Add latest changes from gitlab-org/gitlab@master

doc/.vale/gitlab/spelling-exceptions.txt

@@ -45,8 +45,8 @@ autoscales
 autoscaling
 awardable
 awardables
-Ayoa
 Axios
+Ayoa
 Azure
 B-tree
 backfilling
@@ -93,9 +93,9 @@ canonicalized
 captcha
 CentOS
 Certbot
+chai
 changeset
 changesets
-chai
 ChaosKube
 chatbot
 chatbots
@@ -683,8 +683,8 @@ triaged
 triages
 triaging
 Trivy
-truthy
 Truststore
+truthy
 Twilio
 Twitter
 TypeScript

doc/ci/yaml/index.md

@@ -3098,17 +3098,48 @@ artifacts:
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/20390) in GitLab 11.2.
 > - Requires GitLab Runner 11.2 and above.
 
-Use [`artifacts:reports`](#artifactsreports)
+Use [`artifacts:reports`](#artifactsreports) to:
-to collect test reports, code quality reports, and security reports from jobs.
+
-It also exposes these reports in the GitLab UI (merge requests, pipeline views, and security dashboards).
+- Collect test reports, code quality reports, and security reports from jobs.
+- Expose these reports in merge requests, pipeline views, and security dashboards.
 
 The test reports are collected regardless of the job results (success or failure).
 You can use [`artifacts:expire_in`](#artifactsexpire_in) to set up an expiration
 date for their artifacts.
 
-If you also want the ability to browse the report output files, include the
+Some `artifacts:reports` types can be generated by multiple jobs in the same pipeline, and used by merge request or pipeline features from each job.
+
+| Keyword                                    | Multiple reports in the same pipeline? |
+|:-------------------------------------------|:--------------------------------------:|
+| `artifacts:reports:dotenv`                 | Not applicable |
+| `artifacts:reports:performance`            | **{dotted-circle}** No |
+| `artifacts:reports:load_performance`       | **{dotted-circle}** No |
+| `artifacts:reports:browser_performance`    | **{dotted-circle}** No |
+| `artifacts:reports:junit`                  | **{check-circle}** Yes |
+| `artifacts:reports:cobertura`              | **{check-circle}** Yes |
+| `artifacts:reports:terraform`              | **{check-circle}** Yes |
+| `artifacts:reports:codequality`            | Merge request widget: **{check-circle}** [Yes](https://gitlab.com/gitlab-org/gitlab/-/issues/271077#note_507239820).<br>Merge request diff annotations: **{dotted-circle}** [No](https://gitlab.com/gitlab-org/gitlab/-/issues/271077#note_507239820).<br>Full report: **{dotted-circle}** [No](https://gitlab.com/gitlab-org/gitlab/-/issues/9014). |
+| `artifacts:reports:sast`                   | **{check-circle}** Yes |
+| `artifacts:reports:secret_detection`       | **{check-circle}** Yes |
+| `artifacts:reports:dependency_scanning`    | **{check-circle}** Yes |
+| `artifacts:reports:container_scanning`     | **{check-circle}** Yes |
+| `artifacts:reports:dast`                   | **{check-circle}** Yes |
+| `artifacts:reports:api_fuzzing`            | **{check-circle}** Yes |
+| `artifacts:reports:coverage_fuzzing`       | **{check-circle}** Yes |
+| `artifacts:reports:license_management`     | [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/36817) to `license_scanning` |
+| `artifacts:reports:license_scanning`       | **{check-circle}** Yes |
+| `artifacts:reports:cluster_image_scanning` | **{check-circle}** Yes |
+| `artifacts:reports:metrics`                | **{check-circle}** Yes |
+| `artifacts:reports:requirements`           | **{check-circle}** Yes |
+| `artifacts:reports:accessibility`          | **{check-circle}** Yes |
+
+If you also want to be able to browse the report output files, include the
 [`artifacts:paths`](#artifactspaths) keyword.
 
+NOTE:
+Reports from [child pipelines](../pipelines/parent_child_pipelines.md) aren't supported. Track
+progress on adding support in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/215725).
+
 ##### `artifacts:reports:api_fuzzing` **(ULTIMATE)**
 
 > - Introduced in GitLab 13.4.

doc/development/ruby3_gotchas.md

@@ -10,7 +10,8 @@ This section documents several problems we found while working on [Ruby 3 suppor
 and which led to subtle bugs or test failures that were difficult to understand. We encourage every GitLab contributor
 who writes Ruby code on a regular basis to familiarize themselves with these issues.
 
-The complete list of changes to the Ruby 3 language and standard library is found [here](https://rubyreferences.github.io/rubychanges/3.0.html).
+To find the complete list of changes to the Ruby 3 language and standard library, see
+[Ruby Changes](https://rubyreferences.github.io/rubychanges/3.0.html).
 
 ## `Hash#each` consistently yields a 2-element array to lambdas
 
@@ -56,23 +57,23 @@ To write code that works under both 2.7 and 3.0, consider the following options:
 
 We recommend always passing the block explicitly, and prefer two required arguments as block parameters.
 
-More information can be found in [Ruby issue 12706](https://bugs.ruby-lang.org/issues/12706).
+To learn more, see [Ruby issue 12706](https://bugs.ruby-lang.org/issues/12706).
 
 ## `Symbol#to_proc` returns signature metadata consistent with lambdas
 
-A common idiom in Ruby is to obtain procs via the `&:<symbol>` shorthand and
+A common idiom in Ruby is to obtain `Proc` objects using the `&:<symbol>` shorthand and
 pass them to higher-order functions:
 
 ```ruby
 [1, 2, 3].each(&:to_s)
 ```
 
-Ruby desugars `&:<symbol>` to `Symbol#to_proc`, which we can `call` with
+Ruby desugars `&:<symbol>` to `Symbol#to_proc`. We can call it with
-the method _receiver_ as its first argument (here `Integer`), and all method _arguments_
+the method _receiver_ as its first argument (here: `Integer`), and all method _arguments_
-(here none) as its remaining arguments.
+(here: none) as its remaining arguments.
 
-This behaves the same in both Ruby 2.7 and Ruby 3; where Ruby 3 diverges is when capturing
+This behaves the same in both Ruby 2.7 and Ruby 3. Where Ruby 3 diverges is when capturing
-this proc and inspecting its call signature.
+this `Proc` object and inspecting its call signature.
 This is often done when writing DSLs or using other forms of meta-programming:
 
 ```ruby
@@ -83,32 +84,33 @@ p = :foo.to_proc # This usually happens via a conversion through `&:foo`
 puts "#{p.parameters} (#{p.arity})"
 ```
 
-Ruby 2.7 reports zero required and one optional parameter for this proc, while Ruby 3 reports one required
+Ruby 2.7 reports zero required and one optional parameter for this `Proc` object, while Ruby 3 reports one required
-and one optional parameter. As described above, Ruby 2.7 is incorrect: the first argument must
+and one optional parameter. Ruby 2.7 is incorrect: the first argument must
-always be passed, as it is the receiver of the method the proc represents, and methods cannot be
+always be passed, as it is the receiver of the method the `Proc` object represents, and methods cannot be
 called without a receiver.
 
-Ruby 3 corrects this, meaning code that tests proc arity or parameter lists might now break and
+Ruby 3 corrects this: the code that tests `Proc` object arity or parameter lists might now break and
 has to be updated.
 
-More information can be found in [Ruby issue 16260](https://bugs.ruby-lang.org/issues/16260).
+To learn more, see [Ruby issue 16260](https://bugs.ruby-lang.org/issues/16260).
 
 ## `OpenStruct` does not evaluate fields lazily
 
-The `OpenStruct` implementation has undergone a partial rewrite in Ruby 3, resulting in 
+The `OpenStruct` implementation has undergone a partial rewrite in Ruby 3, resulting in
 behavioral changes. In Ruby 2.7, `OpenStruct` defines methods lazily, when the method is first accessed.
 In Ruby 3.0, it defines these methods eagerly in the initializer, which can break classes that inherit from `OpenStruct`
 and override these methods.
 
 Don't inherit from `OpenStruct` for these reasons; ideally, don't use it at all.
-`OpenStruct` is [considered problematic](https://ruby-doc.org/stdlib-3.0.2/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats) for various reasons. When writing new code, prefer a `Struct` instead, which is simpler in implementation, although less flexible.
+`OpenStruct` is [considered problematic](https://ruby-doc.org/stdlib-3.0.2/libdoc/ostruct/rdoc/OpenStruct.html#class-OpenStruct-label-Caveats).
+When writing new code, prefer a `Struct` instead, which is simpler in implementation, although less flexible.
 
 ## `Regexp` and `Range` instances are frozen
 
-It is not necessary anymore to explicitly `freeze` `Regexp` or `Range` instances, since Ruby 3 freezes
+It is not necessary anymore to explicitly freeze `Regexp` or `Range` instances because Ruby 3 freezes
 them automatically upon creation.
 
-This has a subtle side-effect: Tests that stub method calls on these types now fail with an error, since
+This has a subtle side-effect: Tests that stub method calls on these types now fail with an error because
 RSpec cannot stub frozen objects:
 
 ```ruby
@@ -129,11 +131,10 @@ allow(subject).to receive(:function_returning_range).and_return(1..42)
 Ruby 3.0.2 has a known bug that causes [table tests](testing_guide/best_practices.md#table-based--parameterized-tests)
 to fail when table values consist of integer values.
 The reasons are documented in [issue 337614](https://gitlab.com/gitlab-org/gitlab/-/issues/337614).
-This problem has been fixed in Ruby and the fix is expected to be included in Ruby 3.0.3, which is not yet
+This problem has been fixed in Ruby and the fix is expected to be included in Ruby 3.0.3.
-available at this time.
 
 The problem only affects users who run an unpatched Ruby 3.0.2. This is likely the case when you
 installed Ruby manually or via tools like `asdf`. Users of the `gitlab-development-kit (GDK)`
 are also affected by this problem.
 
-Build images are not affected, since they include the patch set addressing this bug.
+Build images are not affected because they include the patch set addressing this bug.