Add latest changes from gitlab-org/gitlab@master

.gitlab-ci.yml

@@ -16,7 +16,7 @@ stages:
 # in cases where jobs require Docker-in-Docker, the job
 # definition must be extended with `.use-docker-in-docker`
 default:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36
   tags:
     - gitlab-org
   # All jobs are interruptible by default
@@ -96,6 +96,9 @@ variables:
   # Default latest tag for particular branch
   QA_IMAGE_BRANCH: "${CI_REGISTRY}/${CI_PROJECT_PATH}/gitlab-ee-qa:${CI_COMMIT_REF_SLUG}"
 
+  REGISTRY_HOST: "registry.gitlab.com"
+  REGISTRY_GROUP: "gitlab-org"
+
   # Preparing custom clone path to reduce space used by all random forks
   # on GitLab.com's Shared Runners. Our main forks - especially the security
   # ones - will have this variable overwritten in the project settings, so that

.gitlab/ci/frontend.gitlab-ci.yml

@@ -11,7 +11,7 @@
     - .default-retry
     - .default-before_script
     - .assets-compile-cache
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7-git-2.33-lfs-2.9-node-14.15-yarn-1.22-graphicsmagick-1.3.36
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7-git-2.33-lfs-2.9-node-14.15-yarn-1.22-graphicsmagick-1.3.36
   variables:
     SETUP_DB: "false"
     WEBPACK_VENDOR_DLL: "true"
@@ -331,7 +331,7 @@ bundle-size-review:
   extends:
     - .default-retry
     - .frontend:rules:bundle-size-review
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:danger
   stage: test
   needs: ["compile-production-assets"]
   script:

.gitlab/ci/global.gitlab-ci.yml

@@ -213,7 +213,7 @@
     - *storybook-node-modules-cache-push
 
 .use-pg11:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36
   services:
     - name: postgres:11.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -222,7 +222,7 @@
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg12:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -231,7 +231,7 @@
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg13:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-13-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-13-graphicsmagick-1.3.36
   services:
     - name: postgres:13
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -240,7 +240,7 @@
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg11-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-11-graphicsmagick-1.3.36
   services:
     - name: postgres:11.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -251,7 +251,7 @@
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg12-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-12-graphicsmagick-1.3.36
   services:
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -262,7 +262,7 @@
     POSTGRES_HOST_AUTH_METHOD: trust
 
 .use-pg13-ee:
-  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-13-graphicsmagick-1.3.36"
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7.patched-golang-1.16-git-2.33-lfs-2.9-chrome-89-node-14.15-yarn-1.22-postgresql-13-graphicsmagick-1.3.36
   services:
     - name: postgres:13
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
@@ -274,7 +274,7 @@
 
 .use-kaniko:
   image:
-    name: registry.gitlab.com/gitlab-org/gitlab-build-images:kaniko
+    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:kaniko
     entrypoint: [""]
   before_script:
     - source scripts/utils.sh

.gitlab/ci/review-apps/main.gitlab-ci.yml

@@ -34,7 +34,7 @@ review-build-cng:
 .review-workflow-base:
   extends:
     - .default-retry
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3.5-kubectl1.17
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3.5-kubectl1.17
   resource_group: "review/${CI_COMMIT_REF_NAME}"
   variables:
     HOST_SUFFIX: "${CI_ENVIRONMENT_SLUG}"

.gitlab/ci/review.gitlab-ci.yml

@@ -2,7 +2,7 @@ review-cleanup:
   extends:
     - .default-retry
     - .review:rules:review-cleanup
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-helm3-kubectl1.14
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:gitlab-helm3-kubectl1.14
   stage: prepare
   environment:
     name: review/${CI_COMMIT_REF_SLUG}${FREQUENCY}

.gitlab/ci/static-analysis.gitlab-ci.yml

@@ -53,7 +53,7 @@ generate-apollo-graphl-schema:
     - .static-analysis-base
     - .frontend:rules:default-frontend-jobs
   image:
-    name: registry.gitlab.com/gitlab-org/gitlab-build-images:apollo
+    name: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:apollo
     entrypoint: [""]
   needs: ['graphql-schema-dump']
   variables:

.gitlab/ci/workhorse.gitlab-ci.yml

@@ -22,8 +22,8 @@ workhorse:verify:
 
 workhorse:test using go 1.16:
   extends: .workhorse:test
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7-golang-1.16-git-2.31
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7-golang-1.16-git-2.31
 
 workhorse:test using go 1.17:
   extends: .workhorse:test
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7-golang-1.17-git-2.31
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images:ruby-2.7-golang-1.17-git-2.31

config/feature_flags/development/automated_email_provision.yml

@@ -0,0 +1,8 @@
+---
+name: automated_email_provision
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/75872
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/348317
+milestone: '14.6'
+type: development
+group: group::license
+default_enabled: false

db/migrate/20211126142200_add_encrypted_static_object_token.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class AddEncryptedStaticObjectToken < Gitlab::Database::Migration[1.0]
+  enable_lock_retries!
+
+  def up
+    # rubocop:disable Migration/AddLimitToTextColumns
+    # limit is added in 20211126142354_add_text_limit_to_encrypted_static_object_token
+    add_column :users, :static_object_token_encrypted, :text # rubocop:disable Migration/AddColumnsToWideTables
+    # rubocop:enable Migration/AddLimitToTextColumns
+  end
+
+  def down
+    remove_column :users, :static_object_token_encrypted
+  end
+end

db/migrate/20211126142354_add_text_limit_to_encrypted_static_object_token.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class AddTextLimitToEncryptedStaticObjectToken < Gitlab::Database::Migration[1.0]
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :users, :static_object_token_encrypted, 255
+  end
+
+  def down
+    remove_text_limit :users, :static_object_token_encrypted
+  end
+end

db/post_migrate/20211209093636_track_ci_job_artifacts_deletes.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class TrackCiJobArtifactsDeletes < Gitlab::Database::Migration[1.0]
+  include Gitlab::Database::MigrationHelpers::LooseForeignKeyHelpers
+
+  enable_lock_retries!
+
+  def up
+    track_record_deletions(:ci_job_artifacts)
+  end
+
+  def down
+    untrack_record_deletions(:ci_job_artifacts)
+  end
+end

db/post_migrate/20211209093828_track_users_deletes.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class TrackUsersDeletes < Gitlab::Database::Migration[1.0]
+  include Gitlab::Database::MigrationHelpers::LooseForeignKeyHelpers
+
+  enable_lock_retries!
+
+  def up
+    track_record_deletions(:users)
+  end
+
+  def down
+    untrack_record_deletions(:users)
+  end
+end

db/post_migrate/20211209093923_track_external_pull_requests_deletes.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class TrackExternalPullRequestsDeletes < Gitlab::Database::Migration[1.0]
+  include Gitlab::Database::MigrationHelpers::LooseForeignKeyHelpers
+
+  enable_lock_retries!
+
+  def up
+    track_record_deletions(:external_pull_requests)
+  end
+
+  def down
+    untrack_record_deletions(:external_pull_requests)
+  end
+end

db/post_migrate/20211209094222_track_merge_requests_deletes.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class TrackMergeRequestsDeletes < Gitlab::Database::Migration[1.0]
+  include Gitlab::Database::MigrationHelpers::LooseForeignKeyHelpers
+
+  enable_lock_retries!
+
+  def up
+    track_record_deletions(:merge_requests)
+  end
+
+  def down
+    untrack_record_deletions(:merge_requests)
+  end
+end

db/schema_migrations/20211126142200

@@ -0,0 +1 @@
+a00ce6a11c7671b6d2efe47e3859afaec72c437fdf5383b990ee09cf14081c9b

db/schema_migrations/20211126142354

@@ -0,0 +1 @@
+31d5fa3caff916a485f26b6834e37037455068cdcf502802196bf1d663716f49

db/schema_migrations/20211209093636

@@ -0,0 +1 @@
+e544953376948489daf4840d4a6228b18dc6e18d071a1025dab24c3559640489

db/schema_migrations/20211209093828

@@ -0,0 +1 @@
+583ee4809560fec645e6f0942b332f9ab2630d06b0a422b360c5bb546d0aad93

db/schema_migrations/20211209093923

@@ -0,0 +1 @@
+8ec578ddc956b2648bcdd8a2ce1728723e2b0eef1a0a4845f4cb0deb19c417ec

db/schema_migrations/20211209094222

@@ -0,0 +1 @@
+1b461efe52d55ba9dca05e64efaae411c3de01612cbc55f9525e522e9b181b3d

db/structure.sql

@@ -20416,7 +20416,9 @@ CREATE TABLE users (
     last_name character varying(255),
     static_object_token character varying(255),
     role smallint,
-    user_type smallint
+    user_type smallint,
+    static_object_token_encrypted text,
+    CONSTRAINT check_7bde697e8e CHECK ((char_length(static_object_token_encrypted) <= 255))
 );
 
 CREATE SEQUENCE users_id_seq
@@ -29058,10 +29060,16 @@ CREATE TRIGGER chat_names_loose_fk_trigger AFTER DELETE ON chat_names REFERENCIN
 
 CREATE TRIGGER ci_builds_loose_fk_trigger AFTER DELETE ON ci_builds REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
 
+CREATE TRIGGER ci_job_artifacts_loose_fk_trigger AFTER DELETE ON ci_job_artifacts REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
+
 CREATE TRIGGER ci_pipelines_loose_fk_trigger AFTER DELETE ON ci_pipelines REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
 
 CREATE TRIGGER ci_runners_loose_fk_trigger AFTER DELETE ON ci_runners REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
 
+CREATE TRIGGER external_pull_requests_loose_fk_trigger AFTER DELETE ON external_pull_requests REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
+
+CREATE TRIGGER merge_requests_loose_fk_trigger AFTER DELETE ON merge_requests REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
+
 CREATE TRIGGER namespaces_loose_fk_trigger AFTER DELETE ON namespaces REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
 
 CREATE TRIGGER projects_loose_fk_trigger AFTER DELETE ON projects REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
@@ -29092,6 +29100,8 @@ CREATE TRIGGER trigger_projects_parent_id_on_update AFTER UPDATE ON projects FOR
 
 CREATE TRIGGER trigger_type_new_on_insert AFTER INSERT ON integrations FOR EACH ROW EXECUTE FUNCTION integrations_set_type_new();
 
+CREATE TRIGGER users_loose_fk_trigger AFTER DELETE ON users REFERENCING OLD TABLE AS old_table FOR EACH STATEMENT EXECUTE FUNCTION insert_into_loose_foreign_keys_deleted_records();
+
 ALTER TABLE ONLY chat_names
     ADD CONSTRAINT fk_00797a2bf9 FOREIGN KEY (service_id) REFERENCES integrations(id) ON DELETE CASCADE;
 

doc/api/epics.md

@@ -49,6 +49,8 @@ NOTE:
 
 ## List epics for a group
 
+> `parent_iid` and `_links[parent]` in response were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/347527) in GitLab 14.6.
+
 Gets all epics of the requested group and its subgroups.
 
 ```plaintext
@@ -89,6 +91,7 @@ Example response:
   "iid": 4,
   "group_id": 7,
   "parent_id": 23,
+  "parent_iid": 3,
   "title": "Accusamus iste et ullam ratione voluptatem omnis debitis dolor est.",
   "description": "Molestias dolorem eos vitae expedita impedit necessitatibus quo voluptatum.",
   "state": "opened",
@@ -128,7 +131,8 @@ Example response:
   "_links":{
       "self": "http://gitlab.example.com/api/v4/groups/7/epics/4",
       "epic_issues": "http://gitlab.example.com/api/v4/groups/7/epics/4/issues",
-      "group":"http://gitlab.example.com/api/v4/groups/7"
+      "group":"http://gitlab.example.com/api/v4/groups/7",
+      "parent":"http://gitlab.example.com/api/v4/groups/7/epics/3"
   }
   },
   {
@@ -136,6 +140,7 @@ Example response:
   "iid": 35,
   "group_id": 17,
   "parent_id": 19,
+  "parent_iid": 1,
   "title": "Accusamus iste et ullam ratione voluptatem omnis debitis dolor est.",
   "description": "Molestias dolorem eos vitae expedita impedit necessitatibus quo voluptatum.",
   "state": "opened",
@@ -174,7 +179,8 @@ Example response:
   "_links":{
       "self": "http://gitlab.example.com/api/v4/groups/17/epics/35",
       "epic_issues": "http://gitlab.example.com/api/v4/groups/17/epics/35/issues",
-      "group":"http://gitlab.example.com/api/v4/groups/17"
+      "group":"http://gitlab.example.com/api/v4/groups/17",
+      "parent":"http://gitlab.example.com/api/v4/groups/17/epics/1"
   }
   }
 ]
@@ -182,6 +188,8 @@ Example response:
 
 ## Single epic
 
+> `parent_iid` and `_links[parent]` in response were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/347527) in GitLab 14.6.
+
 Gets a single epic
 
 ```plaintext
@@ -204,6 +212,8 @@ Example response:
   "id": 30,
   "iid": 5,
   "group_id": 7,
+  "parent_id": null,
+  "parent_iid": null,
   "title": "Ea cupiditate dolores ut vero consequatur quasi veniam voluptatem et non.",
   "description": "Molestias dolorem eos vitae expedita impedit necessitatibus quo voluptatum.",
   "state": "opened",
@@ -243,13 +253,16 @@ Example response:
   "_links":{
       "self": "http://gitlab.example.com/api/v4/groups/7/epics/5",
       "epic_issues": "http://gitlab.example.com/api/v4/groups/7/epics/5/issues",
-      "group":"http://gitlab.example.com/api/v4/groups/7"
+      "group":"http://gitlab.example.com/api/v4/groups/7",
+      "parent": null
   }
 }
 ```
 
 ## New epic
 
+> `parent_iid` and `_links[parent]` in response were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/347527) in GitLab 14.6.
+
 Creates a new epic.
 
 NOTE:
@@ -276,7 +289,7 @@ POST /groups/:id/epics
 | `parent_id`         | integer/string   | no         | The ID of a parent epic (in GitLab 11.11 and later) |
 
 ```shell
-curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/1/epics?title=Epic&description=Epic%20description"
+curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/1/epics?title=Epic&description=Epic%20description&parent_id=29"
 ```
 
 Example response:
@@ -286,6 +299,8 @@ Example response:
   "id": 33,
   "iid": 6,
   "group_id": 7,
+  "parent_id": 29,
+  "parent_iid": 4,
   "title": "Epic",
   "description": "Epic description",
   "state": "opened",
@@ -325,13 +340,16 @@ Example response:
   "_links":{
     "self": "http://gitlab.example.com/api/v4/groups/7/epics/6",
     "epic_issues": "http://gitlab.example.com/api/v4/groups/7/epics/6/issues",
-    "group":"http://gitlab.example.com/api/v4/groups/7"
+    "group":"http://gitlab.example.com/api/v4/groups/7",
+    "parent": "http://gitlab.example.com/api/v4/groups/7/epics/4"
   }
 }
 ```
 
 ## Update epic
 
+> `parent_iid` and `_links[parent]` in response were [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/347527) in GitLab 14.6.
+
 Updates an epic.
 
 NOTE:
@@ -371,6 +389,8 @@ Example response:
   "id": 33,
   "iid": 6,
   "group_id": 7,
+  "parent_id": null,
+  "parent_iid": null,
   "title": "New Title",
   "description": "Epic description",
   "state": "opened",

doc/development/documentation/structure.md

@@ -88,7 +88,7 @@ Create an issue when you want to track bugs or future work.
 
 Prerequisites:
 
-- You must have at least the Developer role for a project.
+- You must have at least the Developer role for the project.
 
 To create an issue:
 

doc/development/testing_guide/end_to_end/feature_flags.md

@@ -67,6 +67,57 @@ If no scope is provided, the feature flag is set instance-wide:
 Runtime::Feature.enable(:feature_flag_name)
 ```
 
+## Working with selectors
+
+A new feature often replaces a `vue` component or a `haml` file with a new one.
+In most cases, the new file or component is accessible only with a feature flag.
+This approach becomes problematic when tests must pass both with, and without,
+the feature flag enabled. To ensure tests pass in both scenarios:
+
+1. Create another selector inside the new component or file.
+1. Give it the same name as the old one.
+
+Selectors are connected to a specific frontend file in the [page object](page_objects.md),
+and checked for availability inside our `qa:selectors` test. If the mentioned selector
+is missing inside that frontend file, the test fails. To ensure selectors are
+available when a feature flag is enabled or disabled, add the new selector to the
+[page object](page_objects.md), leaving the old selector in place.
+The test uses the correct selector and still detects missing selectors.
+
+If a new feature changes an existing frontend file that already has a selector,
+you can add a new selector with the same name. However, only one of the selectors
+displays on the page. You should:
+
+1. Disable the other with the feature flag.
+1. Add a comment in the frontend file to delete the old selector from the frontend
+   file and from the page object file when the feature flag is removed.
+
+### Example before
+
+```ruby
+# This is the link to the old file
+view 'app/views/devise/passwords/edit.html.haml' do
+  # The new selector should have the same name
+  element :password_field
+  ...
+end
+```
+
+### Example after
+
+```ruby
+view 'app/views/devise/passwords/edit.html.haml' do
+  element :password_field
+  ...
+end
+
+# Now it can verify the selector is available
+view 'app/views/devise/passwords/new_edit_behind_ff.html.haml' do
+  # The selector has the same name
+  element :password_field
+end
+```
+
 ## Running a scenario with a feature flag enabled
 
 It's also possible to run an entire scenario with a feature flag enabled, without having to edit

doc/user/admin_area/analytics/dev_ops_report.md

@@ -20,11 +20,11 @@ To see DevOps Reports:
 > [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/20976) from Conversational Development Index in GitLab 12.6.
 
 NOTE:
-To see the DevOps score, you must activate your GitLab instance's [Service Ping](../settings/usage_statistics.md#service-ping). This is because DevOps Score is a comparative tool, so your score data must be centrally processed by GitLab Inc. first.
+To see the DevOps score, you must activate your GitLab instance's [Service Ping](../settings/usage_statistics.md#service-ping). DevOps Score is a comparative tool, so your score data must be centrally processed by GitLab Inc. first.
 
 You can use the DevOps score to compare your DevOps status to other organizations.
 
-The DevOps Score tab displays the usage of major GitLab features on your instance over
+The DevOps Score tab displays usage of major GitLab features on your instance over
 the last 30 days, averaged over the number of billable users in that time period.
 You can also see the Leader usage score, calculated from top-performing instances based on
 [Service Ping data](../settings/usage_statistics.md#service-ping) that GitLab has collected.
@@ -47,29 +47,27 @@ feature is available.
 > - Multi-select [added](https://gitlab.com/gitlab-org/gitlab/-/issues/333586) in GitLab 14.2.
 > - Overview table [added](https://gitlab.com/gitlab-org/gitlab/-/issues/335638) in GitLab 14.3.
 
-DevOps Adoption shows you which groups in your organization are using the most essential features of GitLab:
+DevOps Adoption shows feature adoption for development, security, and operations.
 
-- Dev
-  - Approvals
-  - Code owners
-  - Issues
-  - Merge requests
-- Sec
-  - DAST
-  - Dependency Scanning
-  - Fuzz Testing
-  - SAST
-- Ops
-  - Deployments
-  - Pipelines
-  - Runners
+| Category | Feature |
+| ---      | ---      |
+| Development   | Approvals<br>Code owners<br>Issues<br>Merge requests   |
+| Security   | DAST<br>Dependency Scanning<br>Fuzz Testing<br>SAST  |
+| Operations   | Deployments<br>Pipelines<br>Runners   |
 
-To add or remove your groups, in the top right-hand section the page, select **Add or remove groups**.
+You can use Group DevOps Adoption to:
 
-DevOps Adoption allows you to:
+- Identify specific subgroups that are lagging in their adoption of GitLab features, so you can guide them on
+their DevOps journey.
+- Find subgroups that have adopted certain features, and provide guidance to other subgroups on 
+how to use those features.
+- Verify if you are getting the return on investment that you expected from GitLab.
 
-- Verify whether you are getting the return on investment that you expected from GitLab.
-- Identify specific groups that are lagging in their adoption of GitLab, so you can help them along in their DevOps journey.
-- Find the groups that have adopted certain features, and can provide guidance to other groups on how to use those features.
+## Add or remove a group
+
+To add or remove a subgroup from the DevOps Adoption report:
+
+1. Select **Add or remove groups**.
+1. Select the subgroup you want to add or remove and select **Save changes**.
 
 ![DevOps Adoption](img/admin_devops_adoption_v14_2.png)

doc/user/application_security/container_scanning/index.md

@@ -71,7 +71,7 @@ The included template:
 GitLab saves the results as a
 [Container Scanning report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportscontainer_scanning)
 that you can download and analyze later. When downloading, you always receive the most-recent
-artifact. If [dependency scan is enabled](#enable-dependency-scan),
+artifact. If [dependency scan is enabled](#dependency-list),
 a [Dependency Scanning report artifact](../../../ci/yaml/artifacts_reports.md#artifactsreportsdependency_scanning)
 is also created.
 
@@ -148,13 +148,14 @@ include:
     DOCKER_PASSWORD: "$AWS_ECR_PASSWORD"
 ```
 
-#### Enable dependency scan
+#### Dependency list
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6.
 
-The `CS_DISABLE_DEPENDENCY_SCAN` CI/CD variable controls whether the scan creates a [Dependency List](../dependency_list/)
-report. For the scan to create this report, you must set this variable to `false` (the default value
-is `true`).
+The `CS_DISABLE_DEPENDENCY_LIST` CI/CD variable controls whether the scan creates a
+[Dependency List](../dependency_list/)
+report. The variable's default setting of `false` causes the scan to create the report. To disable
+the report, set the variable to `true`:
 
 For example:
 
@@ -164,7 +165,7 @@ include:
 
 container_scanning:
   variables:
-    CS_DISABLE_DEPENDENCY_SCAN: "false"
+    CS_DISABLE_DEPENDENCY_LIST: "true"
 ```
 
 #### Available CI/CD variables
@@ -178,7 +179,7 @@ You can [configure](#customizing-the-container-scanning-settings) analyzers by u
 | `CI_APPLICATION_TAG`           | `$CI_COMMIT_SHA` | Docker repository tag for the image to be scanned. | All |
 | `CS_ANALYZER_IMAGE`            | `registry.gitlab.com/security-products/container-scanning:4` | Docker image of the analyzer. | All |
 | `CS_DEFAULT_BRANCH_IMAGE`      | `""` | The name of the `DOCKER_IMAGE` on the default branch. See [Setting the default branch image](#setting-the-default-branch-image) for more details. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/338877) in GitLab 14.5. | All |
-| `CS_DISABLE_DEPENDENCY_SCAN`   | `"true"`      | Disable Dependency Scanning for packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All |
+| `CS_DISABLE_DEPENDENCY_LIST`   | `"false"`      | Disable Dependency Scanning for packages installed in the scanned image. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/345434) in GitLab 14.6. | All |
 | `CS_DOCKER_INSECURE`           | `"false"`     | Allow access to secure Docker registries using HTTPS without validating the certificates. | All |
 | `CS_REGISTRY_INSECURE`         | `"false"`     | Allow access to insecure registries (HTTP only). Should only be set to `true` when testing the image locally. Works with all scanners, but the registry must listen on port `80/tcp` for Trivy to work. | All |
 | `CS_SEVERITY_THRESHOLD`        | `UNKNOWN`     | Severity level threshold. The scanner outputs vulnerabilities with severity level higher than or equal to this threshold. Supported levels are Unknown, Low, Medium, High, and Critical. | Trivy |

doc/user/application_security/dependency_scanning/analyzers.md

@@ -32,6 +32,9 @@ to launch dedicated containers for each analysis.
 Dependency Scanning is pre-configured with a set of **default images** that are
 maintained by GitLab, but users can also integrate their own **custom images**.
 
+WARNING:
+The `bundler-audit` analyzer is deprecated and will be removed in GitLab 15.0 since it duplicates the functionality of the `gemnasium` analyzer. For more information, read the [deprecation announcement](../../../update/deprecations.md#deprecation-of-bundler-audit-dependency-scanning-tool).
+
 ## Official default analyzers
 
 Any custom change to the official analyzers can be achieved by using a

lib/gitlab/ci/templates/Verify/Accessibility.gitlab-ci.yml

@@ -13,7 +13,7 @@ stages:
 
 a11y:
   stage: accessibility
-  image: registry.gitlab.com/gitlab-org/ci-cd/accessibility:6.0.1
+  image: registry.gitlab.com/gitlab-org/ci-cd/accessibility:6.1.1
   script: /gitlab-accessibility.sh $a11y_urls
   allow_failure: true
   artifacts:

lib/gitlab/subscription_portal.rb

@@ -62,6 +62,10 @@ module Gitlab
       "#{self.subscriptions_url}/gitlab/namespaces/#{group_id}/renew"
     end
 
+    def self.edit_account_url
+      "#{self.subscriptions_url}/customers/edit"
+    end
+
     def self.subscription_portal_admin_email
       ENV.fetch('SUBSCRIPTION_PORTAL_ADMIN_EMAIL', 'gl_com_api@gitlab.com')
     end
@@ -69,9 +73,14 @@ module Gitlab
     def self.subscription_portal_admin_token
       ENV.fetch('SUBSCRIPTION_PORTAL_ADMIN_TOKEN', 'customer_admin_token')
     end
+
+    def self.renewal_service_email
+      'renewals-support@gitlab.com'
+    end
   end
 end
 
 Gitlab::SubscriptionPortal.prepend_mod
 Gitlab::SubscriptionPortal::SUBSCRIPTIONS_URL = Gitlab::SubscriptionPortal.subscriptions_url.freeze
 Gitlab::SubscriptionPortal::PAYMENT_FORM_URL = Gitlab::SubscriptionPortal.payment_form_url.freeze
+Gitlab::SubscriptionPortal::RENEWAL_SERVICE_EMAIL = Gitlab::SubscriptionPortal.renewal_service_email.freeze

locale/gitlab.pot

@@ -1556,6 +1556,9 @@ msgstr ""
 msgid "A project’s repository name defines its URL (the one you use to access the project via a browser) and its place on the file disk where GitLab is installed. %{link_start}Learn more.%{link_end}"
 msgstr ""
 
+msgid "A quarterly reconciliation is due on %{date}"
+msgstr ""
+
 msgid "A ready-to-go template for use with Android apps"
 msgstr ""
 
@@ -36675,6 +36678,9 @@ msgstr ""
 msgid "To receive alerts from manually configured Prometheus services, add the following URL and Authorization key to your Prometheus webhook config file. Learn more about %{linkStart}configuring Prometheus%{linkEnd} to send alerts to GitLab."
 msgstr ""
 
+msgid "To renew, export your license usage file and email it to %{renewal_service_email}. A new license will be emailed to the email address registered in the %{customers_dot}. You can upload this license to your instance."
+msgstr ""
+
 msgid "To resolve this, try to:"
 msgstr ""
 
@@ -40284,6 +40290,12 @@ msgstr ""
 msgid "You have insufficient permissions to view shifts for this rotation"
 msgstr ""
 
+msgid "You have more active users than are allowed by your license. Before %{date} GitLab must reconcile your subscription. To complete this process, export your license usage file and email it to %{renewal_service_email}. A new license will be emailed to the email address registered in the %{customers_dot}. You can upload this license to your instance."
+msgstr ""
+
+msgid "You have more active users than are allowed by your license. GitLab must now reconcile your subscription. To complete this process, export your license usage file and email it to %{renewal_service_email}. A new license will be emailed to the email address registered in the %{customers_dot}. You can upload this license to your instance."
+msgstr ""
+
 msgid "You have no permissions"
 msgstr ""
 
@@ -40473,6 +40485,12 @@ msgstr ""
 msgid "Your %{host} account was signed in to from a new location"
 msgstr ""
 
+msgid "Your %{plan} subscription expired on %{expiry_date}"
+msgstr ""
+
+msgid "Your %{plan} subscription expires on %{expiry_date}"
+msgstr ""
+
 msgid "Your %{strong}%{plan_name}%{strong_close} subscription expires on %{strong}%{expires_on}%{strong_close}. After that date, you cannot create issues or merge requests, or use many other features."
 msgstr ""
 
@@ -40764,6 +40782,9 @@ msgstr ""
 msgid "Your subscription expired!"
 msgstr ""
 
+msgid "Your subscription is now expired. To renew, export your license usage file and email it to %{renewal_service_email}. A new license will be emailed to the email address registered in the %{customers_dot}. You can upload this license to your instance. To use Free tier, remove your current license."
+msgstr ""
+
 msgid "Your subscription will expire in %{remaining_days} day."
 msgid_plural "Your subscription will expire in %{remaining_days} days."
 msgstr[0] ""

spec/lib/gitlab/subscription_portal_spec.rb

@@ -63,6 +63,7 @@ RSpec.describe ::Gitlab::SubscriptionPortal do
       :subscriptions_plans_url           | 'https://about.gitlab.com/pricing/'
       :subscriptions_instance_review_url | 'https://customers.staging.gitlab.com/instance_review'
       :subscriptions_gitlab_plans_url    | 'https://customers.staging.gitlab.com/gitlab_plans'
+      :edit_account_url                  | 'https://customers.staging.gitlab.com/customers/edit'
     end
 
     with_them do