Add latest changes from gitlab-org/gitlab@master

2024-10-28 18:20:02 +00:00 · 2024-10-28 18:20:02 +00:00 · b3880a68a8
parent 28e5c51ff0
commit b3880a68a8
120 changed files with 838 additions and 338 deletions
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -1706,16 +1706,21 @@
        MR_CODE_PATTERNS: "true"

 .qa:e2e-test-schedule-variables: &qa-e2e-test-schedule-variables
-  variables:
-    CREATE_TEST_FAILURE_ISSUES: "true"
-    PROCESS_TEST_RESULTS: "true"
-    KNAPSACK_GENERATE_REPORT: "true"
-    QA_SAVE_TEST_METRICS: "true"
-    QA_RUN_IN_PARALLEL: "false" # disable single job parallelization due to incompatibility with knapsack and coverband
+  CREATE_TEST_FAILURE_ISSUES: "true"
+  PROCESS_TEST_RESULTS: "true"
+  QA_SAVE_TEST_METRICS: "true"

 .qa:rules:e2e-schedule-blocking:
  rules:
-    - <<: [*if-dot-com-gitlab-org-schedule, *qa-e2e-test-schedule-variables]
+    - <<: *if-default-branch-schedule-nightly
+      variables:
+        <<: *qa-e2e-test-schedule-variables
+        KNAPSACK_GENERATE_REPORT: "true"
+        QA_RUN_IN_PARALLEL: "false"
+    - <<: *if-dot-com-gitlab-org-schedule
+      variables:
+        <<: *qa-e2e-test-schedule-variables
+        KNAPSACK_GENERATE_REPORT: "false"

 .qa:rules:code-suggestions-eval-base:
  rules:
@ -1827,11 +1832,10 @@
      changes: *gdk-component-patterns
    - <<: *if-dot-com-gitlab-org-schedule
      variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
+        <<: *qa-e2e-test-schedule-variables
        KNAPSACK_GENERATE_REPORT: "true"
-        QA_SAVE_TEST_METRICS: "true"
        COVERBAND_ENABLED: "true"
+        QA_RUN_IN_PARALLEL: "false"

 .qa:rules:e2e:test-on-cng:
  rules:
@ -1846,20 +1850,7 @@
    - !reference [".qa:rules:e2e-blocking-base-before", rules]
    - !reference [".prevent-tier-2-and-below", rules]
    - !reference [".qa:rules:e2e-blocking-base-after", rules]
-    - <<: *if-default-branch-schedule-nightly
-      variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
-        KNAPSACK_GENERATE_REPORT: "true"
-        QA_SAVE_TEST_METRICS: "true"
-        QA_RUN_IN_PARALLEL: "false" # disable single job parallelization due to incompatibility with knapsack
-    - <<: *if-dot-com-gitlab-org-schedule
-      variables:
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        PROCESS_TEST_RESULTS: "true"
-        KNAPSACK_GENERATE_REPORT: "false"
-        QA_SAVE_TEST_METRICS: "true"
-        QA_RUN_IN_PARALLEL: "true"
+    - !reference [".qa:rules:e2e-schedule-blocking", rules]

 .qa:rules:test-on-omnibus-nightly:
  rules:
@ -1869,10 +1860,9 @@
    - <<: *if-default-branch-schedule-nightly
      allow_failure: true
      variables:
+        <<: *qa-e2e-test-schedule-variables
        KNAPSACK_GENERATE_REPORT: "true"
-        PROCESS_TEST_RESULTS: "true"
-        CREATE_TEST_FAILURE_ISSUES: "true"
-        QA_SAVE_TEST_METRICS: "true"
+        QA_RUN_IN_PARALLEL: "false"

 .qa:rules:fulfillment-e2e-quarantine-report:
  rules:
--- a/app/assets/javascripts/admin/broadcast_messages/components/base.vue
+++ b/app/assets/javascripts/admin/broadcast_messages/components/base.vue
@ -136,7 +136,7 @@ export default {
        :messages="visibleMessages"
        @delete-message="deleteMessage"
      />
-      <div v-else-if="!showAddForm" class="gl-text-secondary">
+      <div v-else-if="!showAddForm" class="gl-text-subtle">
        {{ $options.i18n.emptyMessage }}
      </div>

--- a/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
+++ b/app/assets/javascripts/admin/broadcast_messages/components/messages_table.vue
@ -104,7 +104,7 @@ export default {
  >
    <template #cell(preview)="{ item: { message, theme, broadcast_type, dismissable } }">
      <gl-broadcast-message :theme="theme" :type="broadcast_type" :dismissible="dismissable">
-        {{ message }}
+        <span v-safe-html="message"></span>
      </gl-broadcast-message>
    </template>

--- a/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue
+++ b/app/assets/javascripts/vue_shared/issuable/show/components/issuable_edit_form.vue
@ -152,7 +152,7 @@ export default {
        @keydown="handleKeydown($event, 'description')"
      />
    </gl-form-group>
-    <div data-testid="actions" class="col-12 clearfix gl-mb-3 gl-mt-3 gl-flex gl-gap-3 gl-px-0">
+    <div data-testid="actions" class="gl-my-3 gl-flex gl-flex-col gl-gap-3">
      <slot
        name="edit-form-actions"
        :issuable-title="title"
--- a/app/models/concerns/token_authenticatable_strategies/base.rb
+++ b/app/models/concerns/token_authenticatable_strategies/base.rb
@ -17,15 +17,15 @@ module TokenAuthenticatableStrategies
      @options = options
    end

-    def find_token_authenticatable(instance, unscoped = false)
+    def find_token_authenticatable(token_owner_record, unscoped = false)
      raise NotImplementedError
    end

-    def get_token(instance)
+    def get_token(token_owner_record)
      raise NotImplementedError
    end

-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
      raise NotImplementedError
    end

@ -42,31 +42,31 @@ module TokenAuthenticatableStrategies
      token_fields - [@expires_at_field]
    end

-    def ensure_token(instance)
-      write_new_token(instance) unless token_set?(instance)
-      get_token(instance)
+    def ensure_token(token_owner_record)
+      write_new_token(token_owner_record) unless token_set?(token_owner_record)
+      get_token(token_owner_record)
    end

    # Returns a token, but only saves when the database is in read & write mode
-    def ensure_token!(instance)
-      reset_token!(instance) unless token_set?(instance)
-      get_token(instance)
+    def ensure_token!(token_owner_record)
+      reset_token!(token_owner_record) unless token_set?(token_owner_record)
+      get_token(token_owner_record)
    end

    # Resets the token, but only saves when the database is in read & write mode
-    def reset_token!(instance)
-      write_new_token(instance)
-      instance.save! if Gitlab::Database.read_write?
+    def reset_token!(token_owner_record)
+      write_new_token(token_owner_record)
+      token_owner_record.save! if Gitlab::Database.read_write?
    end

-    def expires_at(instance)
-      instance.read_attribute(@expires_at_field)
+    def expires_at(token_owner_record)
+      token_owner_record.read_attribute(@expires_at_field)
    end

-    def expired?(instance)
+    def expired?(token_owner_record)
      return false unless expirable? && token_expiration_enforced?

-      exp = expires_at(instance)
+      exp = expires_at(token_owner_record)
      !!exp && exp.past?
    end

@ -74,8 +74,8 @@ module TokenAuthenticatableStrategies
      !!@options[:expires_at]
    end

-    def token_with_expiration(instance)
-      API::Support::TokenWithExpiration.new(self, instance)
+    def token_with_expiration(token_owner_record)
+      API::Support::TokenWithExpiration.new(self, token_owner_record)
    end

    def self.fabricate(model, field, options)
@ -94,12 +94,12 @@ module TokenAuthenticatableStrategies

    private

-    def prefix_for(instance)
+    def prefix_for(token_owner_record)
      case prefix_option = options[:format_with_prefix]
      when nil
        nil
      when Symbol
-        instance.send(prefix_option) # rubocop:disable GitlabSecurity/PublicSend
+        token_owner_record.send(prefix_option) # rubocop:disable GitlabSecurity/PublicSend
      else
        raise NotImplementedError
      end
@ -107,19 +107,19 @@ module TokenAuthenticatableStrategies

    # If a `format_with_prefix` option is provided, it applies and returns the formatted token.
    # Otherwise, default implementation returns the token as-is
-    def format_token(instance, token)
-      prefix = prefix_for(instance)
+    def format_token(token_owner_record, token)
+      prefix = prefix_for(token_owner_record)

      prefix ? "#{prefix}#{token}" : token
    end

-    def write_new_token(instance)
-      new_token = generate_available_token(instance)
-      formatted_token = format_token(instance, new_token)
-      set_token(instance, formatted_token)
+    def write_new_token(token_owner_record)
+      new_token = generate_available_token(token_owner_record)
+      formatted_token = format_token(token_owner_record, new_token)
+      set_token(token_owner_record, formatted_token)

      if expirable?
-        instance[@expires_at_field] = @options[:expires_at].to_proc.call(instance)
+        token_owner_record[@expires_at_field] = @options[:expires_at].to_proc.call(token_owner_record)
      end
    end

@ -127,26 +127,26 @@ module TokenAuthenticatableStrategies
      @options.fetch(:unique, true)
    end

-    def generate_available_token(instance)
+    def generate_available_token(token_owner_record)
      loop do
-        token = generate_token(instance)
+        token = generate_token(token_owner_record)
        break token unless unique && find_token_authenticatable(token, true)
      end
    end

-    def generate_token(instance)
+    def generate_token(token_owner_record)
      if @options[:token_generator]
        @options[:token_generator].call
      # TODO: Make all tokens routable by default: https://gitlab.com/gitlab-org/gitlab/-/issues/500016
-      elsif generate_routable_token?(instance)
-        generate_routable_payload(@options[:routable_token], instance)
+      elsif generate_routable_token?(token_owner_record)
+        generate_routable_payload(@options[:routable_token], token_owner_record)
      else
        Devise.friendly_token
      end
    end

-    def generate_routable_token?(instance)
-      @options[:routable_token] && instance.respond_to?(:user) && Feature.enabled?(:routable_token, instance.user)
+    def generate_routable_token?(token_owner_record)
+      @options[:routable_token] && token_owner_record.respond_to?(:user) && Feature.enabled?(:routable_token, token_owner_record.user)
    end

    def default_routing_payload_hash
@ -156,9 +156,9 @@ module TokenAuthenticatableStrategies
      }
    end

-    def generate_routable_payload(routable_parts, instance)
+    def generate_routable_payload(routable_parts, token_owner_record)
      payload_hash = default_routing_payload_hash.merge(
-        routable_parts.transform_values { |generator| generator.call(instance) }
+        routable_parts.transform_values { |generator| generator.call(token_owner_record) }
      ).compact_blank

      Base64.urlsafe_encode64(payload_hash.sort.map { |k, v| "#{k}:#{v}" }.join("\n"), padding: false)
@ -168,7 +168,7 @@ module TokenAuthenticatableStrategies
      unscoped ? @klass.unscoped : @klass.where(not_expired)
    end

-    def token_set?(instance)
+    def token_set?(token_owner_record)
      raise NotImplementedError
    end

--- a/app/models/concerns/token_authenticatable_strategies/digest.rb
+++ b/app/models/concerns/token_authenticatable_strategies/digest.rb
@ -18,20 +18,20 @@ module TokenAuthenticatableStrategies
      token_authenticatable
    end

-    def get_token(instance)
-      token = instance.cleartext_tokens&.[](@token_field)
-      token ||= fallback_strategy.get_token(instance) if @options[:fallback]
+    def get_token(token_owner_record)
+      token = token_owner_record.cleartext_tokens&.[](@token_field)
+      token ||= fallback_strategy.get_token(token_owner_record) if @options[:fallback]

      token
    end

-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
      return unless token

-      instance.cleartext_tokens ||= {}
-      instance.cleartext_tokens[@token_field] = token
-      instance[token_field_name] = Gitlab::CryptoHelper.sha256(token)
-      instance[@token_field] = nil if @options[:fallback]
+      token_owner_record.cleartext_tokens ||= {}
+      token_owner_record.cleartext_tokens[@token_field] = token
+      token_owner_record[token_field_name] = Gitlab::CryptoHelper.sha256(token)
+      token_owner_record[@token_field] = nil if @options[:fallback]
    end

    protected
@ -40,9 +40,9 @@ module TokenAuthenticatableStrategies
      @fallback_strategy ||= TokenAuthenticatableStrategies::Insecure.new(@klass, @token_field, @options)
    end

-    def token_set?(instance)
-      token_digest = instance.read_attribute(token_field_name)
-      token_digest ||= instance.read_attribute(@token_field) if @options[:fallback]
+    def token_set?(token_owner_record)
+      token_digest = token_owner_record.read_attribute(token_field_name)
+      token_digest ||= token_owner_record.read_attribute(@token_field) if @options[:fallback]

      token_digest.present?
    end
--- a/app/models/concerns/token_authenticatable_strategies/encrypted.rb
+++ b/app/models/concerns/token_authenticatable_strategies/encrypted.rb
@ -9,21 +9,20 @@ module TokenAuthenticatableStrategies
    def find_token_authenticatable(token, unscoped = false)
      return if token.blank?

-      instance = if required?
-                   find_by_encrypted_token(token, unscoped)
-                 elsif optional?
-                   find_by_encrypted_token(token, unscoped) ||
-                     find_by_plaintext_token(token, unscoped)
-                 elsif migrating?
-                   find_by_plaintext_token(token, unscoped)
-                 else
-                   raise ArgumentError, _("Unknown encryption strategy: %{encrypted_strategy}!") % { encrypted_strategy: encrypted_strategy }
-                 end
+      token_owner_record =
+        if required?
+          find_by_encrypted_token(token, unscoped)
+        elsif optional?
+          find_by_encrypted_token(token, unscoped) ||
+            find_by_plaintext_token(token, unscoped)
+        elsif migrating?
+          find_by_plaintext_token(token, unscoped)
+        end

-      instance if instance && matches_prefix?(instance, token)
+      token_owner_record if token_owner_record && matches_prefix?(token_owner_record, token)
    end

-    def ensure_token(instance)
+    def ensure_token(token_owner_record)
      # TODO, tech debt, because some specs are testing migrations, but are still
      # using factory bot to create resources, it might happen that a database
      # schema does not have "#{token_name}_encrypted" field yet, however a bunch
@ -35,27 +34,27 @@ module TokenAuthenticatableStrategies
      # Another use case is when we are caching resources / columns, like we do
      # in case of ApplicationSetting.

-      return super if instance.has_attribute?(encrypted_field)
+      return super if token_owner_record.has_attribute?(encrypted_field)

      if required?
        raise ArgumentError, _('Using required encryption strategy when encrypted field is missing!')
      else
-        insecure_strategy.ensure_token(instance)
+        insecure_strategy.ensure_token(token_owner_record)
      end
    end

-    def get_token(instance)
-      return insecure_strategy.get_token(instance) if migrating?
+    def get_token(token_owner_record)
+      return insecure_strategy.get_token(token_owner_record) if migrating?

-      get_encrypted_token(instance)
+      get_encrypted_token(token_owner_record)
    end

-    def set_token(instance, token)
+    def set_token(token_owner_record, token)
      raise ArgumentError unless token.present?

-      instance[encrypted_field] = EncryptionHelper.encrypt_token(token)
-      instance[token_field] = token if migrating?
-      instance[token_field] = nil if optional?
+      token_owner_record[encrypted_field] = EncryptionHelper.encrypt_token(token)
+      token_owner_record[token_field] = token if migrating?
+      token_owner_record[token_field] = nil if optional?
      token
    end

@ -73,10 +72,10 @@ module TokenAuthenticatableStrategies

    protected

-    def get_encrypted_token(instance)
-      encrypted_token = instance.read_attribute(encrypted_field)
+    def get_encrypted_token(token_owner_record)
+      encrypted_token = token_owner_record.read_attribute(encrypted_field)
      token = EncryptionHelper.decrypt_token(encrypted_token)
-      token || (insecure_strategy.get_token(instance) if optional?)
+      token || (insecure_strategy.get_token(token_owner_record) if optional?)
    end

    def encrypted_strategy
@ -105,18 +104,18 @@ module TokenAuthenticatableStrategies
        .new(klass, token_field, options)
    end

-    def matches_prefix?(instance, token)
-      !options[:require_prefix_for_validation] || token.start_with?(prefix_for(instance))
+    def matches_prefix?(token_owner_record, token)
+      !options[:require_prefix_for_validation] || token.start_with?(prefix_for(token_owner_record))
    end

-    def token_set?(instance)
-      token = get_encrypted_token(instance)
+    def token_set?(token_owner_record)
+      token = get_encrypted_token(token_owner_record)

      unless required?
-        token ||= insecure_strategy.get_token(instance)
+        token ||= insecure_strategy.get_token(token_owner_record)
      end

-      token.present? && matches_prefix?(instance, token)
+      token.present? && matches_prefix?(token_owner_record, token)
    end

    def encrypted_field
--- a/app/models/concerns/token_authenticatable_strategies/insecure.rb
+++ b/app/models/concerns/token_authenticatable_strategies/insecure.rb
@ -6,18 +6,18 @@ module TokenAuthenticatableStrategies
      relation(unscoped).find_by(@token_field => token) if token
    end

-    def get_token(instance)
-      instance.read_attribute(@token_field)
+    def get_token(token_owner_record)
+      token_owner_record.read_attribute(@token_field)
    end

-    def set_token(instance, token)
-      instance[@token_field] = token if token
+    def set_token(token_owner_record, token)
+      token_owner_record[@token_field] = token if token
    end

    protected

-    def token_set?(instance)
-      instance.read_attribute(@token_field).present?
+    def token_set?(token_owner_record)
+      token_owner_record.read_attribute(@token_field).present?
    end
  end
 end
--- a/config/feature_flags/gitlab_com_derisk/ci_variables_optimize_kubernetes_variables.yml
+++ b/config/feature_flags/gitlab_com_derisk/ci_variables_optimize_kubernetes_variables.yml
@ -5,5 +5,5 @@ introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/168809
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/498651
 milestone: '17.6'
 group: group::pipeline authoring
-type: gitlab_com_derisk
-default_enabled: false
+type: beta
+default_enabled: true
--- a/config/metrics/settings/20210201124935_database_adapter.yml
+++ b/config/metrics/settings/20210201124935_database_adapter.yml
@ -16,6 +16,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51709
--- a/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml
+++ b/config/metrics/settings/20210204124856_instance_auto_devops_enabled.yml
@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210204124858_container_registry_enabled.yml
+++ b/config/metrics/settings/20210204124858_container_registry_enabled.yml
@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml
+++ b/config/metrics/settings/20210204124900_dependency_proxy_enabled.yml
@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml
+++ b/config/metrics/settings/20210204124902_gitlab_shared_runners_enabled.yml
@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210204124904_gravatar_enabled.yml
+++ b/config/metrics/settings/20210204124904_gravatar_enabled.yml
@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124906_ldap_enabled.yml
+++ b/config/metrics/settings/20210204124906_ldap_enabled.yml
@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124908_mattermost_enabled.yml
+++ b/config/metrics/settings/20210204124908_mattermost_enabled.yml
@ -18,6 +18,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124910_omniauth_enabled.yml
+++ b/config/metrics/settings/20210204124910_omniauth_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124912_prometheus_enabled.yml
+++ b/config/metrics/settings/20210204124912_prometheus_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml
+++ b/config/metrics/settings/20210204124914_prometheus_metrics_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210204124916_reply_by_email_enabled.yml
+++ b/config/metrics/settings/20210204124916_reply_by_email_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124918_signup_enabled.yml
+++ b/config/metrics/settings/20210204124918_signup_enabled.yml
@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml
+++ b/config/metrics/settings/20210204124920_web_ide_clientside_preview_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124922_grafana_link_enabled.yml
+++ b/config/metrics/settings/20210204124922_grafana_link_enabled.yml
@ -14,6 +14,8 @@ distribution:
 - ce
 tier:
 - free
+tiers:
+- free
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210204124934_pages_enabled.yml
+++ b/config/metrics/settings/20210204124934_pages_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210216174829_smtp_server.yml
+++ b/config/metrics/settings/20210216174829_smtp_server.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
+++ b/config/metrics/settings/20210216175459_ingress_modsecurity_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216175604_edition.yml
+++ b/config/metrics/settings/20210216175604_edition.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/51974
--- a/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20210216175606_ldap_encrypted_secrets_enabled.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216175609_version.yml
+++ b/config/metrics/settings/20210216175609_version.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180314_gitpod_enabled.yml
+++ b/config/metrics/settings/20210216180314_gitpod_enabled.yml
@ -17,6 +17,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180836_enabled.yml
+++ b/config/metrics/settings/20210216180836_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180838_enabled.yml
+++ b/config/metrics/settings/20210216180838_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180840_direct_upload.yml
+++ b/config/metrics/settings/20210216180840_direct_upload.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180841_background_upload.yml
+++ b/config/metrics/settings/20210216180841_background_upload.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180843_provider.yml
+++ b/config/metrics/settings/20210216180843_provider.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180845_enabled.yml
+++ b/config/metrics/settings/20210216180845_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180847_enabled.yml
+++ b/config/metrics/settings/20210216180847_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180849_direct_upload.yml
+++ b/config/metrics/settings/20210216180849_direct_upload.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180851_background_upload.yml
+++ b/config/metrics/settings/20210216180851_background_upload.yml
@ -16,6 +16,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180852_provider.yml
+++ b/config/metrics/settings/20210216180852_provider.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180854_enabled.yml
+++ b/config/metrics/settings/20210216180854_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180856_enabled.yml
+++ b/config/metrics/settings/20210216180856_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180858_direct_upload.yml
+++ b/config/metrics/settings/20210216180858_direct_upload.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180900_background_upload.yml
+++ b/config/metrics/settings/20210216180900_background_upload.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180902_provider.yml
+++ b/config/metrics/settings/20210216180902_provider.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180903_enabled.yml
+++ b/config/metrics/settings/20210216180903_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180905_enabled.yml
+++ b/config/metrics/settings/20210216180905_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180907_direct_upload.yml
+++ b/config/metrics/settings/20210216180907_direct_upload.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180909_background_upload.yml
+++ b/config/metrics/settings/20210216180909_background_upload.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180911_provider.yml
+++ b/config/metrics/settings/20210216180911_provider.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180913_enabled.yml
+++ b/config/metrics/settings/20210216180913_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type:
 - customer_health_score
 milestone: "<13.9"
--- a/config/metrics/settings/20210216180915_enabled.yml
+++ b/config/metrics/settings/20210216180915_enabled.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180916_direct_upload.yml
+++ b/config/metrics/settings/20210216180916_direct_upload.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180918_background_upload.yml
+++ b/config/metrics/settings/20210216180918_background_upload.yml
@ -15,6 +15,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216180920_provider.yml
+++ b/config/metrics/settings/20210216180920_provider.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216183241_filesystems.yml
+++ b/config/metrics/settings/20210216183241_filesystems.yml
@ -14,5 +14,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210216183248_pg_system_id.yml
+++ b/config/metrics/settings/20210216183248_pg_system_id.yml
@ -14,6 +14,10 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
 milestone: "<13.9"
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/54332
--- a/config/metrics/settings/20210225045628_operating_system.yml
+++ b/config/metrics/settings/20210225045628_operating_system.yml
@ -17,4 +17,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
--- a/config/metrics/settings/20210321224827_gitaly_apdex.yml
+++ b/config/metrics/settings/20210321224827_gitaly_apdex.yml
@ -17,4 +17,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 performance_indicator_type: []
--- a/config/metrics/settings/20210323120839_topology.yml
+++ b/config/metrics/settings/20210323120839_topology.yml
@ -16,5 +16,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: 'config/metrics/objects_schemas/topology_schema.json'
 performance_indicator_type: []
--- a/config/metrics/settings/20210702140138_collected_data_categories.yml
+++ b/config/metrics/settings/20210702140138_collected_data_categories.yml
@ -18,5 +18,9 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: 'config/metrics/objects_schemas/collected_data_categories_schema.json'
 performance_indicator_type: []
--- a/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20210812202137_smtp_encrypted_secrets_enabled.yml
@ -17,3 +17,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20210915152326_service_ping_features_enabled.yml
+++ b/config/metrics/settings/20210915152326_service_ping_features_enabled.yml
@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20211124061450_snowplow_enabled.yml
+++ b/config/metrics/settings/20211124061450_snowplow_enabled.yml
@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml
+++ b/config/metrics/settings/20211124085521_snowplow_configured_to_gitlab_collector_hostname.yml
@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20211201012652_flavor.yml
+++ b/config/metrics/settings/20211201012652_flavor.yml
@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml
+++ b/config/metrics/settings/20220222181654_certificate_based_clusters_ff.yml
@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml
+++ b/config/metrics/settings/20221015152126_deactivate_dormant_users_enabled.yml
@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml
+++ b/config/metrics/settings/20221015161233_deactivate_dormant_users_period.yml
@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20230125220526_incoming_email_encrypted_secrets_enabled.yml
@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml
+++ b/config/metrics/settings/20230125221700_service_desk_email_encrypted_secrets_enabled.yml
@ -18,3 +18,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml
+++ b/config/metrics/settings/20230203164341_index_inconsistencies_metric.yml
@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/index_inconsistencies_metric.json"
--- a/config/metrics/settings/20230328165533_mode.yml
+++ b/config/metrics/settings/20230328165533_mode.yml
@ -19,3 +19,7 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
--- a/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml
+++ b/config/metrics/settings/20230602180038_batched_background_migrations_metric.yml
@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/batched_background_migrations_metric.json"
--- a/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml
+++ b/config/metrics/settings/20230612132238_schema_inconsistencies_metric.yml
@ -19,4 +19,8 @@ tier:
 - free
 - premium
 - ultimate
+tiers:
+- free
+- premium
+- ultimate
 value_json_schema: "config/metrics/objects_schemas/schema_inconsistencies_metric.json"
--- a/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
+++ b/config/metrics/settings/20240425162824_instance_runner_registration_token_allowed.yml
@ -18,3 +18,7 @@ tier:
  - free
  - premium
  - ultimate
+tiers:
+  - free
+  - premium
+  - ultimate
--- a/config/metrics/settings/20240607181654_observability_features_ff.yml
+++ b/config/metrics/settings/20240607181654_observability_features_ff.yml
@ -15,3 +15,5 @@ distribution:
 - ee
 tier:
 - ultimate
+tiers:
+- ultimate
--- a/db/migrate/20241021123147_allow_null_file_checksum_in_xray_reports.rb
+++ b/db/migrate/20241021123147_allow_null_file_checksum_in_xray_reports.rb
@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class AllowNullFileChecksumInXrayReports < Gitlab::Database::Migration[2.2]
+  milestone '17.6'
+
+  def change
+    change_column_null :xray_reports, :file_checksum, true
+  end
+end
--- a/db/schema_migrations/20241021123147
+++ b/db/schema_migrations/20241021123147
@ -0,0 +1 @@
+b7dcafc4a5211261d39d17e8879a445297297faa021b739f36435774790d1987
--- a/db/structure.sql
+++ b/db/structure.sql
@ -21490,7 +21490,7 @@ CREATE TABLE xray_reports (
    updated_at timestamp with time zone NOT NULL,
    lang text NOT NULL,
    payload jsonb NOT NULL,
-    file_checksum bytea NOT NULL,
+    file_checksum bytea,
    CONSTRAINT check_6da5a3b473 CHECK ((char_length(lang) <= 255))
 );

--- a/doc/.vale/gitlab_base/SubstitutionWarning.yml
+++ b/doc/.vale/gitlab_base/SubstitutionWarning.yml
@ -40,6 +40,8 @@ swap:
  installation from source: self-compiled installation
  installations from source: self-compiled installations
  it is recommended: "you should"
+  life cycle: "lifecycle"
+  life-cycle: "lifecycle"
  log in: "sign in"
  log-in: "sign in"
  logged in user: "authenticated user"
--- a/doc/administration/dedicated/configure_instance.md
+++ b/doc/administration/dedicated/configure_instance.md
@ -447,14 +447,6 @@ To manage your own email notification preferences:

 You will see an alert confirming that your notification preferences have been updated.

-Switchboard Tenant Admins can also manage email notifications for other users with access to their organization's tenant:
-
-1. From the **Users** page, open the dropdown in the **Email notifications** column next to the user's email.
-1. To turn off email notifications for that user, select **No**.
-1. To turn on email notifications for that user, select **Yes**.
-
-You will see an alert confirming that your notification preferences have been updated.
-
 ### Application logs

 GitLab delivers [application logs](../../administration/logs/index.md) to an Amazon S3 bucket in the GitLab tenant account, which can be shared with you.
--- a/doc/ci/img/get_started_cicd_v16_11.png
+++ b/doc/ci/img/get_started_cicd_v16_11.png
--- a/doc/ci/runners/runners_scope.md
+++ b/doc/ci/runners/runners_scope.md
@ -526,6 +526,11 @@ When you delete a project runner, it is permanently deleted from the GitLab inst
 no longer be used by projects. If you want to temporarily stop the runner from accepting
 jobs, you can [pause](#pause-or-resume-a-project-runner) the runner instead.

+When you delete a runner, its configuration still exists in the runner host's `config.toml` file.
+If the deleted runner's configuration is still present in this file, the runner host continues to contact GitLab.
+To prevent unnecessary API traffic, you must also
+[unregister the deleted runner](https://docs.gitlab.com/runner/commands/#gitlab-runner-unregister).
+
 1. On the left sidebar, select **Search or go to** and
   find the project where you want to enable the runner.
 1. Select **Settings > CI/CD**.
--- a/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md
+++ b/doc/development/contributing/first_contribution/configure-dev-env-gdk-in-a-box.md
@ -54,6 +54,7 @@ You might need to modify the system configuration (CPU cores and RAM) before sta
 1. In VS Code, install the **Remote - SSH** extension:
   - [VS Code](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-ssh)
   - [VSCodium](https://open-vsx.org/extension/jeanp413/open-remote-ssh)
+1. Make sure that VS Code has access to the local network (**Privacy & Security > Local Network**).
 1. Connect VS Code to the VM:
   - Select **Remote-SSH: Connect to host** from the command palette.
   - Enter the SSH host: `debian@gdk.local`
--- a/doc/development/documentation/metadata.md
+++ b/doc/development/documentation/metadata.md
@ -92,7 +92,7 @@ When this metadata is set on a page:
 The following metadata is optional and is not actively maintained.

 - `feedback`: Set to `false` to not include the "Help & Feedback" footer.
- `noindex`: Set to `false` to prevent the page from being indexed by search engines.
+- `noindex`: Set to `true` to prevent the page from being indexed by search engines.
 - `redirect_to`: Used to control redirects. For more information, see [Redirects in GitLab documentation](redirects.md).
 - `searchbar`: Set to `false` to not include the search bar in the page header.
 - `toc`: Set to `false` to not include the "On this page" navigation.
--- a/doc/development/documentation/styleguide/word_list.md
+++ b/doc/development/documentation/styleguide/word_list.md
@ -1327,6 +1327,12 @@ Instead of:
 - This setting is turned on at the group level.
 - This is a project-level setting.

+## lifecycle, life cycle, life-cycle
+
+Use one word for **lifecycle**. Do not use **life cycle** or **life-cycle**.
+
+([Vale](../testing/vale.md) rule: [`SubstitutionWarning.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/.vale/gitlab_base/SubstitutionWarning.yml))
+
 ## list

 Do not use **list** when referring to a [**dropdown list**](#dropdown-list).
--- a/doc/development/sec/analyzer_development_guide.md
+++ b/doc/development/sec/analyzer_development_guide.md
@ -282,6 +282,41 @@ The [security-report-schema](https://gitlab.com/gitlab-org/security-products/sec
 - [SAST](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/sast-report-format.json)
 - [Secret Detection](https://gitlab.com/gitlab-org/security-products/security-report-schemas/-/blob/master/dist/secret-detection-report-format.json)

+#### Compatibility with report schema
+
+Security reports uploaded as [artifacts](../../user/application_security/index.md#all-tiers) to
+GitLab are [validated](../integrations/secure.md#report-validation) before being
+[ingested](security_report_ingestion_overview.md).
+
+Security report schemas are versioned using SchemaVer: `MODEL-REVISION-ADDITION`. The Sec Section
+is responsible for the
+[`security-report-schemas` project](https://gitlab.com/gitlab-org/security-products/security-report-schemas),
+including the compatibility of GitLab and the schema versions. Schema changes must follow the
+product-wide [deprecation guidelines](../deprecation_guidelines/index.md).
+
+When a new `MODEL` version is introduced, analyzers that adopt the new schema are responsible for
+ensuring that GitLab deployments that do not vendor this new schema version continue to ingest
+security reports without errors or warnings.
+
+This can be accomplished in different ways:
+
+1. Implement support for multiple schema versions in the analyzer. Based on the GitLab version, the
+   analyzer emits a security report using the latest schema version supported by GitLab.
+   - Pro: analyzer can decide at runtime what the best version to utilize is.
+   - Con: implementation effort and increased complexity.
+1. Release a new analyzer major version. Instances that don't vendor the latest `MODEL` schema
+   version continue to use an analyzer version that emits reports using version `MODEL-1`.
+   - Pro: keeps analyzer code simple.
+   - Con: extra analyzer version to maintain.
+1. Delay use of new schema. This relies on `additionalProperties=true`, which allows a report to
+   include properties that are not present in the schema. A new analyzer major version would be
+   released at the usual cadence.
+   - Pro: no extra analyzer to maintain, keep analyzer code simple.
+   - Con: increased risk and/or effort to mitigate the risk of not having the schema validated.
+
+If you are unsure which path to follow, reach-out to the
+[`security-report-schemas` maintainers](https://gitlab.com/groups/gitlab-org/maintainers/security-report-schemas/-/group_members?with_inherited_permissions=exclude).
+
 ### Location of Container Images

 In order to
--- a/doc/legal/corporate_contributor_license_agreement.md
+++ b/doc/legal/corporate_contributor_license_agreement.md
@ -8,14 +8,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Corporate contributor license agreement

 You accept and agree to the following terms and conditions for Your present and
-future Contributions submitted to GitLab B.V.. Except for the license granted
-herein to GitLab B.V. and recipients of software distributed by GitLab B.V., You
+future Contributions submitted to GitLab Inc. Except for the license granted
+herein to GitLab Inc. and recipients of software distributed by GitLab Inc., You
 reserve all right, title, and interest in and to Your Contributions.

 "1." **Definitions:**

  "You" (or "Your") shall mean the copyright owner or legal entity authorized by
-  the copyright owner that is making this Agreement with GitLab B.V.. For legal
+  the copyright owner that is making this Agreement with GitLab Inc. For legal
  entities, the entity making a Contribution and all other entities that
  control, are controlled by, or are under common control with that entity are
  considered to be a single Contributor. For the purposes of this definition,
@ -26,20 +26,20 @@ reserve all right, title, and interest in and to Your Contributions.

  "Contribution" shall mean the code, documentation or other original works of
  authorship, including any modifications or additions to an existing work, that
-  is submitted by You to GitLab B.V. for inclusion in, or documentation of, any
-  of the products owned or managed by GitLab B.V. (the "Work"). For the purposes
+  is submitted by You to GitLab Inc. for inclusion in, or documentation of, any
+  of the products owned or managed by GitLab Inc. (the "Work"). For the purposes
  of this definition, "submitted" means any form of electronic, verbal, or
-  written communication sent to GitLab B.V. or its representatives, including
+  written communication sent to GitLab Inc. or its representatives, including
  but not limited to communication on electronic mailing lists, source code
  control systems, and issue tracking systems that are managed by, or on behalf
-  of, GitLab B.V. for the purpose of discussing and improving the Work, but
+  of, GitLab Inc. for the purpose of discussing and improving the Work, but
  excluding communication that is conspicuously marked or otherwise designated
  in writing by You as "Not a Contribution."

 "2." **Grant of Copyright License:**

  Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
  perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
  copyright license to reproduce, prepare derivative works of, publicly display,
  publicly perform, sublicense, and distribute Your Contributions and such
@ -48,7 +48,7 @@ reserve all right, title, and interest in and to Your Contributions.
 "3." **Grant of Patent License:**

  Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
  perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
  (except as stated in this section) patent license to make, have made, use,
  offer to sell, sell, import, and otherwise transfer the Work, where such
@ -68,7 +68,7 @@ reserve all right, title, and interest in and to Your Contributions.
  writing by You as "Not authorized to submit Contributions on behalf of (name
  of Your corporation here)." Such designations of exclusion for unauthorized
  employees are to be submitted via email to `legal@gitlab.com`. It is Your
-  responsibility to notify GitLab B.V. when any change is required to the list
+  responsibility to notify GitLab Inc. when any change is required to the list
  of designated employees excluded from submitting Contributions on Your behalf.
  Such notification should also be sent via email to `legal@gitlab.com`.

@ -77,7 +77,7 @@ reserve all right, title, and interest in and to Your Contributions.
  You represent that each of Your Contributions is Your original creation.

  Should You wish to submit work that is not Your original creation, You may
-  submit it to GitLab B.V. separately from any Contribution, identifying the
+  submit it to GitLab Inc. separately from any Contribution, identifying the
  complete details of its source and of any license or other restriction
  (including, but not limited to, related patents, trademarks, and license
  agreements) of which you are personally aware, and conspicuously marking the
--- a/doc/legal/individual_contributor_license_agreement.md
+++ b/doc/legal/individual_contributor_license_agreement.md
@ -8,14 +8,14 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 # Individual contributor license agreement

 You accept and agree to the following terms and conditions for Your present and
-future Contributions submitted to GitLab B.V.. Except for the license granted
-herein to GitLab B.V. and recipients of software distributed by GitLab B.V., You
+future Contributions submitted to GitLab Inc. Except for the license granted
+herein to GitLab Inc. and recipients of software distributed by GitLab Inc., You
 reserve all right, title, and interest in and to Your Contributions.

 "1." **Definitions:**

  "You" (or "Your") shall mean the copyright owner or legal entity authorized by
-  the copyright owner that is making this Agreement with GitLab B.V.. For legal
+  the copyright owner that is making this Agreement with GitLab Inc. For legal
  entities, the entity making a Contribution and all other entities that
  control, are controlled by, or are under common control with that entity are
  considered to be a single Contributor. For the purposes of this definition,
@ -26,20 +26,20 @@ reserve all right, title, and interest in and to Your Contributions.

  "Contribution" shall mean any original work of authorship, including any
  modifications or additions to an existing work, that is intentionally
-  submitted by You to GitLab B.V. for inclusion in, or documentation of, any of
-  the products owned or managed by GitLab B.V. (the "Work"). For the purposes of
+  submitted by You to GitLab Inc. for inclusion in, or documentation of, any of
+  the products owned or managed by GitLab Inc. (the "Work"). For the purposes of
  this definition, "submitted" means any form of electronic, verbal, or written
-  communication sent to GitLab B.V. or its representatives, including but not
+  communication sent to GitLab Inc. or its representatives, including but not
  limited to communication on electronic mailing lists, source code control
  systems, and issue tracking systems that are managed by, or on behalf of,
-  GitLab B.V. for the purpose of discussing and improving the Work, but
+  GitLab Inc. for the purpose of discussing and improving the Work, but
  excluding communication that is conspicuously marked or otherwise designated
  in writing by You as "Not a Contribution."

 "2." **Grant of Copyright License:**

  Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
  perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
  copyright license to reproduce, prepare derivative works of, publicly display,
  publicly perform, sublicense, and distribute Your Contributions and such
@ -48,7 +48,7 @@ reserve all right, title, and interest in and to Your Contributions.
 "3." **Grant of Patent License:**

  Subject to the terms and conditions of this Agreement, You hereby grant to
-  GitLab B.V. and to recipients of software distributed by GitLab B.V. a
+  GitLab Inc. and to recipients of software distributed by GitLab Inc. a
  perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
  (except as stated in this section) patent license to make, have made, use,
  offer to sell, sell, import, and otherwise transfer the Work, where such
@ -66,8 +66,8 @@ reserve all right, title, and interest in and to Your Contributions.
  your employer(s) has rights to intellectual property that you create that
  includes your Contributions, you represent that you have received permission
  to make Contributions on behalf of that employer, that your employer has
-  waived such rights for your Contributions to GitLab B.V., or that your
-  employer has executed a separate Corporate CLA with GitLab B.V..
+  waived such rights for your Contributions to GitLab Inc., or that your
+  employer has executed a separate Corporate CLA with GitLab Inc.

 "4." **Contributions:**

@ -78,7 +78,7 @@ reserve all right, title, and interest in and to Your Contributions.
  are associated with any part of Your Contributions.

  Should You wish to submit work that is not Your original creation, You may
-  submit it to GitLab B.V. separately from any Contribution, identifying the
+  submit it to GitLab Inc. separately from any Contribution, identifying the
  complete details of its source and of any license or other restriction
  (including, but not limited to, related patents, trademarks, and license
  agreements) of which you are personally aware, and conspicuously marking the
@ -92,7 +92,7 @@ reserve all right, title, and interest in and to Your Contributions.
  limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT,
  MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

-You agree to notify GitLab B.V. of any facts or circumstances of which you
+You agree to notify GitLab Inc. of any facts or circumstances of which you
 become aware that would make these representations inaccurate in any respect.

 This text is licensed under the
--- a/doc/topics/git/img/get_started_git_v16_11.png
+++ b/doc/topics/git/img/get_started_git_v16_11.png
--- a/doc/update/breaking_window.md
+++ b/doc/update/breaking_window.md
@ -2,7 +2,7 @@
 stage: none
 group: none
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
-noindex: false
+noindex: true
 ---

 # Breaking change deployments on GitLab.com
--- a/doc/user/analytics/index.md
+++ b/doc/user/analytics/index.md
@ -10,7 +10,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 > - Group-level analytics moved to GitLab Premium in 13.9.

 GitLab provides different types of analytics insights at the instance, group, and project level.
-These insights appear on the left sidebar, under [**Analyze**](../project/settings/index.md#disable-project-analytics).
+These insights appear on the left sidebar, under [**Analyze**](../project/settings/index.md#turn-off-project-analytics).

 ## Analytics features

--- a/doc/user/application_security/img/get_started_app_sec_v16_11.png
+++ b/doc/user/application_security/img/get_started_app_sec_v16_11.png
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@ -471,6 +471,7 @@ Audit event types belong to the following product categories.

 | Name | Description | Saved to database | Streamed | Introduced in | Scope |
 |:------------|:------------|:------------------|:---------|:--------------|:--------------|
+| [`project_security_exclusion_applied`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is applied in one of the security scanners | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.6](https://gitlab.com/gitlab-org/gitlab/-/issues/492465) | Project |
 | [`project_security_exclusion_created`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is created | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
 | [`project_security_exclusion_deleted`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is deleted | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
 | [`project_security_exclusion_updated`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/166511) | Triggered when a project security exclusion is updated | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [17.5](https://gitlab.com/gitlab-org/gitlab/-/issues/492464) | Project |
--- a/doc/user/custom_roles.md
+++ b/doc/user/custom_roles.md
@ -25,21 +25,20 @@ For a demo of the custom roles feature, see [[Demo] Ultimate Guest can view code
 You can discuss individual custom role and permission requests in [issue 391760](https://gitlab.com/gitlab-org/gitlab/-/issues/391760).

 NOTE:
-Most custom roles are considered [billable users that use a seat](#billing-and-seat-usage). When you add a user to your group with a custom role, a warning is displayed if you are about to incur additional charges for having more seats than are included in your subscription.
+Most custom roles are considered [billable users that use a seat](#billing-and-seat-usage). When you add a user to your group with a custom role and you are about to incur additional charges for having more seats than are included in your subscription, a warning is displayed.

 ## Available permissions

 For more information on available permissions, see [custom permissions](custom_roles/abilities.md).

 WARNING:
-Depending on the permissions added to a lower base role such as Guest, a user with a custom role might be able to perform actions that are usually restricted to the Maintainer role or higher. For example, if a custom role is Guest plus managing CI/CD variables, a user with this role can manage CI/CD variables added by other Maintainers or Owners for that group or project.
+Depending on the permissions added to a lower base role such as Guest, a user with a custom role might be able to perform actions that are usually restricted to the Maintainer role or higher. For example, if a custom role is Guest plus a permisions to manage CI/CD variables, a user with this role can manage CI/CD variables added by other Maintainers or Owners for that group or project.

 ## Create a custom role

 You create a custom role by adding [permissions](#available-permissions) to a base role.
-
-You can select any number of permissions. For example, you can create a custom role
-with the permission to:
+You can add multiple permissions to that custom role. For example, you can create a custom role
+with the permission to do all of the following:

 - View vulnerability reports.
 - Change the status of vulnerabilities.
@ -129,13 +128,13 @@ Prerequisites:

 To edit a custom role, you can also [use the API](../api/graphql/reference/index.md#mutationmemberroleupdate).

-## Delete the custom role
+## Delete a custom role

 Prerequisites:

 - You must be an administrator or have the Owner role for the group.

-You can remove a custom role from a group only if no members have that role. See [unassign a custom role from a group or project member](#unassign-a-custom-role-from-a-group-or-project-member).
+You can't remove a custom role from a group if there are members assigned that role. See [unassign a custom role from a group or project member](#unassign-a-custom-role-from-a-group-or-project-member).

 1. On the left sidebar:
   - For self-managed, at the bottom, select **Admin**.
@ -144,7 +143,7 @@ You can remove a custom role from a group only if no members have that role. See
 1. Select **Custom Roles**.
 1. In the **Actions** column, select **Delete role** (**{remove}**) and confirm.

-You can also [use the API](../api/graphql/reference/index.md#mutationmemberroledelete) to delete a custom role. To use the API, you must know the `id` of the custom role. If you do not know this `id`, find it by making an [API request on the group](../api/graphql/reference/index.md#groupmemberroles) or an [API request on the instance](../api/graphql/reference/index.md#querymemberroles).
+You can also [use the API](../api/graphql/reference/index.md#mutationmemberroledelete) to delete a custom role. To use the API, you must provide the `id` of the custom role. If you do not know this `id`, you can find it by making an [API request on the group](../api/graphql/reference/index.md#groupmemberroles) or an [API request on the instance](../api/graphql/reference/index.md#querymemberroles).

 ## Add a user with a custom role to your group or project

@ -160,7 +159,7 @@ To add a user with a custom role:
 - To a group, see [add users to a group](group/index.md#add-users-to-a-group).
 - To a project, see [add users to a project](project/members/index.md#add-users-to-a-project).

-If a group or project member has a custom role, the [group or project members list](group/index.md#view-group-members) displays "Custom Role" in the **Max role** column of the table.
+If a group or project member has a custom role, the [group or project members list](group/index.md#view-group-members) displays **Custom Role** in the **Max role** column of the table.

 ## Assign a custom role to an existing group or project member

@ -244,7 +243,7 @@ curl --request PUT --header "Content-Type: application/json" --header "Authoriza

 ## Inheritance

-If a user belongs to a group, they are a _direct member_ of the group
+If a user belongs to a group, they are a direct member of the group
 and an [inherited member](project/members/index.md#membership-types)
 of any subgroups or projects. If a user is assigned a custom role
 by the top-level group, the permissions of the role are also inherited by subgroups
@ -256,12 +255,12 @@ For example, assume the following structure exists:
  - Subgroup B
    - Project 1

-If a custom role with Developer + `Manage CI/CD variables` permission is assigned to Group A,
-the user also has `Manage CI/CD variables` permission for Subgroup B and Project 1.
+If a custom role with the Developer role plus the `Manage CI/CD variables` permission is assigned to Group A,
+the user also has `Manage CI/CD variables` permission in Subgroup B and Project 1.

 ## Billing and seat usage

-When you enable a custom role for a user with the Guest role, that user has
+When you assign a custom role to a user with the Guest role, that user has
 access to elevated permissions over the base role, and therefore:

 - Is considered a [billable user](../subscriptions/self_managed/index.md#billable-users) on self-managed GitLab.
@ -302,6 +301,7 @@ Group B invites Group A. The following table shows the maximum role that each th
 | Group B invites Group A with Developer + `admin_vulnerability` | Guest  | Guest + `read_code` | Guest + `read_vulnerability` | Developer                    | Developer + `admin_vulnerability` |

 When User C is invited to Group B with the same default role (Guest), but different custom permissions with the same base access level (`read_code` and `read_vulnerability`), User C retains the custom permission from Group A (`read_vulnerability`).
+The ability to assign a custom role when sharing a group to a project can be tracked in [issue 468329](https://gitlab.com/gitlab-org/gitlab/-/issues/468329).

 ## Supported objects

--- a/doc/user/get_started/img/get_started_code_workflow_v16_11.png
+++ b/doc/user/get_started/img/get_started_code_workflow_v16_11.png
--- a/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png
+++ b/doc/user/get_started/img/get_started_managing_infrastructure_v16_11.png
--- a/doc/user/get_started/img/get_started_monitor_app_v17_3.png
+++ b/doc/user/get_started/img/get_started_monitor_app_v17_3.png
--- a/Show More
+++ b/Show More
				`@ -0,0 +1 @@`
				`b7dcafc4a5211261d39d17e8879a445297297faa021b739f36435774790d1987`