OMNIBUS_GITLAB_CACHE_UPDATE: "false"
  OMNIBUS_GITLAB_RUBY3_BUILD: "false"
  OMNIBUS_GITLAB_RUBY2_BUILD: "false"
  OMNIBUS_GITLAB_CACHE_EDITION: "GITLAB"
  OMNIBUS_GITLAB_BUILD_ON_ALL_OS: "false"
  ALLURE_JOB_NAME: $CI_PROJECT_NAME
  COLORIZED_LOGS: "true"
  QA_LOG_LEVEL: "info"
  QA_TESTS: ""
  QA_FEATURE_FLAGS: ""
  # run all tests by default when package-and-test is included natively in other projects
  # this will be overridden when selective test execution is used in gitlab canonical project
  QA_RUN_ALL_TESTS: "true"
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@ -1,5 +1,5 @@
 .qa-job-base:
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-2.7:bundler-2.3-git-2.33-chrome-${CHROME_VERSION}
  extends:
    - .default-retry
    - .qa-cache
@ -8,44 +8,11 @@
  variables:
    USE_BUNDLE_INSTALL: "false"
    SETUP_DB: "false"
    QA_EXPORT_TEST_METRICS: "false"
  before_script:
    - !reference [.default-before_script, before_script]
    - cd qa && bundle install
 .e2e-trigger-base:
  extends: .production  # this makes sure GITLAB_ALLOW_SEPARATE_CI_DATABASE is passed to the child pipeline
  stage: qa
  needs:
    - build-assets-image
    - build-qa-image
    - e2e-test-pipeline-generate
  variables:
    # This is needed by `trigger-omnibus-env` (`.gitlab/ci/package-and-test/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    SKIP_MESSAGE: Skipping package-and-test due to mr containing only quarantine changes!
    GITLAB_QA_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-ee-qa:${CI_COMMIT_SHA}"
    RUN_WITH_BUNDLE: "true"  # instructs pipeline to install and run gitlab-qa gem via bundler
    QA_PATH: qa  # sets the optional path for bundler to run from
    DYNAMIC_PIPELINE_YML: package-and-test-pipeline.yml  # yml files are generated by scripts/generate-e2e-pipeline script
  inherit:
    variables:
      - CHROME_VERSION
      - RUBY_VERSION
      - DOCKER_VERSION
      - REGISTRY_GROUP
      - REGISTRY_HOST
      - OMNIBUS_GITLAB_CACHE_EDITION
      - OMNIBUS_GITLAB_RUBY3_BUILD
      - OMNIBUS_GITLAB_RUBY2_BUILD
  trigger:
    strategy: depend
    forward:
      yaml_variables: true
      pipeline_variables: true
    include:
      - artifact: $DYNAMIC_PIPELINE_YML
        job: e2e-test-pipeline-generate
 qa:internal:
  extends:
    - .qa-job-base
@ -59,6 +26,13 @@ qa:internal-as-if-foss:
    - .qa:rules:internal-as-if-foss
    - .as-if-foss
 qa:selectors:
  extends:
    - .qa-job-base
    - .qa:rules:ee-and-foss
  script:
    - bundle exec bin/qa Test::Sanity::Selectors
 qa:master-auto-quarantine-dequarantine:
  extends:
    - .qa-job-base
@ -77,7 +51,13 @@ qa:nightly-auto-quarantine-dequarantine:
    - bundle exec confiner -r .confiner/nightly.yml
  allow_failure: true
-qa:update-qa-cache:
+qa:selectors-as-if-foss:
  extends:
    - qa:selectors
    - .qa:rules:as-if-foss
    - .as-if-foss
 update-qa-cache:
  extends:
    - .qa-job-base
    - .qa-cache-push
@ -86,81 +66,103 @@ qa:update-qa-cache:
  script:
    - echo "Cache has been updated and ready to be uploaded."
-e2e:package-and-test-ee:
+populate-qa-tests-var:
  extends:
-    - .e2e-trigger-base
+    - .qa:rules:determine-qa-tests
-    - .qa:rules:package-and-test-ee
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7-alpine
  stage: prepare
  script:
    - export QA_TESTS=$(scripts/determine-qa-tests --files $CHANGES_FILE --labels "$CI_MERGE_REQUEST_LABELS")
    - 'echo "QA_TESTS=$QA_TESTS" >> qa_tests_var.env'
    - 'echo "QA_TESTS: $QA_TESTS"'
  artifacts:
    expire_in: 2d
    reports:
      dotenv: qa_tests_var.env
    paths:
      - ${CHANGES_FILE}
      - qa_tests_var.env
  variables:
    CHANGES_FILE: tmp/changed_files.txt
  needs:
-    - build-assets-image
+    - detect-tests
    - build-qa-image
    - e2e-test-pipeline-generate
  variables:
    RELEASE: "${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ee:${CI_COMMIT_SHA}"
    QA_RUN_TYPE: e2e-package-and-test
    ALLURE_JOB_NAME: e2e-package-and-test
    PIPELINE_NAME: E2E Omnibus GitLab EE
-e2e:package-and-test-ce:
+.package-and-qa-base:
-  extends:
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine
    - e2e:package-and-test-ee
    - .qa:rules:package-and-test-ce
  needs:
    - build-assets-image as-if-foss
    - build-qa-image as-if-foss
    - e2e-test-pipeline-generate
  variables:
    FOSS_ONLY: "1"
    RELEASE: ${REGISTRY_HOST}/${REGISTRY_GROUP}/build/omnibus-gitlab-mirror/gitlab-ce:${CI_COMMIT_SHA}
    GITLAB_QA_IMAGE: ${CI_REGISTRY_IMAGE}/gitlab-ce-qa:${CI_COMMIT_SHA}
    QA_RUN_TYPE: e2e-package-and-test-ce
    ALLURE_JOB_NAME: e2e-package-and-test-ce
    PIPELINE_NAME: E2E Omnibus GitLab CE
 e2e:package-and-test-super-sidebar:
  extends:
    - e2e:package-and-test-ee
    - .qa:rules:package-and-test-sidebar
  when: manual
  variables:
    QA_SUPER_SIDEBAR_ENABLED: "true"
    EXTRA_GITLAB_QA_OPTS: --set-feature-flags super_sidebar_nav=enabled
    QA_RUN_TYPE: e2e-package-and-test-super-sidebar
    ALLURE_JOB_NAME: e2e-package-and-test-super-sidebar
    PIPELINE_NAME: E2E Omnibus Super Sidebar
 e2e:package-and-test-nightly:
  extends:
    - .e2e-trigger-base
    - .qa:rules:package-and-test-nightly
  needs:
    - build-assets-image
    - build-assets-image as-if-foss
    - build-qa-image
    - build-qa-image as-if-foss
    - e2e-test-pipeline-generate
  variables:
    GITLAB_SEMVER_VERSION: $GITLAB_SEMVER_VERSION
    QA_RUN_TYPE: nightly
    ALLURE_JOB_NAME: nightly
    PIPELINE_NAME: E2E Omnibus GitLab Nightly
    DYNAMIC_PIPELINE_YML: package-and-test-nightly-pipeline.yml
 e2e:test-on-gdk:
  extends:
    - .e2e-trigger-base
    - .qa:rules:e2e:test-on-gdk
  stage: qa
  retry: 0
  before_script:
    - source scripts/utils.sh
    - install_gitlab_gem
    - tooling/bin/find_change_diffs ${CHANGES_DIFFS_DIR}
  script:
    - 'echo "QA_TESTS: $QA_TESTS"'
    - exit_code=0 && tooling/bin/qa/package_and_qa_check ${CHANGES_DIFFS_DIR} || exit_code=$?
    - echo $exit_code
    - |
      if [ $exit_code -eq 0 ]; then
        ./scripts/trigger-build.rb omnibus
      elif [ $exit_code -eq 1 ]; then
        exit 1
      else
        echo "Downstream jobs will not be triggered because package_and_qa_check exited with code: $exit_code"
      fi
  # These jobs often time out, so temporarily use private runners and a long timeout: https://gitlab.com/gitlab-org/gitlab/-/issues/238563
  tags:
    - prm
  timeout: 4h
  needs:
-    # In scheduled master pipelines we wait for the image to be built.
+    - job: build-qa-image
-    # In MRs we assume the last scheduled master pipeline built the image already.
+      artifacts: false
-    - job: build-qa-on-gdk-master-image
+    - job: build-assets-image
-      optional: true
+      artifacts: false
-    - job: e2e-test-pipeline-generate
+    - job: populate-qa-tests-var
-      artifacts: true
+    - detect-tests
  artifacts:
    expire_in: 7d
    paths:
      - ${CHANGES_DIFFS_DIR}/*
  variables:
-    ALLURE_JOB_NAME: e2e-test-on-gdk
+    CHANGES_DIFFS_DIR: tmp/diffs
-    QA_RUN_TYPE: e2e-test-on-gdk
+    ALLURE_JOB_NAME: $CI_JOB_NAME
-    PIPELINE_NAME: E2E GDK
+
-    DYNAMIC_PIPELINE_YML: test-on-gdk-pipeline.yml
+.package-and-qa-ff-base:
-    SKIP_MESSAGE: Skipping test-on-gdk due to mr containing only quarantine changes!
+  script:
-  allow_failure: true
+    - |
      feature_flags=$(scripts/changed-feature-flags --files $CHANGES_DIFFS_DIR --state $QA_FF_STATE)
      if [[ $feature_flags ]]; then
        export GITLAB_QA_OPTIONS="--set-feature-flags $feature_flags"
        echo $GITLAB_QA_OPTIONS
        ./scripts/trigger-build.rb omnibus
      else
        echo "No changed feature flag found to test as $QA_FF_STATE."
      fi
 package-and-qa:
  extends:
    - .package-and-qa-base
    - .qa:rules:package-and-qa
 package-and-qa-ff-enabled:
  extends:
    - .package-and-qa-base
    - .package-and-qa-ff-base
    - .qa:rules:package-and-qa:feature-flags
  variables:
    QA_FF_STATE: "enabled"
 package-and-qa-ff-disabled:
  extends:
    - .package-and-qa-base
    - .package-and-qa-ff-base
    - .qa:rules:package-and-qa:feature-flags
  variables:
    QA_FF_STATE: "disabled"
 package-and-qa-ff-deleted:
  extends:
    - .package-and-qa-base
    - .package-and-qa-ff-base
    - .qa:rules:package-and-qa:feature-flags
  variables:
    QA_FF_STATE: "deleted"
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
--- a/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
+++ b/.gitlab/ci/rails/rspec-foss-impact.gitlab-ci.yml.erb
@ -1,90 +0,0 @@
 # RSpec FOSS impact pipeline loaded dynamically by script: scripts/generate_rspec_pipeline.rb
 include:
  - local: .gitlab/ci/rails/shared.gitlab-ci.yml
 default:
  image: $DEFAULT_CI_IMAGE
  tags:
    - gitlab-org
  # Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
  timeout: 90m
  interruptible: true
 stages:
  - test
 dont-interrupt-me:
  extends: .rules:dont-interrupt
  stage: .pre
  interruptible: false
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
 .base-rspec-foss-impact:
  extends: .rspec-base-pg13-as-if-foss
  needs:
    - pipeline: $PARENT_PIPELINE_ID
      job: detect-tests
    - pipeline: $PARENT_PIPELINE_ID
      job: setup-test-env
    - pipeline: $PARENT_PIPELINE_ID
      job: retrieve-tests-metadata
    - pipeline: $PARENT_PIPELINE_ID
      job: compile-test-assets as-if-foss
  rules:
    - when: always
  variables:
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
    RSPEC_TESTS_MAPPING_ENABLED: "true"
  script:
    - !reference [.base-script, script]
    - rspec_paralellized_job "--tag ~quarantine --tag ~level:background_migration --tag ~zoekt"
  artifacts:
    expire_in: 7d
    paths:
      - "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
      - tmp/capybara/
 <% if rspec_files_per_test_level[:migration][:files].size > 0 %>
 rspec migration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:migration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:migration][:parallelization] %>
 <% end %>
  script:
    - !reference [.base-script, script]
    - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt"
 <% end %>
 <% if rspec_files_per_test_level[:background_migration][:files].size > 0 %>
 rspec background_migration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:background_migration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:background_migration][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:unit][:files].size > 0 %>
 rspec unit foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:unit][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:unit][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:integration][:files].size > 0 %>
 rspec integration foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:integration][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:integration][:parallelization] %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level[:system][:files].size > 0 %>
 rspec system foss-impact:
  extends: .base-rspec-foss-impact
 <% if rspec_files_per_test_level[:system][:parallelization] > 1 %>
  parallel: <%= rspec_files_per_test_level[:system][:parallelization] %>
 <% end %>
 <% end %>
--- a/.gitlab/ci/rails/rspec-predictive.gitlab-ci.yml.erb
+++ b/.gitlab/ci/rails/rspec-predictive.gitlab-ci.yml.erb
@ -1,153 +0,0 @@
 # RSpec preditive pipeline loaded dynamically by script: scripts/generate_rspec_pipeline.rb
 include:
  - local: .gitlab/ci/rails/shared.gitlab-ci.yml
 default:
  image: $DEFAULT_CI_IMAGE
  tags:
    - gitlab-org
  # Default job timeout set to 90m https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/10520
  timeout: 90m
  interruptible: true
 stages:
  - test
 dont-interrupt-me:
  extends: .rules:dont-interrupt
  stage: .pre
  interruptible: false
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
 .base-predictive:
  needs:
    - pipeline: $PARENT_PIPELINE_ID
      job: detect-tests
    - pipeline: $PARENT_PIPELINE_ID
      job: setup-test-env
    - pipeline: $PARENT_PIPELINE_ID
      job: retrieve-tests-metadata
    - pipeline: $PARENT_PIPELINE_ID
      job: compile-test-assets
  rules:
    - when: always
  variables:
    RSPEC_TESTS_MAPPING_ENABLED: "true"
 <% if test_suite_prefix.nil? %>
 .base-rspec-predictive:
  extends:
    - .rspec-base-pg12
    - .base-predictive
  variables:
    # We're using the FOSS one here because we want to exclude EE-only ones
    # For EE-only ones, we have EE-only jobs.
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_FOSS_PATH}"
 <% if rspec_files_per_test_level.dig(:migration, :files).size > 0 %>
 rspec migration predictive:
  extends:
    - .base-rspec-predictive
    - .rspec-base-migration
 <% if rspec_files_per_test_level.dig(:migration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:migration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:background_migration, :files).size > 0 %>
 rspec background_migration predictive:
  extends:
    - .base-rspec-predictive
    - .rspec-base-migration
 <% if rspec_files_per_test_level.dig(:background_migration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:background_migration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:unit, :files).size > 0 %>
 rspec unit predictive:
  extends:
    - .base-rspec-predictive
 <% if rspec_files_per_test_level.dig(:unit, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:unit, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:integration, :files).size > 0 %>
 rspec integration predictive:
  extends:
    - .base-rspec-predictive
 <% if rspec_files_per_test_level.dig(:integration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:integration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:system, :files).size > 0 %>
 rspec system predictive:
  extends:
    - .base-rspec-predictive
 <% if rspec_files_per_test_level.dig(:system, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:system, :parallelization) %>
 <% end %>
 <% end %>
 <% end %>
 <% if test_suite_prefix == 'ee/' %>
 .base-rspec-ee-predictive:
  extends:
    - .rspec-ee-base-pg12
    - .base-predictive
  variables:
    RSPEC_TESTS_FILTER_FILE: "${RSPEC_MATCHING_TESTS_EE_PATH}"
 <% if rspec_files_per_test_level.dig(:migration, :files).size > 0 %>
 rspec-ee migration predictive:
  extends:
    - .base-rspec-ee-predictive
    - .rspec-base-migration
 <% if rspec_files_per_test_level.dig(:migration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:migration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:background_migration, :files).size > 0 %>
 rspec-ee background_migration predictive:
  extends:
    - .base-rspec-ee-predictive
    - .rspec-base-migration
 <% if rspec_files_per_test_level.dig(:background_migration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:background_migration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:unit, :files).size > 0 %>
 rspec-ee unit predictive:
  extends:
    - .base-rspec-ee-predictive
 <% if rspec_files_per_test_level.dig(:unit, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:unit, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:integration, :files).size > 0 %>
 rspec-ee integration predictive:
  extends:
    - .base-rspec-ee-predictive
 <% if rspec_files_per_test_level.dig(:integration, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:integration, :parallelization) %>
 <% end %>
 <% end %>
 <% if rspec_files_per_test_level.dig(:system, :files).size > 0 %>
 rspec-ee system predictive:
  extends:
    - .base-rspec-ee-predictive
 <% if rspec_files_per_test_level.dig(:system, :parallelization) > 1 %>
  parallel: <%= rspec_files_per_test_level.dig(:system, :parallelization) %>
 <% end %>
 <% end %>
 <% end %>
--- a/.gitlab/ci/rails/shared.gitlab-ci.yml
+++ b/.gitlab/ci/rails/shared.gitlab-ci.yml
@ -1,218 +0,0 @@
 include:
  - local: .gitlab/ci/global.gitlab-ci.yml
  - local: .gitlab/ci/rules.gitlab-ci.yml
 .rules:dont-interrupt:
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      allow_failure: true
    - if: $CI_MERGE_REQUEST_IID
      when: manual
      allow_failure: true
 #######################
 # rspec job base specs
 .rails-job-base:
  extends:
    - .default-retry
    - .default-before_script
    - .rails-cache
 .base-script:
  script:
    - source ./scripts/rspec_helpers.sh
    # Only install knapsack after bundle install! Otherwise oddly some native
    # gems could not be found under some circumstance. No idea why, hours wasted.
    - run_timed_command "gem install knapsack --no-document"
    - echo -e "\e[0Ksection_start:`date +%s`:gitaly-test-spawn[collapsed=true]\r\e[0KStarting Gitaly"
    - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn"  # Do not use 'bundle exec' here
    - echo -e "\e[0Ksection_end:`date +%s`:gitaly-test-spawn\r\e[0K"
 .single-db:
  variables:
    DECOMPOSED_DB: "false"
 .single-db-ci-connection:
  extends: .single-db
  variables:
    CI_CONNECTION_DB: "true"
 .single-db-rspec:
  extends: .single-db
 .single-db-ci-connection-rspec:
  extends: .single-db-ci-connection
 .praefect-with-db:
  variables:
    GITALY_PRAEFECT_WITH_DB: '1'
 .rspec-base:
  extends:
    - .rails-job-base
    - .base-artifacts
  stage: test
  variables:
    RUBY_GC_MALLOC_LIMIT: 67108864
    RUBY_GC_MALLOC_LIMIT_MAX: 134217728
    RECORD_DEPRECATIONS: "true"
    GEO_SECONDARY_PROXY: 0
    SUCCESSFULLY_RETRIED_TEST_EXIT_CODE: 137
  needs:
    - job: "setup-test-env"
    - job: "retrieve-tests-metadata"
    - job: "compile-test-assets"
    - job: "detect-tests"
      optional: true
  script:
    - !reference [.base-script, script]
    # We need to exclude background migration because unit tests run with
    # spec/lib, yet background migration tests are also sitting there,
    # and they should run on their own jobs so we don't need to run them
    # in unit tests again.
    - rspec_paralellized_job "--tag ~quarantine --tag ~level:background_migration"
  allow_failure:
    exit_codes: !reference [.rspec-base, variables, SUCCESSFULLY_RETRIED_TEST_EXIT_CODE]
 .base-artifacts:
  artifacts:
    expire_in: 31d
    when: always
    paths:
      - coverage/
      - crystalball/
      - deprecations/
      - knapsack/
      - query_recorder/
      - rspec/
      - tmp/capybara/
      - log/*.log
    reports:
      junit: ${JUNIT_RESULT_FILE}
 .rspec-base-migration:
  script:
    - !reference [.base-script, script]
    - rspec_paralellized_job "--tag ~quarantine --tag ~zoekt"
 .rspec-base-pg12:
  extends:
    - .rspec-base
    - .use-pg12
 .rspec-base-pg13:
  extends:
    - .rspec-base
    - .use-pg13
 .rspec-base-pg13-as-if-foss:
  extends:
    - .rspec-base
    - .as-if-foss
    - .use-pg13
  needs:
    - job: "setup-test-env"
    - job: "retrieve-tests-metadata"
    - job: "compile-test-assets as-if-foss"
    - job: "detect-tests"
      optional: true
 .rspec-base-pg14:
  extends:
    - .rspec-base
    - .use-pg14
 .rspec-ee-base-pg12:
  extends:
    - .rspec-base
    - .use-pg12-es7-ee
 .rspec-ee-base-pg13:
  extends:
    - .rspec-base
    - .use-pg13-es7-ee
 .rspec-ee-base-pg13-es8:
  extends:
    - .rspec-base
    - .use-pg13-es8-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg13-opensearch1:
  extends:
    - .rspec-base
    - .use-pg13-opensearch1-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg13-opensearch2:
  extends:
    - .rspec-base
    - .use-pg13-opensearch2-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg14:
  extends:
    - .rspec-base
    - .use-pg14-es7-ee
 .rspec-ee-base-pg14-es8:
  extends:
    - .rspec-base
    - .use-pg14-es8-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg14-opensearch1:
  extends:
    - .rspec-base
    - .use-pg14-opensearch1-ee
    - .rails:rules:run-search-tests
 .rspec-ee-base-pg14-opensearch2:
  extends:
    - .rspec-base
    - .use-pg14-opensearch2-ee
    - .rails:rules:run-search-tests
 .db-job-base:
  extends:
    - .rails-job-base
    - .rails:rules:ee-and-foss-migration
    - .use-pg13
  stage: test
  needs: ["setup-test-env"]
 # rspec job base specs
 ######################
 ############################
 # rspec job parallel configs
 .rspec-migration-parallel:
  parallel: 8
 .rspec-background-migration-parallel:
  parallel: 4
 .rspec-ee-migration-parallel:
  parallel: 2
 .rspec-ee-background-migration-parallel:
  parallel: 2
 .rspec-unit-parallel:
  parallel: 28
 .rspec-ee-unit-parallel:
  parallel: 18
 .rspec-integration-parallel:
  parallel: 12
 .rspec-ee-integration-parallel:
  parallel: 6
 .rspec-system-parallel:
  parallel: 28
 .rspec-ee-system-parallel:
  parallel: 10
 # rspec job parallel configs
 ############################
--- a/.gitlab/ci/release-environments.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments.gitlab-ci.yml
@ -1,23 +0,0 @@
 ---
 start-release-environments-pipeline:
  allow_failure: true
  extends:
    - .release-environments:rules:start-release-environments-pipeline
  stage: release-environments
  # We do not want to have ALL global variables passed as trigger variables,
  # as they cannot be overridden. See this issue for more context:
  #
  # https://gitlab.com/gitlab-org/gitlab/-/issues/387183
  inherit:
    variables:
      - RUBY_VERSION
  # These variables are set in the pipeline schedules.
  # They need to be explicitly passed on to the child pipeline.
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
  variables:
    # This is needed by `release-environments-build-cng-env` (`.gitlab/ci/release-environments/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
  trigger:
    strategy: depend
    include: .gitlab/ci/release-environments/main.gitlab-ci.yml
--- a/.gitlab/ci/release-environments/main.gitlab-ci.yml
+++ b/.gitlab/ci/release-environments/main.gitlab-ci.yml
@ -1,94 +0,0 @@
 ---
 default:
  interruptible: true
 stages:
  - prepare
  - deploy
 include:
  - local: .gitlab/ci/global.gitlab-ci.yml
 release-environments-build-cng-env:
  allow_failure: true
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
  stage: prepare
  needs:
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
    - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
    - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
    - cat $BUILD_ENV
  artifacts:
    reports:
      dotenv: $BUILD_ENV
    paths:
      - $BUILD_ENV
    expire_in: 7 days
    when: always
 release-environments-build-cng:
  allow_failure: true
  stage: prepare
  needs: ["release-environments-build-cng-env"]
  inherit:
    variables: false
  variables:
    GITLAB_REF_SLUG: "${GITLAB_REF_SLUG}"
    # CNG pipeline specific variables
    GITLAB_VERSION: "${GITLAB_VERSION}"
    GITLAB_TAG: "${GITLAB_TAG}"
    GITLAB_ASSETS_TAG: "${GITLAB_ASSETS_TAG}"
    FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
    CE_PIPELINE: "${CE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
    GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
    RUBY_VERSION: "${FULL_RUBY_VERSION}"
    IMAGE_TAG_EXT: "-${CI_COMMIT_SHORT_SHA}"
  trigger:
    project: gitlab-org/build/CNG-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend
 release-environments-deploy-env:
  allow_failure: true
  stage: deploy
  needs: ["release-environments-build-cng"]
  variables:
    DEPLOY_ENV: deploy.env
  script:
    - ./scripts/construct-release-environments-versions.rb > $DEPLOY_ENV
  artifacts:
    reports:
      dotenv: $DEPLOY_ENV
    paths:
      - $DEPLOY_ENV
    expire_in: 7 days
    when: always
 release-environments-deploy:
  allow_failure: true
  stage: deploy
  needs: ["release-environments-deploy-env"]
  inherit:
    variables: false
  variables:
    VERSIONS: "${VERSIONS}"
    ENVIRONMENT: "${ENVIRONMENT}"
  trigger:
    project: gitlab-com/gl-infra/release-environments
    branch: main
    strategy: depend
--- a/.gitlab/ci/releases.gitlab-ci.yml
+++ b/.gitlab/ci/releases.gitlab-ci.yml
@ -4,7 +4,7 @@
 .merge-train-sync:
  # We don't need/want any global before/after commands, so we overwrite these
  # settings.
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
+  image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
  stage: sync
  before_script:
    - apk add --no-cache --update curl bash jq
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@ -3,6 +3,7 @@ include:
  - template: Jobs/SAST.gitlab-ci.yml
  - template: Jobs/Secret-Detection.gitlab-ci.yml
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
  - template: Jobs/License-Scanning.gitlab-ci.yml
 code_quality:
  extends:
@ -12,8 +13,6 @@ code_quality:
  artifacts:
    paths:
      - gl-code-quality-report.json  # GitLab-specific
  # extends generated values cannot overwrite values from included files
  # Use !reference as a workaround here
  rules: !reference [".reports:rules:code_quality", rules]
  allow_failure: true
@ -31,7 +30,7 @@ code_quality:
  variables:
    SAST_BRAKEMAN_LEVEL: 2  # GitLab-specific
    SAST_EXCLUDED_PATHS: "qa, spec, doc, ee/spec, config/gitlab.yml.example, tmp"  # GitLab-specific
-    SAST_EXCLUDED_ANALYZERS: bandit, flawfinder, phpcs-security-audit, pmd-apex, security-code-scan, spotbugs, eslint, nodejs-scan, sobelow
+    SAST_EXCLUDED_ANALYZERS: bandit, flawfinder, phpcs-security-audit, pmd-apex, security-code-scan, spotbugs, eslint, nodejs-scan
 brakeman-sast:
  rules: !reference [".reports:rules:brakeman-sast", rules]
@ -39,6 +38,22 @@ brakeman-sast:
 semgrep-sast:
  rules: !reference [".reports:rules:semgrep-sast", rules]
 gosec-sast:
  variables:
    GOPATH: "$CI_PROJECT_DIR/vendor/go"
    COMPILE: "false"
    GOSEC_GO_PKG_PATH: "$CI_PROJECT_DIR"
    SECURE_LOG_LEVEL: "debug"
  before_script:
    - mkdir -p $GOPATH
    - cd workhorse
    - go get -d ./...
    - cd ..
  cache:
    paths:
      - vendor/go
  rules: !reference [".reports:rules:gosec-sast", rules]
 .secret-analyzer:
  extends: .default-retry
  stage: lint
@ -87,7 +102,7 @@ yarn-audit-dependency_scanning:
  extends: .default-retry
  stage: test
  image:
-    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.3@sha256:1d3af9a61aa01549a62be17fa655fcf06271ac9e1b1e822c2a7930fa1d4a8a6b
+    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/security-products/package-hunter-cli:v1.3.2@sha256:7529deaef9ea21aab56bfb74ae1abbc121311affdb6ece49ce7b1c360f997ca2
    entrypoint: [""]
  variables:
    HTR_user: '$PACKAGE_HUNTER_USER'
@ -103,8 +118,7 @@ yarn-audit-dependency_scanning:
    - mkdir ~/.aws
    - '[[ -z "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ]] || mv "${AWS_SIEM_REPORT_INGESTION_CREDENTIALS_FILE}" ~/.aws/credentials'
    - npm install --no-save --ignore-scripts @aws-sdk/client-s3@3.49.0
-    - scripts/ingest-reports-to-siem || true  # Allow legacy report to fail as we'll remove it in the future anyway
+    - scripts/ingest-reports-to-siem
    - scripts/ingest-reports-to-siem-devo
  artifacts:
    paths:
      - gl-dependency-scanning-report.json
@ -125,3 +139,11 @@ package_hunter-bundler:
    - .reports:rules:package_hunter-bundler
  variables:
    PACKAGE_MANAGER: bundler
 license_scanning:
  extends: .default-retry
  stage: lint
  needs: []
  artifacts:
    expire_in: 1 week  # GitLab-specific
  rules: !reference [".reports:rules:license_scanning", rules]
--- a/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/dast-api.gitlab-ci.yml
@ -1,35 +0,0 @@
 include:
  - template: DAST-API.gitlab-ci.yml
 dast_api:
  needs: ["review-deploy"]
  # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan
  # resource_group: dast_api_scan
  rules:
    - when: never
 dast_api_graphql:
  extends: dast_api
  variables:
    DAST_API_GRAPHQL: /api/graphql
    DAST_API_PROFILE: Passive
    DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL}
    DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}"
  rules:
    - !reference [".reports:rules:schedule-dast", rules]
    #
    # To run this job in an MR pipeline, use this rule:
    # - !reference [".reports:rules:test-dast", rules]
 dast_api_rest:
  extends: dast_api
  variables:
    DAST_API_OPENAPI: doc/api/openapi/openapi_v2.yaml
    DAST_API_PROFILE: Passive
    DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL}
    DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}"
  rules:
    - !reference [".reports:rules:schedule-dast", rules]
    #
    # To run this job in an MR pipeline, use this rule:
    # - !reference [".reports:rules:test-dast", rules]
--- a/.gitlab/ci/review-apps/dast.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/dast.gitlab-ci.yml
@ -5,14 +5,14 @@
  extends:
    - .reports:rules:schedule-dast
  image:
-    name: "${CI_TEMPLATE_REGISTRY_HOST}/security-products/dast:$DAST_VERSION"
+    name: "${REGISTRY_HOST}/security-products/dast:$DAST_VERSION"
  resource_group: dast_scan
  variables:
-    DAST_USERNAME_FIELD: "name:user[login]"
+    DAST_USERNAME_FIELD: "user[login]"
-    DAST_PASSWORD_FIELD: "name:user[password]"
+    DAST_PASSWORD_FIELD: "user[password]"
-    DAST_SUBMIT_FIELD: "css:.js-sign-in-button"
+    DAST_SUBMIT_FIELD: "name:button"
    DAST_FULL_SCAN_ENABLED: "true"
-    DAST_VERSION: 3
+    DAST_VERSION: 2
    GIT_STRATEGY: none
    # -Xmx is used to set the JVM memory to 6GB to prevent DAST OutOfMemoryError.
    DAST_ZAP_CLI_OPTIONS: "-Xmx6144m"
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@ -1,57 +1,39 @@
 default:
  interruptible: true
 stages:
  - prepare
  - deploy
  - post-deploy
  - qa
  - post-qa
  - dast
 include:
  - local: .gitlab/ci/global.gitlab-ci.yml
-  - local: .gitlab/ci/review-apps/rules.gitlab-ci.yml
+  - local: .gitlab/ci/rules.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/qa.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/dast.gitlab-ci.yml
  - local: .gitlab/ci/review-apps/dast-api.gitlab-ci.yml
 .base-before_script: &base-before_script
  - source ./scripts/utils.sh
  - source ./scripts/review_apps/review-apps.sh
-
+  - install_api_client_dependencies_with_apk
 dont-interrupt-me:
  extends: .rules:dont-interrupt
  stage: prepare
  interruptible: false
  script:
    - echo "This jobs makes sure this pipeline won't be interrupted! See https://docs.gitlab.com/ee/ci/yaml/#interruptible."
 review-build-cng-env:
  extends:
    - .default-retry
    - .review:rules:review-build-cng
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:3.0-alpine3.13
  stage: prepare
-  needs:
+  needs: []
    # We need this job because we need its `cached-assets-hash.txt` artifact, so that we can pass the assets image tag to the downstream CNG pipeline.
    - pipeline: $PARENT_PIPELINE_ID
      job: build-assets-image
  variables:
    BUILD_ENV: build.env
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
-    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > $BUILD_ENV'
+    - 'ruby -r./scripts/trigger-build.rb -e "puts Trigger.variables_for_env_file(Trigger::CNG.new.variables)" > build.env'
-    - echo "GITLAB_ASSETS_TAG=$(assets_image_tag)" >> $BUILD_ENV
+    - cat build.env
    - ruby -e 'puts "FULL_RUBY_VERSION=#{RUBY_VERSION}"' >> build.env
    - cat $BUILD_ENV
  artifacts:
    reports:
-      dotenv: $BUILD_ENV
+      dotenv: build.env
    paths:
-      - $BUILD_ENV
+      - build.env
    expire_in: 7 days
    when: always
@ -76,63 +58,52 @@ review-build-cng:
    FORCE_RAILS_IMAGE_BUILDS: "${FORCE_RAILS_IMAGE_BUILDS}"
    CE_PIPELINE: "${CE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$CE_PIPELINE'` will evaluate to `false` when this variable is empty
    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
    GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITALY_SERVER_VERSION: "${GITALY_SERVER_VERSION}"
    RUBY_VERSION: "${FULL_RUBY_VERSION}"
  trigger:
    project: gitlab-org/build/CNG-mirror
    branch: $TRIGGER_BRANCH
    strategy: depend
 .review-workflow-base:
-  image: ${REVIEW_APPS_IMAGE}
+  extends:
-  retry:
+    - .default-retry
-    max: 2  # This is confusing but this means "3 runs at max"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
  resource_group: "review/${CI_COMMIT_REF_NAME}"
  variables:
    HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"
    DOMAIN: "-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}"
-    GITLAB_HELM_CHART_REF: "febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71"  # 6.9.1: https://gitlab.com/gitlab-org/charts/gitlab/-/commit/febc4ad69acb7bba0eeb4a62daa577d0b7c3ee71
+    GITLAB_HELM_CHART_REF: "138c146a5ba787942f66d4c7d795d224d6ba206a"
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
    url: https://gitlab-${CI_ENVIRONMENT_SLUG}.${REVIEW_APPS_DOMAIN}
-    on_stop: trigger-review-stop
+    on_stop: review-stop
    auto_stop_in: 48 hours
 review-deploy:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: deploy
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}dtzar/helm-kubectl:3.9.3
+  needs: ["review-build-cng"]
  needs:
    - review-build-cng
    - review-delete-deployment  # We always want to start from a clean slate (i.e. no helm release, no k8s namespace)
  cache:
    key: "review-deploy-dependencies-charts-${GITLAB_HELM_CHART_REF}-v1"
    paths:
      - "gitlab-${GITLAB_HELM_CHART_REF}"
  environment:
    action: start
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - echo "QA_GITLAB_URL=${CI_ENVIRONMENT_URL}" > environment.env
    - *base-before_script
    - !reference [".use-kube-context", before_script]
  script:
-    - run_timed_command "retry delete_helm_release"
+    - check_kube_domain
-    - run_timed_command "check_kube_domain"
+    - download_chart
-    - run_timed_command "download_chart"
+    - date
-    - run_timed_command "deploy" || (display_deployment_debug && exit 1)
+    - deploy || (display_deployment_debug && exit 1)
-    - run_timed_command "verify_deploy" || (display_deployment_debug && exit 1)
+    - verify_deploy || exit 1
-    - run_timed_command "disable_sign_ups" || (display_deployment_debug && exit 1)
+    - disable_sign_ups || (delete_release && exit 1)
-    - run_timed_command "verify_commit_sha" || (display_deployment_debug && exit 1)
+    - create_sample_projects
  after_script:
    # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
    # Set DAST_RUN to true when jobs are manually scheduled.
@ -140,64 +111,35 @@ review-deploy:
  artifacts:
    paths:
      - environment_url.txt
      - curl-logs/
    reports:
      dotenv: environment.env
    expire_in: 7 days
    when: always
 review-deploy-sample-projects:
  extends:
    - .review-workflow-base
    - .review:rules:review-deploy
  stage: deploy
  needs: ["review-deploy"]
  environment:
    action: prepare
  before_script:
    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
    - echo "${CI_ENVIRONMENT_URL}" > environment_url.txt
    - *base-before_script
    - !reference [".use-kube-context", before_script]
  script:
    - date
    - create_sample_projects
 .review-stop-base:
  extends: .review-workflow-base
  environment:
    action: stop
  dependencies: []
  variables:
    # We're cloning the repo instead of downloading the script for now
    # because some repos are private and CI_JOB_TOKEN cannot access files.
    # See https://gitlab.com/gitlab-org/gitlab/issues/191273
    GIT_DEPTH: 1
  before_script:
    - *base-before_script
 review-delete-deployment:
  extends:
    - .review-stop-base
    - .review:rules:review-delete-deployment
  dependencies: []
  stage: prepare
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/review_apps/review-apps.sh
    - !reference [".use-kube-context", before_script]
  script:
-    - retry delete_helm_release
+    - delete_release
-trigger-review-stop:
+review-stop:
  extends:
    - .review-stop-base
-    - .review:rules:trigger-review-stop
+    - .review:rules:review-stop
  stage: deploy
  needs: []
  before_script:
    - source ./scripts/utils.sh
    - install_gitlab_gem
  script:
-    - review_stop_job_id="$(scripts/api/get_job_id.rb --pipeline-id "${PARENT_PIPELINE_ID}" --job-name "review-stop")"
+    - delete_namespace
    - |
      curl --request POST --header "Private-Token: ${PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/jobs/${review_stop_job_id}/play"
--- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
@ -1,68 +1,97 @@
 include:
  - project: gitlab-org/quality/pipeline-common
-    ref: 5.1.1
+    ref: 0.13.0
    file:
      - /ci/base.gitlab-ci.yml
      - /ci/allure-report.yml
      - /ci/knapsack-report.yml
  - template: Verify/Browser-Performance.gitlab-ci.yml
 .test-variables:
  variables:
    QA_GENERATE_ALLURE_REPORT: "true"
-    QA_CAN_TEST_PRAEFECT: "false"
+    COLORIZED_LOGS: "true"
    GITLAB_USERNAME: "root"
    GITLAB_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITLAB_ADMIN_USERNAME: "root"
    GITLAB_ADMIN_PASSWORD: "${REVIEW_APPS_ROOT_PASSWORD}"
    GITLAB_QA_ADMIN_ACCESS_TOKEN: "${REVIEW_APPS_ROOT_TOKEN}"
-    GITHUB_ACCESS_TOKEN: "${QA_GITHUB_ACCESS_TOKEN}"
+    GITHUB_ACCESS_TOKEN: "${REVIEW_APPS_QA_GITHUB_ACCESS_TOKEN}"
 .bundle-base:
  extends:
    - .qa-cache
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3
  before_script:
    - export QA_GITLAB_URL="$(cat environment_url.txt)"
    - cd qa && bundle install
 .review-qa-base:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
  extends:
    - .use-docker-in-docker
    - .bundle-base
    - .test-variables
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-git-2.33-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
  stage: qa
  needs:
    - review-deploy
    - download-knapsack-report
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_CERTDIR: /certs
    DOCKER_CERT_PATH: /certs/client
    DOCKER_TLS_VERIFY: 1
    GIT_LFS_SKIP_SMUDGE: 1
    WD_INSTALL_DIR: /usr/local/bin
-    RSPEC_REPORT_OPTS: --force-color --order random --format documentation --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml
+  before_script:
    - scripts/checkout-mr-source-sha
    - !reference [.bundle-base, before_script]
  script:
-    - QA_COMMAND="bundle exec bin/qa ${QA_SCENARIO} ${QA_GITLAB_URL} -- ${QA_TESTS} ${RSPEC_REPORT_OPTS}"
+    - export EE_LICENSE="$(cat $REVIEW_APPS_EE_LICENSE_FILE)"
-    - echo "Running - '${QA_COMMAND}'"
+    - qa_run_status=0
    - eval "$QA_COMMAND"
  after_script:
    - |
-      echo "Sentry errors for the current review-app test run can be found via following url:"
+      bundle exec rake "knapsack:rspec[\
-      echo "https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/$(echo "${CI_COMMIT_SHA}" | cut -c1-11)/all-events/."
+        ${RSPEC_TAGS} \
        --tag ~orchestrated \
        --tag ~transient \
        --tag ~skip_signup_disabled \
        --tag ~requires_git_protocol_v2 \
        --tag ~requires_praefect \
        --force-color \
        --order random \
        --format documentation \
        --format RspecJunitFormatter --out tmp/rspec.xml \
      ]" || qa_run_status=$?
    - if [ ${qa_run_status} -ne 0 ]; then
        release_sha=$(echo "${CI_MERGE_REQUEST_SOURCE_BRANCH_SHA:-${CI_COMMIT_SHA}}" | cut -c1-11);
        echo "Errors can be found at https://sentry.gitlab.net/gitlab/gitlab-review-apps/releases/${release_sha}/all-events/.";
      fi
    - exit ${qa_run_status}
  artifacts:
    paths:
      - qa/tmp
    reports:
-      junit: qa/tmp/rspec-*.xml
+      junit: qa/tmp/rspec.xml
    expire_in: 7 days
    when: always
 .allure-report-base:
  extends: .generate-allure-report-base
  stage: post-qa
  variables:
    GITLAB_AUTH_TOKEN: $GITLAB_QA_MR_ALLURE_REPORT_TOKEN
    ALLURE_PROJECT_PATH: $CI_PROJECT_PATH
    ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
    ALLURE_RESULTS_GLOB: qa/tmp/allure-results/*
 # Store knapsack report as artifact so the same report is reused across all jobs
 download-knapsack-report:
  extends:
    - .bundle-base
-    - .rules:prepare-report
+    - .review:rules:review-qa-reliable
  stage: prepare
  variables:
    QA_KNAPSACK_REPORTS: review-qa-reliable,review-qa-all
  script:
-    - bundle exec rake "knapsack:download[qa]"
+    - bundle exec rake "knapsack:download"
  allow_failure: true
  artifacts:
    paths:
@ -72,64 +101,78 @@ download-knapsack-report:
 review-qa-smoke:
  extends:
    - .review-qa-base
-    - .rules:qa-smoke
+    - .review:rules:review-qa-smoke
  retry: 1
  variables:
    QA_SCENARIO: Test::Instance::Smoke
    QA_RUN_TYPE: review-qa-smoke
-  retry: 1
+    RSPEC_TAGS: --tag smoke
-review-qa-blocking:
+review-qa-reliable:
  extends:
    - .review-qa-base
-    - .rules:qa-blocking
+    - .review:rules:review-qa-reliable
  variables:
    QA_SCENARIO: Test::Instance::ReviewBlocking
    QA_RUN_TYPE: review-qa-blocking
  retry: 1
 review-qa-blocking-parallel:
  extends:
    - review-qa-blocking
    - .rules:qa-blocking-parallel
  parallel: 10
  variables:
    QA_RUN_TYPE: review-qa-reliable
    RSPEC_TAGS: --tag reliable --tag sanity_feature_flags
-review-qa-non-blocking:
+review-qa-all:
  extends:
    - .review-qa-base
-    - .rules:qa-non-blocking
+    - .review:rules:review-qa-all
  variables:
    QA_SCENARIO: Test::Instance::ReviewNonBlocking
    QA_RUN_TYPE: review-qa-non-blocking
  when: manual
  allow_failure: true
 review-qa-non-blocking-parallel:
  extends:
    - review-qa-non-blocking
    - .rules:qa-non-blocking-parallel
  parallel: 5
  variables:
    QA_RUN_TYPE: review-qa-all
    RSPEC_TAGS: --tag ~reliable --tag ~smoke --tag ~sanity_feature_flags
-browser_performance:
+review-performance:
  extends:
    - .default-retry
    - .review:rules:review-performance
  image:
    name: sitespeedio/sitespeed.io
    entrypoint: [""]
  stage: qa
  needs: ["review-deploy"]
-  variables:
+  before_script:
-    URL: environment_url.txt
+    - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
    - echo "${CI_ENVIRONMENT_URL}"
    - mkdir -p gitlab-exporter
    - wget -O ./gitlab-exporter/index.js https://gitlab.com/gitlab-org/gl-performance/raw/master/index.js
    - mkdir -p sitespeed-results
  script:
    - /start.sh --plugins.add ./gitlab-exporter --outputFolder sitespeed-results "${CI_ENVIRONMENT_URL}"
  after_script:
    - mv sitespeed-results/data/performance.json performance.json
  artifacts:
    paths:
      - sitespeed-results/
    reports:
      performance: performance.json
    expire_in: 31d
-e2e-test-report:
+# Generate single report for both smoke and reliable test jobs
 # Both job types are essentially the same:
 # * always executed
 # * always blocking
 allure-report-qa-blocking:
  extends:
-    - .generate-allure-report-base
+    - .allure-report-base
-    - .rules:prepare-report
+    - .review:rules:review-qa-blocking-report
-  stage: post-qa
+  needs:
    - review-qa-smoke
    - review-qa-reliable
  variables:
-    ALLURE_JOB_NAME: e2e-review-qa
+    ALLURE_JOB_NAME: review-qa-blocking
-    ALLURE_PROJECT_PATH: $CI_PROJECT_PATH
+
-    ALLURE_RESULTS_GLOB: qa/tmp/allure-results
+allure-report-qa-all:
-    ALLURE_MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
+  extends:
-    GITLAB_AUTH_TOKEN: $PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE
+    - .allure-report-base
-    GIT_STRATEGY: none
+    - .review:rules:review-qa-all-report
-  allow_failure: true
+  needs: ["review-qa-all"]
-  when: always
+  variables:
    ALLURE_JOB_NAME: review-qa-all
 upload-knapsack-report:
  extends:
@ -142,41 +185,13 @@ upload-knapsack-report:
 delete-test-resources:
  extends:
    - .bundle-base
-    - .rules:prepare-report
+    - .review:rules:review-qa-cleanup
  stage: post-qa
  variables:
    QA_TEST_RESOURCES_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/test-resources-*.json
    GITLAB_QA_ACCESS_TOKEN: $REVIEW_APPS_ROOT_TOKEN
    COLORIZED_LOGS: "true"
  script:
    - export GITLAB_ADDRESS="$QA_GITLAB_URL"
    - bundle exec rake "test_resources:delete[$QA_TEST_RESOURCES_FILE_PATTERN]"
  allow_failure: true
  when: always
 notify-slack:
  extends:
    - .notify-slack-qa
    - .qa-cache
    - .rules:main-run
  stage: post-qa
  variables:
    RUN_WITH_BUNDLE: "true"
    QA_PATH: qa
    ALLURE_JOB_NAME: e2e-review-qa
    SLACK_ICON_EMOJI: ci_failing
    STATUS_SYM: ☠️
    STATUS: failed
    TYPE: "(review-app) "
  when: on_failure
  script:
    - bundle exec prepare-stage-reports --input-files "${CI_PROJECT_DIR}/qa/tmp/rspec-*.xml"
    - !reference [.notify-slack-qa, script]
 export-test-metrics:
  extends:
    - .bundle-base
    - .rules:main-run
  stage: post-qa
  when: always
  script:
    - bundle exec rake "ci:export_test_metrics[tmp/test-metrics-*.json]"
--- a/.gitlab/ci/review-apps/rules.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/rules.gitlab-ci.yml
@ -1,170 +0,0 @@
 # ------------------------------------------
 # Conditions
 # ------------------------------------------
 # Specific specs passed
 .specific-specs: &specific-specs
  if: $QA_TESTS != ""
 # No specific specs passed
 .all-specs: &all-specs
  if: $QA_TESTS == ""
 # No specific specs in mr pipeline
 .all-specs-mr: &all-specs-mr
  if: '($CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached") && $QA_TESTS == ""'
  when: manual
 # Triggered by change pattern
 .app-changes: &app-changes
  if: $APP_CHANGE_TRIGGER == "true"
 # Run all tests when framework changes present or explicitly enabled full suite execution
 .qa-run-all-tests: &qa-run-all-tests
  if: $QA_FRAMEWORK_CHANGES == "true" || $QA_RUN_ALL_TESTS == "true" || $QA_RUN_ALL_E2E_LABEL == "true"
 .default-branch: &default-branch
  if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
 .if-merge-request: &if-merge-request
  if: '$CI_MERGE_REQUEST_EVENT_TYPE == "merged_result" || $CI_MERGE_REQUEST_EVENT_TYPE == "detached"'
 .if-merge-request-labels-run-review-app: &if-merge-request-labels-run-review-app
  if: '$CI_MERGE_REQUEST_LABELS =~ /pipeline:run-review-app/'
 .if-dot-com-ee-schedule-nightly-child-pipeline: &if-dot-com-ee-schedule-nightly-child-pipeline
  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_PATH == "gitlab-org/gitlab" && $CI_PIPELINE_SOURCE == "parent_pipeline" && $SCHEDULE_TYPE == "nightly"'
 # ------------------------------------------
 # Changes patterns
 # ------------------------------------------
 .ci-review-patterns: &ci-review-patterns
  - ".gitlab-ci.yml"
  - ".gitlab/ci/frontend.gitlab-ci.yml"
  - ".gitlab/ci/build-images.gitlab-ci.yml"
  - ".gitlab/ci/review.gitlab-ci.yml"
  - ".gitlab/ci/review-apps/**/*"
  - "scripts/review_apps/**/*"
  - "scripts/trigger-build.rb"
  - "{,ee/,jh/}{bin,config}/**/*.rb"
 # ------------------------------------------
 # Conditions set
 # ------------------------------------------
 .qa-manual: &qa-manual
  when: manual
  allow_failure: true
  variables:
    QA_TESTS: ""
 .never-when-qa-run-all-tests-or-no-specific-specs:
  - <<: *qa-run-all-tests
    when: never
  - <<: *all-specs
    when: never
 .never-when-specific-specs-always-when-qa-run-all-tests:
  - *qa-run-all-tests
  - <<: *specific-specs
    when: manual
    allow_failure: true
    variables:
      QA_TESTS: ""
 # ------------------------------------------
 # Prepare
 # ------------------------------------------
 .rules:dont-interrupt:
  rules:
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      allow_failure: true
    - if: $CI_MERGE_REQUEST_IID
      when: manual
      allow_failure: true
 .review:rules:review-build-cng:
  rules:
    - when: always
 .review:rules:review-delete-deployment:
  rules:
    - when: on_success
 # ------------------------------------------
 # Deploy
 # ------------------------------------------
 .review:rules:review-deploy:
  rules:
    - when: on_success
 .review:rules:trigger-review-stop:
  rules:
    - when: manual
      allow_failure: true
 # ------------------------------------------
 # Test
 # ------------------------------------------
 .rules:qa-smoke:
  rules:
    # always trigger smoke suite if review pipeline got triggered by specific changes in application code
    - <<: *app-changes
      variables:
        QA_TESTS: ""  # unset QA_TESTS even if specific tests were inferred from stage label
    - *qa-run-all-tests
    - if: $QA_SUITES =~ /Test::Instance::Smoke/
    - *qa-manual
 .rules:qa-blocking:
  rules:
    - <<: *app-changes
      when: never
    - !reference [.never-when-qa-run-all-tests-or-no-specific-specs]
    - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/
 .rules:qa-blocking-parallel:
  rules:
    # always trigger blocking suite if review pipeline got triggered by specific changes in application code
    - <<: *app-changes
      variables:
        QA_TESTS: ""  # unset QA_TESTS even if specific tests were inferred from stage label
    - !reference [.never-when-specific-specs-always-when-qa-run-all-tests]
    - if: $QA_SUITES =~ /Test::Instance::ReviewBlocking/
 .rules:qa-non-blocking:
  rules:
    - !reference [.never-when-qa-run-all-tests-or-no-specific-specs]
    - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/
 .rules:qa-non-blocking-parallel:
  rules:
    - !reference [.never-when-specific-specs-always-when-qa-run-all-tests]
    - *all-specs-mr  # set full suite to manual when no specific specs passed in mr
    - if: $QA_SUITES =~ /Test::Instance::ReviewNonBlocking/
 .review:rules:review-performance:
  rules:
    - if: '$DAST_RUN == "true"'  # Skip this job when DAST is run
      when: never
    - <<: *if-merge-request-labels-run-review-app  # we explicitly don't allow the job to fail in that case
    - <<: *if-merge-request  # we explicitly don't allow the job to fail in that case
      changes: *ci-review-patterns
    - when: on_success
      allow_failure: true
 # ------------------------------------------
 # DAST
 # ------------------------------------------
 .reports:rules:schedule-dast:
  rules:
    - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
      when: never
    - <<: *if-dot-com-ee-schedule-nightly-child-pipeline
 # ------------------------------------------
 # Prepare/Report
 # ------------------------------------------
 .rules:prepare-report:
  rules:
    - when: always
 .rules:main-run:
  rules:
    - *default-branch
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@ -1,130 +1,63 @@
 include:
  - remote: 'https://gitlab.com/gitlab-org/modelops/applied-ml/review-recommender/ci-templates/-/raw/v0.2.1/recommender/Reviewers.gitlab-ci.yml'
 review-cleanup:
  extends:
    - .default-retry
    - .review:rules:review-cleanup
-  image: ${REVIEW_APPS_IMAGE}
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ruby-3.0:gcloud-383-kubectl-1.23-helm-3.5
  stage: prepare
  needs: []
  environment:
    name: review/regular-cleanup
    action: access
  variables:
    GIT_DEPTH: 1
  before_script:
    - source scripts/utils.sh
    - !reference [".use-kube-context", before_script]
    - install_gitlab_gem
    - setup_gcloud
  script:
    - scripts/review_apps/automated_cleanup.rb --dry-run="${DRY_RUN:-false}" || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-cleanup-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
 review-stop:
  extends:
    - review-cleanup
    - .review:rules:review-stop
  environment:
    name: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE} # No separator for SCHEDULE_TYPE so it's compatible as before and looks nice without it
    action: stop
  resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment
  before_script:
    - source ./scripts/utils.sh
    - source ./scripts/review_apps/review-apps.sh
    - !reference [".use-kube-context", before_script]
  script:
    - retry delete_helm_release
 .base-review-checks:
  extends:
    - .default-retry
  image: ${REVIEW_APPS_IMAGE}
  stage: prepare
  before_script:
    - source scripts/utils.sh
-    - setup_gcloud
+    - source scripts/review_apps/review-apps.sh
-    - !reference [".use-kube-context", before_script]
+    - source scripts/review_apps/gcp_cleanup.sh
-
+    - install_gitlab_gem
-review-k8s-resources-count-checks:
+    - setup_gcp_dependencies
  extends:
    - .base-review-checks
    - .review:rules:review-k8s-resources-count-checks
  needs:
    - job: review-cleanup
      optional: true
  environment:
    name: review/k8s-resources-count-checks
    action: verify
  script:
-    - scripts/review_apps/k8s-resources-count-checks.sh || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-k8s-resources-count-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
+    - delete_release
-
+    - delete_namespace
-review-gcp-quotas-checks:
+    - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
-  extends:
+    - gcp_cleanup
    - .base-review-checks
    - .review:rules:review-gcp-quotas-checks
  needs: []
  environment:
    name: review/gcp-quotas-checks
    action: verify
  script:
    - ruby scripts/review_apps/gcp-quotas-checks.rb || (scripts/slack review-apps-monitoring "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL} - <https://gitlab.com/gitlab-org/quality/engineering-productivity/team/-/blob/main/runbooks/review-apps.md#review-gcp-quotas-checks-job-failed|📗 RUNBOOK 📕>" warning "GitLab Bot" && exit 1);
 start-review-app-pipeline:
  extends:
    - .review:rules:start-review-app-pipeline
  resource_group: review/${CI_COMMIT_REF_SLUG}${SCHEDULE_TYPE}  # CI_ENVIRONMENT_SLUG is not available here and we want this to be the same as the environment
  stage: review
  needs:
    - job: e2e-test-pipeline-generate
    - job: build-assets-image
      artifacts: false
  # We do not want to have ALL global variables passed as trigger variables,
  # as they cannot be overridden. See this issue for more context:
  #
  # https://gitlab.com/gitlab-org/gitlab/-/issues/387183
  inherit:
    variables:
      - CHROME_VERSION
      - REGISTRY_GROUP
      - REGISTRY_HOST
      - REVIEW_APPS_DOMAIN
      - REVIEW_APPS_GCP_PROJECT
      - REVIEW_APPS_GCP_REGION
      - REVIEW_APPS_IMAGE
      - RUBY_VERSION
  # These variables are set in the pipeline schedules.
  # They need to be explicitly passed on to the child pipeline.
  # https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html#pass-cicd-variables-to-a-downstream-pipeline-by-using-the-variables-keyword
  variables:
    # This is needed by `review-build-cng-env` (`.gitlab/ci/review-apps/main.gitlab-ci.yml`).
    PARENT_PIPELINE_ID: $CI_PIPELINE_ID
    SCHEDULE_TYPE: $SCHEDULE_TYPE
    DAST_RUN: $DAST_RUN
    SKIP_MESSAGE: Skipping review-app due to mr containing only quarantine changes!
  trigger:
    strategy: depend
    include:
-      - artifact: review-app-pipeline.yml
+      - local: .gitlab/ci/review-apps/main.gitlab-ci.yml
-        job: e2e-test-pipeline-generate
+    strategy: depend
 danger-review:
  extends:
    - .default-retry
-    - .ruby-node-cache
+    - .danger-review-cache
    - .review:rules:danger
  stage: test
  needs: []
  before_script:
    - source scripts/utils.sh
    - bundle_install_script "--with danger"
-    - yarn_install_script
+    - run_timed_command "retry yarn install --frozen-lockfile"
  script:
    # ${DANGER_DANGERFILE} is used by Jihulab for customizing danger support: https://jihulab.com/gitlab-cn/gitlab/-/blob/main-jh/jh/.gitlab-ci.yml
    - >
      if [ -z "$DANGER_GITLAB_API_TOKEN" ]; then
        run_timed_command danger_as_local
      else
        danger_id=$(echo -n ${DANGER_GITLAB_API_TOKEN} | md5sum | awk '{print $1}' | cut -c5-10)
-        run_timed_command "bundle exec danger --fail-on-errors=true --verbose --danger_id=\"${danger_id}\" --dangerfile=\"${DANGER_DANGERFILE:-Dangerfile}\""
+        run_timed_command "bundle exec danger --fail-on-errors=true --verbose --danger_id=${danger_id}"
      fi
 danger-review-local:
@ -133,3 +66,10 @@ danger-review-local:
    - .review:rules:danger-local
  script:
    - run_timed_command danger_as_local
 reviewers-recommender:
  extends:
    - .default-retry
    - .review:rules:reviewers-recommender
  stage: test
  needs: []
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@ -3,40 +3,36 @@
 cache gems:
  extends:
    - .default-retry
-    - .ruby-cache
+    - .rails-cache
    - .default-before_script
    - .setup:rules:cache-gems
-  stage: prepare
+  stage: test
-  needs: []
+  needs: ["setup-test-env"]
  variables:
-    BUNDLE_WITHOUT: ""
+    BUNDLE_INSTALL_FLAGS: --with=production --with=development --with=test --jobs=2 --path=vendor --retry=3 --quiet
    BUNDLE_WITH: "production:development:test"
    SETUP_DB: "false"
  script:
-    - echo -e "\e[0Ksection_start:`date +%s`:bundle-package[collapsed=true]\r\e[0KPackaging gems"
+    - bundle package --all --all-platforms
    - bundle config set cache_all true
    - run_timed_command "bundle package --all-platforms"
    - echo -e "\e[0Ksection_end:`date +%s`:bundle-package\r\e[0K"
  artifacts:
    paths:
      - vendor/cache
    expire_in: 31d
-.predictive-job:
+.minimal-job:
  extends:
    - .default-retry
  needs: []
-.absolutely-predictive-job:
+.absolutely-minimal-job:
  extends:
-    - .predictive-job
+    - .minimal-job
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}alpine:edge
+  image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
  variables:
    GIT_STRATEGY: none
 dont-interrupt-me:
  extends:
-    - .absolutely-predictive-job
+    - .absolutely-minimal-job
    - .setup:rules:dont-interrupt-me
  stage: sync
  interruptible: false
@ -45,25 +41,41 @@ dont-interrupt-me:
 gitlab_git_test:
  extends:
-    - .predictive-job
+    - .minimal-job
    - .setup:rules:gitlab_git_test
  stage: test
  script:
    - spec/support/prepare-gitlab-git-test-for-commit --check-for-changes
-verify-ruby-3.0:
+no-ee-check:
  extends:
-    - .absolutely-predictive-job
+    - .minimal-job
-    - .setup:rules:verify-ruby-3.0
+    - .setup:rules:no-ee-check
  stage: test
  script:
    - scripts/no-dir-check ee
 no-jh-check:
  extends:
    - .minimal-job
    - .setup:rules:no-jh-check
  stage: test
  script:
    - scripts/no-dir-check jh
 verify-ruby-2.7:
  extends:
    - .absolutely-minimal-job
    - .setup:rules:verify-ruby-2.7
  stage: prepare
  script:
-    - echo 'Please remove label ~"pipeline:run-in-ruby2" so we do test against Ruby 3.0 (default version) before merging the merge request'
+    - echo 'Please remove label ~"pipeline:run-in-ruby3" so we do test against Ruby 2.7 (default version) before merging the merge request'
    - exit 1
 verify-tests-yml:
  extends:
    - .setup:rules:verify-tests-yml
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-alpine3.16
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}-alpine3.13
  stage: test
  needs: []
  script:
@ -73,7 +85,7 @@ verify-tests-yml:
 verify-approvals:
  extends:
-    - .predictive-job
+    - .minimal-job
    - .setup:rules:jh-contribution
  script:
    - source scripts/utils.sh
@ -83,14 +95,14 @@ verify-approvals:
 generate-frontend-fixtures-mapping:
  extends:
    - .setup:rules:generate-frontend-fixtures-mapping
-    - .use-pg13
+    - .use-pg12
    - .rails-cache
  needs: ["setup-test-env"]
  stage: prepare
  before_script:
    - !reference [.default-before_script, before_script]
    - source ./scripts/rspec_helpers.sh
-    - section_start "gitaly-test-spawn" "Spawning Gitaly"; scripts/gitaly-test-spawn; section_end "gitaly-test-spawn";  # Do not use 'bundle exec' here
+    - run_timed_command "scripts/gitaly-test-spawn"
  script:
    - generate_frontend_fixtures_mapping
  artifacts:
@ -98,76 +110,84 @@ generate-frontend-fixtures-mapping:
    paths:
      - ${FRONTEND_FIXTURES_MAPPING_PATH}
-detect-tests:
+.detect-test-base:
-  extends: .rails:rules:detect-tests
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  needs: []
  stage: prepare
  variables:
    RSPEC_TESTS_MAPPING_ENABLED: "true"
  before_script:
    - apt-get update && apt-get install -y curl  # Not present in ruby-slim, so we add it manually
  script:
    - source ./scripts/utils.sh
    - source ./scripts/rspec_helpers.sh
    - install_gitlab_gem
    - install_tff_gem
    - install_activesupport_gem
    - retrieve_tests_mapping
    - retrieve_frontend_fixtures_mapping
    - |
      if [ -n "$CI_MERGE_REQUEST_IID" ]; then
-        mkdir -p $(dirname "$RSPEC_CHANGED_FILES_PATH")
+        tooling/bin/find_changes ${CHANGES_FILE};
-
+        tooling/bin/find_tests ${CHANGES_FILE} ${MATCHED_TESTS_FILE};
-        tooling/bin/predictive_tests
+        tooling/bin/find_changes ${CHANGES_FILE} ${MATCHED_TESTS_FILE} ${FRONTEND_FIXTURES_MAPPING_PATH};
-
+        echo "Changed files: $(cat $CHANGES_FILE)";
-        filter_rspec_matched_foss_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_FOSS_PATH};
+        echo "Related rspec tests: $(cat $MATCHED_TESTS_FILE)";
        filter_rspec_matched_ee_tests ${RSPEC_MATCHING_TESTS_PATH} ${RSPEC_MATCHING_TESTS_EE_PATH};
        echoinfo "Changed files: $(cat $RSPEC_CHANGED_FILES_PATH)";
        echoinfo "Related FOSS RSpec tests: $(cat $RSPEC_MATCHING_TESTS_FOSS_PATH)";
        echoinfo "Related EE RSpec tests: $(cat $RSPEC_MATCHING_TESTS_EE_PATH)";
        echoinfo "Related JS files: $(cat $RSPEC_MATCHING_JS_FILES_PATH)";
      fi
  artifacts:
    expire_in: 7d
    paths:
      - ${CHANGES_FILE}
      - ${MATCHED_TESTS_FILE}
      - ${FRONTEND_FIXTURES_MAPPING_PATH}
-      - ${RSPEC_CHANGED_FILES_PATH}
+
-      - ${RSPEC_MATCHING_JS_FILES_PATH}
+detect-tests:
-      - ${RSPEC_MATCHING_TESTS_EE_PATH}
+  extends:
-      - ${RSPEC_MATCHING_TESTS_FOSS_PATH}
+    - .detect-test-base
-      - ${RSPEC_MATCHING_TESTS_PATH}
+    - .rails:rules:detect-tests
-      - ${RSPEC_VIEWS_INCLUDING_PARTIALS_PATH}
+  variables:
    RSPEC_TESTS_MAPPING_ENABLED: "true"
    CHANGES_FILE: tmp/changed_files.txt
    MATCHED_TESTS_FILE: tmp/matching_tests.txt
 detect-tests as-if-foss:
  extends:
    - .detect-test-base
    - .rails:rules:detect-tests
    - .as-if-foss
  variables:
    CHANGES_FILE: tmp/changed_foss_files.txt
    MATCHED_TESTS_FILE: tmp/matching_foss_tests.txt
  before_script:
    - '[ "$FOSS_ONLY" = "1" ] && rm -rf ee/ qa/spec/ee/ qa/qa/specs/features/ee/ qa/qa/ee/ qa/qa/ee.rb'
 detect-previous-failed-tests:
  extends:
-    - detect-tests
+    - .detect-test-base
    - .rails:rules:detect-previous-failed-tests
  variables:
    PREVIOUS_FAILED_TESTS_DIR: tmp/previous_failed_tests/
    RSPEC_PG_REGEX: /rspec .+ pg12( .+)?/
    RSPEC_EE_PG_REGEX: /rspec-ee .+ pg12( .+)?/
  script:
    - source ./scripts/utils.sh
    - source ./scripts/rspec_helpers.sh
-    - retrieve_failed_tests "${PREVIOUS_FAILED_TESTS_DIR}" "oneline" "previous"
+    - retrieve_previous_failed_tests ${PREVIOUS_FAILED_TESTS_DIR} "${RSPEC_PG_REGEX}" "${RSPEC_EE_PG_REGEX}"
  artifacts:
    expire_in: 7d
    paths:
      - ${PREVIOUS_FAILED_TESTS_DIR}
-e2e-test-pipeline-generate:
+add-jh-folder:
-  extends:
+  extends: .setup:rules:add-jh-folder
-    - .qa-job-base
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
    - .predictive-job
    - .qa:rules:determine-e2e-tests
  stage: prepare
-  variables:
+  before_script:
-    ENV_FILE: $CI_PROJECT_DIR/qa_tests_vars.env
+    - source ./scripts/utils.sh
-    COLORIZED_LOGS: "true"
+    - install_gitlab_gem
  script:
-    - bundle exec rake "ci:detect_changes[$ENV_FILE]"
+    - JH_BRANCH=$(./scripts/setup/find-jh-branch.rb)
-    - cd $CI_PROJECT_DIR && scripts/generate-e2e-pipeline
+    - 'echo "JH_BRANCH: ${JH_BRANCH}"'
    - curl --location -o "jh-folder.tar.gz" "https://gitlab.com/gitlab-org/gitlab-jh-mirrors/gitlab/-/archive/${JH_BRANCH}/gitlab-${JH_BRANCH}.tar.gz?path=jh"
    - tar -xf "jh-folder.tar.gz"
    - mv "gitlab-${JH_BRANCH}-jh/jh/" ./
    - ls -l jh/
  artifacts:
-    expire_in: 1 day
+    expire_in: 2d
    paths:
-      - '*-pipeline.yml'
+      - jh/
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@ -19,33 +19,30 @@ update-static-analysis-cache:
    - .shared:rules:update-cache
  stage: prepare
  script:
-    # Silence cop offenses for rules with "grace period".
+    - run_timed_command "bundle exec rubocop --parallel"  # For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks.
    # This will notify Slack if offenses were silenced.
    # For the moment we only cache `tmp/rubocop_cache` so we don't need to run all the tasks.
    - run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
 static-analysis:
  extends:
    - .static-analysis-base
    - .static-analysis-cache
-    - .static-analysis:rules:static-analysis
+    - .static-analysis:rules:ee-and-foss
  parallel: 2
  script:
-    - yarn_install_script
+    - run_timed_command "retry yarn install --frozen-lockfile"
-    - fail_on_warnings scripts/static-analysis
+    - scripts/static-analysis
 static-analysis as-if-foss:
  extends:
    - static-analysis
-    - .static-analysis:rules:static-analysis-as-if-foss
+    - .static-analysis:rules:as-if-foss
    - .as-if-foss
 static-verification-with-database:
  extends:
    - .static-analysis-base
    - .rubocop-job-cache
-    - .static-analysis:rules:static-verification-with-database
+    - .static-analysis:rules:ee-and-foss
-    - .use-pg13
+    - .use-pg12
  script:
    - bundle exec rake lint:static_verification_with_database
  variables:
@ -84,7 +81,7 @@ eslint:
  variables:
    USE_BUNDLE_INSTALL: "false"
  script:
-    - yarn_install_script
+    - run_timed_command "retry yarn install --frozen-lockfile"
    - run_timed_command "yarn run lint:eslint:all"
 eslint as-if-foss:
@ -94,13 +91,13 @@ eslint as-if-foss:
    - .as-if-foss
  needs: ['generate-apollo-graphql-schema as-if-foss']
-haml-lint:
+haml-lint foss:
  extends:
    - .static-analysis-base
    - .ruby-cache
-    - .static-analysis:rules:haml-lint
+    - .static-analysis:rules:ee-and-foss
  script:
-    - run_timed_command "bundle exec haml-lint --parallel app/views"
+    - run_timed_command "bin/rake 'haml_lint[app/views]'"
  artifacts:
    expire_in: 31d
    when: always
@ -109,44 +106,23 @@ haml-lint:
 haml-lint ee:
  extends:
-    - "haml-lint"
+    - "haml-lint foss"
-    - .static-analysis:rules:haml-lint-ee
+    - .static-analysis:rules:ee
  script:
-    - run_timed_command "bundle exec haml-lint --parallel ee/app/views"
+    - run_timed_command "bin/rake 'haml_lint[ee/app/views]'"
 rubocop:
  extends:
    - .static-analysis-base
    - .rubocop-job-cache
-    - .static-analysis:rules:rubocop
+    - .static-analysis:rules:ee-and-foss
  needs:
    - job: detect-tests
      optional: true
  variables:
    RUBOCOP_TARGET_FILES: "tmp/rubocop_target_files.txt"
  script:
-    - |
+    - run_timed_command "bundle exec rubocop --parallel"
      # For non-merge request, or when RUN_ALL_RUBOCOP is 'true', run all RuboCop rules
      if [ -z "${CI_MERGE_REQUEST_IID}" ] || [ "${RUN_ALL_RUBOCOP}" == "true" ]; then
        # Silence cop offenses for rules with "grace period".
        # We won't notify Slack if offenses were silenced to avoid frequent messages.
        # Job `update-static-analysis-cache` takes care of Slack notifications every 2 hours.
        unset CI_SLACK_WEBHOOK_URL
        run_timed_command "fail_on_warnings bundle exec rake rubocop:check:graceful"
      else
        cat "${RSPEC_CHANGED_FILES_PATH}" | ruby -e 'print $stdin.read.split(" ").select { |f| File.exist?(f) }.join(" ")' > "$RUBOCOP_TARGET_FILES"
        # Skip running RuboCop if there's no target files
        if [ -s "${RUBOCOP_TARGET_FILES}" ]; then
          run_timed_command "fail_on_warnings bundle exec rubocop --parallel --force-exclusion $(cat ${RUBOCOP_TARGET_FILES})"
        else
          echoinfo "Nothing interesting changed for RuboCop. Skipping."
        fi
      fi
 qa:metadata-lint:
  extends:
    - .static-analysis-base
-    - .static-analysis:rules:qa:metadata-lint
+    - .static-analysis:rules:ee-and-foss-qa
  before_script:
    - !reference [.default-before_script, before_script]
    - cd qa/
@ -173,47 +149,13 @@ feature-flags-usage:
  extends:
    - .static-analysis-base
    - .rubocop-job-cache
-    - .static-analysis:rules:rubocop
+    - .static-analysis:rules:ee-and-foss
  script:
    # We need to disable the cache for this cop since it creates files under tmp/feature_flags/*.used,
    # the cache would prevent these files from being created.
-    - run_timed_command "fail_on_warnings bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
+    - run_timed_command "bundle exec rubocop --only Gitlab/MarkUsedFeatureFlags --cache false"
  artifacts:
    expire_in: 31d
    when: always
    paths:
      - tmp/feature_flags/
 semgrep-appsec-custom-rules:
  stage: lint
  extends:
    - .semgrep-appsec-custom-rules:rules
  image: returntocorp/semgrep
  needs: []
  script:
    # Required to avoid a timeout https://github.com/returntocorp/semgrep/issues/5395
    - git fetch origin master
    # Include/exclude list isn't ideal https://github.com/returntocorp/semgrep/issues/5399
    - |
      semgrep ci --gitlab-sast --metrics off --config $CUSTOM_RULES_URL \
        --include app --include lib --include workhorse \
        --exclude '*_test.go' --exclude spec --exclude qa > gl-sast-report.json || true
  variables:
    CUSTOM_RULES_URL: https://gitlab.com/gitlab-com/gl-security/appsec/sast-custom-rules/-/raw/main/appsec-pings/rules.yml
  artifacts:
    paths:
      - gl-sast-report.json
 ping-appsec-for-sast-findings:
  stage: lint
  image: alpine:latest
  extends:
    - .ping-appsec-for-sast-findings:rules
  variables:
    # Project Access Token bot ID for /gitlab-com/gl-security/appsec/sast-custom-rules
    BOT_USER_ID: 13559989
  needs:
    - semgrep-appsec-custom-rules
  script:
    - apk add jq curl
    - scripts/process_custom_semgrep_results.sh
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@ -1,5 +1,5 @@
 .tests-metadata-state:
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:${RUBY_VERSION}
  before_script:
    - source scripts/utils.sh
  artifacts:
@ -14,11 +14,8 @@ retrieve-tests-metadata:
  extends:
    - .tests-metadata-state
    - .test-metadata:rules:retrieve-tests-metadata
  # We use a smaller image for this job only (update-tests-metadata compiles some gems)
  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}ruby:${RUBY_VERSION}-slim
  stage: prepare
  script:
    - apt-get update && apt-get install -y curl  # Not present in ruby-slim, so we add it manually
    - install_gitlab_gem
    - source ./scripts/rspec_helpers.sh
    - retrieve_tests_metadata
@ -32,17 +29,15 @@ update-tests-metadata:
    - retrieve-tests-metadata
    - generate-frontend-fixtures-mapping
    - setup-test-env
-    - rspec migration pg13
+    - rspec migration pg12
    - rspec-all frontend_fixture
-    - rspec unit pg13
+    - rspec unit pg12
-    - rspec integration pg13
+    - rspec integration pg12
-    - rspec system pg13
+    - rspec system pg12
-    - rspec background_migration pg13
+    - rspec-ee migration pg12
-    - rspec-ee migration pg13
+    - rspec-ee unit pg12
-    - rspec-ee unit pg13
+    - rspec-ee integration pg12
-    - rspec-ee integration pg13
+    - rspec-ee system pg12
    - rspec-ee system pg13
    - rspec-ee background_migration pg13
  script:
    - run_timed_command "retry gem install fog-aws mime-types activesupport rspec_profiling postgres-copy --no-document"
    - source ./scripts/rspec_helpers.sh
--- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
@ -1,129 +0,0 @@
 include:
  - local: .gitlab/ci/qa-common/main.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/rules.gitlab-ci.yml
  - local: .gitlab/ci/qa-common/variables.gitlab-ci.yml
 .run-tests:
  stage: test
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-bullseye-ruby-${RUBY_VERSION}:bundler-2.3-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}
  services:
    - docker:${DOCKER_VERSION}-dind
  tags:
    - e2e
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - sysctl -n -w fs.inotify.max_user_watches=524288
    - echo "SUITE_RAN=true" > suite_status.env
  variables:
    DOCKER_DRIVER: overlay2
    DOCKER_HOST: tcp://docker:2375
    QA_GDK_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-qa-gdk:master"
    QA_GENERATE_ALLURE_REPORT: "true"
    QA_CAN_TEST_PRAEFECT: "false"
    QA_INTERCEPT_REQUESTS: "false"
    TEST_LICENSE_MODE: $QA_TEST_LICENSE_MODE
    EE_LICENSE: $QA_EE_LICENSE
    GITHUB_ACCESS_TOKEN: $QA_GITHUB_ACCESS_TOKEN
    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
    RSPEC_REPORT_OPTS: "--format QA::Support::JsonFormatter --out tmp/rspec-${CI_JOB_ID}.json --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml --format html --out tmp/rspec-${CI_JOB_ID}.htm --color --format documentation"
  timeout: 2 hours
  artifacts:
    when: always
    paths:
      - test_output
      - logs
    expire_in: 7 days
    reports:
      junit: test_output/**/rspec-*.xml
      dotenv: suite_status.env
  script:
    - echo -e "\e[0Ksection_start:`date +%s`:pull_image\r\e[0KPull GDK QA image"
    - docker pull ${QA_GDK_IMAGE}
    - echo -e "\e[0Ksection_end:`date +%s`:pull_image\r\e[0K"
    - echo -e "\e[0Ksection_start:`date +%s`:launch_gdk_and_tests\r\e[0KLaunch GDK and run QA tests"
    - cd qa && bundle install --jobs=$(nproc) --retry=3 --quiet
    - mkdir -p $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs/gdk $CI_PROJECT_DIR/logs/gitlab
    # This command matches the permissions of the user that runs GDK inside the container.
    - chown -R 1000:1000 $CI_PROJECT_DIR/test_output $CI_PROJECT_DIR/logs $CI_PROJECT_DIR/qa/knapsack
    - |
      docker run --rm --name gdk --add-host gdk.test:127.0.0.1 --shm-size=2gb \
        --env-file <(bundle exec rake ci:env_var_name_list) \
        --volume /var/run/docker.sock:/var/run/docker.sock:z \
        --volume $CI_PROJECT_DIR/test_output:/home/gdk/gdk/gitlab/qa/tmp:z \
        --volume $CI_PROJECT_DIR/logs/gdk:/home/gdk/gdk/log \
        --volume $CI_PROJECT_DIR/logs/gitlab:/home/gdk/gdk/gitlab/log \
        --volume $CI_PROJECT_DIR/qa/knapsack:/home/gdk/gdk/gitlab/qa/knapsack \
        ${QA_GDK_IMAGE} "${CI_COMMIT_SHA}" "$RSPEC_REPORT_OPTS $TEST_GDK_TAGS --tag ~requires_praefect"
    # The above image's launch script takes two arguments only - first one is the commit sha and the second one Rspec Args
  allow_failure: true
  after_script:
    - |
      if [ "$CI_JOB_STATUS" == "failed" ]; then
        echo "SUITE_FAILED=true" >> suite_status.env
      fi
 download-knapsack-report:
  extends:
    - .download-knapsack-report
    - .rules:download-knapsack
 test-on-gdk-smoke:
  extends:
    - .run-tests
  parallel: 2
  variables:
    TEST_GDK_TAGS: "--tag smoke"
  rules:
    - when: always
 test-on-gdk-full:
  extends:
    - .run-tests
  parallel: 5
  rules:
    - when: manual
 # ==========================================
 # Post test stage
 # ==========================================
 e2e-test-report:
  extends:
    - .e2e-test-report
    - .rules:report:allure-report
  variables:
    ALLURE_RESULTS_GLOB: test_output/allure-results
 upload-knapsack-report:
  extends:
    - .upload-knapsack-report
    - .rules:report:process-results
  variables:
    QA_KNAPSACK_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/test_output/knapsack/*/*.json
 export-test-metrics:
  extends:
    - .export-test-metrics
    - .rules:report:process-results
  variables:
    QA_METRICS_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/test_output/test-metrics-*.json
 relate-test-failures:
  extends:
    - .relate-test-failures
    - .rules:report:process-results
  variables:
    QA_RSPEC_JSON_FILE_PATTERN: $CI_PROJECT_DIR/test_output/rspec-*.json
 generate-test-session:
  extends:
    - .generate-test-session
    - .rules:report:process-results
  variables:
    QA_RSPEC_JSON_FILE_PATTERN: $CI_PROJECT_DIR/test_output/rspec-*.json
 notify-slack:
  extends:
    - .notify-slack
    - .rules:report:process-results
  variables:
    QA_RSPEC_XML_FILE_PATTERN: $CI_PROJECT_DIR/test_output/rspec-*.xml
--- a/.gitlab/ci/vendored-gems.gitlab-ci.yml
+++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml
@ -6,22 +6,6 @@ vendor mail-smtp_pool:
    include: vendor/gems/mail-smtp_pool/.gitlab-ci.yml
    strategy: depend
 vendor attr_encrypted:
  extends:
    - .vendor:rules:attr_encrypted
  needs: []
  trigger:
    include: vendor/gems/attr_encrypted/.gitlab-ci.yml
    strategy: depend
 vendor microsoft_graph_mailer:
  extends:
    - .vendor:rules:microsoft_graph_mailer
  needs: []
  trigger:
    include: vendor/gems/microsoft_graph_mailer/.gitlab-ci.yml
    strategy: depend
 vendor ipynbdiff:
  extends:
    - .vendor:rules:ipynbdiff
@ -30,14 +14,6 @@ vendor ipynbdiff:
    include: vendor/gems/ipynbdiff/.gitlab-ci.yml
    strategy: depend
 vendor omniauth-azure-oauth2:
  extends:
    - .vendor:rules:omniauth-azure-oauth2
  needs: []
  trigger:
    include: vendor/gems/omniauth-azure-oauth2/.gitlab-ci.yml
    strategy: depend
 vendor omniauth_crowd:
  extends:
    - .vendor:rules:omniauth_crowd
@ -54,14 +30,6 @@ vendor omniauth-gitlab:
    include: vendor/gems/omniauth-gitlab/.gitlab-ci.yml
    strategy: depend
 vendor omniauth-salesforce:
  extends:
    - .vendor:rules:omniauth-salesforce
  needs: []
  trigger:
    include: vendor/gems/omniauth-salesforce/.gitlab-ci.yml
    strategy: depend
 vendor devise-pbkdf2-encryptable:
  extends:
    - .vendor:rules:devise-pbkdf2-encryptable
@ -69,35 +37,3 @@ vendor devise-pbkdf2-encryptable:
  trigger:
    include: vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml
    strategy: depend
 vendor bundler-checksum:
  extends:
    - .vendor:rules:bundler-checksum
  needs: []
  trigger:
    include: vendor/gems/bundler-checksum/.gitlab-ci.yml
    strategy: depend
 vendor gitlab_active_record:
  extends:
    - .vendor:rules:gitlab_active_record
  needs: []
  trigger:
    include: vendor/gems/gitlab_active_record/.gitlab-ci.yml
    strategy: depend
 vendor cloud_profiler_agent:
  extends:
    - .vendor:rules:cloud_profiler_agent
  needs: []
  trigger:
    include: vendor/gems/cloud_profiler_agent/.gitlab-ci.yml
    strategy: depend
 vendor sidekiq-reliable-fetch:
  extends:
    - .vendor:rules:sidekiq-reliable-fetch
  needs: []
  trigger:
    include: vendor/gems/sidekiq-reliable-fetch/.gitlab-ci.yml
    strategy: depend
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@ -1,49 +1,31 @@
 workhorse:verify:
  extends: .workhorse:rules:workhorse
-  image: ${GITLAB_DEPENDENCY_PROXY_ADDRESS}golang:${GO_VERSION}
+  image: ${GITLAB_DEPENDENCY_PROXY}golang:1.17
  stage: test
  needs: []
  script:
    - go version
    - make -C workhorse  # test build
    - make -C workhorse verify
 .workhorse:test:
  extends: .workhorse:rules:workhorse
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
  variables:
    GITALY_ADDRESS: "tcp://127.0.0.1:8075"
  stage: test
  needs:
    - setup-test-env
  before_script:
    - go version
    - scripts/gitaly-test-build
  script:
    - go version
    - apt-get update && apt-get -y install libimage-exiftool-perl
    - scripts/gitaly-test-build
    - make -C workhorse test
-workhorse:test go:
+workhorse:test using go 1.17:
  extends: .workhorse:test
-  parallel:
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31
    matrix:
      - GO_VERSION: ["1.18", "1.19"]
  script:
    - make -C workhorse test-coverage
  coverage: '/\d+.\d+%/'
  artifacts:
    paths:
      - workhorse/coverage.html
-workhorse:test fips:
+workhorse:test using go 1.17 with FIPS:
  extends: .workhorse:test
  parallel:
    matrix:
      - GO_VERSION: ["1.18", "1.19"]
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
  variables:
-    FIPS_MODE: 1
+    WORKHORSE_TEST_FIPS_ENABLED: 1
-
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-1.17-git-2.31
 workhorse:test race:
  extends: .workhorse:test
  script:
    - make -C workhorse test-race
--- a/.gitlab/issue_templates/AI
+++ b/.gitlab/issue_templates/AI
@ -1,147 +0,0 @@
 <!--
 HOW TO USE THIS TEMPLATE
 To propose an AI experiment, focus on completing the “Experiment” section first. As you refine the idea and gather feedback on your experiment, use the “Feature release” section to define how it will evolve as a Beta or GA capability. It's important that we link experiment to feature release. Feel free to add sections, but keep the existing ones.
 You can choose how to get started with this template. For example, the proposal can start as an issue, and then be promoted to an epic to house all the work related to the experiment/prototype and feature release. If you prefer to start with an epic, you have to manually apply the proposal template. Regardless, if the experiment is eventually prioritized for development, the template content will need to appear in a top-level epic so it can be tracked alongside other prioritized AI experiments.
 TITLE FORMAT
 🤖 [AI Proposal] {Need/outcome} {Beneficiary} {Job/Small Job}
 The title should be something that is easily understood that quickly communicates the intent of the project allowing team members to easily understand and recognize the expected work that will be done. A proposal title should combine the beneficiary of the feature/UI, the job it will allow them to accomplish (see https://about.gitlab.com/handbook/product/ux/jobs-to-be-done/#how-to-write-a-jtbd), and their expected outcome when the work is delivered. Well-defined statements are concise without sacrificing the substance of the proposal so that anyone can understand it at a glance. (e.g. {Reduce the effort} {for security teams} {when prioritizing business-critical risks in their assets}).
 -->
 # Experiment
 This section should be completed prior to work on the Experiment beginning.
 # [Experiment](https://docs.gitlab.com/ee/policy/alpha-beta-support.html#experiment)
 ##  Problem to be solved
 ### User problem
 _What user problem will this solve?_
 ### Solution hypothesis
 _Why do you believe this AI solution is a good way to solve this problem?_
 ### Assumption
 _What assumptions are you making about this problem and the solution?_
 ### Personas
 _What [personas](https://about.gitlab.com/handbook/product/personas/#list-of-user-personas) have this problem, who is the intended user?_
 ## Proposal
 <!-- Explain the proposed changes, including details around usage and business drivers. -->
 ### Success
 _How will you measure whether this experiment is a success?_
 # Feature release
 <!-- DO NOT REMOVE THIS SECTION
 Although the initial focus is on the “Experiment” section, do not remove this “Feature release” section. It's important that we link experiment to feature release. Fill this section as you progress.
 -->
 ### Main Job story
 _What job to be done will this solve?_
 <!-- What is the [Main Job story](https://about.gitlab.com/handbook/product/ux/jobs-to-be-done/#how-to-write-a-jtbd) that this proposal was derived from? (e.g. When I am on triage rotation, I want to address all the business-critical risks in my assets, So I can minimize the likelihood of my organization being compromised by a security breach.) -->
 ## Proposal updates/additions
 <!-- Explain any changes or updates to the original proposal from the experiment, including details around usage, business drivers, and reasonings that drove the updates/additions. -->
 ### Problem validation
 _What validation exists that customers have this problem?_
 <!-- Refer to https://about.gitlab.com/handbook/product/ux/ux-research/research-in-the-AI-space/#guideline-1-problem-validation --- to help identify and understand user needs -->
 ### Business objective
 _What business objective will be achieved with this proposal?_
 <!-- Objectives (from a business point of view) that will be achieved upon completion. (For instance, Increase engagement by making the experience efficient while reducing the chances of users overlooking high-priority items. -->
 ### Confidence
 _Has this proposal been derived from research?_
 <!-- How well do we understand the user's problem and their need? Refer to https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#confidence to assess confidence -->
 | Confidence        | Research                       |
 | ----------------- | ------------------------------ |
 | [High/Medium/Low] | [research/insight issue](Link) |
 ### Requirements
 _What tasks or actions should the user be capable of performing with this feature?_
 <!-- Requirements can be taken from existing features or design issues used to build this proposal. Any related issues should be linked with this issue in the Feature/solution issues section below. They are more granular validated needs, goals, and additional details that the proposal encompasses. -->
 > ⚠️ Related feature and research issues should be linked in the related issues section (Delete this line when this is done)
 #### The user needs to be able to:
 - ...
 - ...
 ## Checklist
 ### Experiment
 <details> <summary> Issue information </summary>
 - [ ] Add information to the issue body about:
    - [ ] The user problem being solved
    - [ ] Your assumptions
    - [ ] Who it's for, list of personas impacted
    - [ ] Your proposal
 - [ ] Add relevant designs to the Design Management area of the issue if available
 - [ ] Confirm that an unexpected outage of this feature will not negatively impact the application or other features
 - [ ] Add a feature flag so that this feature can be quickly disabled if/when needed
 - [ ] If this experiment introduces a new service or data store, ensure it is not processing or storing [red data](https://about.gitlab.com/handbook/security/data-classification-standard.html#data-classification-levels) without a security and if needed legal review
  - *NOTE*: We recommend using one of the already adopted models or data stores. If you need to use something else, be aware that using other models or data stores will require additional review during the feature stage for operational fitness and compliance.
 - [ ] Ensure this issue has the ~wg-ai-integration label to ensure visibility to various teams working on this
 </details>
 ### Feature release
 <details> <summary> Issue information </summary>
 - [ ] Add information to the issue body about:
    - [ ] Your proposal
    - [ ] The Job Statement it's expected to satisfy
    - [ ] Details about the user problem and provide any research or problem validation
    - [ ] List the personas impacted by the proposal.
 - [ ] Add all relevant solution validation issues to the Linked items section that shows this proposal will solve the customer problem, or details explaining why it's not possible to provide that validation.
 - [ ] Add relevant designs to the Design Management area of the issue.
 - [ ] You have adhered to our [Definition of Done](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#definition-of-done) standards
 - [ ] Ensure this issue has the ~wg-ai-integration label to ensure visibility to various teams working on this
 </details>
 <details> <summary> Technical needs </summary>
 - [ ] Please consider the operational aspects of the feature you are creating. A list of things to think about is in: https://gitlab.com/gitlab-org/gitlab/-/issues/403859. We will be improving this process in the future: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117637#note_1353253349. 
 - [ ] @ mention your [AppSec Stable Counterpart](https://about.gitlab.com/handbook/product/categories/) and read the [AI secure coding guidelines](https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#artificial-intelligence-ai-features)
 1. Work estimate and skills needs to build an ML viable feature: To build any ML feature depending on the work, there are many personas that contribute including, Data Scientist, NLP engineer, ML Engineer, MLOps Engineer, ML Infra engineers, and Fullstack engineer to integrate the ML Services with Gitlab. Post-prototype we would assess the skills needed to build a production-grade ML feature for the prototype.
 2. Data Limitation: We would like to upfront validate if we have viable data for the feature including whether we can use the DataOps pipeline of ModelOps or create a custom one. We would want to understand the training data, test data, and feedback data to dial up the accuracy and the limitations of the data.
 3. Model Limitation: We would want to understand if we can use an open-source pre-trained model, tune and customize it or start a model from scratch as well. Further, we would assess based on the ModelOps model evaluation framework which would be the right model to use based on the use case.
 4. Cost, Scalability, Reliability: We would want to estimate the cost of hosting, serving, inference of the model, and the full end-to-end infrastructure including monitoring and observability.
 5. Legal and Ethical Framework: We would want to align with legal and ethical framework like any other ModelOps features to cover across the nine principles of responsible ML and any legal support needed.
 </details>
 <details> <summary> Dependency needs </summary>
 - [ ] Please consider the operational aspects of the service you are creating. A list of things to think about is in: https://gitlab.com/gitlab-org/gitlab/-/issues/403859. We will be improving this process in the future: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/117637#note_1353253349. 
 </details>
 <details> <summary> Legal needs </summary>
 - [ ]  TBD
 </details>
 ## Additional resources
 - If you'd like help with technical validation, or would like to discuss UX considerations for AI mention the AI Assisted group using `@gitlab-org/modelops/applied-ml`.
 - Read about our [AI Integration strategy](https://internal-handbook.gitlab.io/handbook/product/ai-strategy/ai-integration-effort/)
 - Slack channels
    - `#wg_ai_integration` - Slack channel for the working group and the high level alignment on getting AI ready for Production (Development, Product, UX, Legal, etc.) But from the other channels fell free to reach out and post progress here
    - `#ai_integration_dev_lobby` - Channel for all implementation related topics and discussions of actual AI features (e.g. explain the code)
    - `#ai_enablement_team` - Channel for the AI Enablement Team which is building the base for all features (experimentation API, Abstraction Layer, Embeddings, etc.)
 /label ~wg-ai-integration
 /cc @tmccaslin @hbenson @wayne @pedroms @jmandell
 /confidential
--- a/.gitlab/issue_templates/Actionable
+++ b/.gitlab/issue_templates/Actionable
@ -1,4 +1,4 @@
-<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/product/ux/ux-research-training/research-insights/#actionable-insights 
+<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/engineering/ux/ux-research-training/research-insights/#actionable-insights 
 This issue template is for an actionable insight that requires further exploration.-->
--- a/.gitlab/issue_templates/Actionable
+++ b/.gitlab/issue_templates/Actionable
@ -1,4 +1,4 @@
-<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/product/ux/ux-research-training/research-insights/#actionable-insights 
+<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/engineering/ux/ux-research-training/research-insights/#actionable-insights 
 This issue template is for an actionable insight that requires a change in the product.-->
--- a/.gitlab/issue_templates/Audit
+++ b/.gitlab/issue_templates/Audit
@ -1,5 +1,4 @@
 <!-- Audit Event documentation: See https://docs.gitlab.com/ee/administration/audit_events.html -->
 <!-- Streaming Audit Event documentation: See https://docs.gitlab.com/ee/administration/audit_event_streaming.html -->
 ## Audit need
@ -9,11 +8,6 @@
 <!-- Describe the audit event you are proposing should be added, including any details of what should be captured, how, and why. -->
 ### Streaming-only event or normal event?
 <!-- Should this event be a streaming-only audit event or also logged to GitLab's database? Consider the
 volume of data that will be generated by the event when answering this. -->
 /label ~"Category:Audit Events"
 /label ~"type::feature"
 /label ~"group::compliance"
--- a/.gitlab/issue_templates/Broken
+++ b/.gitlab/issue_templates/Broken
@ -16,15 +16,10 @@ Please read the below documentations for a workflow of triaging and resolving br
 <!-- If the pipeline failure is reproducible, provide steps to recreate the issue locally. Please use an ordered list. -->
 Please refer to [Flaky tests documentation](https://docs.gitlab.com/ee/development/testing_guide/flaky_tests.html) to
 learn more about how to reproduce them.
 ### Proposed Resolution
 <!-- Describe the proposed change to restore master stability. -->
 Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.
-Once the flaky failure has been fixed on the default branch, open merge requests to cherry-pick the fix to the active stable branches.
+/label ~"failure::flaky-test" ~"Engineering Productivity" ~"priority::2" ~"severity::2"
 /label ~"type::maintenance" ~"failure::flaky-test" ~"priority::3" ~"severity::3"
--- a/.gitlab/issue_templates/Broken
+++ b/.gitlab/issue_templates/Broken
@ -21,4 +21,4 @@ Please read the below documentations for a workflow of triaging and resolving br
 Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.
-/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1" ~"type::maintenance" ~"maintenance::pipelines"
+/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1"
--- a/.gitlab/issue_templates/Bug.md
+++ b/.gitlab/issue_templates/Bug.md
@ -39,10 +39,7 @@ will also determine whether the bug is fixed in a more recent version. -->
 ### Output of checks
-<!-- If you are reporting a bug on GitLab.com, uncomment below -->
+<!-- If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com -->
 <!-- This bug happens on GitLab.com -->
 <!-- /label ~"reproduced on GitLab.com" -->
 #### Results of GitLab environment info
--- a/.gitlab/issue_templates/Deprecations.md
+++ b/.gitlab/issue_templates/Deprecations.md
@ -1,4 +1,4 @@
-For guidance on the overall deprecations, removals and breaking changes workflow, please visit [Breaking changes, deprecations, and removing features](https://about.gitlab.com/handbook/product/gitlab-the-product/#deprecations-removals-and-breaking-changes)
+For guidance on the overall deprecations, removals and breaking changes workflow, please visit https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-changes-deprecations-and-removing-features
 <!-- Use this template as a starting point for deprecations. -->
@ -10,9 +10,6 @@ This should contain a brief description of the feature or functionality that is
 It is recommended that you link to the documentation.
 The description of the deprecation should state what actions the user should take to rectify the behavior. If the deprecation is scheduled for an upcoming release, the content should remain in the deprecations documentation page until it has been completed. For example, if a deprecation is announced in 14.9 and scheduled to be completed in 15.0, the same content would be included in the documentation for 14.9, 14.10, and 15.0.
 **If this issue proposes a breaking change outside a major release XX.0, you need to get approval from your manager and request collaboration from Product Operations on communication. Be sure to follow the guidance [here](https://about.gitlab.com/handbook/product/gitlab-the-product/#deprecations-removals-and-breaking-changes.)** 
 -->
 ### Breaking Change
@ -49,9 +46,9 @@ Which tier is this feature available in?
 Please add links to the relevant merge requests.
 - As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: `14.8, 14.9, 14.10, 15.0` – `14.8` is the third milestone preceding the major release):
-    - [ ] A [deprecation announcement entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-the-announcement) has been created so the deprecation will appear in release posts and on the [general deprecation page](https://docs.gitlab.com/ee/update/deprecations).
+    - [ ] A [deprecation entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry) has been created so the deprecation will appear in release posts and on the [general deprecation page](https://docs.gitlab.com/ee/update/deprecations).
    - [ ] Documentation has been updated to mark the feature as [deprecated](https://docs.gitlab.com/ee/development/documentation/versions.html#deprecations-and-removals).
- [ ] On or before the major milestone: A [removal entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-the-announcement-1) has been created so the removal will appear on the [removals by milestones](https://docs.gitlab.com/ee/update/removals) page and be announced in the release post.
+- [ ] On or before the major milestone: A [removal entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#removals) has been created so the removal will appear on the [removals by milestones](https://docs.gitlab.com/ee/update/removals) page and be announced in the release post.
 - On the major milestone:
    - [ ] The deprecated item has been removed.
    - [ ] If the removal of the deprecated item is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#examples-of-breaking-changes), the merge request is labeled ~"breaking change".
--- a/.gitlab/issue_templates/Doc_cleanup.md
+++ b/.gitlab/issue_templates/Doc_cleanup.md
@ -1,38 +1,60 @@
 <!--
-* Use this template for documentation issues identified
+* Use this issue template for identifying issues to work on in existing documentation, normally identified
-* by [Vale](https://docs.gitlab.com/ee/development/documentation/testing.html#vale)
+* with our [Vale](https://docs.gitlab.com/ee/development/documentation/testing.html#vale) or [markdownlint](https://docs.gitlab.com/ee/development/documentation/testing.html#markdownlint) tools. Much of this identified work is suitable for first-time contributors or
 * or [markdownlint](https://docs.gitlab.com/ee/development/documentation/testing.html#markdownlint).
 * This template is meant to describe work for first-time contributors or
 * for work during Hackathons.
 *
-* Feature development work should not use this template. Use the Feature Request template instead.
+* Normal documentation updates should use the Documentation template, and documentation work as part of
 * feature development should use the Feature Request template.
 -->
-## Hi community contributors! :wave:
+If you are a community contributor:
-Do you want to work on this issue?
+1. To work on an issue, type `@gl-docsteam I would like to work on this issue.`
   in a comment. A technical writer
   will assign the issue to you. Do not work on the issue before it is assigned to you.
   If someone has already chosen the issue, pick another or view docs [in the docs directory](https://gitlab.com/gitlab-org/gitlab/-/tree/master/doc)
   and open a merge request for any page you feel can be improved.
 1. Create a merge request for the issue. If this is for a Hackathon, do not create the merge request
   before the Hackathon has started or it will not be counted towards the Hackathon. If you were not
   assigned the issue, do not create a merge request. It will not be accepted.
 1. Copy the link to this issue and add it to the merge request's description, which will link
   the merge request and the issue together.
 1. After your merge request is accepted and merged, close this issue.
- **If the issue is unassigned**, in a comment, type `@docs-hackathon I would like to work on this issue` and a writer will assign it to you.
+If you notice things you'd like to fix that are not part of the issue, open separate merge requests for those issues.
-  To be fair to others, do not ask for more than three issues at a time.
+We're sorry for all the rules but we want everyone to have a good experience, and it can be hard when we get an influx of contributions.
- **If the issue is assigned to someone already**, choose another issue. Do not open a merge request for this issue if you are not assigned.
+Thank you again for contributing to the GitLab documentation!
-## To resolve the issue
+## Identified documentation issue
-[Follow these instructions to create a merge request](https://docs.gitlab.com/ee/development/documentation/workflow.html#how-to-update-the-docs).
+<!--
 * Include information about the issue that needs resolution. If the item is from an automated test,
 * be sure to include a copy/paste from the the test results. [This issue](https://gitlab.com/gitlab-org/gitlab/-/issues/339543) is an example of text to include with a Vale issue.
 *
 * Limit the identified work to be related to one another, and keep it to a reasonable amount. For example,
 * several moderate changes on one page, a few intermediate changes across five pages, or several very small
 * changes for up to 10 pages. Larger items should be broken out into other issues to better distribute
 * the opportunities for contributors.
 -->
- Don't submit your merge request until after the Hackathon has started.
+## Additional information
 - Try to address the issue in a single merge request.
 - Try to stick to the scope of the issue. If you see other improvements that can be made in the file, open a separate merge request.
 - When you create the merge request, select the **Documentation** merge request description template.
 - In the merge request's description, add a link to this issue.
 - Follow the [commit message guidelines](https://docs.gitlab.com/ee/development/contributing/merge_request_workflow.html#commit-messages-guidelines).
  Use three to five words for your commit message, start with message with a capital letter, and do **not** end it in a period.
  Other commit messages can cause the pipeline to fail.
-Thank you again for contributing to the GitLab documentation! :tada:
+<!--
 * Any concepts, procedures, reference info we could add to make it easier to successfully use GitLab?
 * Include use cases, benefits, and/or goals for this work.
 * If adding content: What audience is it intended for? (What roles and scenarios?)
  For ideas, see personas at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ or the persona labels at
  https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=persona%3A
 -->
-## Documentation issue
+### Who can address the issue
-/labels ~"documentation" ~"docs-only" ~"documentation" ~"docs::improvement" ~"type::maintenance" ~"maintenance::refactor" ~"Seeking community contributions"  ~"quick win" ~"Technical Writing"
+<!-- What if any special expertise is required to resolve this issue? -->
 ### Other links/references
 <!-- For example, related GitLab issues/MRs -->
 /label ~documentation
--- a/.gitlab/issue_templates/Experiment
+++ b/.gitlab/issue_templates/Experiment
@ -18,7 +18,7 @@
 # Tracking Details
 - [json schema](https://gitlab.com/gitlab-org/iglu/-/blob/master/public/schemas/com.gitlab/gitlab_experiment/jsonschema/0-3-0) used in `gitlab-experiment` tracking.
- see [event schema](https://docs.gitlab.com/ee/development/snowplow/index.html#event-schema) for a guide.
+- see [taxonomy](https://docs.gitlab.com/ee/development/snowplow/index.html#structured-event-taxonomy) for a guide.
 | sequence | activity | category | action | label | property | value |
 | -------- | -------- | ------ | ----- | ------- | -------- | ----- |
--- a/.gitlab/issue_templates/Experiment
+++ b/.gitlab/issue_templates/Experiment
@ -10,11 +10,7 @@ The changes need to become an official part of the product.
 - [ ] Determine whether the feature should apply to SaaS and/or self-managed
 - [ ] Determine whether the feature should apply to EE - and which tiers - and/or Core
 - [ ] Determine if tracking should be kept as is, removed, or modified.
 - [ ] Determine if any UX experiences need to be "polished" i.e. updated to further improve the end user experience. This task should be completed by the designated UX counterpart. 
   - [ ] (placeholder for UX polish work that needs to be completed for this cleanup issue to be considered completed) 
 - [ ] Ensure any relevant documentation has been updated.
 - [ ] Determine whether there are other concerns that need to be considered before removing the feature flag.
   - These are typically captured in the `Experiment Successful Cleanup Concerns` section of the rollout issue.
 - [ ] Consider changes to any `feature_category:` introduced by the experiment if ownership is changing (PM for Growth and PM for the new category as DRIs)
 - [ ] Check to see if the experiment introduced new design assets. Add them to the appropriate repos and document them if needed.
 - [ ] Optional: Migrate experiment to a default enabled [feature flag](https://docs.gitlab.com/ee/development/feature_flags) for one milestone and add a changelog. Converting to a feature flag can be skipped at the ICs discretion if risk is deemed low with consideration to both SaaS and (if applicable) self managed
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -48,4 +48,4 @@ Are there any other stages or teams involved that need to be kept in the loop?
 - [ ] Close this rollout issue.
-/label ~"feature flag" ~"type::maintenance" ~"maintenance::removal"
+/label ~"feature flag" ~"type::feature" ~"feature::addition"
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -1,17 +1,8 @@
 <!-- Title suggestion: [Feature flag] Enable description of feature -->
 <!--
 Set the main issue link: The main issue is the one that describes the problem to solve,
 the one this feature flag is being added for. For example:
 [main-issue]: https://gitlab.com/gitlab-org/gitlab/-/issues/123456
 -->
 [main-issue]: MAIN-ISSUE-LINK
 ## Summary
-This issue is to rollout [the feature][main-issue] on production,
+This issue is to rollout [the feature](ISSUE LINK) on production,
 that is currently behind the `<feature-flag-name>` feature flag.
 <!-- Short description of what the feature is about and link to relevant other issues. -->
@ -66,67 +57,53 @@ _Consider adding links to check for Sentry errors, Production logs for 5xx, 302s
 ## Rollout Steps
 Note: Please make sure to run the chatops commands in the slack channel that gets impacted by the command.
 ### Rollout on non-production environments
- [ ] Verify the MR with the feature flag is merged to master.
+- Ensure that the feature MRs have been deployed to non-production environments.
 - Verify that the feature MRs have been deployed to non-production environments with:
    - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
 - [ ] Enable the feature globally on non-production environments.
    - [ ] `/chatops run feature set <feature-flag-name> true --dev --staging --staging-ref`
    - If the feature flag causes QA end-to-end tests to fail:
      - [ ] Disable the feature flag on staging to avoid blocking [deployments](https://about.gitlab.com/handbook/engineering/deployments-and-releases/deployments/).
 - [ ] Verify that the feature works as expected. Posting the QA result in this issue is preferable.
      The best environment to validate the feature in is [staging-canary](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary)
      as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined [here](https://about.gitlab.com/handbook/engineering/infrastructure/environments/canary-stage/)
      when accessing the staging environment in order to make sure you are testing appropriately.
 For assistance with QA end-to-end test failures, please reach out via the `#quality` Slack channel. Note that QA test failures on staging-ref [don't block deployments](https://about.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#how-to-use-staging-ref).  
 ### Specific rollout on production
 For visibility, all `/chatops` commands that target production should be executed in the `#production` slack channel and cross-posted (with the command results) to the responsible team's slack channel (`#g_TEAM_NAME`).
 - Ensure that the feature MRs have been deployed to both production and canary.
    - [ ] `/chatops run auto_deploy status <merge-commit-of-your-feature>`
- Depending on the [type of actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors) you are using, pick one of these options:
+- If you're using [project-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
  - If you're using **project-actor**, you must enable the feature on these entries:
    - [ ] `/chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com <feature-flag-name> true`
-  - If you're using **group-actor**, you must enable the feature on these entries:
+- If you're using [group-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
    - [ ] `/chatops run feature set --group=gitlab-org,gitlab-com <feature-flag-name> true`
-  - If you're using **user-actor**, you must enable the feature on these entries:
+- If you're using [user-actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), you must enable the feature on these entries:
    - [ ] `/chatops run feature set --user=<your-username> <feature-flag-name> true`
 - [ ] Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable.
 ### Preparation before global rollout
 - [ ] Set a milestone to the rollout issue to signal for enabling and removing the feature flag when it is stable.
 - [ ] Check if the feature flag change needs to be accompanied with a
  [change management issue](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/#feature-flags-and-the-change-management-process).
  Cross link the issue here if it does.
 - [ ] Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production.
  If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the `@sre-oncall` Slack alias.
 - [ ] Ensure that documentation has been updated ([More info](https://docs.gitlab.com/ee/development/documentation/feature_flags.html#features-that-became-enabled-by-default)).
- [ ] Leave a comment on [the feature issue][main-issue] announcing estimated time when this feature flag will be enabled on GitLab.com.
+- [ ] Announce on [the feature issue](ISSUE LINK) an estimated time this will be enabled on GitLab.com. 
 - [ ] Ensure that any breaking changes have been announced following the [release post process](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes) to ensure GitLab customers are aware.
 - [ ] Notify `#support_gitlab-com` and your team channel ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#communicate-the-change)).
 - [ ] Ensure that the feature flag rollout plan is reviewed by another developer familiar with the domain.
 ### Global rollout on production
 For visibility, all `/chatops` commands that target production should be executed in the `#production` slack channel and cross-posted (with the command results) to the responsible team's slack channel (`#g_TEAM_NAME`).
 - [ ] [Incrementally roll out](https://docs.gitlab.com/ee/development/feature_flags/controls.html#process) the feature.
  - [ ] Between every step wait for at least 15 minutes and monitor the appropriate graphs on https://dashboards.gitlab.net.
  - If the feature flag in code has [an actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), perform **actor-based** rollout.
    - [ ] `/chatops run feature set <feature-flag-name> <rollout-percentage> --actors`
  - If the feature flag in code does **NOT** have [an actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors), perform time-based rollout (**random** rollout).
    - [ ] `/chatops run feature set <feature-flag-name> <rollout-percentage> --random`
  - Enable the feature globally on production environment.
    - [ ] `/chatops run feature set <feature-flag-name> true`
- [ ] Observe appropriate graphs on https://dashboards.gitlab.net and verify that services are not affected.
+- [ ] Announce on [the feature issue](ISSUE LINK) that the feature has been globally enabled.
 - [ ] Leave a comment on [the feature issue][main-issue] announcing that the feature has been globally enabled.
 - [ ] Wait for [at least one day for the verification term](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#including-a-feature-behind-feature-flag-in-the-final-release).
 ### (Optional) Release the feature with the feature flag
@ -137,14 +114,14 @@ To do so, follow these steps:
 - [ ] Create a merge request with the following changes. Ask for review and merge it.
    - [ ] Set the `default_enabled` attribute in [the feature flag definition](https://docs.gitlab.com/ee/development/feature_flags/#feature-flag-definition-and-validation) to `true`.
-    - [ ] Review [what warrants a changelog entry](https://docs.gitlab.com/ee/development/changelog.html#what-warrants-a-changelog-entry) and decide if [a changelog entry](https://docs.gitlab.com/ee/development/feature_flags/#changelog) is needed.
+    - [ ] Create [a changelog entry](https://docs.gitlab.com/ee/development/feature_flags/#changelog).
 - [ ] Ensure that the default-enabling MR has been included in the release package.
      If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1),
      the feature can be officially announced in a release blog post.
    - [ ] `/chatops run release check <merge-request-url> <milestone>`
 - [ ] Consider cleaning up the feature flag from all environments by running these chatops command in `#production` channel. Otherwise these settings may override the default enabled.
    - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production`
- [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone.
+- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone.
 - [ ] Set the next milestone to this rollout issue for scheduling [the flag removal](#release-the-feature).
 - [ ] (Optional) You can [create a separate issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) for scheduling the steps below to [Release the feature](#release-the-feature).
    - [ ] Set the title to "[Feature flag] Cleanup `<feature-flag-name>`".
@ -177,8 +154,8 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla
      If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1),
      the feature can be officially announced in a release blog post.
    - [ ] `/chatops run release check <merge-request-url> <milestone>`
- [ ] Close [the feature issue][main-issue] to indicate the feature will be released in the current milestone.
+- [ ] Close [the feature issue](ISSUE LINK) to indicate the feature will be released in the current milestone.
- [ ] Clean up the feature flag from all environments by running these chatops command in `#production` channel:
+- [ ] If not already done, clean up the feature flag from all environments by running these chatops command in `#production` channel:
    - [ ] `/chatops run feature delete <feature-flag-name> --dev --staging --staging-ref --production`
 - [ ] Close this rollout issue.
@ -190,11 +167,4 @@ You can either [create a follow-up issue for Feature Flag Cleanup](https://gitla
 /chatops run feature set <feature-flag-name> false
 ```
-<!-- A feature flag can also be used for rolling out a bug fix or a maintenance work.
+/label ~"feature flag" ~"type::feature" ~"feature::addition"
 In this scenario, labels must be related to it, for example; ~"type::feature", ~"type::bug" or ~"type::maintenance".
 Please use /copy_metadata to copy the labels from the issue you're rolling out. -->
 /label ~group::
 /label ~"feature flag"
 /assign me
 /due in 1 month
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -9,7 +9,6 @@
 <!-- Label reminders
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -48,7 +48,6 @@ Create tracking issue using the Snowplow event tracking template. See https://gi
 <!-- Label reminders
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Feature
+++ b/.gitlab/issue_templates/Feature
@ -37,7 +37,7 @@ Personas are described at https://about.gitlab.com/handbook/marketing/product-ma
 <!-- What is the single user experience workflow this problem addresses?
 For example, "The user should be able to use the UI/API/.gitlab-ci.yml with GitLab to <perform a specific task>"
-https://about.gitlab.com/handbook/product/ux/ux-research-training/user-story-mapping/ -->
+https://about.gitlab.com/handbook/engineering/ux/ux-research-training/user-story-mapping/ -->
 ### Proposal
@ -125,7 +125,6 @@ In which enterprise tier should this feature go? See https://about.gitlab.com/ha
 <!-- Label reminders - you should have one of each of the following labels.
 Use the following resources to find the appropriate labels:
 - Use only one tier label choosing the lowest tier this is intended for
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
--- a/.gitlab/issue_templates/Geo
+++ b/.gitlab/issue_templates/Geo
@ -18,7 +18,7 @@ If your Model's pluralized form is non-standard, i.e. it doesn't just end in `s`
 -->
-## Replicate Cool Widgets - Repository
+## Replicate Cool Widgets
 This issue is for implementing Geo replication and verification of Cool Widgets.
@ -39,6 +39,8 @@ You can look into the following example for implementing replication/verificatio
 ### Modify database schemas to prepare to add Geo support for Cool Widgets
 You might do this section in its own merge request, but it is not required.
 #### Add the registry table to track replication and verification state
 Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/geo.md#tracking-database) independent of the main database. It is used to track the replication and verification state of all replicables. Every Model has a corresponding "registry" table in the Geo tracking database.
@ -49,13 +51,20 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  bin/rails generate migration CreateCoolWidgetRegistry --database geo
  ```
 Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0.
 For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue.
 - [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions.
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.1]
+  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[1.0]
-    def change
+    disable_ddl_transaction!
    def up
      ApplicationRecord.transaction do
        create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t|
          t.bigint :cool_widget_id, null: false
          t.datetime_with_timezone :created_at, null: false
@ -80,47 +89,29 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
          t.index :retry_at
          t.index :state
          # To optimize performance of CoolWidgetRegistry.verification_failed_batch
-        t.index :verification_retry_at,
+          t.index :verification_retry_at, name:  :cool_widget_registry_failed_verification, order: "NULLS FIRST",  where: "((state = 2) AND (verification_state = 3))"
          name: :cool_widget_registry_failed_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 3))"
          # To optimize performance of CoolWidgetRegistry.needs_verification_count
-        t.index :verification_state,
+          t.index :verification_state, name:  :cool_widget_registry_needs_verification, where: "((state = 2)  AND (verification_state = ANY (ARRAY[0, 3])))"
          name: :cool_widget_registry_needs_verification,
          where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
          # To optimize performance of CoolWidgetRegistry.verification_pending_batch
-        t.index :verified_at,
+          t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))"
          name: :cool_widget_registry_pending_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 0))"
        end
      end
    end
    def down
      drop_table :cool_widget_registry
    end
  end
  ```
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
 - [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`ee/db/geo/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/db/geo/docs):
  ```yaml
  table_name: cool_widget_registry
  description: Description example
  introduced_by_url: Merge request link
  milestone: Milestone example
  feature_categories:
   - Feature category example
  classes:
   - Class example
  gitlab_schema: gitlab_geo
  ```
 - [ ] Run Geo tracking database migrations:
  ```shell
  bin/rake db:migrate:geo
  ```
- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` and the file under `ee/db/geo/schema_migrations`
+- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql`
 ### Add verification state to the Model
@ -137,7 +128,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.1]
+  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.0]
    VERIFICATION_STATE_INDEX_NAME = "index_cool_widget_states_on_verification_state"
    PENDING_VERIFICATION_INDEX_NAME = "index_cool_widget_states_pending_verification"
    FAILED_VERIFICATION_INDEX_NAME = "index_cool_widget_states_failed_verification"
@ -150,24 +141,16 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
        t.datetime_with_timezone :verification_started_at
        t.datetime_with_timezone :verification_retry_at
        t.datetime_with_timezone :verified_at
-        t.references :cool_widget, primary_key: true, default: nil, index: false, foreign_key: { on_delete: :cascade }
+        t.references :cool_widget, primary_key: true, null: false, foreign_key: { on_delete: :cascade }
        t.integer :verification_state, default: 0, limit: 2, null: false
-        t.integer :verification_retry_count, default: 0, limit: 2, null: false
+        t.integer :verification_retry_count, limit: 2
        t.binary :verification_checksum, using: 'verification_checksum::bytea'
        t.text :verification_failure, limit: 255
        t.index :verification_state, name: VERIFICATION_STATE_INDEX_NAME
-        t.index :verified_at,
+        t.index :verified_at, where: "(verification_state = 0)", order: { verified_at: 'ASC NULLS FIRST' }, name: PENDING_VERIFICATION_INDEX_NAME
-          where: "(verification_state = 0)",
+        t.index :verification_retry_at, where: "(verification_state = 3)", order: { verification_retry_at: 'ASC NULLS FIRST' }, name: FAILED_VERIFICATION_INDEX_NAME
-          order: { verified_at: 'ASC NULLS FIRST' },
+        t.index :verification_state, where: "(verification_state = 0 OR verification_state = 3)", name: NEEDS_VERIFICATION_INDEX_NAME
          name: PENDING_VERIFICATION_INDEX_NAME
        t.index :verification_retry_at,
          where: "(verification_state = 3)",
          order: { verification_retry_at: 'ASC NULLS FIRST' },
          name: FAILED_VERIFICATION_INDEX_NAME
        t.index :verification_state,
          where: "(verification_state = 0 OR verification_state = 3)",
          name: NEEDS_VERIFICATION_INDEX_NAME
      end
    end
@ -179,30 +162,13 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
 - [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
 - [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/db/docs):
  ```yaml
  ---
  table_name: cool_widget_states
  description: Separate table for cool widget verification states
  introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/XXXXX
  milestone: 'XX.Y'
  feature_categories:
   - geo_replication
  classes:
   - Geo::CoolWidgetState
  gitlab_schema: gitlab_main
  ```
 - [ ] Run database migrations:
  ```shell
  bin/rake db:migrate
  ```
- [ ] Be sure to commit the relevant changes in `db/structure.sql` and the file under `db/schema_migrations`
+- [ ] Be sure to commit the relevant changes in `db/structure.sql`
 That's all of the required database changes.
@ -235,30 +201,23 @@ That's all of the required database changes.
    with_replicator Geo::CoolWidgetReplicator
    mount_uploader :file, CoolWidgetUploader
    has_one :cool_widget_state, autosave: false, inverse_of: :cool_widget, class_name: 'Geo::CoolWidgetState'
    after_save :save_verification_details
    scope :with_verification_state, ->(state) { joins(:cool_widget_state).where(cool_widget_states: { verification_state: verification_state_value(state) }) }
    scope :checksummed, -> { joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil } ) }
    scope :not_checksummed, -> { joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil } ) }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    # Override the `all` default if not all records can be replicated. For an
    # example of an existing Model that needs to do this, see
    # `EE::MergeRequestDiff`.
    # scope :available_replicables, -> { all }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    scope :checksummed, -> {
      joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil })
    }
    scope :not_checksummed, -> {
      joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil })
    }
    scope :with_verification_state, ->(state) {
      joins(:cool_widget_state)
        .where(cool_widget_states: { verification_state: verification_state_value(state) })
    }
    def verification_state_object
      cool_widget_state
    end
@ -269,8 +228,7 @@ That's all of the required database changes.
      ...
      # @param primary_key_in [Range, CoolWidget] arg to pass to primary_key_in scope
-      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced
+      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced to this node, restricted by primary key
      #         to this node, restricted by primary key
      def replicables_for_current_secondary(primary_key_in)
        # This issue template does not help you write this method.
        #
@ -278,8 +236,7 @@ That's all of the required database changes.
        # we want to know which records to replicate. This is not easy to automate
        # because for example:
        #
-        # * The "selective sync" feature allows admins to choose which namespaces
+        # * The "selective sync" feature allows admins to choose which namespaces #   to replicate, per secondary site. Most Models are scoped to a
        #   to replicate, per secondary site. Most Models are scoped to a
        #   namespace, but the nature of the relationship to a namespace varies
        #   between Models.
        # * The "selective sync" feature allows admins to choose which shards to
@ -303,6 +260,7 @@ That's all of the required database changes.
    def pool_repository
      nil
    end
    ...
    def cool_widget_state
      super || build_cool_widget_state
@ -318,8 +276,8 @@ That's all of the required database changes.
  ```ruby
    include_examples 'a replicable model with a separate table for verification state' do
-      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is in `Geo::ReplicableModel.verifiables` scope
+      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is included in `available_verifiables`
-      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `Geo::ReplicableModel.verifiables` scope
+      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `available_verifiables`
    end
  ```
@ -337,6 +295,10 @@ That's all of the required database changes.
        ::CoolWidget
      end
      def repository
        model_record.repository
      end
      def self.git_access_class
        ::Gitlab::GitAccessCoolWidget
      end
@ -354,19 +316,6 @@ That's all of the required database changes.
        true
      end
      override :housekeeping_enabled?
      def self.housekeeping_enabled?
        # Remove this method if the new Git repository type supports git
        # repository housekeeping and the ::CoolWidget#git_garbage_collect_worker_klass
        # is implemented. If the data type requires any action to be performed
        # before running the housekeeping override the `before_housekeeping` method
        # (see `RepositoryReplicatorStrategy#before_housekeeping`)
        false
      end
      def repository
        model_record.repository
      end
    end
  end
  ```
@ -397,6 +346,7 @@ That's all of the required database changes.
  ```shell
  bin/feature-flag --ee geo_cool_widget_replication --type development --group 'group::geo'
  bin/feature-flag --ee geo_cool_widget_verification --type development --group 'group::geo'
  ```
 - [ ] Add this replicator class to the method `replicator_classes` in
@ -407,6 +357,7 @@ That's all of the required database changes.
    ::Geo::PackageFileReplicator,
    ::Geo::CoolWidgetReplicator
  ]
  end
  ```
 - [ ] Create `ee/spec/replicators/geo/cool_widget_replicator_spec.rb` and perform the necessary setup to define the `model_record` variable for the shared examples:
@ -416,7 +367,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetReplicator, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetReplicator do
    let(:model_record) { build(:cool_widget) }
    include_examples 'a repository replicator'
@ -429,8 +380,7 @@ That's all of the required database changes.
  ```ruby
  # frozen_string_literal: true
-  module Geo
+  class Geo::CoolWidgetRegistry < Geo::BaseRegistry
    class CoolWidgetRegistry < Geo::BaseRegistry
    include ::Geo::ReplicableRegistry
    include ::Geo::VerifiableRegistry
@ -439,11 +389,10 @@ That's all of the required database changes.
    belongs_to :cool_widget, class_name: 'CoolWidget'
  end
  end
  ```
 - [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`.
+- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`.
 - [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`.
 - [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`.
 - [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`:
@ -465,7 +414,6 @@ That's all of the required database changes.
        state { Geo::CoolWidgetRegistry.state_value(:failed) }
        last_synced_at { 1.day.ago }
        retry_count { 2 }
        retry_at { 2.hours.from_now }
        last_sync_failure { 'Random error' }
      end
@ -491,7 +439,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model do
    let_it_be(:registry) { create(:geo_cool_widget_registry) }
    specify 'factory is valid' do
@ -503,39 +451,32 @@ That's all of the required database changes.
  end
  ```
- [ ] Add the following to `ee/spec/factories/cool_widgets.rb`:
+- [ ] Add the following to `spec/factories/cool_widgets.rb`:
  ```ruby
-  # frozen_string_literal: true
+  trait(:verification_succeeded) do
  FactoryBot.modify do
    factory :cool_widget do
      trait :verification_succeeded do
    with_file
    verification_checksum { 'abc' }
    verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
  end
-      trait :verification_failed do
+  trait(:verification_failed) do
    with_file
    verification_failure { 'Could not calculate the checksum' }
    verification_state { CoolWidget.verification_state_value(:verification_failed) }
  end
    end
  end
  ```
  If there is not an existing factory for the object in `spec/factories/cool_widgets.rb`, wrap the traits in `FactoryBot.create` instead of `FactoryBot.modify`.
 - [ ] Make sure the factory also allows setting a `project` attribute. If the model does not have a direct relation to a project, you can use a `transient` attribute. Check out `spec/factories/merge_request_diffs.rb` for an example.
- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/geo/cool_widget_state.rb`:
+- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/ee/geo/cool_widget_state.rb`:
  ``` ruby
  # frozen_string_literal: true
  module Geo
    class CoolWidgetState < ApplicationRecord
      include EachBatch
      include ::Geo::VerificationStateDefinition
      self.primary_key = :cool_widget_id
@ -557,19 +498,17 @@ That's all of the required database changes.
    factory :geo_cool_widget_state, class: 'Geo::CoolWidgetState' do
      cool_widget
-      trait :checksummed do
+      trait(:checksummed) do
        verification_checksum { 'abc' }
      end
-      trait :checksum_failure do
+      trait(:checksum_failure) do
        verification_failure { 'Could not calculate the checksum' }
      end
    end
  end
  ```
 - [ ] Add `[:geo_cool_widget_state, any]` to `skipped` in `spec/models/factories_spec.rb`
 #### Step 2. Implement metrics gathering
 Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` for display in the UI, and sent to Prometheus:
@ -590,21 +529,23 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
 - [ ] Add the same fields to `GET /geo_nodes/status` example response in
  `ee/spec/fixtures/api/schemas/public_api/v4/geo_node_status.json`.
 - [ ] Add the following fields to the `Sidekiq metrics` table in `doc/administration/monitoring/prometheus/gitlab_metrics.md`:
-  ```markdown
+  - `geo_cool_widgets`
-  | `geo_cool_widgets` | Gauge | XX.Y | Number of Cool Widgets on primary | `url` |
+  - `geo_cool_widgets_checksum_total`
-  | `geo_cool_widgets_checksum_total` | Gauge | XX.Y | Number of Cool Widgets to checksum on primary | `url` |
+  - `geo_cool_widgets_checksummed`
-  | `geo_cool_widgets_checksummed` | Gauge | XX.Y | Number of Cool Widgets that successfully calculated the checksum on primary | `url` |
+  - `geo_cool_widgets_checksum_failed`
-  | `geo_cool_widgets_checksum_failed` | Gauge | XX.Y | Number of Cool Widgets that failed to calculate the checksum on primary | `url` |
+  - `geo_cool_widgets_synced`
-  | `geo_cool_widgets_synced` | Gauge | XX.Y | Number of syncable Cool Widgets synced on secondary | `url` |
+  - `geo_cool_widgets_failed`
-  | `geo_cool_widgets_failed` | Gauge | XX.Y | Number of syncable Cool Widgets failed to sync on secondary | `url` |
+  - `geo_cool_widgets_registry`
-  | `geo_cool_widgets_registry` | Gauge | XX.Y | Number of Cool Widgets in the registry | `url` |
+  - `geo_cool_widgets_verification_total`
-  | `geo_cool_widgets_verification_total` | Gauge | XX.Y | Number of Cool Widgets to attempt to verify on secondary | `url` |
+  - `geo_cool_widgets_verified`
-  | `geo_cool_widgets_verified` | Gauge | XX.Y | Number of Cool Widgets successfully verified on secondary | `url` |
+  - `geo_cool_widgets_verification_failed`
-  | `geo_cool_widgets_verification_failed` | Gauge | XX.Y | Number of Cool Widgets that failed verification on secondary | `url` |
+- [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`:
  ```
 - [ ] Run the rake task `geo:dev:ssf_metrics` and commit the changes to `ee/config/metrics/object_schemas/geo_node_usage.json`
-Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Sites` view, and Prometheus.
+  ```ruby
  Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry
  ```
 Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.
 #### Step 3. Implement the GraphQL API
@ -616,9 +557,8 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  field :cool_widget_registries, ::Types::Geo::CoolWidgetRegistryType.connection_type,
        null: true,
        resolver: ::Resolvers::Geo::CoolWidgetRegistriesResolver,
-        description: 'Find Cool Widget registries on this Geo node. '\
+        description: 'Find Cool Widget registries on this Geo node',
-                     'Ignored if `geo_cool_widget_replication` feature flag is disabled.',
+        feature_flag: :geo_cool_widget_replication
        alpha: { milestone: '15.5' } # Update the milestone
  ```
 - [ ] Add the new `cool_widget_registries` field name to the `expected_fields` array in `ee/spec/graphql/types/geo/geo_node_type_spec.rb`.
@ -645,7 +585,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver, feature_category: :geo_replication do
+  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver do
    it_behaves_like 'a Geo registries resolver', :geo_cool_widget_registry
  end
  ```
@ -669,7 +609,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistryFinder, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetRegistryFinder do
    it_behaves_like 'a framework registry finder', :geo_cool_widget_registry
  end
  ```
@ -683,15 +623,13 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
    module Geo
      # rubocop:disable Graphql/AuthorizeTypes because it is included
      class CoolWidgetRegistryType < BaseObject
        graphql_name 'CoolWidgetRegistry'
        include ::Types::Geo::RegistryType
        graphql_name 'CoolWidgetRegistry'
        description 'Represents the Geo replication and verification state of a cool_widget'
        field :cool_widget_id, GraphQL::Types::ID, null: false, description: 'ID of the Cool Widget.'
      end
      # rubocop:enable Graphql/AuthorizeTypes
    end
  end
  ```
@ -703,7 +641,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'], feature_category: :geo_replication do
+  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'] do
    it_behaves_like 'a Geo registry type'
    it 'has the expected fields (other than those included in RegistryType)' do
@ -768,14 +706,6 @@ As illustrated by the above two examples, batch destroy logic cannot be handled
    end
  end
 ```
 ### Code Review
 When requesting review from database reviewers:
 - [ ] Include a comment mentioning that the change is based on a documented template.
 - [ ] `replicables_for_current_secondary` and `available_replicables` may differ per Model. If their queries are new, then add [query plans](https://docs.gitlab.com/ee/development/database_review.html#query-plans) to the MR description. An easy place to gather SQL queries is your GDK's `log/test.log` when running tests of these methods.
 ### Release Geo support of Cool Widgets
 - [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps:
@ -783,15 +713,14 @@ When requesting review from database reviewers:
  - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`.
  - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there.
 - [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true`
- [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `alpha` option for the released type:
+- [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `feature_flag` option for the released type:
  ```ruby
  field :cool_widget_registries, ::Types::Geo::CoolWidgetRegistryType.connection_type,
        null: true,
        resolver: ::Resolvers::Geo::CoolWidgetRegistriesResolver,
-        description: 'Find Cool Widget registries on this Geo node. '\
+        description: 'Find Cool Widget registries on this Geo node',
-                     'Ignored if `geo_cool_widget_replication` feature flag is disabled.',
+        feature_flag: :geo_cool_widget_replication # REMOVE THIS LINE
        alpha: { milestone: '15.5' } # Update the milestone
  ```
 - [ ] Run `bundle exec rake gitlab:graphql:compile_docs` after the step above to regenerate the GraphQL docs.
--- a/.gitlab/issue_templates/Geo
+++ b/.gitlab/issue_templates/Geo
@ -18,7 +18,7 @@ If your Model's pluralized form is non-standard, i.e. it doesn't just end in `s`
 -->
-## Replicate Cool Widgets - Blob
+## Replicate Cool Widgets
 This issue is for implementing Geo replication and verification of Cool Widgets.
@ -41,6 +41,8 @@ You can look into the following examples of MRs for implementing replication/ver
 ### Modify database schemas to prepare to add Geo support for Cool Widgets
 You might do this section in its own merge request, but it is not required.
 #### Add the registry table to track replication and verification state
 Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/geo.md#tracking-database) independent of the main database. It is used to track the replication and verification state of all replicables. Every Model has a corresponding "registry" table in the Geo tracking database.
@ -51,13 +53,20 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
  bin/rails generate migration CreateCoolWidgetRegistry --database geo
  ```
 Geo should continue using `Gitlab::Database::Migration[1.0]` until the `gitlab_geo` schema is supported, and is for the time being exempt from being validated by `Gitlab::Database::Migration[2.0]`. This requires a developer to manually amend the migration file to change from `[2.0]` to `[1.0]` due to the migration defaults being 2.0.
 For more information, see the [Enable Geo migrations to use Migration[2.0]](https://gitlab.com/gitlab-org/gitlab/-/issues/363491) issue.
 - [ ] Replace the contents of the migration file with the following. Note that we cannot add a foreign key constraint on `cool_widget_id` because the `cool_widgets` table is in a different database. The application code must handle logic such as propagating deletions.
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[2.1]
+  class CreateCoolWidgetRegistry < Gitlab::Database::Migration[1.0]
-    def change
+    disable_ddl_transaction!
    def up
      ApplicationRecord.transaction do
        create_table :cool_widget_registry, id: :bigserial, force: :cascade do |t|
          t.bigint :cool_widget_id, null: false
          t.datetime_with_timezone :created_at, null: false
@ -80,47 +89,29 @@ Geo secondary sites have a [Geo tracking database](https://gitlab.com/gitlab-org
          t.index :retry_at
          t.index :state
          # To optimize performance of CoolWidgetRegistry.verification_failed_batch
-        t.index :verification_retry_at,
+          t.index :verification_retry_at, name:  :cool_widget_registry_failed_verification, order: "NULLS FIRST",  where: "((state = 2) AND (verification_state = 3))"
          name: :cool_widget_registry_failed_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 3))"
          # To optimize performance of CoolWidgetRegistry.needs_verification_count
-        t.index :verification_state,
+          t.index :verification_state, name:  :cool_widget_registry_needs_verification, where: "((state = 2)  AND (verification_state = ANY (ARRAY[0, 3])))"
          name: :cool_widget_registry_needs_verification,
          where: "((state = 2) AND (verification_state = ANY (ARRAY[0, 3])))"
          # To optimize performance of CoolWidgetRegistry.verification_pending_batch
-        t.index :verified_at,
+          t.index :verified_at, name: :cool_widget_registry_pending_verification, order: "NULLS FIRST", where: "((state = 2) AND (verification_state = 0))"
          name: :cool_widget_registry_pending_verification,
          order: "NULLS FIRST",
          where: "((state = 2) AND (verification_state = 0))"
        end
      end
    end
    def down
      drop_table :cool_widget_registry
    end
  end
  ```
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
 - [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`ee/db/geo/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/ee/db/geo/docs):
  ```yaml
  table_name: cool_widget_registry
  description: Description example
  introduced_by_url: Merge request link
  milestone: Milestone example
  feature_categories:
   - Feature category example
  classes:
   - Class example
  gitlab_schema: gitlab_geo
  ```
 - [ ] Run Geo tracking database migrations:
  ```shell
  bin/rake db:migrate:geo
  ```
- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql` and the file created under `ee/db/geo/schema_migrations`
+- [ ] Be sure to commit the relevant changes in `ee/db/geo/structure.sql`
 ### Add verification state fields on the Geo primary site
@ -139,7 +130,7 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
  ```ruby
  # frozen_string_literal: true
-  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.1]
+  class CreateCoolWidgetStates < Gitlab::Database::Migration[2.0]
    VERIFICATION_STATE_INDEX_NAME = "index_cool_widget_states_on_verification_state"
    PENDING_VERIFICATION_INDEX_NAME = "index_cool_widget_states_pending_verification"
    FAILED_VERIFICATION_INDEX_NAME = "index_cool_widget_states_failed_verification"
@ -152,28 +143,16 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
        t.datetime_with_timezone :verification_started_at
        t.datetime_with_timezone :verification_retry_at
        t.datetime_with_timezone :verified_at
-        t.references :cool_widget,
+        t.references :cool_widget, primary_key: true, null: false, foreign_key: { on_delete: :cascade }
          primary_key: true,
          default: nil,
          index: false,
          foreign_key: { on_delete: :cascade }
        t.integer :verification_state, default: 0, limit: 2, null: false
-        t.integer :verification_retry_count, default: 0, limit: 2, null: false
+        t.integer :verification_retry_count, limit: 2
        t.binary :verification_checksum, using: 'verification_checksum::bytea'
        t.text :verification_failure, limit: 255
        t.index :verification_state, name: VERIFICATION_STATE_INDEX_NAME
-        t.index :verified_at,
+        t.index :verified_at, where: "(verification_state = 0)", order: { verified_at: 'ASC NULLS FIRST' }, name: PENDING_VERIFICATION_INDEX_NAME
-          where: "(verification_state = 0)",
+        t.index :verification_retry_at, where: "(verification_state = 3)", order: { verification_retry_at: 'ASC NULLS FIRST' }, name: FAILED_VERIFICATION_INDEX_NAME
-          order: { verified_at: 'ASC NULLS FIRST' },
+        t.index :verification_state, where: "(verification_state = 0 OR verification_state = 3)", name: NEEDS_VERIFICATION_INDEX_NAME
          name: PENDING_VERIFICATION_INDEX_NAME
        t.index :verification_retry_at,
          where: "(verification_state = 3)",
          order: { verification_retry_at: 'ASC NULLS FIRST' },
          name: FAILED_VERIFICATION_INDEX_NAME
        t.index :verification_state,
          where: "(verification_state = 0 OR verification_state = 3)",
          name: NEEDS_VERIFICATION_INDEX_NAME
      end
    end
@ -185,30 +164,15 @@ The Geo primary site needs to checksum every replicable so secondaries can verif
 - [ ] If deviating from the above example, then be sure to order columns according to [our guidelines](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/ordering_table_columns.md).
 - [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
 - [ ] Add the new table to the [database dictionary](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/database/database_dictionary.md) defined in [`db/docs/`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/db/docs):
  ```yaml
  ---
  table_name: cool_widget_states
  description: Separate table for cool widget verification states
  introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/XXXXX
  milestone: 'XX.Y'
  feature_categories:
   - geo_replication
  classes:
   - Geo::CoolWidgetState
  gitlab_schema: gitlab_main
  ```
 - [ ] Run database migrations:
  ```shell
  bin/rake db:migrate
  ```
- [ ] Be sure to commit the relevant changes in `db/structure.sql` and the file under `db/schema_migrations`
+- [ ] If `cool_widgets` is a high-traffic table, follow [the database documentation to use `with_lock_retries`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/development/migration_style_guide.md#when-to-use-the-helper-method)
 - [ ] Be sure to commit the relevant changes in `db/structure.sql`
 That's all of the required database changes.
@ -245,26 +209,17 @@ That's all of the required database changes.
    after_save :save_verification_details
    scope :with_verification_state, ->(state) { joins(:cool_widget_state).where(cool_widget_states: { verification_state: verification_state_value(state) }) }
    scope :checksummed, -> { joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil } ) }
    scope :not_checksummed, -> { joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil } ) }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    # Override the `all` default if not all records can be replicated. For an
    # example of an existing Model that needs to do this, see
    # `EE::MergeRequestDiff`.
    # scope :available_replicables, -> { all }
    scope :available_verifiables, -> { joins(:cool_widget_state) }
    scope :checksummed, -> {
      joins(:cool_widget_state).where.not(cool_widget_states: { verification_checksum: nil })
    }
    scope :not_checksummed, -> {
      joins(:cool_widget_state).where(cool_widget_states: { verification_checksum: nil })
    }
    scope :with_verification_state, ->(state) {
      joins(:cool_widget_state)
        .where(cool_widget_states: { verification_state: verification_state_value(state) })
    }
    def verification_state_object
      cool_widget_state
    end
@ -275,17 +230,15 @@ That's all of the required database changes.
      ...
      # @param primary_key_in [Range, CoolWidget] arg to pass to primary_key_in scope
-      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced
+      # @return [ActiveRecord::Relation<CoolWidget>] everything that should be synced to this node, restricted by primary key
-      #         to this node, restricted by primary key
+      def self.replicables_for_current_secondary(primary_key_in)
      def replicables_for_current_secondary(primary_key_in)
        # This issue template does not help you write this method.
        #
        # This method is called only on Geo secondary sites. It is called when
        # we want to know which records to replicate. This is not easy to automate
        # because for example:
        #
-        # * The "selective sync" feature allows admins to choose which namespaces
+        # * The "selective sync" feature allows admins to choose which namespaces #   to replicate, per secondary site. Most Models are scoped to a
        #   to replicate, per secondary site. Most Models are scoped to a
        #   namespace, but the nature of the relationship to a namespace varies
        #   between Models.
        # * The "selective sync" feature allows admins to choose which shards to
@ -303,6 +256,7 @@ That's all of the required database changes.
        CoolWidgetState
      end
    end
    ...
    def cool_widget_state
      super || build_cool_widget_state
@ -318,8 +272,8 @@ That's all of the required database changes.
  ```ruby
    include_examples 'a replicable model with a separate table for verification state' do
-      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is in `Geo::ReplicableModel.verifiables` scope
+      let(:verifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is included in `available_verifiables`
-      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `Geo::ReplicableModel.verifiables` scope
+      let(:unverifiable_model_record) { build(:cool_widget) } # add extra params if needed to make sure the record is NOT included in `available_verifiables`
    end
  ```
@ -349,14 +303,16 @@ That's all of the required database changes.
        # (see `VerifiableReplicator.verification_enabled?`)
        true
      end
    end
  end
  ```
- [ ] Generate the feature flag definition file by running the feature flag commands and following the command prompts:
+- [ ] Generate the feature flag definition fileы by running the feature flag commands and following the command prompts:
  ```shell
  bin/feature-flag --ee geo_cool_widget_replication --type development --group 'group::geo'
  bin/feature-flag --ee geo_cool_widget_verification --type development --group 'group::geo'
  ```
 - [ ] Add this replicator class to the method `replicator_classes` in
@ -367,6 +323,7 @@ That's all of the required database changes.
    ::Geo::PackageFileReplicator,
    ::Geo::CoolWidgetReplicator
  ]
  end
  ```
 - [ ] Create `ee/spec/replicators/geo/cool_widget_replicator_spec.rb` and perform the necessary setup to define the `model_record` variable for the shared examples:
@ -376,7 +333,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetReplicator, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetReplicator do
    let(:model_record) { build(:cool_widget) }
    include_examples 'a blob replicator'
@ -389,8 +346,7 @@ That's all of the required database changes.
  ```ruby
  # frozen_string_literal: true
-  module Geo
+  class Geo::CoolWidgetRegistry < Geo::BaseRegistry
    class CoolWidgetRegistry < Geo::BaseRegistry
    include ::Geo::ReplicableRegistry
    include ::Geo::VerifiableRegistry
@ -399,11 +355,10 @@ That's all of the required database changes.
    belongs_to :cool_widget, class_name: 'CoolWidget'
  end
  end
  ```
 - [ ] Update `REGISTRY_CLASSES` in `ee/app/workers/geo/secondary/registry_consistency_worker.rb`.
- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/support/helpers/ee/geo_helpers.rb`.
+- [ ] Add a custom factory name if needed in `def model_class_factory_name` in `ee/spec/services/geo/registry_consistency_service_spec.rb`.
 - [ ] Update `it 'creates missing registries for each registry class'` in `ee/spec/workers/geo/secondary/registry_consistency_worker_spec.rb`.
 - [ ] Add `cool_widget_registry` to `ActiveSupport::Inflector.inflections` in `config/initializers_before_autoloader/000_inflections.rb`.
 - [ ] Create `ee/spec/factories/geo/cool_widget_registry.rb`:
@ -425,7 +380,6 @@ That's all of the required database changes.
        state { Geo::CoolWidgetRegistry.state_value(:failed) }
        last_synced_at { 1.day.ago }
        retry_count { 2 }
        retry_at { 2.hours.from_now }
        last_sync_failure { 'Random error' }
      end
@ -451,7 +405,7 @@ That's all of the required database changes.
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetRegistry, :geo, type: :model do
    let_it_be(:registry) { create(:geo_cool_widget_registry) }
    specify 'factory is valid' do
@ -466,43 +420,27 @@ That's all of the required database changes.
 - [ ] Add the following to `spec/factories/cool_widgets.rb`:
  ```ruby
-  # frozen_string_literal: true
+  trait(:verification_succeeded) do
  FactoryBot.modify do
    factory :cool_widget do
      trait :verification_succeeded do
    with_file
    verification_checksum { 'abc' }
    verification_state { CoolWidget.verification_state_value(:verification_succeeded) }
  end
-      trait :verification_failed do
+  trait(:verification_failed) do
    with_file
    verification_failure { 'Could not calculate the checksum' }
    verification_state { CoolWidget.verification_state_value(:verification_failed) }
  end
    end
  end
  ```
  If there is not an existing factory for the object in `spec/factories/cool_widgets.rb`, wrap the traits in `FactoryBot.create` instead of `FactoryBot.modify`
 [ ] Make sure the factory supports the `:remote_store` trait. If not, add something like
  ```ruby
  trait :remote_store do
    file_store { CoolWidget::FileUploader::Store::REMOTE }
  end
  ```
 - [ ] Make sure the factory also allows setting a `project` attribute. If the model does not have a direct relation to a project, you can use a `transient` attribute. Check out `spec/factories/merge_request_diffs.rb` for an example.
- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/geo/cool_widget_state.rb`:
+- [ ] Following [the example of Merge Request Diffs](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63309) add a `Geo::CoolWidgetState` model in `ee/app/models/ee/geo/cool_widget_state.rb`:
  ``` ruby
  # frozen_string_literal: true
  module Geo
    class CoolWidgetState < ApplicationRecord
      include EachBatch
      include ::Geo::VerificationStateDefinition
      self.primary_key = :cool_widget_id
@ -524,19 +462,17 @@ That's all of the required database changes.
    factory :geo_cool_widget_state, class: 'Geo::CoolWidgetState' do
      cool_widget
-      trait :checksummed do
+      trait(:checksummed) do
        verification_checksum { 'abc' }
      end
-      trait :checksum_failure do
+      trait(:checksum_failure) do
        verification_failure { 'Could not calculate the checksum' }
      end
    end
  end
  ```
 - [ ] Add `[:cool_widget, :remote_store]` and `[:geo_cool_widget_state, any]` to `skipped` in `spec/models/factories_spec.rb`
 #### Step 2. Implement metrics gathering
 Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus` for display in the UI, and sent to Prometheus:
@ -557,22 +493,23 @@ Metrics are gathered by `Geo::MetricsUpdateWorker`, persisted in `GeoNodeStatus`
 - [ ] Add the same fields to `GET /geo_nodes/status` example response in
  `ee/spec/fixtures/api/schemas/public_api/v4/geo_node_status.json`.
 - [ ] Add the following fields to the `Sidekiq metrics` table in `doc/administration/monitoring/prometheus/gitlab_metrics.md`:
  - `geo_cool_widgets`
  - `geo_cool_widgets_checksum_total`
  - `geo_cool_widgets_checksummed`
  - `geo_cool_widgets_checksum_failed`
  - `geo_cool_widgets_synced`
  - `geo_cool_widgets_failed`
  - `geo_cool_widgets_registry`
  - `geo_cool_widgets_verification_total`
  - `geo_cool_widgets_verified`
  - `geo_cool_widgets_verification_failed`
 - [ ] Add the following to the parameterized table in the `context 'Replicator stats' do` block in `ee/spec/models/geo_node_status_spec.rb`:
-  ```markdown
+  ```ruby
-  | `geo_cool_widgets` | Gauge | XX.Y | Number of Cool Widgets on primary | `url` |
+  Geo::CoolWidgetReplicator | :cool_widget | :geo_cool_widget_registry
  | `geo_cool_widgets_checksum_total` | Gauge | XX.Y | Number of Cool Widgets to checksum on primary | `url` |
  | `geo_cool_widgets_checksummed` | Gauge | XX.Y | Number of Cool Widgets that successfully calculated the checksum on primary | `url` |
  | `geo_cool_widgets_checksum_failed` | Gauge | XX.Y | Number of Cool Widgets that failed to calculate the checksum on primary | `url` |
  | `geo_cool_widgets_synced` | Gauge | XX.Y | Number of syncable Cool Widgets synced on secondary | `url` |
  | `geo_cool_widgets_failed` | Gauge | XX.Y | Number of syncable Cool Widgets failed to sync on secondary | `url` |
  | `geo_cool_widgets_registry` | Gauge | XX.Y | Number of Cool Widgets in the registry | `url` |
  | `geo_cool_widgets_verification_total` | Gauge | XX.Y | Number of Cool Widgets to attempt to verify on secondary | `url` |
  | `geo_cool_widgets_verified` | Gauge | XX.Y | Number of Cool Widgets successfully verified on secondary | `url` |
  | `geo_cool_widgets_verification_failed` | Gauge | XX.Y | Number of Cool Widgets that failed verification on secondary | `url` |
  ```
 - [ ] Run the rake task `geo:dev:ssf_metrics` and commit the changes to `ee/config/metrics/object_schemas/geo_node_usage.json`
- Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Sites` view, and Prometheus.
+Cool Widget replication and verification metrics should now be available in the API, the `Admin > Geo > Nodes` view, and Prometheus.
 #### Step 3. Implement the GraphQL API
@ -584,9 +521,8 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  field :cool_widget_registries, ::Types::Geo::CoolWidgetRegistryType.connection_type,
        null: true,
        resolver: ::Resolvers::Geo::CoolWidgetRegistriesResolver,
-        description: 'Find Cool Widget registries on this Geo node. '\
+        description: 'Find Cool Widget registries on this Geo node',
-                     'Ignored if `geo_cool_widget_replication` feature flag is disabled.',
+        feature_flag: :geo_cool_widget_replication
        alpha: { milestone: '15.5' } # Update the milestone
  ```
 - [ ] Add the new `cool_widget_registries` field name to the `expected_fields` array in `ee/spec/graphql/types/geo/geo_node_type_spec.rb`.
@ -613,7 +549,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver, feature_category: :geo_replication do
+  RSpec.describe Resolvers::Geo::CoolWidgetRegistriesResolver do
    it_behaves_like 'a Geo registries resolver', :geo_cool_widget_registry
  end
  ```
@ -637,7 +573,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe Geo::CoolWidgetRegistryFinder, feature_category: :geo_replication do
+  RSpec.describe Geo::CoolWidgetRegistryFinder do
    it_behaves_like 'a framework registry finder', :geo_cool_widget_registry
  end
  ```
@ -651,15 +587,13 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
    module Geo
      # rubocop:disable Graphql/AuthorizeTypes because it is included
      class CoolWidgetRegistryType < BaseObject
        graphql_name 'CoolWidgetRegistry'
        include ::Types::Geo::RegistryType
        graphql_name 'CoolWidgetRegistry'
        description 'Represents the Geo replication and verification state of a cool_widget'
-        field :cool_widget_id, GraphQL::Types::ID, null: false, description: 'ID of the Cool Widget.'
+        field :cool_widget_id, GraphQL::ID_TYPE, null: false, description: 'ID of the Cool Widget'
      end
      # rubocop:enable Graphql/AuthorizeTypes
    end
  end
  ```
@ -671,7 +605,7 @@ The GraphQL API is used by `Admin > Geo > Replication Details` views, and is dir
  require 'spec_helper'
-  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'], feature_category: :geo_replication do
+  RSpec.describe GitlabSchema.types['CoolWidgetRegistry'] do
    it_behaves_like 'a Geo registry type'
    it 'has the expected fields (other than those included in RegistryType)' do
@ -737,13 +671,6 @@ As illustrated by the above two examples, batch destroy logic cannot be handled
  end
 ```
 ### Code Review
 When requesting review from database reviewers:
 - [ ] Include a comment mentioning that the change is based on a documented template.
 - [ ] `replicables_for_current_secondary` and `available_replicables` may differ per Model. If their queries are new, then add [query plans](https://docs.gitlab.com/ee/development/database_review.html#query-plans) to the MR description. An easy place to gather SQL queries is your GDK's `log/test.log` when running tests of these methods.
 ### Release Geo support of Cool Widgets
 - [ ] In the rollout issue you created when creating the feature flag, modify the Roll Out Steps:
@ -751,15 +678,14 @@ When requesting review from database reviewers:
  - [ ] Add a step to `Test replication and verification of Cool Widgets on a non-GDK-deployment. For example, using GitLab Environment Toolkit`.
  - [ ] Add a step to `Ping the Geo PM and EM to coordinate testing`. For example, you might add steps to generate Cool Widgets, and then a Geo engineer may take it from there.
 - [ ] In `ee/config/feature_flags/development/geo_cool_widget_replication.yml`, set `default_enabled: true`
- [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `alpha` option for the released type:
+- [ ] In `ee/app/graphql/types/geo/geo_node_type.rb`, remove the `feature_flag` option for the released type:
  ```ruby
  field :cool_widget_registries, ::Types::Geo::CoolWidgetRegistryType.connection_type,
        null: true,
        resolver: ::Resolvers::Geo::CoolWidgetRegistriesResolver,
-        description: 'Find Cool Widget registries on this Geo node. '\
+        description: 'Find Cool Widget registries on this Geo node',
-                     'Ignored if `geo_cool_widget_replication` feature flag is disabled.',
+        feature_flag: :geo_cool_widget_replication # REMOVE THIS LINE
        alpha: { milestone: '15.5' } # Update the milestone
  ```
 - [ ] Run `bundle exec rake gitlab:graphql:compile_docs` after the step above to regenerate the GraphQL docs.
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -1,30 +0,0 @@
 ## Summary
 <!-- Summarize the bug encountered concisely. -->
 ## Steps to reproduce
 <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
 ## What is the current *bug* behavior?
 <!-- Describe what actually happens. -->
 ## What is the expected *correct* behavior?
 <!-- Describe what you should see instead. -->
 ## Relevant logs and/or screenshots
 <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
 as it's tough to read otherwise. -->
 ## Possible fixes
 <!-- If you can, link to the line of code that might be responsible for the problem. -->
 <!-- Please add a label for the type of bug as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::bug"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -1,13 +0,0 @@
 ## Problem to solve
 <!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Please add a label for the type of feature as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::feature"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Global
+++ b/.gitlab/issue_templates/Global
@ -1,11 +0,0 @@
 ## Background
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Please add a label for the type of maintenance as per https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification -->
 /label ~"type::maintenance"
 /label ~"group::global search"
 /label ~"workflow::solution validation" 
 /milestone %Backlog
--- a/.gitlab/issue_templates/Implementation.md
+++ b/.gitlab/issue_templates/Implementation.md
@ -37,20 +37,13 @@ Add details for required items and delete others.
 ## Implementation plan
 <!--
-Steps and the parts of the code that will need to get updated.
+Steps and the parts of the code that will need to get updated. The plan can also
-The plan can also call-out responsibilities for other team members or teams and
+call-out responsibilities for other team members or teams.
 can be split into smaller MRs to simplify the code review process.
 e.g.:
 - MR 1: Part 1
 - [ ] ~frontend Step 1
 - [ ] ~frontend Step 2
 - MR 2: Part 2
 - [ ] ~backend Step 1
 - [ ] ~backend Step 2
 - MR 3: Part 3
 - [ ] ~frontend Step 1
  - [ ] `@person` Step 1a
 - [ ] ~frontend Step 2
 -->
--- a/.gitlab/issue_templates/Navigation
+++ b/.gitlab/issue_templates/Navigation
@ -0,0 +1,14 @@
 <!-- This template is used for proposing changes to the left sidebar contextual navigation. This could include additions, removals, or general changes to overall hierarchy.-->
 ### Proposal 
 <!-- Use this section to explain the proposed changes, including details around usage and business drivers. -->
 ### Checklist
 - [ ] If your proposal includes changes to the top-level menu items within the left sidebar, engage the [Foundations Product Design Manager](https://about.gitlab.com/handbook/product/categories/#foundations-group) for approval. The Foundations DRI will work with UX partners in product design, research, and technical writing, as applicable.
 - [ ] Follow the [product development workflow](https://about.gitlab.com/handbook/product-development-flow/#validation-phase-2-problem-validation) validation process to ensure you are solving a well understood problem and that the proposed change is understandable and non-disruptive to users. Navigation-specific research is strongly encouraged.
 - [ ] Engage the [Foundations](https://about.gitlab.com/handbook/product/categories/#foundations-group) team to ensure your proposal is in alignment with holistic changes happening to the left side bar.
 - [ ] Consider whether you need to communicate the change somehow, or if you will have an interim period in the UI where your nav item will live in more than one place.
 /label ~UX ~"UI text" ~"documentation" ~"documentation" ~"Category:Navigation & Settings" ~"Category:Foundations" ~navigation 
--- a/.gitlab/issue_templates/Navigation
+++ b/.gitlab/issue_templates/Navigation
@ -1,26 +0,0 @@
 <!-- This template is used for proposing changes to the left sidebar contextual navigation. This could include additions, removals, or general changes to overall hierarchy.-->
 ### Proposal 
 <!-- Use this section to explain the proposed changes, including details around usage and business drivers. -->
 #### Other locations that were considered
 <!-- Include other design patterns or places you considered for this feature besides navigation. -->
 ### Checklist
 - [ ] Review the handbook page for [navigation changes](https://about.gitlab.com/handbook/product/ux/navigation/#when-to-consider-making-a-change-to-the-navigation)
 - [ ] Add relevant information to the issue description detailing your proposal, including usage and business drivers.
 - [ ] List at least two other places you considered to introduce your feature
 - [ ] Add relevant designs to the Design Management area of the issue
 - [ ] Ensure your UI suggestion align with the [Documentation Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/)
 - [ ] Engage ~"Technical Writing". They can help craft a term that best describes the feature(s) you’re proposing. 
 - [ ] Follow the [product development workflow](https://about.gitlab.com/handbook/product-development-flow/#validation-phase-2-problem-validation) validation process to ensure you are solving a well understood problem and that the proposed change is understandable and non-disruptive to users. Navigation-specific research is mandatory for additions or when restructuring.
 - [ ] Engage the [Foundations Product Manager](https://about.gitlab.com/handbook/product/categories/#foundations-group) for approval. The Foundations DRI (@cdybenko) will work with UX partners in product design, research, and technical writing, as applicable.
 - [ ] Consider whether you need to [communicate the change somehow](https://design.gitlab.com/patterns/navigation#messaging-changes-to-users), or if you will have an interim period in the UI where your item will live in more than one place.
 - [ ] Ensure engineers are familiar with the [implementation steps for navigation](https://docs.gitlab.com/ee/development/navigation_sidebar.html#navigation-sidebar).
 /label ~UX ~"UI text" ~"documentation" ~"Category:Navigation & Settings"  ~navigation ~type::ignore
 /label ~"Nav request::Start"  
--- a/.gitlab/issue_templates/OSS_Partner.md
+++ b/.gitlab/issue_templates/OSS_Partner.md
@ -0,0 +1,68 @@
 <!-- Please title your issue with the following format: "Project Name | Issue Tracker". -->
 ## Background
 <!-- 
 Please add information here about why your project is considering a migration to GitLab, or why it decided to do so. Include any initial announcements that have been / were made about the decision or status.
 -->
 ### Goals
 <!-- What are some of the goals of your migration to GitLab? Delete this section if you don't want to enumerate goals. -->
 ## Quick Facts
 <!-- Please complete as many items in this list as possible. If you're not sure yet, add "TBD" (To be Decided) or "Unknown" -->
 * **Timeline.** - 
 * **Product.** - SaaS-Ultimate/Self-Managed-Ultimate or Community Edition
 * **Project's License.** What kind of OSI-approved license does your project use? 
 ## Current Tooling and Replacements
 <!-- 
 Please fill in the table to give an overview of your current tooling. Here's a description of what to include in each column:  
 - Tool: which tool or platform you are currently using
 - Feature: which particular feature you are using in that tool or platform
 - GitLab feature: equivalent GitLab feature (the GitLab team can help fill this in, as well as the info in the next column)
 - GitLab edition: in which GitLab edition (CE or EE) is this feature available? 
 Here's an example of a replacements overview from one of the projects which migrated to GitLab:  https://gitlab.com/gitlab-org/gitlab/-/issues/25657#gitlab-replacements
 Consider deleting the table below if you are unable to expand upon your current tooling.
 -->
 | Tool | Feature | GitLab feature | GitLab edition |
 | --- | --- | --- | --- |
 |  |  |  |  |
 ## Collaborators
 <!-- Please add names of collaborators in the format: Name, Title, Role (what will you be helping to do, or how should you be involved), GitLab username -->
 ## Related Issues
 <!-- Add any related issues that are important for your project by adding the title of the issue and a link to it (preferably as an embedded link). You will probably keep editing this section as the migration progresses, so don't worry if it's mostly blank for now. 
 Here is an example of what this list might look like once populated: https://gitlab.com/gitlab-org/gitlab-foss/-/issues/55039#outstanding-issues
 -->
 ### Blockers
 * [ ] ADD_LINK_TO_ISSUE_HERE
 ### Urgent
 * [ ] 
 ### Important but not urgent
 * [ ] 
 ### Nice to have
 * [ ] 
 ------
 /label ~"Open Source Partners"
 /cc @nuritzi @greg
--- a/.gitlab/issue_templates/Performance
+++ b/.gitlab/issue_templates/Performance
@ -0,0 +1,23 @@
 <!--
 Performance Indicator Metric issues are used for adding, updating, or removing performance indicator type in Service Ping metrics.
 Please title your issue with the following format: "{action}(Add|Update|Remove) Metric name as performance indicator"
 Example of title: "Add some_feature_views as gmau"
 -->
 ## Summary
 <!--
 Summary of the changes
 -->
 ## Tasks
 - [ ] [Link to metric definition]()
 - [ ] Create issue in GitLab Data Team project using [Product Performance Indicator template](https://gitlab.com/gitlab-data/analytics/-/issues/new?issuable_template=Product%20Performance%20Indicator%20Template)
 See [Product Intelligence Guide](https://docs.gitlab.com/ee/development/service_ping/performance_indicator_metrics.html) for details
 /label ~"product intelligence" ~"Data Warehouse::Impact Check"
--- a/.gitlab/issue_templates/Pipeline
+++ b/.gitlab/issue_templates/Pipeline
@ -12,22 +12,6 @@
 ## Proposal
 ## Additional details
 <!--
 _NOTE: If the issue has addressed all of these questions, this separate section can be removed._
 -->
 Some relevant technical details, if applicable, such as:
 - Does this need a ~"feature flag"?
 - Does there need to be an associated ~"instrumentation" issue created related to this work?
 - Is there an example response showing the data structure that should be returned (new endpoints only)?
 - What permissions should be used?
 - Is this EE or CE?
    - [ ] EE
    - [ ] CE
 - Additional comments:
 ## Implementation Table
 <!--
@ -51,4 +35,4 @@ _NOTE: This section is optional, but can be used for easy access to any relevant
-/label ~"group::pipeline authoring" ~"Category:Pipeline Composition" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"
+/label ~"group::pipeline authoring" ~"Category:Pipeline Authoring" ~"section::ops" ~"devops::verify" ~"workflow::planning breakdown"
--- a/.gitlab/issue_templates/QA
+++ b/.gitlab/issue_templates/QA
@ -56,9 +56,6 @@ If you include multiple screenshots it can be helpful to hide all but the first
 <!-- Base labels. -->
 /label ~Quality ~QA ~test
 <!-- Work classification type label, please apply ignore type label until the investigation is complete and an [issue type](https://about.gitlab.com/handbook/engineering/metrics/#work-type-classification) is determined.-->
 /label ~"type::ignore" 
 <!-- Test failure type label, please use just one.-->
 /label ~"failure::broken-test" ~"failure::flaky-test" ~"failure::stale-test" ~"failure::test-environment" ~"failure::investigating" ~"failure::new"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -1,43 +0,0 @@
 ## Summary
 <!-- Summarize the bug encountered concisely. -->
 ## Steps to reproduce
 <!-- Describe how one can reproduce the issue - this is very important. Please use an ordered list. -->
 ## What is the current *bug* behavior?
 <!-- Describe what actually happens. -->
 ## What is the expected *correct* behavior?
 <!-- Describe what you should see instead. -->
 ## Relevant logs and/or screenshots
 <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
 as it's tough to read otherwise. -->
 ## Possible fixes
 <!-- If you can, link to the line of code that might be responsible for the problem. -->
 <!-- Default labels -->
 /label ~"group::release"
 /label ~"type::bug"
 /label ~"workflow::planning breakdown"
 <!-- Optional labels -->
 /label ~backend ~frontend ~UX
 <!-- https://about.gitlab.com/handbook/engineering/quality/issue-triage/#severity -->
 /label ~"severity::3" ~"priority::3"
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -1,26 +0,0 @@
 ## Problem to solve
 <!-- What problem do we solve? Try to define the who/what/why of the opportunity as a user story. For example, "As a (who), I want (what), so I can (why/value)." -->
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Default labels -->
 /label ~"group::release"
 /label ~"type::feature"
 /label ~"workflow::problem validation" 
 /label ~UX
 <!-- Optional labels -->
 /label ~backend ~frontend
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Release
+++ b/.gitlab/issue_templates/Release
@ -1,18 +0,0 @@
 ## Background
 ## Proposal
 <!-- Use this section to explain the feature and how it will work. It can be helpful to add technical details, design proposals, and links to related epics or issues. -->
 <!-- Set labels and other metadata -->
 /label ~"group::release"
 /label ~"type::maintenance"
 /label ~"workflow::planning breakdown"
 <!-- If you already have an implementation plan, please fill in detail below https://about.gitlab.com/handbook/engineering/development/ops/release/planning/#weights -->
 /weight X
 /label ~"backend-weight::" ~"frontend-weight::" ~"workflow::ready for development"
 ## Implementation guide
 <!-- If the issue clear enough, consider inviting community contributors -->
 /label ~"Seeking community contributions" ~"good for new contributors"
--- a/.gitlab/issue_templates/Security
+++ b/.gitlab/issue_templates/Security
@ -10,12 +10,11 @@ Set the title to: `Description of the original issue`
 - [ ] Read the [security process for developers] if you are not familiar with it.
 - [ ] Make sure the [issue really needs to follow the security release workflow].
 - [ ] Add a `~severity::x` label to the issue and all associated merge requests.
 - [ ] **IMPORTANT**: Mark this [issue as linked] to the Security Release Tracking Issue. You can find it [here](https://gitlab.com/gitlab-org/gitlab/-/issues?sort=created_date&state=opened&label_name[]=upcoming+security+release). This issue
 MUST be linked for the release bot to know that the associated merge requests should be merged for this security release.
 - [ ] Mark this [issue as linked] to the `gitlab-org/gitlab` issue that describes the security vulnerability.
 - Fill out the [Links section](#links):
  - [ ] Next to **Issue on GitLab**, add a link to the `gitlab-org/gitlab` issue that describes the security vulnerability.
 - [ ] Add one of the `~severity::x` labels to the issue and all associated merge requests.
 - [ ] If this change affects the public interface (public API or UI) of the product, post in the `#support_gitlab-com` Slack channel  to explain the impact and discuss a mitigation plan for users that might be affected. If you need Support feedback or approval, reach out in `#spt_managers` Slack channel or mention `@gitlab-com/support/managers`.
 ## Development
@ -23,7 +22,6 @@ MUST be linked for the release bot to know that the associated merge requests sh
 - [ ] Run `scripts/security-harness` in your local repository to prevent accidentally pushing to any remote besides `gitlab.com/gitlab-org/security`.
 - [ ] Create a new branch prefixing it with `security-`.
 - [ ] Create a merge request targeting `master` on `gitlab.com/gitlab-org/security` and use the [Security Release merge request template].
 - [ ] If this includes a breaking change, make sure to include a mention of it for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
 After your merge request has been approved according to our [approval guidelines] and by a team member of the AppSec team, you're ready to prepare the backports
@ -40,14 +38,13 @@ After your merge request has been approved according to our [approval guidelines
 ## Documentation and final details
 - [ ] To avoid release delays, please nominate a developer in a different timezone who will be able to respond to any pipeline or merge failures in your absence `@gitlab-username`
 - [ ] Ensure `~severity::x` label is on this issue, all associated issues, and merge requests
 - [ ] Ensure the [Links section](#links) is completed.
 - [ ] Add the GitLab [versions](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#versions-affected) and editions affected to the [details section](#details)
  * The Git history of the files affected may help you associate the issue with a [release](https://about.gitlab.com/releases/)
 - [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)
 - [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)
 - [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details)
 - [ ] If this includes a breaking change, make sure it is mentioned for the relevant versions in [`doc/update/index.md`](https://gitlab.com/gitlab-org/security/gitlab/-/blob/master/doc/update/index.md#version-specific-upgrading-instructions)
 ## Summary
@ -67,7 +64,6 @@ After your merge request has been approved according to our [approval guidelines
 | Upgrade notes | | |
 | GitLab Settings updated | Yes/No| |
 | Migration required | Yes/No | |
 | Breaking change to UI or public API | Yes/No | <!-- How should the breaking change be communicated? --> |
 | Thanks | | |
 [security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
--- a/.gitlab/issue_templates/Service
+++ b/.gitlab/issue_templates/Service
@ -1,6 +1,6 @@
-<!-- This issue template is used by https://about.gitlab.com/handbook/engineering/development/analytics-section/product-intelligence/ for tracking effort around Service Ping reporting for GitLab.com -->
+<!-- This issue template is used by https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/ for tracking effort around Service Ping reporting for GitLab.com -->
-The [Product Intelligence group](https://about.gitlab.com/handbook/engineering/development/analytics/product-intelligence/) runs manual reporting of ServicePing for GitLab.com on a weekly basis. This issue:
+The [Product Intelligence group](https://about.gitlab.com/handbook/engineering/development/growth/product-intelligence/) runs manual reporting of ServicePing for GitLab.com on a weekly basis. This issue captures:
 - Captures the work required to complete the reporting process,.
 - Captures the follow-up tasks that are focused on metrics performance verification.
@ -27,7 +27,7 @@ Broken metrics issues are marked with the ~"broken metric" label.
 1. Note which bastion host machine was assigned. For example: `<username>@bastion-01-inf-gprd.c.gitlab-production.internal:~$` shows that you are connected to `bastion-01-inf-gprd.c.gitlab-production.internal`.
 1. Create a named screen: `screen -S $USER-service-ping-$(date +%F)`.
 1. Connect to the console host: `ssh $USER-rails@console-01-sv-gprd.c.gitlab-production.internal`.
-1. Run: `GitlabServicePingWorker.new.perform('triggered_from_cron' => false)`.
+1. Run: `ServicePing::SubmitService.new.execute`.
 1. Press <kbd>Control</kbd>+<kbd>a</kbd> followed by <kbd>Control</kbd>+<kbd>d</kbd> to detach from the screen session.
 1. Exit from the bastion: `exit`.
@ -58,12 +58,12 @@ OR
 ## Service Ping process triggering (through a long-running SSH session)
 1. Connect to the `gprd` Rails console.
-1. Run `GitlabServicePingWorker.new.perform('triggered_from_cron' => false)`. This process requires more than 30 hours to complete.
+1. Run `SubmitUsagePingService.new.execute`. This process requires more than 30 hours to complete.
 1. Find the last payload in the `raw_usage_data` table: `RawUsageData.last.payload`.
 1. Check the when the payload was sent: `RawUsageData.last.sent_at`.
 ```plaintext
-GitlabServicePingWorker.new.perform('triggered_from_cron' => false)
+ServicePing::SubmitService.new.execute
 # Get the payload
 RawUsageData.last.payload
@ -123,7 +123,7 @@ If you get mentioned, check the failing metric and open an optimization issue.
 <!-- Do not edit below this line -->
 /confidential
-/label ~"group::product intelligence" ~"devops::analytics" ~backend ~"section::analytics" ~"Category:Service Ping"
+/label ~"group::product intelligence" ~"devops::growth" ~backend ~"section::growth" ~"Category:Service Ping"
 /epic https://gitlab.com/groups/gitlab-org/-/epics/6000
 /weight 5
 /title Monitor and Generate GitLab.com Service Ping
--- a/.gitlab/issue_templates/Solution
+++ b/.gitlab/issue_templates/Solution
@ -26,7 +26,7 @@
 <!-- #### TODO Checklist
 Consider adding a checklist in order to keep track of what stage the research is up to. Some possible checklist templates are here:
- https://about.gitlab.com/handbook/product/ux/ux-research-training/templates-resources-for-research-studies/#checklists
+ https://about.gitlab.com/handbook/engineering/ux/ux-research-training/templates-resources-for-research-studies/#checklists
 -->
 /label ~"workflow::solution validation"
--- a/.gitlab/issue_templates/Synchronous
+++ b/.gitlab/issue_templates/Synchronous
@ -1,11 +0,0 @@
 <!-- Title suggestion: <async-index-name> synchronous database index(es) addition/removal -->
 ## Summary
 This issue is to add a migration(s) to create/destroy the `<async-index-name>` database index(es) synchronously after it has been created/destroyed on GitLab.com.
 The asynchronous index(es) was introduced in <!-- Link to MR that introduced the asynchronous index -->.
 /assign me
 /due in 2 weeks
 /label ~database ~"type::maintenance" ~"maintenance::scalability"
--- a/.gitlab/issue_templates/UX
+++ b/.gitlab/issue_templates/UX
@ -1,88 +0,0 @@
 <!-- Most of the work designers do will be on themes in the (Now) Next 1-3 milestone column of their UX Roadmap. These themes are comprised of high-confidence outcomes and validated needs. The UX theme issue is where collaboration should occur, including plans and discussion on subthemes, research, and design feedback. Related design exploration and solution validation issues should stem from the theme issue. 
 One of the advantages of working with UX themes is that it allows us to think and design holistically by designing the theme as a whole instead of a single issue at a time, trying to piece them together as we go. For more details, please refer to this section of the handbook when creating UX Themes: https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#ux-theme-structure -->
 <!--
 !!Note: The theme statement is the defacto title that will reference the theme and serve as the theme issue title.!! It should be something that is easily understood that quickly communicates the intent of the theme allowing team members to easily understand and recognize the expected work that will be done.
 -->
 ----
 ### Theme statement
 <!-- A theme statement combines the beneficiary, their job, and their expected outcome when the work is delivered and serves as the design goal for the team who owns the theme. Well-defined statements are concise without sacrificing the substance of the theme so that anyone can understand it at a glance. Well-defined statements are concise without sacrificing the substance of the theme so that anyone can understand it at a glance. (For instance, Reduce the effort for security teams when prioritizing business-critical risks in their assets.) -->
 <!-- Also Theme issue tile -->
 {`Need/outcome` } + {`Beneficiary`} + {`Job/Small Job`} 
 #### Main Job story
 <!-- What is the [Main Job story](https://about.gitlab.com/handbook/product/ux/jobs-to-be-done/#how-to-write-a-jtbd) that this theme was derived from? (For instance, When I am on triage rotation, I want to address all the business-critical risks in my assets, So I can minimize the likelihood of my organization being compromised by a security breach.) -->
 #### Business objective
 <!-- Objectives (from a business point of view) that will be achieved upon completion. (For instance, Increase engagement by making the experience efficient while reducing the chances of users overlooking high-priority items. --> 
 #### Confidence
 <!-- How well do we understand the user's problem and their need? Refer to https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#confidence to assess confidence -->
 | Confidence | Research | 
 | --- | --- | 
 | [High/Medium/Low] | [research/insight issue](Link) | 
 ### Requirements
 <!-- Requirements can be taken from existing features or design issues used to build this theme. Any related issues should be linked with this issue in the Feature/solution issues section below. They are more granular validated needs, goals, and additional details that the theme encompasses. These are typically reserved for themes in the next (1-3 milestones) column. Requirements should answer “what” the beneficiary of this theme needs from the solution.
 Note: This is not a backlog. If the issue can not be delivered in the theme timeframe, then the theme is too big and needs to be broken down into multiple themes. -->
 >⚠️ Related feature and research issues should be linked in the related issues section (Delete this line when this is done)
 #### The beneficiary needs to be able to:
 - [Small job statement]
  - [Micro job statement]
  - [Micro job statement]
 - [etc.]
 #### Research
 <!-- Researchers and Designers; Use this table to track UX research related to this theme. This may include problem validation and solution validation activities. 
 --> 
 | Issue | Research type | Research status |
 | ---------- | --------- | --------- |   
 | [Issue]()  | <!--Solution validation, Problem validation, etc., --> |  <!-- Planned, In Progress, Complete, etc.,-->  |  
 | [Issue]()  | <!--Solution validation, Problem validation, etc., --> |  <!-- Planned, In Progress, Complete, etc.,-->  |
 #### Ready for design checklist
 The items are self-check suggestions; they could be contributed by designers, product managers, or researchers
 * [ ] The `theme` has high confidence (derived from research or other data-gathering techniques)
 * [ ] The `Related issues`, features, research, and other background information are linked to the related issues section
 * [ ] The `Business objective` has been defined
 * [ ] The `Requirements` have been defined, and the scope has been agreed upon
 * [ ] This UX Theme contains everything necessary to complete a design solution and is ready for design
 #### [Thematic design workflow checklist](https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#suggested-workflow)
 <!-- please refer to the [suggested workflow](https://about.gitlab.com/handbook/product/ux/product-design/ux-roadmaps/#suggested-workflow) when working on UX themes-->
 * [ ] **Theme assessed** Ready for design checklist complete
 * [ ] **Ideate and Iterate**
  * [ ] User flow diagram generated
  * [ ] Low-fidelity wireframes of the entire theme created
  * [ ] [Feedback requested](https://about.gitlab.com/handbook/product/ux/product-designer/#design-reviews) and incorporated into flow diagram and wireframes
 * [ ] **Validate**
  * [ ] [Solution validation](https://about.gitlab.com/handbook/product/ux/ux-research/solution-validation-and-methods/) conducted on Low/mid-fidelity flow 
 * [ ] **Refine**  
  * [ ] Resaerch findings incorporated into design
  * [ ] All micro-interactions are defined
  * [ ] All edge-cases are accounted for and defined
  * [ ] All copy has been reviewed by tech writing
  * [ ] Accessibnility guidelines have been considered
  * [ ] High-fidelity designs posted
  * [ ] Feedback requested from counterparts
    * [ ] (If necessary) Validate high-fidelity flow in a 2nd round of user testing
  * [ ] Refine final design from feedback and user research
 * [ ] **Hand-off**
  * [ ] Designs broken down based on the their ability to stand alone and that they provide value to the user.
  * [ ] MVC plan agreement reached 
  * [ ] Planning breakdown complete
 /label ~"UX"  ~"UX Theme"
--- a/.gitlab/issue_templates/Utilization
+++ b/.gitlab/issue_templates/Utilization
@ -1,166 +0,0 @@
 <!---
 Please read this!
 Before opening a new issue, make sure to search for keywords in the issues
 filtered by the "regression" or "type::bug" label:
 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests?scope=all&label_name[]=group%3A%3Autilization&label_name[]=section%3A%3Afulfillment&label_name%5B%5D=type::regression
 - https://gitlab.com/gitlab-org/gitlab/-/merge_requests?scope=all&label_name[]=group%3A%3Autilization&label_name[]=section%3A%3Afulfillment&label_name%5B%5D=type::bug
 and verify the issue you're about to submit isn't a duplicate.
 --->
 Utilization group: Bug Report Template
 ## Bug Summary
 <!-- Provide a brief overview of the issue. What is the problem that needs to be addressed? -->
 ## Steps to reproduce
 <!-- Provide a clear and detailed description of the steps needed to reproduce the bug. This should include any specific inputs, expected outputs, and observed outputs. -->
 1. [Step 1]
 1. [Step 2]
 1. [Step 3]
 1. [Step 4]
 1. [Step 5]
 ## Example Project
 <!-- If possible, please create an example project here on GitLab.com that exhibits the problematic 
 behavior, and link to it here in the bug report. If you are using an older version of GitLab, this 
 will also determine whether the bug is fixed in a more recent version. -->
 ## What is the current *bug* behavior?
 <!-- Describe the current behavior of the system or application in response to the actions described in the steps above. -->
 ## What is the expected *correct* behavior?
 <!-- Describe the expected behavior of the system or application in response to the actions described in the steps above. -->
 ## Reproducibility
 <!-- Describe how frequently the bug occurs. -->
 ## Impact Assessment
 <!-- Describe the impact of this bug on the user experience and/or the product as a whole. -->
 ## Severity
 <!-- Provide an assessment of the severity of the bug, based on its impact on the user experience and/or the product as a whole. -->
 ## Environment
 <!-- List the relevant environment information, including the operating system, web browser, device, etc. -->
 ## Screenshots and/or Relevant logs
 <!-- Include any relevant screenshots to help illustrate the bug. -->
 <!-- Paste any relevant logs - please use code blocks (```) to format console output, logs, and code
 as it's tough to read otherwise. -->
 ## Output of checks (GitLab.com)
 <!-- If you are reporting a bug on GitLab.com, uncomment below, if not, delete this section -->
 <!-- This bug happens on GitLab.com -->
 <!-- /label ~"reproduced on GitLab.com" -->
 ## Results of GitLab environment info
 <!--  Input any relevant GitLab environment information if needed. -->
 <details>
 <summary>Expand for output related to GitLab environment info</summary>
 <pre>
 (For installations with omnibus-gitlab package run and paste the output of:
 `sudo gitlab-rake gitlab:env:info`)
 (For installations from source run and paste the output of:
 `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
 </pre>
 </details>
 ## Results of GitLab application Check
 <!--  Input any relevant GitLab application check information if needed. -->
 <details>
 <summary>Expand for output related to the GitLab application check</summary>
 <pre>
 (For installations with omnibus-gitlab package run and paste the output of:
 `sudo gitlab-rake gitlab:check SANITIZE=true`)
 (For installations from source run and paste the output of:
 `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`)
 (we will only investigate if the tests are passing)
 </pre>
 </details>
 ## Possible fixes
 <!-- If you can, link to the line of code that might be responsible for the problem. -->
 <!-- If you have any suggestions for how to fix the bug, provide them here. -->
 <!-- If you are unsure about the subtype of this bug, please check our SSOT https://about.gitlab.com/handbook/engineering/metrics/?_gl=1*920mnx*_ga*ODQ3OTI1Mjk1LjE2NzA0MDg0NjU.*_ga_ENFH3X7M5Y*MTY4MTM3OTA3My4yNzkuMS4xNjgxMzc5MTI0LjAuMC4w#work-type-classification -->
 /label ~"type::bug"
 /label ~"Category:Consumables Cost Management"
 /label ~"group::utilization"
 /label ~"section::fulfillment"
 ---
 <details>
 <summary>Illustrative Description: (This is not an actual issue, but rather a sample report that demonstrates how a bug could be presented)</summary>
 ## Bug Summary
 When attempting to log in to GitLab using a new account, the system does not recognize the account and returns an error message.
 ## Steps to Reproduce
 1. Navigate to the GitLab login page.
 1. Enter the email and password for a new account.
 1. Click the "Log In" button.
 1. Observe the error message: "The email or password you entered is incorrect. Please try again."
 ## What is the current *bug* behavior?
 The system does not recognize the new account and returns an error message.
 ## What is the expected *correct* behavior?
 The system should recognize the new account and allow the user to log in.
 ## Reproducibility
 This bug occurs consistently when attempting to log in with a new account.
 ## Impact Assessment
 This bug prevents new users from accessing GitLab and may result in frustration and lost productivity.
 ## Severity
 This bug is of medium severity, as it prevents new users from accessing the system, but does not affect the functionality of existing users.
 ## Environment
 - Operating System: macOS Ventura
 - Browser: Google Chrome 111.0.5563.146
 ## Screenshots and/or Relevant logs
 [Insert screenshot of the error message.]
 ## Possible Fix
 It is unclear what may be causing this bug. Further investigation is required to identify a possible fix.
 </details>
--- a/.gitlab/issue_templates/Utilization
+++ b/.gitlab/issue_templates/Utilization
@ -1,65 +0,0 @@
 Utilization group: Feature Template
 ## Description
 <!-- As a [user or stakeholder], I want [goal or objective] so that [reason or benefit]. -->
 ## Acceptance Criteria
 <!-- 
 - [ ] [Describe what must be achieved to complete this issue.]
 - [ ] [Describe another requirement needed to complete this issue.]
 - [ ] [Add additional acceptance criteria as needed.]
 -->
 ## Technical Requirements
 <!-- [If applicable, please list out any technical requirements for this feature/enhancement.] -->
 ## Design Requirements
 <!-- [If applicable, please provide a link to the design specifications for this feature/enhancement.] -->
 ## Impact Assessment
 <!-- [Please describe the impact this feature/enhancement will have on the user experience and/or the product as a whole.] -->
 ## User Story
 <!-- [Provide a user story to illustrate the use case for this feature/enhancement. Include examples to help communicate the intended functionality.] -->
 /label ~"type::feature"
 /label ~"Category:Consumables Cost Management"
 /label ~"group::utilization"
 /label ~"section::fulfillment"
 <details>
 <summary>Illustrative Description: (This is not an actual issue, but rather a sample report that demonstrates how a feature could be presented) </summary>
 ## Description
 As a developer, I want to be able to easily create and manage merge requests, so that I can collaborate effectively with my team and ensure that code changes are reviewed and merged efficiently.
 ## Acceptance Criteria
 - [ ] The merge request feature should allow developers to create a new merge request from a branch.
 - [ ] The merge request feature should allow developers to assign the merge request to another team member for review.
 - [ ] The merge request feature should provide a clear and easy-to-use interface for managing merge requests.
 - [ ] The merge request feature should integrate with other GitLab features, such as issue tracking and continuous integration.
 ## Technical Requirements
 - The merge request feature should be implemented using GitLab's API.
 - The merge request feature should be integrated with GitLab's existing authentication and authorization system.
 - The merge request feature should be optimized for performance and scalability.
 ## Design Requirements
 - [Design specifications for this feature can be found here.](insert_design_link_here)
 ## Impact Assessment
 This feature will significantly enhance the collaboration and code review process for developers using GitLab. By providing an intuitive and easy-to-use interface for managing merge requests, developers will be able to work more efficiently and effectively as a team. Additionally, integrating the merge request feature with other GitLab features will further streamline the development process.
 ## User Story
 As a developer working on a new feature branch, I want to be able to create a new merge request and assign it to a team member for review, so that I can ensure that my code changes are thoroughly reviewed before being merged into the main codebase. With the new merge request feature, I can easily create a new merge request, assign it to a team member for review, and track its status throughout the review process. This will help me work more efficiently and effectively as a team, while also maintaining high code quality and reliability.
 </details>
--- a/.gitlab/issue_templates/Utilization
+++ b/.gitlab/issue_templates/Utilization
@ -1,69 +0,0 @@
 Utilization Group: Maintenance Template
 ## Description
 <!-- Briefly describe the maintenance issue. -->
 ## Acceptance Criteria
 <!-- 
 - [ ] [Describe the completion requirements.]
 - [ ] [Add additional acceptance criteria as necessary.]
 -->
 ## Technical Requirements
 <!-- [List any technical requirements for this maintenance issue.] -->
 ## Impact Assessment
 <!-- [Describe the impact of this maintenance issue on the user experience and/or the product as a whole.] -->
 ## Steps to Reproduce
 <!-- [Provide detailed steps on how to reproduce the maintenance issue.] -->
 ## Expected Results
 <!-- [Describe the expected outcome when the maintenance issue is resolved.] -->
 ## Actual Results
 <!-- [Describe the current outcome of the maintenance issue.] -->
 /label ~type::maintenance
 /label ~"Category:Consumables Cost Management"
 /label ~"group::utilization"
 /label ~"section::fulfillment"
 <details>
 <summary>Illustrative Description: (This is not an actual maintenance issue, but rather a sample report that demonstrates how a maintenance issue could be presented) </summary>
 ## Description
 The login page is taking longer than expected to load, which is impacting the user experience.
 ## Acceptance Criteria
 - [ ] The login page should load in less than 3 seconds on both desktop and mobile devices.
 - [ ] The login page should be tested on different browsers to ensure compatibility.
 - [ ] The login page should not display any errors or warnings in the console.
 ## Technical Requirements
 - [ ] The login page should be optimized for performance.
 - [ ] The login page should be tested on different browsers.
 - [ ] The login page should be updated to use the latest version of the authentication library.
 ## Impact Assessment
 This maintenance issue is impacting the user experience by causing delays in the login process. By resolving this issue, users will be able to log in faster and have a better overall experience.
 ## Steps to Reproduce
 1. Open the login page.
 1. Wait for the page to load.
 1. Measure the time it takes for the page to fully load.
 ## Expected Results
 The login page should load in less than 3 seconds on both desktop and mobile devices.
 ## Actual Results
 The login page is currently taking more than 5 seconds to load on desktop devices and more than 7 seconds on mobile devices. This is causing frustration and delays for users.
 </details>
--- a/.gitlab/issue_templates/rca.md
+++ b/.gitlab/issue_templates/rca.md
@ -1,125 +0,0 @@
 **Please note:** if the incident relates to sensitive data or is security-related, consider
 labeling this issue with ~security and mark it confidential, or create it in a private repository. 
 There is now a separate internal-only RCA template for SIRT issues referenced https://about.gitlab.com/handbook/security/root-cause-analysis.html
 ***
 ## Summary
 A brief summary of what happened. Try to make it as executive-friendly as possible.
 - Service(s) affected:
 - Team attribution:
 - Minutes downtime or degradation:
 ## Impact & Metrics
 Start with the following:
 | Question | Answer |
 | ----- | ----- |
 | What was the impact? | (i.e. service outage, sub-service brown-out, exposure of sensitive data, ...) |
 | Who was impacted? | (i.e. external customers, internal customers, specific teams, ...) |
 | How did this impact customers? | (i.e. preventing them from doing X, incorrect display of Y, ...) |
 | How many attempts made to access? |  |
 | How many customers affected? |  |
 | How many customers tried to access? |  |
 Include any additional metrics that are of relevance.
 Provide any relevant graphs that could help understand the impact of the incident and its dynamics.
 ## Detection & Response
 Start with the following:
 | Question | Answer |
 | ----- | ----- |
 | When was the incident detected? | YYYY-MM-DD UTC |
 | How was the incident detected? | (i.e. DELKE, H1 Report, ...) |
 | Did alarming work as expected? |  |
 | How long did it take from the start of the incident to its detection? |  |
 | How long did it take from detection to remediation? |  |
 | What steps were taken to remediate? |  |
 | Were there any issues with the response? | (i.e. bastion host used to access the service was not available, relevant team member wasn't page-able, ...) |
 ## MR Checklist
 Consider these questions if a code change introduced the issue.
 | Question | Answer |
 | ----- | ----- |
 | Was the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) marked as reviewed in the MR? | |
 | Should the checklist be updated to help reduce chances of future recurrences? If so, who is the DRI to do so? | |
 ## Timeline
 YYYY-MM-DD
 - 00:00 UTC - something happened
 - 00:01 UTC - something else happened
 - ...
 YYYY-MM-DD+1
 - 00:00 UTC - and then this happened
 - 00:01 UTC - and more happened
 - ...
 ## Root Cause Analysis
 The purpose of this document is to understand the reasons that caused an incident, and to create mechanisms to prevent it from recurring in the future. A root cause can **never be a person**, the way of writing has to refer to the system and the context rather than the specific actors.
 Follow the "**5 whys**" in a **blameless** manner as the core of the root cause analysis.
 For this, it is necessary to start with the incident and question why it happened. Keep iterating asking "why?" 5 times. While it's not a hard rule that it has to be 5 times, it helps to keep questions get deeper in finding the actual root cause.
 Keep in mind that from one "why?" there may come more than one answer, consider following the different branches.
 ### Example of the usage of "5 whys"
 The vehicle will not start. (the problem)
 1. Why? - The battery is dead.
 2. Why? - The alternator is not functioning.
 3. Why? - The alternator belt has broken.
 4. Why? - The alternator belt was well beyond its useful service life and not replaced.
 5. Why? - The vehicle was not maintained according to the recommended service schedule. (Fifth why, a root cause)
 ## What went well
 Start with the following:
 - Identify the things that worked well or as expected.
 - Any additional call-outs for what went particularly well.
 ## What can be improved
 Start with the following:
 - Using the root cause analysis, explain what can be improved to prevent this from happening again.
 - Is there anything that could have been done to improve the detection or time to detection?
 - Is there anything that could have been done to improve the response or time to response?
 - Is there an existing issue that would have either prevented this incident or reduced the impact?
 - Did we have any indication or beforehand knowledge that this incident might take place?
 - Was the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) marked as reviewed in the MR?
 - Should the checklist be updated to help reduce chances of future recurrences?
 ## Corrective actions
 - List issues that have been created as corrective actions from this incident.
 - For each issue, include the following:
    - `<Bare issue link>` - Issue labeled as ~"corrective action".
    - An estimated date of completion of the corrective action.
    - The named individual who owns the delivery of the corrective action.
 ## Guidelines
 - [Blameless RCA Guideline](https://about.gitlab.com/handbook/customer-success/professional-services-engineering/workflows/internal/root-cause-analysis.html)
 - [5 whys](https://en.wikipedia.org/wiki/5_Whys)
 /confidential
 /label ~RCA
--- a/.gitlab/merge_request_templates/Change
+++ b/.gitlab/merge_request_templates/Change
@ -14,14 +14,17 @@
 ## Moving docs to a new location?
-Read the [redirect guidelines](https://docs.gitlab.com/ee/development/documentation/redirects.html) first.
+Read the guidelines:
 https://docs.gitlab.com/ee/development/documentation/index.html#move-or-rename-a-page
 - [ ] Make sure the old link is not removed and has its contents replaced with
      a link to the new location.
 - [ ] Make sure internal links pointing to the document in question are not broken.
 - [ ] Search and replace any links referring to old docs in GitLab Rails app,
      specifically under the `app/views/` and `ee/app/views` (for GitLab EE) directories.
- [ ] Update the link in [`features.yml`](https://gitlab.com/gitlab-com/www-gitlab-com/-/blob/master/data/features.yml) (if applicable).
+- [ ] Make sure to add [`redirect_from`](https://docs.gitlab.com/ee/development/documentation/index.html#redirections-for-pages-with-disqus-comments)
      to the new document if there are any Disqus comments on the old document thread.
 - [ ] Update the link in `features.yml` (if applicable).
 - [ ] Assign one of the technical writers for review.
-/label ~documentation ~"Technical Writing" ~"type::maintenance" ~"maintenance::refactor"
+/label ~documentation ~"Technical Writing"
--- a/.gitlab/merge_request_templates/Default.md
+++ b/.gitlab/merge_request_templates/Default.md
@ -8,11 +8,9 @@ that reviewers can understand your intent. Keeping the description updated is
 especially important if they didn't participate in the discussion.
 -->
 %{first_multiline_commit}
 ## Screenshots or screen recordings 
-_Screenshots are required for UI changes, and strongly recommended for all other merge requests._
+_These are strongly recommended to assist reviewers and reduce the time to merge your change._
 <!-- 
 Please include any relevant screenshots or screen recordings that will assist
@ -27,6 +25,10 @@ _Numbered steps to set up and validate the change are strongly suggested._
 <!-- 
 Example below:
 1. Enable the invite modal
   ```ruby
   Feature.enable(:invite_members_group_modal)
   ```
 1. In rails console enable the experiment fully
   ```ruby
   Feature.enable(:member_areas_of_focus)
@ -42,5 +44,3 @@ This checklist encourages us to confirm any changes have been analyzed to reduce
 * [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.
 <!-- template sourced from https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Default.md -->
 /assign me
--- a/.gitlab/merge_request_templates/Deprecations.md
+++ b/.gitlab/merge_request_templates/Deprecations.md
@ -1,5 +1,10 @@
 <!-- Set the correct label and milestone using autocomplete for guidance. Please @mention only the DRI(s) for each stage or group rather than an entire department. -->
 /label ~"release post" ~"release post item" ~"Technical Writing" ~devops:: ~group:: ~"release post item::deprecation"
 /label ~"type::maintenance"
 /milestone %
 /assign `@EM/PM` (choose the DRI; remove backticks here, and below)
 **Be sure to link this MR to the relevant deprecation issue(s).**
 - Deprecation Issue:
@ -25,36 +30,29 @@ Deprecation announcements can and should be created and merged into Docs at any
 ---
-Please review:
+Please review the [guidelines for deprecations](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations),
-
+as well as the process for [creating a deprecation entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry).
 - The definitions of ["Deprecation", "End of Support", and "Removal"](https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology).
 - The [guidelines for deprecations](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations).
 - The process for [creating a deprecation entry](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry).
 They are frequently updated, and everyone should make sure they are aware of the current standards (PM, PMM, EM, and TW).
 ## EM/PM release post item checklist
 - [ ] Set yourself as the Assignee, meaning you are the DRI.
 - [ ] If the deprecation is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`.
 - [ ] Confirm this MR is labeled ~"release post item::deprecation"
 - [ ] Follow the process to [create a deprecation YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry).
 - [ ] Add reviewers by the 10th.
- [ ] Add scoped `devops::` and `group::` labels as necessary.
+- [ ] When ready to be merged and not later than the 15th, add the `~ready` label and @ message the TW for final review and merge.
 - [ ] Add the appropriate milestone to this MR.
 - [ ] When ready to be merged (and no later than the 15th) `@mention` the TW for final review and merge.
 ## Reviewers
 When the content is ready for review, it must be reviewed by a Technical Writer and Engineering Manager, but can also be reviewed by
 Product Marketing, Product Design, and the Product Leaders for this area. Please use the
-[reviewers](https://docs.gitlab.com/ee/user/project/merge_requests/reviews/)
+[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer)
 feature for all reviews. Reviewers will then `approve` the MR and remove themselves from Reviewers when their review is complete.
 - [ ] (Recommended) PMM
 - [ ] (Optional) Product Designer
 - [ ] (Optional) Group Manager or Director
- [ ] Required review and approval: [Technical Writer designated to the corresponding DevOps stage/group](https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments).
+- [ ] Required review and approval: [Technical Writer designated to the corresponding DevOps stage/group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
 ### Tech writer review
@ -71,8 +69,7 @@ yourself as a reviewer if it's not ready for merge yet.
 - [ ] Title:
  - Length limit: 7 words (not including articles or prepositions).
  - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case).
- [ ] Dates:
+  - Rewrite to exclude the words `deprecation`, `deprecate`, `removal`, and `remove` if necessary.
  - Make sure that the milestone dates are based on the dates in [Product milestone creation](https://about.gitlab.com/handbook/product/milestones/#product-milestone-creation).
 - [ ] Consistency:
  - Ensure that all resources (docs, deprecation, etc.) refer to the feature with the same term / feature name.
 - [ ] Content:
@ -103,7 +100,3 @@ must be updated before this MR is merged:
 1. Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete).
 If you have trouble running the Rake task, check the [troubleshooting steps](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecation-rake-task-troubleshooting).
 /label ~"release post" ~"release post item" ~"Technical Writing" ~"release post item::deprecation"
 /label ~"type::maintenance"
 /label ~"maintenance::removal"
--- a/.gitlab/merge_request_templates/Documentation.md
+++ b/.gitlab/merge_request_templates/Documentation.md
@ -8,15 +8,15 @@
 ## Author's checklist
- [ ] Optional. Consider taking [the GitLab Technical Writing Fundamentals course](https://about.gitlab.com/handbook/product/ux/technical-writing/fundamentals/).
+- [ ] Optional. Consider taking [the GitLab Technical Writing Fundamentals course](https://about.gitlab.com/handbook/engineering/ux/technical-writing/fundamentals/).
 - [ ] Follow the:
  - [Documentation process](https://docs.gitlab.com/ee/development/documentation/workflow.html).
  - [Documentation guidelines](https://docs.gitlab.com/ee/development/documentation/).
  - [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
 - [ ] If you're adding or changing the main heading of the page (H1), ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added.
- [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature) based on:
+- [ ] If you are a GitLab team member, [request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-attention-request-feature) based on:
    - The documentation page's [metadata](https://docs.gitlab.com/ee/development/documentation/#metadata).
-    - The [associated Technical Writer](https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments).
+    - The [associated Technical Writer](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
 If you are a GitLab team member and only adding documentation, do not add any of the following labels:
@ -31,12 +31,10 @@ These labels cause the MR to be added to code verification QA issues.
 Documentation-related MRs should be reviewed by a Technical Writer for a non-blocking review, based on [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and the [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
 If you aren't sure which tech writer to ask, use [roulette](https://gitlab-org.gitlab.io/gitlab-roulette/?sortKey=stats.avg30&order=-1&hourFormat24=true&visible=maintainer%7Cdocs) or ask in the [#docs](https://gitlab.slack.com/archives/C16HYA2P5) Slack channel.
 - [ ] If the content requires it, ensure the information is reviewed by a subject matter expert.
 - Technical writer review items:
  - [ ] Ensure docs metadata is present and up-to-date.
-  - [ ] Ensure the appropriate [labels](https://about.gitlab.com/handbook/product/ux/technical-writing/workflow/#labels) are added to this MR.
+  - [ ] Ensure the appropriate [labels](https://about.gitlab.com/handbook/engineering/ux/technical-writing/workflow/#labels) are added to this MR.
  - [ ] Ensure a release milestone is set.
  - If relevant to this MR, ensure [content topic type](https://docs.gitlab.com/ee/development/documentation/structure.html) principles are in use, including:
    - [ ] The headings should be something you'd do a Google search for. Instead of `Default behavior`, say something like `Default behavior when you close an issue`.
@ -45,5 +43,5 @@ If you aren't sure which tech writer to ask, use [roulette](https://gitlab-org.g
    - If the content still needs to be edited for topic types, you can create a follow-up issue with the ~"docs-technical-debt" label.
 - [ ] Review by assigned maintainer, who can always request/require the reviews above. Maintainer's review can occur before or after a technical writer review.
-/label ~documentation ~"type::maintenance" ~"docs::improvement" ~"maintenance::refactor"
+/label ~documentation ~"type::maintenance" ~"docs::improvement"
 /assign me
--- a/.gitlab/merge_request_templates/New
+++ b/.gitlab/merge_request_templates/New
@ -4,26 +4,6 @@
 Please link to the respective test case in the testcases project
 -->
 ## How to set up and validate locally
 <!--
 In most cases this will be the command to run the test, e.g.:
 From the `qa` directory:
 ```
 bundle install
 export WEBDRIVER_HEADLESS=false # If you'd like to watch the test in action
 export QA_GITLAB_URL="http://gdk.test:3000" # Only needed if GDK is not running on http://127.0.0.1:3000
 bundle exec rspec <path/to/spec.rb>
 ```
 This may be particularly helpful if you're requesting reviews from engineers who aren't familiar with GitLab's E2E tests.
 Any other necessary setup should be included here as well, especially if it's an orchestrated test that requires a
 [special setup](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/running_tests_that_require_special_setup.html)
 to run locally against GDK.
 -->
 ### Checklist
 - [ ] Confirm the test has a [`testcase:` tag linking to an existing test case](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/best_practices.html#link-a-test-to-its-test-case-issue) in the test case project.
--- a/.gitlab/merge_request_templates/New
+++ b/.gitlab/merge_request_templates/New
@ -1,6 +1,6 @@
 <!--
 When creating a new cop that could be applied to multiple applications,
-we encourage you to add it to https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles gem.
+we encourage you to add it to https://gitlab.com/gitlab-org/gitlab-styles gem.
 -->
 ## Description of the proposal
--- a/.gitlab/merge_request_templates/New
+++ b/.gitlab/merge_request_templates/New
@ -1,44 +0,0 @@
 <!-- Title suggestion: Upgrade `gitlab-styles` to <VERSION X.Y.Z> - dry-run -->
 ## What does this MR do and why?
 Validating upcoming release of `gitlab-styles` <VERSION X.Y.Z>. See <LINK TO RELEASE MR>.
 This MR can be reused to upgrade `gitlab-styles` in this project after a new version of `gitlab-styles` is released.
 ### Checklist
 - [ ] Verify upcoming release of `gitlab-styles`
  - [ ] Point to "Release" MR of `gitlab-styles` in `Gemfile`
    - For example, `gem 'gitlab-styles', '~> 9.1.0', require: false, git: 'https://gitlab.com/gitlab-org/ruby/gems/gitlab-styles.git', ref: 'ddieulivol-upgrade_to_9.1.0'`
  - [ ] Update [bundler's checksum file](https://docs.gitlab.com/ee/development/gemfile.html#updating-the-checksum-file) via `bundle exec bundler-checksum init`
  - [ ] `rubocop` job
    - [ ] Inspect any warnings/errors
    - [ ] (Optional) [Generate TODOs](https://docs.gitlab.com/ee/development/rubocop_development_guide.html#resolving-rubocop-exceptions) for pending offenses
      - [ ] Put :new: cop rules (or if configuration is changed) in "grace period". See [docs](https://docs.gitlab.com/ee/development/rubocop_development_guide.html#enabling-a-new-cop).
      - [ ] (Optional) Remove any offenses for disabled cops
      - Use `grep --perl-regexp -o ":\d+\d+: \w: \[\S+\] ([\w/]+)" raw_job_output.log | awk '{print $4}' | sort | uniq -c` to get a list of cop rules with offenses. Where `raw_job_output.log` is the raw output of the `rubocop` job
      - [ ] Ignore offenses related to temporary changes in `Gemfile`
    - [ ] (Optional) Autocorrect offenses 
    - [ ] Compare the total runtime of `rubocop --parallel` scan with previous runs
  - [ ] Make sure CI passes :green_heart: 
  - [ ] Don't merge this MR yet!
  - [ ] Wait for `gitlab-styles` to be released
 - [ ] Upgrade released version of `gitlab-styles`
  - [ ] Make sure release is complete
  - [ ] Rephrase the title and MR description to match final upgrade
  - [ ] Point to released version in `Gemfile`
    - [ ] `gem 'gitlab-styles', '~> 9.1.0', require: false`
    - [ ] Update [bundler's checksum file](https://docs.gitlab.com/ee/development/gemfile.html#updating-the-checksum-file) via `bundle exec bundler-checksum init`
  - [ ] (Optional) Regenerate TODOs for new/changed cop rules
  - [ ] Make sure CI passes :green_heart: 
  - [ ] Let the MR being reviewed again and merged
  - [ ] (Optional) Refine this [MR template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/New%20Version%20of%20gitlab-styles.md).
 ## MR acceptance checklist
 This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
 * [ ] I have evaluated the [MR acceptance checklist](https://docs.gitlab.com/ee/development/code_review.html#acceptance-checklist) for this MR.
 /label ~"type::maintenance" ~"maintenance::dependency"  ~backend ~"Engineering Productivity" ~"static code analysis" 
--- a/.gitlab/merge_request_templates/Pipeline
+++ b/.gitlab/merge_request_templates/Pipeline
@ -1,4 +1,4 @@
-<!-- See Pipelines for the GitLab project: https://docs.gitlab.com/ee/development/pipelines -->
+<!-- See Pipelines for the GitLab project: https://docs.gitlab.com/ee/development/pipelines.html -->
 <!-- When in doubt about a Pipeline configuration change, feel free to ping @gl-quality/eng-prod. -->
 ## What does this MR do?
@ -15,7 +15,7 @@
 Consider the effect of the changes in this merge request on the following:
- [ ] Different [pipeline types](https://docs.gitlab.com/ee/development/pipelines/index.html#pipelines-types-for-merge-requests)
+- [ ] Different [pipeline types](https://docs.gitlab.com/ee/development/pipelines.html#pipelines-for-merge-requests)
 - Non-canonical projects:
  - [ ] `gitlab-foss`
  - [ ] `security`
--- a/Show more
+++ b/Show more
		`@ -1 +0,0 @@`
			`# This empty file is used for agent-based integration with Kubernetes`
`@ -1,4 +1,4 @@`
	<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/product/ux/ux-research-training/research-insights/#actionable-insights	<!-- Actionable insights must recommend an action that needs to take place. An actionable insight both defines the insight and clearly calls out action or next step required to improve based on the result of the research observation or data. Actionable insights are tracked over time and will include follow-up. Please follow the tasks outlined in this issue for best results. Learn more in the handbook here: https://about.gitlab.com/handbook/engineering/ux/ux-research-training/research-insights/#actionable-insights

	`This issue template is for an actionable insight that requires further exploration.-->`	`This issue template is for an actionable insight that requires further exploration.-->`
`@ -21,4 +21,4 @@ Please read the below documentations for a workflow of triaging and resolving br`

	`Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.`	`Please refer to the [Resolution guidance](https://about.gitlab.com/handbook/engineering/workflow/#resolution-of-broken-master) to learn more about resolution of broken master.`

	`/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1" ~"type::maintenance" ~"maintenance::pipelines"`	`/label ~"master:broken" ~"Engineering Productivity" ~"priority::1" ~"severity::1"`
`@ -48,4 +48,4 @@ Are there any other stages or teams involved that need to be kept in the loop?`
	`- [ ] Close this rollout issue.`	`- [ ] Close this rollout issue.`


	`/label ~"feature flag" ~"type::maintenance" ~"maintenance::removal"`	`/label ~"feature flag" ~"type::feature" ~"feature::addition"`