Add latest changes from gitlab-org/gitlab@master

Gemfile

@@ -299,7 +299,7 @@ gem 'gon', '~> 6.4.0'
 gem 'request_store', '~> 1.5'
 gem 'base32', '~> 0.3.0'
 
-gem 'gitlab-license', '~> 2.1.0'
+gem 'gitlab-license', '~> 2.2.0'
 
 # Protect against bruteforcing
 gem 'rack-attack', '~> 6.6.0'
@@ -536,7 +536,7 @@ gem 'valid_email', '~> 0.1'
 # JSON
 gem 'json', '~> 2.5.1'
 gem 'json_schemer', '~> 0.2.18'
-gem 'oj', '~> 3.13.16'
+gem 'oj', '~> 3.13.17'
 gem 'multi_json', '~> 1.14.1'
 gem 'yajl-ruby', '~> 1.4.1', require: 'yajl'
 

Gemfile.lock

@@ -531,7 +531,7 @@ GEM
       opentracing (~> 0.4)
       pg_query (~> 2.1)
       redis (> 3.0.0, < 5.0.0)
-    gitlab-license (2.1.0)
+    gitlab-license (2.2.0)
     gitlab-license_finder (6.14.2.1)
       bundler
       rubyzip (>= 1, < 3)
@@ -869,7 +869,7 @@ GEM
       plist (~> 3.1)
       train-core
       wmi-lite (~> 1.0)
-    oj (3.13.16)
+    oj (3.13.17)
     omniauth (1.9.1)
       hashie (>= 3.4.6)
       rack (>= 1.6.2, < 3)
@@ -1568,7 +1568,7 @@ DEPENDENCIES
   gitlab-experiment (~> 0.7.1)
   gitlab-fog-azure-rm (~> 1.3.0)
   gitlab-labkit (~> 0.23.0)
-  gitlab-license (~> 2.1.0)
+  gitlab-license (~> 2.2.0)
   gitlab-license_finder (~> 6.0)
   gitlab-mail_room (~> 0.0.9)
   gitlab-markup (~> 1.8.0)
@@ -1637,7 +1637,7 @@ DEPENDENCIES
   oauth2 (~> 2.0)
   octokit (~> 4.15)
   ohai (~> 16.10)
-  oj (~> 3.13.16)
+  oj (~> 3.13.17)
   omniauth (~> 1.8)
   omniauth-alicloud (~> 1.0.1)
   omniauth-atlassian-oauth2 (~> 0.2.0)

app/assets/javascripts/gitlab_pages/new.js

@@ -0,0 +1,39 @@
+import Vue from 'vue';
+import VueApollo from 'vue-apollo';
+import { GlToast } from '@gitlab/ui';
+import createDefaultClient from '~/lib/graphql';
+import Pages from './components/pages_pipeline_wizard.vue';
+
+Vue.use(VueApollo);
+Vue.use(GlToast);
+
+const apolloProvider = new VueApollo({
+  defaultClient: createDefaultClient(
+    {},
+    {
+      batchMax: 1,
+      assumeImmutableResults: true,
+    },
+  ),
+});
+
+export default function initPages() {
+  const el = document.querySelector('#js-pages');
+
+  if (!el) {
+    return false;
+  }
+
+  return new Vue({
+    el,
+    name: 'GitlabPagesNewRoot',
+    apolloProvider,
+    render(createElement) {
+      return createElement(Pages, {
+        props: {
+          ...el.dataset,
+        },
+      });
+    },
+  });
+}

app/assets/javascripts/pages/projects/pages/new/index.js

@@ -0,0 +1,3 @@
+import initPages from '~/gitlab_pages/new';
+
+initPages();

app/assets/javascripts/pipeline_wizard/components/widgets/checklist.vue

@@ -32,6 +32,11 @@ export default {
       required: false,
       default: false,
     },
+    id: {
+      type: String,
+      required: false,
+      default: () => uniqueId('checklist_'),
+    },
   },
   computed: {
     checklistItems() {
@@ -62,8 +67,8 @@ export default {
 </script>
 
 <template>
-  <gl-form-group #default="{ ariaDescribedby }" :label="title">
-    <gl-form-checkbox-group :aria-describedby="ariaDescribedby" @input="updateValidState">
+  <gl-form-group :label="title" :label-for="id">
+    <gl-form-checkbox-group :id="id" :label="title" @input="updateValidState">
       <gl-form-checkbox
         v-for="item in checklistItems"
         :id="item.id"

app/assets/javascripts/pipeline_wizard/pipeline_wizard.vue

@@ -49,7 +49,7 @@ export default {
 <template>
   <div>
     <div class="gl-my-8">
-      <h2 class="gl-mb-4" data-testid="title">{{ title }}</h2>
+      <h1 class="gl-mb-4" data-testid="title">{{ title }}</h1>
       <p class="text-tertiary gl-font-lg gl-max-w-80" data-testid="description">
         {{ description }}
       </p>

app/controllers/projects/pages_controller.rb

@@ -10,11 +10,29 @@ class Projects::PagesController < Projects::ApplicationController
 
   feature_category :pages
 
-  # rubocop: disable CodeReuse/ActiveRecord
-  def show
-    @domains = @project.pages_domains.order(:domain).present(current_user: current_user)
+  def new
+    @pipeline_wizard_data = {
+      project_path: @project.full_path,
+      default_branch: @project.repository.root_ref,
+      redirect_to_when_done: project_pages_path(@project)
+    }
+  end
+
+  def show
+    unless @project.pages_enabled?
+      render :disabled
+      return
+    end
+
+    if @project.pages_show_onboarding?
+      redirect_to action: 'new'
+      return
+    end
+
+    # rubocop: disable CodeReuse/ActiveRecord
+    @domains = @project.pages_domains.order(:domain).present(current_user: current_user)
+    # rubocop: enable CodeReuse/ActiveRecord
   end
-  # rubocop: enable CodeReuse/ActiveRecord
 
   def destroy
     ::Pages::DeleteService.new(@project, current_user).execute

app/graphql/types/work_item_type.rb

@@ -6,6 +6,8 @@ module Types
 
     authorize :read_work_item
 
+    field :confidential, GraphQL::Types::Boolean, null: false,
+          description: 'Indicates the work item is confidential.'
     field :description, GraphQL::Types::String, null: true,
           description: 'Description of the work item.'
     field :id, Types::GlobalIDType[::WorkItem], null: false,

app/views/projects/pages/_header.html.haml

@@ -0,0 +1,11 @@
+- can_add_new_domain = can?(current_user, :update_pages, @project) && (Gitlab.config.pages.external_http || Gitlab.config.pages.external_https)
+
+%h1.page-title.gl-font-size-h-display.with-button
+  = s_('GitLabPages|Pages')
+  - if can_add_new_domain
+    = render Pajamas::ButtonComponent.new(variant: :confirm, button_options: { class: 'float-right'}, href: new_project_pages_domain_path(@project)) do
+      = s_('GitLabPages|New Domain')
+%p
+  - docs_link_start = "<a href='#{help_page_path('user/project/pages/index')}' target='_blank' rel='noopener noreferrer'>".html_safe
+  - docs_link_end = '</a>'.html_safe
+  = s_('GitLabPages|With GitLab Pages you can host your static website directly from your GitLab repository. %{docs_link_start}Learn more.%{link_end}').html_safe % { docs_link_start: docs_link_start, link_end: docs_link_end }

app/views/projects/pages/_waiting.html.haml

@@ -0,0 +1,13 @@
+.empty-state
+  .row.gl-align-items-center.gl-justify-content-center
+    .order-md-2
+      = image_tag 'illustrations/pipelines_pending.svg'
+  .row.gl-align-items-center.gl-justify-content-center
+    .text-content.gl-text-center.order-md-1
+      %h4= s_("GitLabPages|Waiting for the Pages Pipeline to complete...")
+      %p= s_("GitLabPages|Your Project has been configured for Pages. Now we have to wait for the Pipeline to succeed for the first time.")
+      = render Pajamas::ButtonComponent.new(variant: :confirm, href: project_pipelines_path(@project)) do
+        = s_("GitLabPages|Check the Pipeline Status")
+      = render Pajamas::ButtonComponent.new(href: new_namespace_project_pages_path) do
+        = s_("GitLabPages|Start over")
+

app/views/projects/pages/disabled.html.haml

@@ -0,0 +1,4 @@
+= render 'header'
+
+.bs-callout.bs-callout-warning
+  = html_escape_once(s_('GitLabPages|GitLab Pages are disabled for this project. You can enable them on your project\'s %{strong_start}Settings &gt; General &gt; Visibility%{strong_end} page.')).html_safe % { strong_start: '<strong>'.html_safe, strong_end: '</strong>'.html_safe }

app/views/projects/pages/new.html.haml

@@ -0,0 +1,7 @@
+- if Feature.enabled?(:use_pipeline_wizard_for_pages, @group)
+  #js-pages{ data: @pipeline_wizard_data }
+
+- else
+  = render 'header'
+
+  = render 'use'

app/views/projects/pages/show.html.haml

@@ -1,30 +1,20 @@
 - page_title _('Pages')
 
-- if @project.pages_enabled?
-  %h1.page-title.gl-font-size-h-display.with-button
-    = s_('GitLabPages|Pages')
+- unless @project.pages_deployed?
+  = render 'waiting'
 
-    - if can?(current_user, :update_pages, @project) && (Gitlab.config.pages.external_http || Gitlab.config.pages.external_https)
-      = link_to new_project_pages_domain_path(@project), class: 'btn gl-button btn-confirm float-right', title: s_('GitLabPages|New Domain') do
-        = s_('GitLabPages|New Domain')
+- else
+  = render 'header'
 
-  %p.light
-    - docs_link_start = "<a href='#{help_page_path('user/project/pages/index')}' target='_blank' rel='noopener noreferrer'>".html_safe
-    - link_end = '</a>'.html_safe
-    = s_('GitLabPages|With GitLab Pages you can host your static website directly from your GitLab repository. %{docs_link_start}Learn more.%{link_end}').html_safe % { docs_link_start: docs_link_start, link_end: link_end }
+  %section
 
   = render 'pages_settings'
 
   %hr.clearfix
-
-  = render 'ssl_limitations_warning' if @project.pages_subdomain.include?(".")
-  = render 'access'
-  = render 'use'
-  - if Gitlab.config.pages.external_http || Gitlab.config.pages.external_https
-    = render 'list'
-  - else
-    = render 'no_domains'
-  = render 'destroy'
-- else
-  .bs-callout.bs-callout-warning
-    = html_escape_once(s_('GitLabPages|GitLab Pages are disabled for this project. You can enable them on your project\'s %{strong_start}Settings &gt; General &gt; Visibility%{strong_end} page.')).html_safe % { strong_start: '<strong>'.html_safe, strong_end: '</strong>'.html_safe }
+    = render 'ssl_limitations_warning' if @project.pages_subdomain.include?(".")
+    = render 'access'
+    - if Gitlab.config.pages.external_http || Gitlab.config.pages.external_https
+      = render 'list'
+    - else
+      = render 'no_domains'
+    = render 'destroy'

config/feature_flags/development/use_pipeline_wizard_for_pages.yml

@@ -0,0 +1,8 @@
+---
+name: use_pipeline_wizard_for_pages
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78276
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/349095
+milestone: '15.3'
+type: development
+group: group::incubation
+default_enabled: false

config/routes/project.rb

@@ -499,7 +499,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
           defaults: { format: 'json' },
           constraints: { template_type: %r{issue|merge_request}, format: 'json' }
 
-      resource :pages, only: [:show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope
+      resource :pages, only: [:new, :show, :update, :destroy] do # rubocop: disable Cop/PutProjectRoutesUnderScope
         resources :domains, except: :index, controller: 'pages_domains', constraints: { id: %r{[^/]+} } do # rubocop: disable Cop/PutProjectRoutesUnderScope
           member do
             post :verify # rubocop:todo Cop/PutProjectRoutesUnderScope

db/fixtures/development/18_abuse_reports.rb

@@ -11,7 +11,7 @@ module Db
                   name: FFaker::Name.name,
                   email: FFaker::Internet.email,
                   confirmed_at: DateTime.now,
-                  password: '12345678'
+                  password: ::User.random_password
                 )
 
               ::AbuseReport.create(reporter: ::User.take, user: reported_user, message: 'User sends spam')

doc/administration/audit_events.md

@@ -123,6 +123,7 @@ From there, you can see the following actions:
   - Prevent editing approval rules in projects and merge requests.
   - Require user password to approve.
   - Remove all approvals when commits are added to the source branch.
+- Changes to streaming audit destination custom HTTP headers. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/366350) in GitLab 15.3.
 
 Group events can also be accessed via the [Group Audit Events API](../api/audit_events.md#group-audit-events)
 

doc/administration/auth/ldap/index.md

@@ -271,9 +271,11 @@ gitlab_rails['ldap_servers'] = {
 }
 ```
 
-This example results in the following sign-in page:
+This example results in a sign-in page with the following tabs:
 
-![Multiple LDAP servers sign in](img/multi_login.png)
+- **GitLab AD**.
+- **GitLab Secondary AD**.
+- **GitLab Tertiary AD**.
 
 ### Set up LDAP user filter
 

doc/api/graphql/reference/index.md

@@ -18530,6 +18530,7 @@ Represents vulnerability letter grades with associated projects.
 
 | Name | Type | Description |
 | ---- | ---- | ----------- |
+| <a id="workitemconfidential"></a>`confidential` | [`Boolean!`](#boolean) | Indicates the work item is confidential. |
 | <a id="workitemdescription"></a>`description` | [`String`](#string) | Description of the work item. |
 | <a id="workitemdescriptionhtml"></a>`descriptionHtml` | [`String`](#string) | The GitLab Flavored Markdown rendering of `description`. |
 | <a id="workitemid"></a>`id` | [`WorkItemID!`](#workitemid) | Global ID of the work item. |

doc/development/code_review.md

@@ -401,7 +401,7 @@ first time.
   of your shiny new branch, read through the entire diff. Does it make sense?
   Did you include something unrelated to the overall purpose of the changes? Did
   you forget to remove any debugging code?
-- Write a detailed description as outlined in the [merge request guidelines](contributing/merge_request_workflow.md#merge-request-guidelines).
+- Write a detailed description as outlined in the [merge request guidelines](contributing/merge_request_workflow.md#merge-request-guidelines-for-contributors).
   Some reviewers may not be familiar with the product feature or area of the
   codebase. Thorough descriptions help all reviewers understand your request
   and test effectively.

doc/development/contributing/index.md

@@ -218,7 +218,7 @@ This [documentation](issue_workflow.md) outlines the current issue workflow:
 
 This [documentation](merge_request_workflow.md) outlines the current merge request process.
 
-- [Merge request guidelines](merge_request_workflow.md#merge-request-guidelines)
+- [Merge request guidelines](merge_request_workflow.md#merge-request-guidelines-for-contributors)
 - [Contribution acceptance criteria](merge_request_workflow.md#contribution-acceptance-criteria)
 - [Definition of done](merge_request_workflow.md#definition-of-done)
 - [Dependencies](merge_request_workflow.md#dependencies)

doc/development/contributing/merge_request_workflow.md

@@ -33,7 +33,7 @@ some potentially easy issues.
 To start developing GitLab, download the [GitLab Development Kit](https://gitlab.com/gitlab-org/gitlab-development-kit)
 and see the [Development section](../../index.md) for the required guidelines.
 
-## Merge request guidelines
+## Merge request guidelines for contributors
 
 If you find an issue, please submit a merge request with a fix or improvement, if
 you can, and include tests. If you don't know how to fix the issue but can write a test
@@ -45,20 +45,10 @@ request is as follows:
 1. [Fork](../../user/project/repository/forking_workflow.md) the project into
    your personal namespace (or group) on GitLab.com.
 1. Create a feature branch in your fork (don't work off your [default branch](../../user/project/repository/branches/default.md)).
-1. Write [tests](../rake_tasks.md#run-tests) and code.
-1. [Ensure a changelog is created](../changelog.md).
-1. If you are writing documentation, make sure to follow the
-   [documentation guidelines](../documentation/index.md).
 1. Follow the [commit messages guidelines](#commit-messages-guidelines).
-1. If you have multiple commits, combine them into a few logically organized
-   commits by [squashing them](https://git-scm.com/book/en/v2/Git-Tools-Rewriting-History#_squashing),
-   but do not change the commit history if you're working on shared branches though.
+1. If you have multiple commits, combine them into a few logically organized commits.
 1. Push the commits to your working branch in your fork.
-1. Submit a merge request (MR) to the `main` branch in the main GitLab project.
-   1. Your merge request needs at least 1 approval, but depending on your changes
-      you might need additional approvals. Refer to the [Approval guidelines](../code_review.md#approval-guidelines).
-   1. You don't have to select any specific approvers, but you can if you really want
-      specific people to approve your merge request.
+1. Submit a merge request (MR) against the default branch of the upstream project.
 1. The MR title should describe the change you want to make.
 1. The MR description should give a reason for your change.
    1. If you are contributing code, fill in the description according to the default
@@ -68,58 +58,15 @@ request is as follows:
    1. Use the syntax `Solves #XXX`, `Closes #XXX`, or `Refs #XXX` to mention the issues your merge
       request addresses. Referenced issues do not [close automatically](../../user/project/issues/managing_issues.md#closing-issues-automatically).
       You must close them manually once the merge request is merged.
-   1. The MR must include *Before* and *After* screenshots if UI changes are made.
-   1. Include any steps or setup required to ensure reviewers can view the changes you've made (for example, include any information about feature flags).
 1. If you're allowed to, set a relevant milestone and [labels](issue_workflow.md).
    MR labels should generally match the corresponding issue (if there is one).
    The group label should reflect the group that executed or coached the work,
    not necessarily the group that owns the feature.
-1. UI changes should use available components from the GitLab Design System,
-   [Pajamas](https://design.gitlab.com/).
-1. If the MR changes CSS classes, please include the list of affected pages, which
-   can be found by running `grep css-class ./app -R`.
-1. If your MR touches code that executes shell commands, reads or opens files, or
-   handles paths to files on disk, make sure it adheres to the
-   [shell command guidelines](../shell_commands.md)
-1. [Code changes should include observability instrumentation](../code_review.md#observability-instrumentation).
-1. If your code needs to handle file storage, see the [uploads documentation](../uploads/index.md).
-1. If your merge request adds one or more migrations, make sure to execute all
-   migrations on a fresh database before the MR is reviewed. If the review leads
-   to large changes in the MR, execute the migrations again once the review is complete.
-1. Write tests for more complex migrations.
-1. If your merge request adds new validations to existing models, to make sure the
-   data processing is backwards compatible:
-
-   - Ask in the [`#database`](https://gitlab.slack.com/archives/CNZ8E900G) Slack channel
-     for assistance to execute the database query that checks the existing rows to
-     ensure existing rows aren't impacted by the change.
-   - Add the necessary validation with a feature flag to be gradually rolled out
-     following [the rollout steps](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#rollout).
-
-   If this merge request is urgent, the code owners should make the final call on
-   whether reviewing existing rows should be included as an immediate follow-up task
-   to the merge request.
-
-   NOTE:
-   There isn't a way to know anything about our customers' data on their
-   [self-managed instances](../../subscriptions/self_managed/index.md), so keep
-   that in mind for any data implications with your merge request.
-
-1. Merge requests **must** adhere to the [merge request performance guidelines](../merge_request_performance_guidelines.md).
-1. For tests that use Capybara, read
-   [how to write reliable, asynchronous integration tests](https://thoughtbot.com/blog/write-reliable-asynchronous-integration-tests-with-capybara).
-1. If your merge request introduces changes that require additional steps when
-   installing GitLab from source, add them to `doc/install/installation.md` in
-   the same merge request.
-1. If your merge request introduces changes that require additional steps when
-   upgrading GitLab from source, add them to
-   `doc/update/upgrading_from_source.md` in the same merge request. If these
-   instructions are specific to a version, add them to the "Version specific
-   upgrading instructions" section.
 1. Read and adhere to
    [The responsibility of the merge request author](../code_review.md#the-responsibility-of-the-merge-request-author).
 1. Read and follow
    [Having your merge request reviewed](../code_review.md#having-your-merge-request-reviewed).
+1. Make sure the merge request meets the [Definition of done](#definition-of-done).
 
 If you would like quick feedback on your merge request feel free to mention someone
 from the [core team](https://about.gitlab.com/community/core-team/) or one of the
@@ -218,12 +165,12 @@ the contribution acceptance criteria below:
    exposing a bug in existing code). Every new class should have corresponding
    unit tests, even if the class is exercised at a higher level, such as a feature test.
    - If a failing CI build seems to be unrelated to your contribution, you can try
-     restarting the failing CI job, rebasing from `main` to bring in updates that
+     restarting the failing CI job, rebasing on top of target branch to bring in updates that
      may resolve the failure, or if it has not been fixed yet, ask a developer to
      help you fix the test.
-1. The MR initially contains a few logically organized commits.
+1. The MR contains a few logically organized commits, or has [squashing commits enabled](../../user/project/merge_requests/squash_and_merge.md#squash-and-merge).
 1. The changes can merge without problems. If not, you should rebase if you're the
-   only one working on your feature branch, otherwise merge `main`.
+   only one working on your feature branch, otherwise merge the default branch into the MR branch.
 1. Only one specific issue is fixed or one specific feature is implemented. Do not
    combine things; send separate merge requests for each issue or feature.
 1. Migrations should do only one thing (for example, create a table, move data to a new
@@ -258,13 +205,60 @@ requirements.
 
 ### MR Merge
 
-1. Clear description explaining the relevancy of the contribution.
+1. Clear title and description explaining the relevancy of the contribution.
 1. Working and clean code that is commented where needed.
-1. [Unit, integration, and system tests](../testing_guide/index.md) that all pass
-   on the CI server.
-1. Peer member testing is optional but recommended when the risk of a change is high. This includes when the changes are [far-reaching](https://about.gitlab.com/handbook/engineering/development/#reducing-the-impact-of-far-reaching-work) or are for [components critical for security](../code_review.md#security).
-1. Regressions and bugs are covered with tests that reduce the risk of the issue happening
-   again.
+1. The change is evaluated to [limit the impact of far-reaching work](https://about.gitlab.com/handbook/engineering/development/#reducing-the-impact-of-far-reaching-work).
+1. Testing:
+
+   - [Unit, integration, and system tests](../testing_guide/index.md) that all pass
+     on the CI server.
+   - Peer member testing is optional but recommended when the risk of a change is high.
+     This includes when the changes are [far-reaching](https://about.gitlab.com/handbook/engineering/development/#reducing-the-impact-of-far-reaching-work)
+     or are for [components critical for security](../code_review.md#security).
+   - Description includes any steps or setup required to ensure reviewers can view the changes you've made (for example, include any information about feature flags).
+   - Regressions and bugs are covered with tests that reduce the risk of the issue happening
+     again.
+   - For tests that use Capybara, read
+     [how to write reliable, asynchronous integration tests](https://thoughtbot.com/blog/write-reliable-asynchronous-integration-tests-with-capybara).
+   - [Black-box tests/end-to-end tests](../testing_guide/testing_levels.md#black-box-tests-at-the-system-level-aka-end-to-end-tests)
+     added if required. Please contact [the quality team](https://about.gitlab.com/handbook/engineering/quality/#teams)
+     with any questions.
+   - The change is tested in a review app where possible and if appropriate.
+1. In case of UI changes:
+
+   - Use available components from the GitLab Design System,
+     [Pajamas](https://design.gitlab.com/).
+   - The MR must include *Before* and *After* screenshots if UI changes are made.
+   - If the MR changes CSS classes, please include the list of affected pages, which
+     can be found by running `grep css-class ./app -R`.
+1. If your MR touches code that executes shell commands, reads or opens files, or
+   handles paths to files on disk, make sure it adheres to the
+   [shell command guidelines](../shell_commands.md)
+1. [Code changes should include observability instrumentation](../code_review.md#observability-instrumentation).
+1. If your code needs to handle file storage, see the [uploads documentation](../uploads/index.md).
+1. If your merge request adds one or more migrations:
+   - Make sure to execute all migrations on a fresh database before the MR is reviewed.
+     If the review leads to large changes in the MR, execute the migrations again
+     after the review is complete.
+   - Write tests for more complex migrations.
+1. If your merge request adds new validations to existing models, to make sure the
+   data processing is backwards compatible:
+
+   - Ask in the [`#database`](https://gitlab.slack.com/archives/CNZ8E900G) Slack channel
+     for assistance to execute the database query that checks the existing rows to
+     ensure existing rows aren't impacted by the change.
+   - Add the necessary validation with a feature flag to be gradually rolled out
+     following [the rollout steps](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#rollout).
+
+   If this merge request is urgent, the code owners should make the final call on
+   whether reviewing existing rows should be included as an immediate follow-up task
+   to the merge request.
+
+   NOTE:
+   There isn't a way to know anything about our customers' data on their
+   [self-managed instances](../../subscriptions/self_managed/index.md), so keep
+   that in mind for any data implications with your merge request.
+
 1. Code affected by a feature flag is covered by [automated tests with the feature flag enabled and disabled](../feature_flags/index.md#feature-flags-in-tests), or both
    states are tested as part of peer member testing or as part of the rollout plan.
 1. [Performance guidelines](../merge_request_performance_guidelines.md) have been followed.
@@ -272,16 +266,22 @@ requirements.
 1. [Application and rate limit guidelines](../merge_request_application_and_rate_limit_guidelines.md) have been followed.
 1. [Documented](../documentation/index.md) in the `/doc` directory.
 1. [Changelog entry added](../changelog.md), if necessary.
+1. If your merge request introduces changes that require additional steps when
+   installing GitLab from source, add them to `doc/install/installation.md` in
+   the same merge request.
+1. If your merge request introduces changes that require additional steps when
+   upgrading GitLab from source, add them to
+   `doc/update/upgrading_from_source.md` in the same merge request. If these
+   instructions are specific to a version, add them to the "Version specific
+   upgrading instructions" section.
 1. Reviewed by relevant reviewers, and all concerns are addressed for Availability, Regressions, and Security. Documentation reviews should take place as soon as possible, but they should not block a merge request.
 1. The [MR acceptance checklist](../code_review.md#acceptance-checklist) has been checked as confirmed in the MR.
 1. Create an issue in the [infrastructure issue tracker](https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues) to inform the Infrastructure department when your contribution is changing default settings or introduces a new setting, if relevant.
-1. [Black-box tests/end-to-end tests](../testing_guide/testing_levels.md#black-box-tests-at-the-system-level-aka-end-to-end-tests)
-   added if required. Please contact [the quality team](https://about.gitlab.com/handbook/engineering/quality/#teams)
-   with any questions.
-1. The change is tested in a review app where possible and if appropriate.
-1. The new feature does not degrade the user experience of the product.
-1. The change is evaluated to [limit the impact of far-reaching work](https://about.gitlab.com/handbook/engineering/development/#reducing-the-impact-of-far-reaching-work).
 1. An agreed-upon [rollout plan](https://about.gitlab.com/handbook/engineering/development/processes/rollout-plans/).
+1. Your merge request has at least 1 approval, but depending on your changes
+   you might need additional approvals. Refer to the [Approval guidelines](../code_review.md#approval-guidelines).
+   - You don't have to select any specific approvers, but you can if you really want
+      specific people to approve your merge request.
 1. Merged by a project maintainer.
 
 ### Production use

doc/development/database/ci_mirrored_tables.md

@@ -10,10 +10,10 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 As part of the database [decomposition work](https://gitlab.com/groups/gitlab-org/-/epics/6168),
 which had the goal of splitting the single database GitLab is using, into two databases: `main` and
-`ci`, came the big challenge of removing all joins between the tables
-[that don't reside on the same database](multiple_databases.md#removing-joins-between-ci-and-non-ci-tables).
-PostgreSQL doesn't support joins between tables that belong to different databases. However,
-some core application models in the main database are queried very often by the CI side.
+`ci`, came the big challenge of 
+[removing all joins between the `main` and the `ci` tables](multiple_databases.md#removing-joins-between-ci-and-non-ci-tables).
+That is because PostgreSQL doesn't support joins between tables that belong to different databases. 
+However, some core application models in the main database are queried very often by the CI side.
 For example:
 
 - `Namespace`, in the `namespaces` table.

doc/development/documentation/restful_api_styleguide.md

@@ -5,7 +5,7 @@ group: unassigned
 description: 'Writing styles, markup, formatting, and other standards for the GitLab RESTful APIs.'
 ---
 
-# RESTful API
+# Documenting REST API resources
 
 REST API resources are documented in Markdown under
 [`/doc/api`](https://gitlab.com/gitlab-org/gitlab/-/tree/master/doc/api). Each

doc/development/documentation/site_architecture/index.md

@@ -64,13 +64,22 @@ Learn more about [the docs folder structure](folder_structure.md).
 If you have code and documentation in a repository other than the [primary repositories](#architecture),
 you should keep the documentation with the code in that repository.
 
-Then you can either:
+Then you can use one of these approaches:
 
-- [Add the repository to the list of products](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/doc/development.md#add-a-new-product)
-  published at <https://docs.gitlab.com>.
-- [Add an entry in the global navigation](global_nav.md#add-a-navigation-entry) for
-  <https://docs.gitlab.com> that links to the documentation in that repository.
+- (Recommended) [Add the repository to the list of products](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/doc/development.md#add-a-new-product)
+  published at <https://docs.gitlab.com>. The source of the documentation pages remains
+  in the external repository, but the resulting pages are indexed and searchable on <https://docs.gitlab.com>.
+- (Recommended) [Add an entry in the global navigation](global_nav.md#add-a-navigation-entry) for
+  <https://docs.gitlab.com> that links directly to the documentation in that external repository.
+  The documentation pages are not indexed or searchable on <https://docs.gitlab.com>.
   View [an example](https://gitlab.com/gitlab-org/gitlab-docs/-/blob/fedb6378a3c92274ba3b6031df0d34455594e4cc/content/_data/navigation.yaml#L2944-L2946).
+- Create a landing page for the product in the `gitlab` repository, and add the landing page
+  [to the global navigation](global_nav.md#add-a-navigation-entry), but keep the rest
+  of the documentation in the external repository. The landing page is indexed and
+  searchable on <https://docs.gitlab.com>, but the rest of the documentation is not.
+  For example, the [GitLab Workflow extension for VS Code](../../../user/project/repository/vscode.md).
+  We do not encourage the use of [pages with lists of links](../structure.md#topics-and-resources-pages),
+  so only use this option if the recommended options are not feasible.
 
 ## Assets
 

doc/integration/omniauth.md

@@ -7,13 +7,9 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # OmniAuth **(FREE SELF)**
 
 Users can sign in to GitLab by using their credentials from Twitter, GitHub, and other popular services.
-[OmniAuth](https://rubygems.org/gems/omniauth/) is the Rack
-framework that GitLab uses to provide this authentication.
+[OmniAuth](https://rubygems.org/gems/omniauth/) is the Rack framework that GitLab uses to provide this authentication.
 
-![OmniAuth providers on sign-in page](img/omniauth_providers_v_14_6.png)
-
-If you configure OmniAuth, users can continue to sign in using other
-mechanisms, including standard GitLab authentication or LDAP (if configured).
+When configured, additional sign-in options are displayed on the sign-in page.
 
 ## Supported providers
 

doc/subscriptions/self_managed/index.md

@@ -274,18 +274,18 @@ This file contains the information GitLab uses to manually process quarterly rec
 The **License Usage** CSV includes the following details:
 
 - License key
-- Email
+- Licensee email
 - License start date
 - License end date
 - Company
 - Generated at (the timestamp for when the file was exported)
 - Table of historical user counts for each day in the period:
-  - Date the count was recorded
-  - Active user count
+  - Timestamp the count was recorded
+  - Billable user count
 
 NOTES:
 
-- All timestamps are displayed in UTC.
+- All date timestamps are displayed in UTC.
 - A custom format is used for [dates](https://gitlab.com/gitlab-org/gitlab/blob/3be39f19ac3412c089be28553e6f91b681e5d739/config/initializers/date_time_formats.rb#L7) and [times](https://gitlab.com/gitlab-org/gitlab/blob/3be39f19ac3412c089be28553e6f91b681e5d739/config/initializers/date_time_formats.rb#L13) in CSV files.
 
 ## Renew your subscription

doc/user/group/access_and_permissions.md

@@ -0,0 +1,11 @@
+---
+stage: Manage
+group: Workspace
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Group access and permissions
+
+Use Groups to manage one or more related projects at the same time.
+
+For instructions on how to configure access and permissions for groups, see [Groups](index.md).

doc/user/group/manage.md

@@ -0,0 +1,11 @@
+---
+stage: Manage
+group: Workspace
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+---
+
+# Manage groups
+
+Use Groups to manage one or more related projects at the same time.
+
+For instructions on how to view, create, and manage groups, see [Groups](index.md).

doc/user/project/merge_requests/csv_export.md

@@ -4,7 +4,7 @@ group: Compliance
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
-# Export merge requests to CSV**(FREE)**
+# Export merge requests to CSV **(FREE)**
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3619) in GitLab 13.6.
 

lib/banzai/pipeline/incident_management/timeline_event_pipeline.rb

@@ -11,9 +11,9 @@ module Banzai
         def self.filters
           @filters ||= FilterArray[
             *super,
+            Filter::SanitizationFilter,
             *Banzai::Pipeline::GfmPipeline.reference_filters,
             Filter::EmojiFilter,
-            Filter::SanitizationFilter,
             Filter::ExternalLinkFilter,
             Filter::ImageLinkFilter
           ]

locale/gitlab.pot

@@ -6246,7 +6246,7 @@ msgstr ""
 msgid "Billing|Free groups on GitLab are limited to %{maxNamespaceSeats} seats"
 msgstr ""
 
-msgid "Billing|From June 22, 2022 (GitLab 15.1), free groups will be limited to 5 members"
+msgid "Billing|From October 19, 2022, free groups will be limited to 5 members"
 msgstr ""
 
 msgid "Billing|Group invite"
@@ -6285,7 +6285,7 @@ msgstr ""
 msgid "Billing|You are about to remove user %{username} from your subscription. If you continue, the user will be removed from the %{namespace} group and all its subgroups and projects. This action can't be undone."
 msgstr ""
 
-msgid "Billing|You can begin moving members in %{namespaceName} now. A member loses access to the group when you turn off %{strongStart}In a seat%{strongEnd}. If over 5 members have %{strongStart}In a seat%{strongEnd} enabled after June 22, 2022, we'll select the 5 members who maintain access. We'll first count members that have Owner and Maintainer roles, then the most recently active members until we reach 5 members. The remaining members will get a status of Over limit and lose access to the group."
+msgid "Billing|You can begin moving members in %{namespaceName} now. A member loses access to the group when you turn off %{strongStart}In a seat%{strongEnd}. If over 5 members have %{strongStart}In a seat%{strongEnd} enabled after October 19, 2022, we'll select the 5 members who maintain access. We'll first count members that have Owner and Maintainer roles, then the most recently active members until we reach 5 members. The remaining members will get a status of Over limit and lose access to the group."
 msgstr ""
 
 msgid "Billing|Your free group is now limited to %{free_user_limit} members"
@@ -16710,10 +16710,10 @@ msgstr ""
 msgid "From %{providerTitle}"
 msgstr ""
 
-msgid "From June 22, 2022 (GitLab 15.1), free personal namespaces and top-level groups will be limited to %{free_limit} members"
+msgid "From October 19, 2022, free personal namespaces and top-level groups will be limited to %{free_limit} members"
 msgstr ""
 
-msgid "From June 22, 2022 (GitLab 15.1), you can have a maximum of %{free_limit} unique members across all of your personal projects"
+msgid "From October 19, 2022, you can have a maximum of %{free_limit} unique members across all of your personal projects"
 msgstr ""
 
 msgid "From issue creation until deploy to production"
@@ -17617,6 +17617,9 @@ msgstr ""
 msgid "GitLabPages|Certificate: %{subject}"
 msgstr ""
 
+msgid "GitLabPages|Check the Pipeline Status"
+msgstr ""
+
 msgid "GitLabPages|Configure pages"
 msgstr ""
 
@@ -17668,6 +17671,9 @@ msgstr ""
 msgid "GitLabPages|Something went wrong while obtaining the Let's Encrypt certificate for %{domain}. To retry visit your %{link_start}domain details%{link_end}."
 msgstr ""
 
+msgid "GitLabPages|Start over"
+msgstr ""
+
 msgid "GitLabPages|Support for domains and certificates is disabled. Ask your system's administrator to enable it."
 msgstr ""
 
@@ -17680,6 +17686,9 @@ msgstr ""
 msgid "GitLabPages|Verified"
 msgstr ""
 
+msgid "GitLabPages|Waiting for the Pages Pipeline to complete..."
+msgstr ""
+
 msgid "GitLabPages|When enabled, all attempts to visit your website through HTTP are automatically redirected to HTTPS using a response with status code 301. Requires a valid certificate for all domains. %{docs_link_start}Learn more.%{link_end}"
 msgstr ""
 
@@ -17692,6 +17701,9 @@ msgstr ""
 msgid "GitLabPages|Your Pages site is not configured yet. See the %{docs_link_start}GitLab Pages documentation%{link_end} to learn how to upload your static site and have GitLab serve it. You can also take some inspiration from the %{samples_link_start}sample Pages projects%{link_end}."
 msgstr ""
 
+msgid "GitLabPages|Your Project has been configured for Pages. Now we have to wait for the Pipeline to succeed for the first time."
+msgstr ""
+
 msgid "GitLabPages|Your pages are served under:"
 msgstr ""
 
@@ -44473,7 +44485,7 @@ msgstr ""
 msgid "You could not create a new trigger."
 msgstr ""
 
-msgid "You currently have more than %{free_limit} members across all your personal projects. From June 22, 2022, the %{free_limit} most recently active members will remain active, and the remaining members will get a %{link_start}status of Over limit%{link_end} and lose access. To view and manage members, check the members page for each project in your namespace. We recommend you %{move_link_start}move your project to a group%{move_link_end} so you can easily manage users and features."
+msgid "You currently have more than %{free_limit} members across all your personal projects. From October 19, 2022, the %{free_limit} most recently active members will remain active, and the remaining members will get a %{link_start}status of Over limit%{link_end} and lose access. To view and manage members, check the members page for each project in your namespace. We recommend you %{move_link_start}move your project to a group%{move_link_end} so you can easily manage users and features."
 msgstr ""
 
 msgid "You do not have any subscriptions yet"
@@ -44820,7 +44832,7 @@ msgstr ""
 msgid "YouTube"
 msgstr ""
 
-msgid "Your %{doc_link_start}namespace%{doc_link_end}, %{strong_start}%{namespace_name}%{strong_end} has more than %{free_limit} members. From June 22, 2022, it will be limited to %{free_limit}, and the remaining members will get a %{link_start}status of Over limit%{link_end} and lose access to the namespace. You can go to the Usage Quotas page to manage which %{free_limit} members will remain in your namespace. To get more members, an owner can start a trial or upgrade to a paid tier."
+msgid "Your %{doc_link_start}namespace%{doc_link_end}, %{strong_start}%{namespace_name}%{strong_end} has more than %{free_limit} members. From October 19, 2022, it will be limited to %{free_limit}, and the remaining members will get a %{link_start}status of Over limit%{link_end} and lose access to the namespace. You can go to the Usage Quotas page to manage which %{free_limit} members will remain in your namespace. To get more members, an owner can start a trial or upgrade to a paid tier."
 msgstr ""
 
 msgid "Your %{group} membership will now expire in %{days}."

package.json

@@ -52,7 +52,7 @@
     "@gitlab/at.js": "1.5.7",
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/svgs": "2.30.0",
-    "@gitlab/ui": "42.22.1",
+    "@gitlab/ui": "42.23.0",
     "@gitlab/visual-review-tools": "1.7.3",
     "@rails/actioncable": "6.1.4-7",
     "@rails/ujs": "6.1.4-7",

spec/channels/application_cable/connection_spec.rb

@@ -21,7 +21,7 @@ RSpec.describe ApplicationCable::Connection, :clean_gitlab_redis_sessions do
       end
 
       context 'with a stale password' do
-        let(:partial_password_hash) { build(:user, password: 'some_old_password').authenticatable_salt }
+        let(:partial_password_hash) { build(:user, password: User.random_password).authenticatable_salt }
         let(:session_hash) { { 'warden.user.user.key' => [[user.id], partial_password_hash] } }
 
         it 'sets current_user to nil' do

spec/controllers/projects/pages_controller_spec.rb

@@ -19,9 +19,9 @@ RSpec.describe Projects::PagesController do
     project.add_maintainer(user)
   end
 
-  describe 'GET show' do
+  describe 'GET new' do
     it 'returns 200 status' do
-      get :show, params: request_params
+      get :new, params: request_params
 
       expect(response).to have_gitlab_http_status(:ok)
     end
@@ -31,13 +31,55 @@ RSpec.describe Projects::PagesController do
       let(:project) { create(:project, namespace: group) }
 
       it 'returns a 200 status code' do
-        get :show, params: request_params
+        get :new, params: request_params
 
         expect(response).to have_gitlab_http_status(:ok)
       end
     end
   end
 
+  describe 'GET show' do
+    subject { get :show, params: request_params }
+
+    context 'when the project does not have onboarding complete' do
+      before do
+        project.pages_metadatum.update_attribute(:deployed, false)
+        project.pages_metadatum.update_attribute(:onboarding_complete, false)
+      end
+
+      it 'redirects to #new' do
+        expect(subject).to redirect_to(action: 'new')
+      end
+    end
+
+    context 'when the project does have onboarding complete' do
+      before do
+        project.pages_metadatum.update_attribute(:onboarding_complete, true)
+      end
+
+      it 'returns 200 status' do
+        expect(subject).to have_gitlab_http_status(:ok)
+      end
+
+      context 'when the project is in a subgroup' do
+        let(:group) { create(:group, :nested) }
+        let(:project) { create(:project, namespace: group) }
+
+        it 'returns a 200 status code' do
+          expect(subject).to have_gitlab_http_status(:ok)
+        end
+      end
+    end
+
+    context 'when pages is disabled' do
+      let(:project) { create(:project, :pages_disabled) }
+
+      it 'renders the disabled view' do
+        expect(subject).to render_template :disabled
+      end
+    end
+  end
+
   describe 'DELETE destroy' do
     it 'returns 302 status' do
       delete :destroy, params: request_params

spec/factories/projects.rb

@@ -404,6 +404,13 @@ FactoryBot.define do
     end
   end
 
+  trait :pages_published do
+    after(:create) do |project|
+      project.mark_pages_onboarding_complete
+      project.mark_pages_as_deployed
+    end
+  end
+
   trait :service_desk_disabled do
     service_desk_enabled { nil }
   end

spec/features/projects/pages/user_adds_domain_spec.rb

@@ -5,7 +5,7 @@ RSpec.describe 'User adds pages domain', :js do
   include LetsEncryptHelpers
   include Spec::Support::Helpers::ModalHelpers
 
-  let_it_be(:project) { create(:project, pages_https_only: false) }
+  let_it_be(:project) { create(:project, :pages_published, pages_https_only: false) }
 
   let(:user) { create(:user) }
 
@@ -18,8 +18,6 @@ RSpec.describe 'User adds pages domain', :js do
   end
 
   context 'when pages are exposed on external HTTP address', :http_pages_enabled do
-    let(:project) { create(:project, pages_https_only: false) }
-
     shared_examples 'adds new domain' do
       it 'adds new domain' do
         visit new_project_pages_domain_path(project)
@@ -42,7 +40,7 @@ RSpec.describe 'User adds pages domain', :js do
     context 'when project in group namespace' do
       it_behaves_like 'adds new domain' do
         let(:group) { create :group }
-        let(:project) { create(:project, namespace: group, pages_https_only: false) }
+        let(:project) { create(:project, :pages_published, namespace: group, pages_https_only: false) }
       end
     end
 

spec/features/projects/pages/user_configures_pages_pipeline_spec.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+require 'spec_helper'
+
+RSpec.describe 'Pages edits pages settings', :js do
+  include Spec::Support::Helpers::ModalHelpers
+
+  let_it_be(:project) { create(:project, pages_https_only: false) }
+  let_it_be(:user) { create(:user) }
+
+  before do
+    allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
+
+    project.add_maintainer(user)
+
+    sign_in(user)
+  end
+
+  context 'when pipeline wizard feature is enabled' do
+    before do
+      Feature.enable(:use_pipeline_wizard_for_pages)
+    end
+
+    context 'when onboarding is not complete' do
+      it 'renders onboarding instructions' do
+        visit project_pages_path(project)
+
+        expect(page).to have_content('Get started with Pages')
+      end
+    end
+
+    context 'when onboarding is complete' do
+      before do
+        project.mark_pages_onboarding_complete
+      end
+
+      it 'shows waiting screen' do
+        visit project_pages_path(project)
+
+        expect(page).to have_content('Waiting for the Pages Pipeline to complete...')
+      end
+    end
+  end
+
+  context 'when pipeline wizard feature is disabled' do
+    before do
+      Feature.disable(:use_pipeline_wizard_for_pages)
+    end
+
+    it 'shows configure pages instructions' do
+      visit project_pages_path(project)
+
+      expect(page).to have_content('Configure pages')
+    end
+
+    after do
+      Feature.enable(:use_pipeline_wizard_for_pages)
+    end
+  end
+end

spec/features/projects/pages/user_edits_lets_encrypt_settings_spec.rb

@@ -5,7 +5,8 @@ RSpec.describe "Pages with Let's Encrypt", :https_pages_enabled do
   include LetsEncryptHelpers
   include Spec::Support::Helpers::ModalHelpers
 
-  let(:project) { create(:project, pages_https_only: false) }
+  let_it_be_with_reload(:project) { create(:project, :pages_published, pages_https_only: false) }
+
   let(:user) { create(:user) }
   let(:role) { :maintainer }
   let(:certificate_pem) { attributes_for(:pages_domain)[:certificate] }

spec/features/projects/pages/user_edits_settings_spec.rb

@@ -4,8 +4,8 @@ require 'spec_helper'
 RSpec.describe 'Pages edits pages settings', :js do
   include Spec::Support::Helpers::ModalHelpers
 
-  let(:project) { create(:project, pages_https_only: false) }
-  let(:user) { create(:user) }
+  let_it_be_with_reload(:project) { create(:project, :pages_published, pages_https_only: false) }
+  let_it_be(:user) { create(:user) }
 
   before do
     allow(Gitlab.config.pages).to receive(:enabled).and_return(true)
@@ -80,13 +80,6 @@ RSpec.describe 'Pages edits pages settings', :js do
       end
     end
 
-    it 'does not see anything to destroy' do
-      visit project_pages_path(project)
-
-      expect(page).to have_content('Configure pages')
-      expect(page).not_to have_link('Remove pages')
-    end
-
     describe 'project settings page' do
       it 'renders "Pages" tab' do
         visit edit_project_path(project)
@@ -151,7 +144,7 @@ RSpec.describe 'Pages edits pages settings', :js do
     end
 
     context 'non-HTTPS domain exists' do
-      let(:project) { create(:project, pages_https_only: false) }
+      let(:project) { create(:project, :pages_published, pages_https_only: false) }
 
       before do
         create(:pages_domain, :without_key, :without_certificate, project: project)

spec/frontend/pipeline_wizard/components/widgets/checklist_spec.js

@@ -1,4 +1,4 @@
-import { GlFormCheckbox, GlFormCheckboxGroup } from '@gitlab/ui';
+import { GlFormCheckbox, GlFormGroup, GlFormCheckboxGroup } from '@gitlab/ui';
 import { nextTick } from 'vue';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
 import ChecklistWidget from '~/pipeline_wizard/components/widgets/checklist.vue';
@@ -21,6 +21,7 @@ describe('Pipeline Wizard - Checklist Widget', () => {
     return eventArray[eventArray.length - 1];
   };
   const findItem = (atIndex = 0) => wrapper.findAllComponents(GlFormCheckbox).at(atIndex);
+  const getGlFormGroup = () => wrapper.getComponent(GlFormGroup);
   const getGlFormCheckboxGroup = () => wrapper.getComponent(GlFormCheckboxGroup);
 
   // The item.ids *can* be passed inside props.items, but are usually
@@ -57,6 +58,16 @@ describe('Pipeline Wizard - Checklist Widget', () => {
     expect(findItem().text()).toBe(props.items[0]);
   });
 
+  it('assigns the same non-null value to label-for and form id', () => {
+    createComponent();
+    const formGroupLabelFor = getGlFormGroup().attributes('label-for');
+    const formCheckboxGroupId = getGlFormCheckboxGroup().attributes('id');
+
+    expect(formGroupLabelFor).not.toBeNull();
+    expect(formCheckboxGroupId).not.toBeNull();
+    expect(formGroupLabelFor).toBe(formCheckboxGroupId);
+  });
+
   it('displays an item with a help text', () => {
     createComponent();
     const { text, help } = props.items[1];

spec/graphql/types/work_item_type_spec.rb

@@ -11,6 +11,7 @@ RSpec.describe GitlabSchema.types['WorkItem'] do
 
   it 'has specific fields' do
     fields = %i[
+      confidential
       description
       description_html
       id

spec/lib/banzai/pipeline/incident_management/timeline_event_pipeline_spec.rb

@@ -10,9 +10,9 @@ RSpec.describe Banzai::Pipeline::IncidentManagement::TimelineEventPipeline do
       expect(described_class.filters).to eq(
         [
           *Banzai::Pipeline::PlainMarkdownPipeline.filters,
+          Banzai::Filter::SanitizationFilter,
           *Banzai::Pipeline::GfmPipeline.reference_filters,
           Banzai::Filter::EmojiFilter,
-          Banzai::Filter::SanitizationFilter,
           Banzai::Filter::ExternalLinkFilter,
           Banzai::Filter::ImageLinkFilter
         ]
@@ -62,7 +62,32 @@ RSpec.describe Banzai::Pipeline::IncidentManagement::TimelineEventPipeline do
     context 'when markdown contains emojis' do
       let(:markdown) { ':+1:👍' }
 
-      it { is_expected.to eq('<p>👍👍</p>') }
+      it 'renders emojis wrapped in <gl-emoji> tag' do
+        # rubocop:disable Layout/LineLength
+        is_expected.to eq(
+          %q(<p><gl-emoji title="thumbs up sign" data-name="thumbsup" data-unicode-version="6.0">👍</gl-emoji><gl-emoji title="thumbs up sign" data-name="thumbsup" data-unicode-version="6.0">👍</gl-emoji></p>)
+        )
+        # rubocop:enable Layout/LineLength
+      end
+    end
+
+    context 'when markdown contains labels' do
+      let(:label) { create(:label, project: project, title: 'backend') }
+      let(:markdown) { %Q(~"#{label.name}" ~unknown) }
+
+      it 'replaces existing label to a link' do
+        # rubocop:disable Layout/LineLength
+        is_expected.to match(
+          %r(<p>.+<a href=\"[\w/]+-/issues\?label_name=#{label.name}\".+style=\"background-color: #\d{6}\".*>#{label.name}</span></a></span> ~unknown</p>)
+        )
+        # rubocop:enable Layout/LineLength
+      end
+    end
+
+    context 'when markdown contains table' do
+      let(:markdown) { '<table><tr><th>table head</th><tr><tr><td>table content</td></tr></table>'}
+
+      it { is_expected.to eq('table headtable content') }
     end
 
     context 'when markdown contains a reference to an issue' do

spec/mailers/emails/profile_spec.rb

@@ -49,7 +49,7 @@ RSpec.describe Emails::Profile do
 
   describe 'for users that signed up, the email' do
     let(:example_site_path) { root_path }
-    let(:new_user) { create(:user, email: new_user_address, password: "securePassword") }
+    let(:new_user) { create(:user, email: new_user_address) }
 
     subject { Notify.new_user_email(new_user.id) }
 
@@ -59,6 +59,7 @@ RSpec.describe Emails::Profile do
     it_behaves_like 'a user cannot unsubscribe through footer link'
 
     it 'does not contain the new user\'s password' do
+      is_expected.not_to have_body_text(new_user.password)
       is_expected.not_to have_body_text /password/
     end
   end

spec/models/hooks/system_hook_spec.rb

@@ -37,7 +37,7 @@ RSpec.describe SystemHook do
     let(:project)     { create(:project, namespace: user.namespace) }
     let(:group)       { create(:group) }
     let(:params) do
-      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: 'mydummypass' }
+      { name: 'John Doe', username: 'jduser', email: 'jg@example.com', password: User.random_password }
     end
 
     before do

spec/models/incident_management/timeline_event_spec.rb

@@ -47,12 +47,21 @@ RSpec.describe IncidentManagement::TimelineEvent do
 
   describe '#cache_markdown_field' do
     let(:note) { 'note **bold** _italic_ `code` ![image](/path/img.png) :+1:👍' }
-    let(:expected_note_html) do
-      # rubocop:disable Layout/LineLength
-      '<p>note <strong>bold</strong> <em>italic</em> <code>code</code> <a class="with-attachment-icon" href="/path/img.png" target="_blank" rel="noopener noreferrer">image</a> 👍👍</p>'
-      # rubocop:enable Layout/LineLength
+
+    let(:expected_image_html) do
+      '<a class="with-attachment-icon" href="/path/img.png" target="_blank" rel="noopener noreferrer">image</a>'
     end
 
+    # rubocop:disable Layout/LineLength
+    let(:expected_emoji_html) do
+      '<gl-emoji title="thumbs up sign" data-name="thumbsup" data-unicode-version="6.0">👍</gl-emoji><gl-emoji title="thumbs up sign" data-name="thumbsup" data-unicode-version="6.0">👍</gl-emoji>'
+    end
+
+    let(:expected_note_html) do
+      %Q(<p>note <strong>bold</strong> <em>italic</em> <code>code</code> #{expected_image_html} #{expected_emoji_html}</p>)
+    end
+    # rubocop:enable Layout/LineLength
+
     before do
       allow(Banzai::Renderer).to receive(:cacheless_render_field).and_call_original
     end

spec/requests/api/graphql/work_item_spec.rb

@@ -41,6 +41,7 @@ RSpec.describe 'Query.work_item(id)' do
         'lockVersion' => work_item.lock_version,
         'state' => "OPEN",
         'title' => work_item.title,
+        'confidential' => work_item.confidential,
         'workItemType' => hash_including('id' => work_item.work_item_type.to_gid.to_s),
         'userPermissions' => { 'readWorkItem' => true, 'updateWorkItem' => true, 'deleteWorkItem' => false }
       )

spec/tasks/gitlab/password_rake_spec.rb

@@ -3,7 +3,8 @@
 require 'rake_helper'
 
 RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
-  let_it_be(:user_1) { create(:user, username: 'foobar', password: 'initial_password') }
+  let_it_be(:user_1) { create(:user, username: 'foobar', password: User.random_password) }
+  let_it_be(:password) { User.random_password }
 
   def stub_username(username)
     allow(Gitlab::TaskHelpers).to receive(:prompt).with('Enter username: ').and_return(username)
@@ -19,14 +20,14 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
     Rake.application.rake_require 'tasks/gitlab/password'
 
     stub_username('foobar')
-    stub_password('secretpassword')
+    stub_password(password)
   end
 
   describe ':reset' do
     context 'when all inputs are correct' do
       it 'updates the password properly' do
         run_rake_task('gitlab:password:reset', user_1.username)
-        expect(user_1.reload.valid_password?('secretpassword')).to eq(true)
+        expect(user_1.reload.valid_password?(password)).to eq(true)
       end
     end
 
@@ -55,7 +56,7 @@ RSpec.describe 'gitlab:password rake tasks', :silence_stdout do
 
     context 'when passwords do not match' do
       before do
-        stub_password('randompassword', 'differentpassword')
+        stub_password(password, User.random_password)
       end
 
       it 'aborts with an error' do

spec/views/projects/pages/new.html.haml_spec.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+require 'spec_helper'
+
+RSpec.describe 'projects/pages/new' do
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) { create(:user) }
+
+  before do
+    allow(project).to receive(:show_pages_onboarding?).and_return(true)
+    project.add_maintainer(user)
+
+    assign(:project, project)
+    allow(view).to receive(:current_user).and_return(user)
+  end
+
+  describe 'with onboarding wizard feature enabled' do
+    before do
+      Feature.enable(:use_pipeline_wizard_for_pages)
+    end
+
+    it "shows the onboarding wizard" do
+      render
+      expect(rendered).to have_selector('#js-pages')
+    end
+  end
+
+  describe 'with onboarding wizard feature disabled' do
+    before do
+      Feature.disable(:use_pipeline_wizard_for_pages)
+    end
+
+    it "does not show the onboarding wizard" do
+      render
+      expect(rendered).not_to have_selector('#js-pages')
+    end
+
+    it "renders the usage instructions" do
+      render
+      expect(rendered).to render_template('projects/pages/_use')
+    end
+  end
+end

yarn.lock

@@ -1053,10 +1053,10 @@
   resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-2.30.0.tgz#bb73b2d16868b17e7e2dbb73653b7ab84f3cbd05"
   integrity sha512-XtYXba8XMAMHJz66H/lVZpXy77Z+ATlvbuvsR9cvM479lUEbrIcdAVOPV6zjPJiIxCUA5Yx1lUfWhgAwLEvRgw==
 
-"@gitlab/ui@42.22.1":
-  version "42.22.1"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-42.22.1.tgz#7ed942f87cd0767c9f8932b69d32c1846bfb388d"
-  integrity sha512-AYdFA1I1fwciwIpfMdBIKjDLUWd4/69Z6asNKLJUf9EGfWS3mUSD0PMMorLxrl+1S5vB07wOo4N9ebSMW3DUMg==
+"@gitlab/ui@42.23.0":
+  version "42.23.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-42.23.0.tgz#bc29bc598827062a57d5bd22e2c2e37cfb205c0e"
+  integrity sha512-Q2iQMXSRBXCidnl/gsYHhEhu16foblv3B1UU2PhSP+A6/clxur6rb7UlzXyRmnxGuhTczQDK2xGcmxltLMhF5w==
   dependencies:
     "@popperjs/core" "^2.11.2"
     bootstrap-vue "2.20.1"