Add latest changes from gitlab-org/gitlab@master

2023-09-06 12:11:01 +00:00 · 2023-09-06 12:11:01 +00:00 · e08e64feb7
parent 57257d511c
commit e08e64feb7
39 changed files with 302 additions and 77 deletions
--- a/.gitlab/ci/cng/main.gitlab-ci.yml
+++ b/.gitlab/ci/cng/main.gitlab-ci.yml
@ -49,7 +49,6 @@ include:
    EE_PIPELINE: "${EE_PIPELINE}"  # Based on https://docs.gitlab.com/ee/ci/jobs/job_control.html#check-if-a-variable-exists, `if: '$EE_PIPELINE'` will evaluate to `false` when this variable is empty
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: "${GITLAB_ELASTICSEARCH_INDEXER_VERSION}"
    GITLAB_KAS_VERSION: "${GITLAB_KAS_VERSION}"
-    GITLAB_METRICS_EXPORTER_VERSION: "${GITLAB_METRICS_EXPORTER_VERSION}"
    GITLAB_PAGES_VERSION: "${GITLAB_PAGES_VERSION}"
    GITLAB_SHELL_VERSION: "${GITLAB_SHELL_VERSION}"
    GITLAB_WORKHORSE_VERSION: "${GITLAB_WORKHORSE_VERSION}"
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@ -84,7 +84,6 @@ trigger-omnibus:
    GITALY_SERVER_VERSION: $GITALY_SERVER_VERSION
    GITLAB_ELASTICSEARCH_INDEXER_VERSION: $GITLAB_ELASTICSEARCH_INDEXER_VERSION
    GITLAB_KAS_VERSION: $GITLAB_KAS_VERSION
-    GITLAB_METRICS_EXPORTER_VERSION: $GITLAB_METRICS_EXPORTER_VERSION
    GITLAB_PAGES_VERSION: $GITLAB_PAGES_VERSION
    GITLAB_SHELL_VERSION: $GITLAB_SHELL_VERSION
    GITLAB_WORKHORSE_VERSION: $GITLAB_WORKHORSE_VERSION
--- a/.gitlab/ci/review-apps/main.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/main.gitlab-ci.yml
@ -40,7 +40,6 @@ review-build-cng-env:
      GITALY_SERVER_VERSION
      GITLAB_ELASTICSEARCH_INDEXER_VERSION
      GITLAB_KAS_VERSION
-      GITLAB_METRICS_EXPORTER_VERSION
      GITLAB_PAGES_VERSION
      GITLAB_SHELL_VERSION
      scripts/trigger-build.rb
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -620,7 +620,6 @@
  - gems/**/*
  - VERSION
  - GITLAB_WORKHORSE_VERSION
-  - GITLAB_METRICS_EXPORTER_VERSION
  - GITLAB_SHELL_VERSION
  - GITALY_SERVER_VERSION

--- a/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-gdk/main.gitlab-ci.yml
@ -26,6 +26,7 @@ variables:
  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}:bundler-2.3-git-2.36-lfs-2.9-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-gcloud-383-kubectl-1.23
  extends:
    - .qa-cache
+    - .default-retry
  stage: test
  services:
    - docker:${DOCKER_VERSION}-dind
--- a/1
+++ b/1
@ -1 +0,0 @@
-862528b4c59ddb9b266552f53e133cfba38c9765
--- a/app/assets/javascripts/jobs/components/log/line_header.vue
+++ b/app/assets/javascripts/jobs/components/log/line_header.vue
@ -62,12 +62,12 @@ export default {

 <template>
  <div
-    class="log-line collapsible-line d-flex justify-content-between ws-normal gl-align-items-flex-start"
+    class="log-line collapsible-line d-flex justify-content-between ws-normal gl-align-items-flex-start gl-relative"
    :class="{ 'gl-bg-gray-700': isHighlighted || applyHashHighlight }"
    role="button"
    @click="handleOnClick"
  >
-    <gl-icon :name="iconName" class="arrow position-absolute" />
+    <gl-icon :name="iconName" class="arrow gl-absolute gl-top-2" />
    <line-number :line-number="line.lineNumber" :path="path" />
    <span
      v-for="(content, i) in line.content"
--- a/app/assets/stylesheets/framework/job_log.scss
+++ b/app/assets/stylesheets/framework/job_log.scss
@ -6,7 +6,7 @@
  word-break: break-all;
  word-wrap: break-word;
  color: color-yiq($builds-log-bg);
-  border-radius: $border-radius-small;
+  border-radius: 0 0 $border-radius-default $border-radius-default;
  min-height: 42px;
  background-color: $builds-log-bg;
 }
--- a/app/assets/stylesheets/framework/mixins.scss
+++ b/app/assets/stylesheets/framework/mixins.scss
@ -263,7 +263,7 @@
@mixin build-log-top-bar($height) {
  @include build-log-bar($height);
  position: sticky;
-  top: $calc-application-header-height;
+  top: calc(#{$calc-application-header-height} - 1px);
 }

 /*
--- a/app/assets/stylesheets/page_bundles/build.scss
+++ b/app/assets/stylesheets/page_bundles/build.scss
@ -15,6 +15,9 @@

  .top-bar {
    @include build-log-top-bar(50px);
+    z-index: 2;
+    border-radius: $border-radius-default $border-radius-default 0 0;
+    box-shadow: 0 -2px 0 0 var(--white);

    &.has-archived-block {
      top: calc(#{$calc-application-header-height} + 28px);
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@ -801,8 +801,13 @@ class ApplicationSetting < MainClusterwide::ApplicationRecord
  attr_encrypted :ai_access_token, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false)
  attr_encrypted :vertex_ai_credentials, encryption_options_base_32_aes_256_gcm.merge(encode: false, encode_iv: false)

+  # Restricting the validation to `on: :update` only to avoid cyclical dependencies with
+  # License <--> ApplicationSetting. This method calls a license check when we create
+  # ApplicationSetting from defaults which in turn depends on ApplicationSetting record.
+  # The currect default is defined in the `defaults` method so we don't need to validate
+  # it here.
  validates :disable_feed_token,
-    inclusion: { in: [true, false], message: N_('must be a boolean value') }
+    inclusion: { in: [true, false], message: N_('must be a boolean value') }, on: :update

  validates :disable_admin_oauth_scopes,
    inclusion: { in: [true, false], message: N_('must be a boolean value') }
--- a/config/feature_flags/development/feature_available_check_with_usage_ping.yml
+++ b/config/feature_flags/development/feature_available_check_with_usage_ping.yml
@ -1,8 +0,0 @@
---
-name: feature_available_check_with_usage_ping
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/129723
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/422614
-milestone: '16.4'
-type: development
-group: group::pipeline execution
-default_enabled: false
--- a/config/gitlab_loose_foreign_keys.yml
+++ b/config/gitlab_loose_foreign_keys.yml
@ -227,6 +227,10 @@ external_pull_requests:
  - table: projects
    column: project_id
    on_delete: async_delete
+members:
+  - table: users
+    column: user_id
+    on_delete: async_delete
 merge_request_metrics:
  - table: ci_pipelines
    column: pipeline_id
--- a/db/migrate/20230808135859_update_ci_max_total_yaml_size_bytes_default_value.rb
+++ b/db/migrate/20230808135859_update_ci_max_total_yaml_size_bytes_default_value.rb
@ -6,9 +6,12 @@ class UpdateCiMaxTotalYamlSizeBytesDefaultValue < Gitlab::Database::Migration[2.
  restrict_gitlab_migration gitlab_schema: :gitlab_main

  def up
+    # 2147483647 is the max int value.
    execute <<~SQL
-    UPDATE application_settings
-    SET ci_max_total_yaml_size_bytes = max_yaml_size_bytes * ci_max_includes
+      UPDATE application_settings
+      SET ci_max_total_yaml_size_bytes =
+      CASE WHEN max_yaml_size_bytes * ci_max_includes >= 2147483647
+      THEN 2147483647 ELSE max_yaml_size_bytes * ci_max_includes END
    SQL
  end

--- a/db/migrate/20230817040352_init_bigint_conversion_for_shared_runners_duration.rb
+++ b/db/migrate/20230817040352_init_bigint_conversion_for_shared_runners_duration.rb
@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class InitBigintConversionForSharedRunnersDuration < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  TABLE_NAMES = %i[ci_project_monthly_usages ci_namespace_monthly_usages]
+  COLUMN_NAMES = %i[shared_runners_duration]
+
+  def up
+    TABLE_NAMES.each do |table_name|
+      initialize_conversion_of_integer_to_bigint table_name, COLUMN_NAMES
+    end
+  end
+
+  def down
+    TABLE_NAMES.each do |table_name|
+      revert_initialize_conversion_of_integer_to_bigint table_name, COLUMN_NAMES
+    end
+  end
+end
--- a/db/migrate/20230905040539_add_foreign_key_for_ci_pipeline_chat_data_for_pipeline_id_bigint.rb
+++ b/db/migrate/20230905040539_add_foreign_key_for_ci_pipeline_chat_data_for_pipeline_id_bigint.rb
@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class AddForeignKeyForCiPipelineChatDataForPipelineIdBigint < Gitlab::Database::Migration[2.1]
+  TABLE_NAME = :ci_pipeline_chat_data
+  REFERENCING_TABLE_NAME = :ci_pipelines
+  COLUMN_NAME = :pipeline_id_convert_to_bigint
+
+  disable_ddl_transaction!
+
+  def up
+    add_concurrent_foreign_key(
+      TABLE_NAME, REFERENCING_TABLE_NAME,
+      column: COLUMN_NAME, on_delete: :cascade, reverse_lock_order: true
+    )
+  end
+
+  def down
+    remove_foreign_key_if_exists TABLE_NAME, column: COLUMN_NAME
+  end
+end
--- a/db/post_migrate/20230817050946_backfill_shared_runners_duration_for_project_bigint_conversion.rb
+++ b/db/post_migrate/20230817050946_backfill_shared_runners_duration_for_project_bigint_conversion.rb
@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class BackfillSharedRunnersDurationForProjectBigintConversion < Gitlab::Database::Migration[2.1]
+  restrict_gitlab_migration gitlab_schema: :gitlab_ci
+
+  TABLE_NAME = :ci_project_monthly_usages
+  COLUMN_NAMES = %i[shared_runners_duration]
+
+  def up
+    backfill_conversion_of_integer_to_bigint(TABLE_NAME, COLUMN_NAMES, sub_batch_size: 250)
+  end
+
+  def down
+    revert_backfill_conversion_of_integer_to_bigint(TABLE_NAME, COLUMN_NAMES)
+  end
+end
--- a/db/post_migrate/20230818050946_backfill_shared_runners_duration_for_namespace_bigint_conversion.rb
+++ b/db/post_migrate/20230818050946_backfill_shared_runners_duration_for_namespace_bigint_conversion.rb
@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class BackfillSharedRunnersDurationForNamespaceBigintConversion < Gitlab::Database::Migration[2.1]
+  restrict_gitlab_migration gitlab_schema: :gitlab_ci
+
+  TABLE_NAME = :ci_namespace_monthly_usages
+  COLUMN_NAMES = %i[shared_runners_duration]
+
+  def up
+    backfill_conversion_of_integer_to_bigint(TABLE_NAME, COLUMN_NAMES, sub_batch_size: 250)
+  end
+
+  def down
+    revert_backfill_conversion_of_integer_to_bigint(TABLE_NAME, COLUMN_NAMES)
+  end
+end
--- a/db/post_migrate/20230823144846_remove_users_members_user_id_fk.rb
+++ b/db/post_migrate/20230823144846_remove_users_members_user_id_fk.rb
@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+class RemoveUsersMembersUserIdFk < Gitlab::Database::Migration[2.1]
+  disable_ddl_transaction!
+
+  FOREIGN_KEY_NAME = "fk_2e88fb7ce9"
+
+  def up
+    return unless foreign_key_exists?(:members, :users, name: FOREIGN_KEY_NAME)
+
+    with_lock_retries do
+      remove_foreign_key_if_exists(:members, :users,
+        name: FOREIGN_KEY_NAME, reverse_lock_order: true)
+    end
+  end
+
+  def down
+    add_concurrent_foreign_key(:members, :users,
+      name: FOREIGN_KEY_NAME, column: :user_id,
+      target_column: :id, on_delete: :cascade)
+  end
+end
--- a/db/schema_migrations/20230817040352
+++ b/db/schema_migrations/20230817040352
@ -0,0 +1 @@
+0a51924454fb9fa8dbc4c7b757ef8f75afba9d45ade4b5a6afcc3885e95d3cdd
--- a/db/schema_migrations/20230817050946
+++ b/db/schema_migrations/20230817050946
@ -0,0 +1 @@
+9c51f4c28764dcb2e6ed5edcb485e9ff2c17973e6aad114cbf4ea816b7c6adb7
--- a/db/schema_migrations/20230818050946
+++ b/db/schema_migrations/20230818050946
@ -0,0 +1 @@
+ad22f41707b094bd7002ddcfa378437c4599a55bbfef12bb66f2775678c3c785
--- a/db/schema_migrations/20230823144846
+++ b/db/schema_migrations/20230823144846
@ -0,0 +1 @@
+eee2ddb8ebb459f2d7cb8144786f373604e33f4aa31b70f9709e2422bbf5c896
--- a/db/schema_migrations/20230905040539
+++ b/db/schema_migrations/20230905040539
@ -0,0 +1 @@
+f9bebf09d3265a506ab0f783cfd2a77415b05be27684c30998bd702a67ffc6b1
--- a/db/structure.sql
+++ b/db/structure.sql
@ -341,6 +341,15 @@ BEGIN
 END;
 $$;

+CREATE FUNCTION trigger_bbb95b2d6929() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  NEW."shared_runners_duration_convert_to_bigint" := NEW."shared_runners_duration";
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION trigger_bfad0e2b9c86() RETURNS trigger
    LANGUAGE plpgsql
    AS $$
@ -350,6 +359,15 @@ BEGIN
 END;
 $$;

+CREATE FUNCTION trigger_c0353bbb6145() RETURNS trigger
+    LANGUAGE plpgsql
+    AS $$
+BEGIN
+  NEW."shared_runners_duration_convert_to_bigint" := NEW."shared_runners_duration";
+  RETURN NEW;
+END;
+$$;
+
 CREATE FUNCTION unset_has_issues_on_vulnerability_reads() RETURNS trigger
    LANGUAGE plpgsql
    AS $$
@ -13709,6 +13727,7 @@ CREATE TABLE ci_namespace_monthly_usages (
    shared_runners_duration integer DEFAULT 0 NOT NULL,
    created_at timestamp with time zone,
    amount_used numeric(18,4) DEFAULT 0.0 NOT NULL,
+    shared_runners_duration_convert_to_bigint bigint DEFAULT 0 NOT NULL,
    CONSTRAINT ci_namespace_monthly_usages_year_month_constraint CHECK ((date = date_trunc('month'::text, (date)::timestamp with time zone)))
 );

@ -13995,6 +14014,7 @@ CREATE TABLE ci_project_monthly_usages (
    shared_runners_duration integer DEFAULT 0 NOT NULL,
    created_at timestamp with time zone,
    amount_used numeric(18,4) DEFAULT 0.0 NOT NULL,
+    shared_runners_duration_convert_to_bigint bigint DEFAULT 0 NOT NULL,
    CONSTRAINT ci_project_monthly_usages_year_month_constraint CHECK ((date = date_trunc('month'::text, (date)::timestamp with time zone)))
 );

@ -35980,8 +36000,12 @@ CREATE TRIGGER trigger_7f3d66a7d7f5 BEFORE INSERT OR UPDATE ON ci_pipeline_varia

 CREATE TRIGGER trigger_b2d852e1e2cb BEFORE INSERT OR UPDATE ON ci_pipelines FOR EACH ROW EXECUTE FUNCTION trigger_b2d852e1e2cb();

+CREATE TRIGGER trigger_bbb95b2d6929 BEFORE INSERT OR UPDATE ON ci_project_monthly_usages FOR EACH ROW EXECUTE FUNCTION trigger_bbb95b2d6929();
+
 CREATE TRIGGER trigger_bfad0e2b9c86 BEFORE INSERT OR UPDATE ON ci_pipeline_messages FOR EACH ROW EXECUTE FUNCTION trigger_bfad0e2b9c86();

+CREATE TRIGGER trigger_c0353bbb6145 BEFORE INSERT OR UPDATE ON ci_namespace_monthly_usages FOR EACH ROW EXECUTE FUNCTION trigger_c0353bbb6145();
+
 CREATE TRIGGER trigger_delete_project_namespace_on_project_delete AFTER DELETE ON projects FOR EACH ROW WHEN ((old.project_namespace_id IS NOT NULL)) EXECUTE FUNCTION delete_associated_project_namespace();

 CREATE TRIGGER trigger_has_external_issue_tracker_on_delete AFTER DELETE ON integrations FOR EACH ROW WHEN ((((old.category)::text = 'issue_tracker'::text) AND (old.active = true) AND (old.project_id IS NOT NULL))) EXECUTE FUNCTION set_has_external_issue_tracker();
@ -36219,9 +36243,6 @@ ALTER TABLE ONLY deployment_approvals
 ALTER TABLE ONLY notes
    ADD CONSTRAINT fk_2e82291620 FOREIGN KEY (review_id) REFERENCES reviews(id) ON DELETE SET NULL;

-ALTER TABLE ONLY members
-    ADD CONSTRAINT fk_2e88fb7ce9 FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE;
-
 ALTER TABLE ONLY lfs_objects_projects
    ADD CONSTRAINT fk_2eb33f7a78 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE NOT VALID;

@ -36393,6 +36414,9 @@ ALTER TABLE ONLY approval_merge_request_rules
 ALTER TABLE ONLY deploy_keys_projects
    ADD CONSTRAINT fk_58a901ca7e FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;

+ALTER TABLE ONLY ci_pipeline_chat_data
+    ADD CONSTRAINT fk_5b21bde562 FOREIGN KEY (pipeline_id_convert_to_bigint) REFERENCES ci_pipelines(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY dependency_list_exports
    ADD CONSTRAINT fk_5b3d11e1ef FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL;

--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@ -255,7 +255,7 @@ While troubleshooting CI/CD job token authentication issues, be aware that:
 - A [GraphQL example mutation](../../api/graphql/getting_started.md#update-project-settings)
  is available to toggle the scope settings per project.
 - [This comment](https://gitlab.com/gitlab-org/gitlab/-/issues/351740#note_1335673157)
-  demonstrates how to use graphQL with Bash and cURL to:
+  demonstrates how to use GraphQL with Bash and cURL to:
  - Enable the inbound token access scope.
  - Give access to project B from project A, or add B to A's allowlist.
  - To remove project access.
--- a/doc/ci/runners/runners_scope.md
+++ b/doc/ci/runners/runners_scope.md
@ -52,15 +52,24 @@ To create a shared runner:
 1. Select **Admin Area**.
 1. On the left sidebar, select **CI/CD > Runners**.
 1. Select **New instance runner**.
-1. Select a platform.
-1. Optional. Enter configurations for the runner.
-1. Select **Submit**.
-1. Follow the on-screen instructions to register the runner from the command line.
+1. Select the operating system where GitLab Runner is installed.
+1. In the **Tags** section, in the **Tags** field, enter the job tags to specify jobs the runner can run.
+   If there are no job tags for this runner, select **Run untagged**.
+1. Optional. In the **Runner description** field, to add a runner description
+   that displays in GitLab, enter a runner description.
+1. Optional. In the **Configuration** section, add additional configurations.
+1. Select **Create runner**.
+1. Follow the on-screen instructions to register the runner from the command line. When prompted by the command line:
+   - For the `GitLab instance URL`, use the URL for your GitLab instance. For example, if your project
+     is hosted on `gitlab.example.com/yourname/yourproject`, your GitLab instance URL is `https://gitlab.example.com`.
+   - For the `executor`, enter the type of [executor](https://docs.gitlab.com/runner/executors/). The executor is the
+     environment where the runner executes the job.

-You can also [create a runner](../../api/users.md#create-a-runner) with the API to generate a runner authentication token.
+You can also [use the API](../../api/users.md#create-a-runner) to create a runner.

 NOTE:
-The runner authentication token displays in the UI for only a short period of time during registration.
+The runner authentication token displays in the UI for a limited period of time during registration. After you register the runner,
+the authentication token is stored in the `config.toml`.

 ### Create a shared runner with a registration token (deprecated)

@ -233,19 +242,28 @@ Prerequisites:
 - You must have the Owner role for the group.

 You can create a group runner for your self-managed GitLab instance or for GitLab.com.
-When you create a runner, it is assigned a runner authentication token that you use to register it. The runner uses the token to authenticate with GitLab when picking up jobs from the job queue.
+When you create a runner, it is assigned a runner authentication token that you use to register it.
+The runner uses the token to authenticate with GitLab when it picks up jobs from the job queue.

 To create a group runner:

 1. On the left sidebar, select **Search or go to** and find your group.
 1. Select **Build > Runners**.
 1. Select **New group runner**.
-1. Select a platform.
-1. Optional. Enter configurations for the runner.
-1. Select **Submit**.
-1. Follow the on-screen instructions to register the runner from the command line.
+1. Select the operating system where GitLab Runner is installed.
+1. In the **Tags** section, in the **Tags** field, enter the job tags to specify jobs the runner can run.
+   If there are no job tags for this runner, select **Run untagged**.
+1. Optional. In the **Runner description** field, add a runner description
+   that displays in GitLab.
+1. Optional. In the **Configuration** section, add additional configurations.
+1. Select **Create runner**.
+1. Follow the on-screen instructions to register the runner from the command line. When prompted by the command line:
+   - For the `GitLab instance URL`, use the URL for your GitLab instance. For example, if your project
+     is hosted on `gitlab.example.com/yourname/yourproject`, your GitLab instance URL is `https://gitlab.example.com`.
+   - For the `executor`, enter the type of [executor](https://docs.gitlab.com/runner/executors/). The executor is the
+     environment where the runner executes the job.

-You can also [create a runner](../../api/users.md#create-a-runner) with the API to generate an authentication token.
+You can also [use the API](../../api/users.md#create-a-runner) to create a runner.

 NOTE:
 The runner authentication token displays in the UI for only a short period of time during registration.
@ -273,19 +291,20 @@ To create a group runner:
 Alternately, you can copy the registration token and follow the documentation for
 how to [register a runner](https://docs.gitlab.com/runner/register/).

-### View and manage group runners
+### View group runners

 > Ability for users with the Maintainer role to view group runners [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/384179) in GitLab 16.4.

-You can view and manage all runners for a group, its subgroups, and projects.
+Prerequisite:
+
+- You must have the Maintainer or Owner role for the group.
+
+You can view all runners for a group and its subgroups and projects.
 You can do this for your self-managed GitLab instance or for GitLab.com.
-You must have the Maintainer role for the group.

 1. On the left sidebar, select **Search or go to** and find your group.
 1. Select **Build > Runners**.

-From this page, you can edit, pause, and remove runners from the group, its subgroups, and projects.
-
 #### Filter group runners to show only inherited

 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/337838/) in GitLab 15.5.
@ -411,7 +430,9 @@ Prerequisites:

 - You must have the Maintainer role for the project.

-You can create a project runner for your self-managed GitLab instance or for GitLab.com. When you create a runner, it is assigned a runner authentication token that you use to register to the runner. The runner uses the token to authenticate with GitLab when picking up jobs from the job queue.
+You can create a project runner for your self-managed GitLab instance or for GitLab.com. When you create a runner,
+it is assigned a runner authentication token that you use to register to the runner. The runner uses the token to
+authenticate with GitLab when it picks up jobs from the job queue.

 To create a project runner:

@ -419,12 +440,20 @@ To create a project runner:
 1. Select **Settings > CI/CD**.
 1. Expand the **Runners** section.
 1. Select **New project runner**.
-1. Select a platform.
-1. Optional. Enter configurations for the runner.
-1. Select **Submit**.
-1. Follow the on-screen instructions to register the runner from the command line.
+1. Select the operating system where GitLab Runner is installed.
+1. In the **Tags** section, in the **Tags** field, enter the job tags to specify jobs the runner can run.
+   If there are no job tags for this runner, select **Run untagged**.
+1. Optional. In the **Runner description** field, add a description for the runner
+   that displays in GitLab.
+1. Optional. In the **Configuration** section, add additional configurations.
+1. Select **Create runner**.
+1. Follow the on-screen instructions to register the runner from the command line. When prompted by the command line:
+   - For the `GitLab instance URL`, use the URL for your GitLab instance. For example, if your project
+     is hosted on `gitlab.example.com/yourname/yourproject`, your GitLab instance URL is `https://gitlab.example.com`.
+   - For the `executor`, enter the type of [executor](https://docs.gitlab.com/runner/executors/). The executor is the
+     environment where the runner executes the job.

-You can also [create a runner](../../api/users.md#create-a-runner) with the API to generate a runner authentication token.
+You can also [use the API](../../api/users.md#create-a-runner) to create a runner.

 NOTE:
 The runner authentication token displays in the UI for only a short period of time during registration.
--- a/doc/ci/runners/saas/linux_saas_runner.md
+++ b/doc/ci/runners/saas/linux_saas_runner.md
@ -29,7 +29,7 @@ The `small` machine type is set as default. If no [tag](../../yaml/index.md#tags
 the jobs will run on this default runner.

 All SaaS runners on Linux currently run on
-[`n2d-standard`](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) gerneral-purpose compute from GCP.
+[`n2d-standard`](https://cloud.google.com/compute/docs/general-purpose-machines#n2d_machines) general-purpose compute from GCP.
 The machine type and underlying processor type can change. Jobs optimized for a specific processor design could behave inconsistently.

 ## Container images
--- a/doc/ci/troubleshooting.md
+++ b/doc/ci/troubleshooting.md
@ -210,6 +210,42 @@ To illustrate its life cycle:
 1. The runner fetches the persistent pipeline ref and gets source code from the checkout-SHA.
 1. When the pipeline finishes, its persistent ref is cleaned up in a background process.

+### `get_sources` job section fails because of an HTTP/2 problem
+
+Sometimes, jobs fail with the following cURL error:
+
+```plaintext
++ git -c 'http.userAgent=gitlab-runner <version>' fetch origin +refs/pipelines/<id>:refs/pipelines/<id> ...
+error: RPC failed; curl 16 HTTP/2 send again with decreased length
+fatal: ...
+```
+
+You can work around this problem by configuring Git and `libcurl` to
+[use HTTP/1.1](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpversion).
+The configuration can be added to:
+
+- A job's [`pre_get_sources_script`](yaml/index.md#hookspre_get_sources_script):
+
+  ```yaml
+  job_name:
+    hooks:
+      pre_get_sources_script:
+        - git config --local http.version "HTTP/1.1"
+  ```
+
+- The [runner's `config.toml`](https://docs.gitlab.com/runner/configuration/advanced-configuration.html)
+  with [Git configuration environment variables](https://git-scm.com/docs/git-config#ENVIRONMENT):
+
+  ```toml
+  [[runners]]
+  ...
+  environment = [
+    "GIT_CONFIG_COUNT=1",
+    "GIT_CONFIG_KEY_1=http.version",
+    "GIT_CONFIG_VALUE_1=HTTP/1.1"
+  ]
+  ```
+
 ### Merge request pipeline messages

 The merge request pipeline widget shows information about the pipeline status in
@ -440,9 +476,9 @@ This flag reduces system resource usage on the `jobs/request` endpoint.
 When enabled, jobs created in the last hour can run in projects which are out of quota.
 Earlier jobs are already canceled by a periodic background worker (`StuckCiJobsWorker`).

-## CI/CD troubleshooting rails console commands
+## CI/CD troubleshooting Rails console commands

-The following commands are run in the [rails console](../administration/operations/rails_console.md#starting-a-rails-console-session).
+The following commands are run in the [Rails console](../administration/operations/rails_console.md#starting-a-rails-console-session).

 WARNING:
 Any command that changes data directly could be damaging if not run correctly, or under the right conditions.
--- a/doc/ci/yaml/artifacts_reports.md
+++ b/doc/ci/yaml/artifacts_reports.md
@ -374,6 +374,6 @@ The `terraform` report obtains a Terraform `tfplan.json` file. [JQ processing re
 The collected Terraform plan report uploads to GitLab as an artifact.

 GitLab can display the results of one or more reports in the merge request
-[terraform widget](../../user/infrastructure/iac/mr_integration.md#output-terraform-plan-information-into-a-merge-request).
+[Terraform widget](../../user/infrastructure/iac/mr_integration.md#output-terraform-plan-information-into-a-merge-request).

 For more information, see [Output `terraform plan` information into a merge request](../../user/infrastructure/iac/mr_integration.md).
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@ -2004,12 +2004,19 @@ at certain stages of job execution, like before retrieving the Git repository.
 > - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/381840) in GitLab 15.10. Feature flag `ci_hooks_pre_get_sources_script` removed.

 Use `hooks:pre_get_sources_script` to specify a list of commands to execute on the runner
-before retrieving the Git repository and any submodules. You can use it
-to adjust the Git client configuration first, for example.
+before cloning the Git repository and any submodules.
+You can use it for example to:

-**Related topics**:
+- Adjust the [Git configuration](../troubleshooting.md#get_sources-job-section-fails-because-of-an-http2-problem).
+- Export [tracing variables](../../topics/git/useful_git_commands.md).

- [GitLab Runner configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section)
+**Possible inputs**: An array including:
+
+- Single line commands.
+- Long commands [split over multiple lines](script.md#split-long-commands).
+- [YAML anchors](yaml_optimization.md#yaml-anchors-for-scripts).
+
+CI/CD variables [are supported](../variables/where_variables_can_be_used.md#gitlab-ciyml-file).

 **Example of `hooks:pre_get_sources_script`**:

@ -2021,6 +2028,10 @@ job1:
  script: echo 'hello job1 script'
 ```

+**Related topics**:
+
+- [GitLab Runner configuration](https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runners-section)
+
 ### `id_tokens`

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356986) in GitLab 15.7.
--- a/doc/development/pipelines/internals.md
+++ b/doc/development/pipelines/internals.md
@ -396,7 +396,6 @@ For this scenario, you have to:
    - `GITALY_SERVER_VERSION`
    - `GITLAB_ELASTICSEARCH_INDEXER_VERSION`
    - `GITLAB_KAS_VERSION`
-    - `GITLAB_METRICS_EXPORTER_VERSION`
    - `GITLAB_PAGES_VERSION`
    - `GITLAB_SHELL_VERSION`
    - `scripts/trigger-build.rb`
--- a/doc/update/versions/gitlab_16_changes.md
+++ b/doc/update/versions/gitlab_16_changes.md
@ -96,17 +96,6 @@ Specific information applies to Linux package installations:

  For more information, see [issue 421629](https://gitlab.com/gitlab-org/gitlab/-/issues/421629).

-### Geo installations
-
-Specific information applies to installations using Geo:
-
- New job artifacts are not replicated by Geo if job artifacts are configured to be stored in object storage and `direct_upload` is enabled. This bug is fixed in GitLab versions 16.1.4,
-  16.2.3, 16.3.0, and later.
-  - Impacted versions: GitLab versions 16.1.0 - 16.1.3 and 16.2.0 - 16.2.2.
-  - While running an affected version, artifacts which appeared to become synced may actually be missing on the secondary site.
-    Affected artifacts are automatically resynced upon upgrade to 16.1.5, 16.2.5, 16.3.1, 16.4.0, or later.
-    You can [manually resync affected job artifacts](https://gitlab.com/gitlab-org/gitlab/-/issues/419742#to-fix-data) if needed.
-
 ### Linux package installations

 Specific information applies to Linux package installations:
@ -126,6 +115,17 @@ Specific information applies to Linux package installations:

 - Git 2.41.0 and later is required by Gitaly. You should use the [Git version provided by Gitaly](../../install/installation.md#git).

+### Geo installations
+
+Specific information applies to installations using Geo:
+
+- New job artifacts are not replicated by Geo if job artifacts are configured to be stored in object storage and `direct_upload` is enabled. This bug is fixed in GitLab versions 16.1.4,
+  16.2.3, 16.3.0, and later.
+  - Impacted versions: GitLab versions 16.1.0 - 16.1.3 and 16.2.0 - 16.2.2.
+  - While running an affected version, artifacts which appeared to become synced may actually be missing on the secondary site.
+    Affected artifacts are automatically resynced upon upgrade to 16.1.5, 16.2.5, 16.3.1, 16.4.0, or later.
+    You can [manually resync affected job artifacts](https://gitlab.com/gitlab-org/gitlab/-/issues/419742#to-fix-data) if needed.
+
 ## 16.1.0

 - A `BackfillPreparedAtMergeRequests` background migration is finalized with
--- a/doc/user/analytics/value_streams_dashboard.md
+++ b/doc/user/analytics/value_streams_dashboard.md
@ -71,11 +71,35 @@ For example, if a project has a high score for Deployment Frequency (Velocity),

 These scoring are based on Google's classifications in the [DORA 2022 Accelerate State of DevOps Report](https://cloud.google.com/blog/products/devops-sre/dora-2022-accelerate-state-of-devops-report-now-out).

+## Enable or disable overview background aggregation **(ULTIMATE SELF)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/120610) in GitLab 16.1 [with a flag](../../administration/feature_flags.md) named `modify_value_stream_dashboard_settings`. Disabled by default.
+> - [Enabled on self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/130704) in GitLab 16.4.
+
+FLAG:
+On self-managed GitLab, by default this feature is available. To hide the feature per project or for your entire instance, an administrator can [disable the feature flag](../../administration/feature_flags.md) named `modify_value_stream_dashboard_settings`.
+On GitLab.com, this feature is not available.
+This feature is not ready for production use.
+
+Prerequisite:
+
+- You must have administrator access to the instance.
+
+To enable or disable the overview count aggregation for the Value Streams Dashboard:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Settings > General**.
+1. Expand **Analytics**.
+1. In **Value Streams Dashboard**, select or clear the **Enable overview background aggregation for Value Streams Dashboard** checkbox.
+
+To retrieve aggregated usage counts in the group, use the [GraphQL API](../../api/graphql/reference/index.md#groupvaluestreamdashboardusageoverview).
+
 ## View the value streams dashboard

 Prerequisite:

 - You must have at least the Reporter role for the group.
+- Overview background aggregation for Value Streams Dashboards must be enabled.

 To view the value streams dashboard:

--- a/doc/user/application_security/configuration/index.md
+++ b/doc/user/application_security/configuration/index.md
@ -1,5 +1,4 @@
 ---
-type: reference, howto
 stage: Secure
 group: Static Analysis
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
@ -7,11 +6,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 # Security configuration **(FREE ALL)**

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/20711) in GitLab 12.6.
-> - SAST configuration was [enabled](https://gitlab.com/groups/gitlab-org/-/epics/3659) in 13.3 and [improved](https://gitlab.com/gitlab-org/gitlab/-/issues/232862) in 13.4.
-> - DAST Profiles feature was [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40474) in 13.4.
-> - A simplified version was made [available in all tiers](https://gitlab.com/gitlab-org/gitlab/-/issues/294076) in GitLab 13.10.
-> - [Redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in 14.2.
+> Security configuration page was [redesigned](https://gitlab.com/gitlab-org/gitlab/-/issues/326926) in GitLab 14.2.

 The **Security configuration** page lists the following for the security testing and compliance tools:

--- a/scripts/decomposition/generate-loose-foreign-key
+++ b/scripts/decomposition/generate-loose-foreign-key
@ -167,8 +167,6 @@ def generate_migration(definition)
      FOREIGN_KEY_NAME = "#{definition.name}"

      def up
-        return unless foreign_key_exists?(:#{definition.from_table}, :#{definition.to_table}, name: FOREIGN_KEY_NAME)
-
        with_lock_retries do
          remove_foreign_key_if_exists(:#{definition.from_table}, :#{definition.to_table},
            name: FOREIGN_KEY_NAME, reverse_lock_order: true)
--- a/spec/lib/gitlab/background_migration/remove_project_group_link_with_missing_groups_spec.rb
+++ b/spec/lib/gitlab/background_migration/remove_project_group_link_with_missing_groups_spec.rb
@ -104,7 +104,8 @@ RSpec.describe Gitlab::BackgroundMigration::RemoveProjectGroupLinkWithMissingGro
    ).perform
  end

-  it 'removes the `project_group_links` records whose associated group does not exist anymore' do
+  it 'removes the `project_group_links` records whose associated group does not exist anymore',
+    quarantine: 'https://gitlab.com/gitlab-org/gitlab/-/issues/424274' do
    group_2.delete

    # Schema is fixed to `20230206172702` on this spec.
--- a/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb
+++ b/spec/lib/gitlab/database/no_cross_db_foreign_keys_spec.rb
@ -18,7 +18,6 @@ RSpec.describe 'cross-database foreign keys' do
      'issues.closed_by_id',                      # https://gitlab.com/gitlab-org/gitlab/-/issues/422154
      'issues.updated_by_id',                     # https://gitlab.com/gitlab-org/gitlab/-/issues/422154
      'issue_assignees.user_id',                  # https://gitlab.com/gitlab-org/gitlab/-/issues/422154
-      'members.user_id',                          # https://gitlab.com/gitlab-org/gitlab/-/issues/422404
      'merge_requests.assignee_id',               # https://gitlab.com/gitlab-org/gitlab/-/issues/422080
      'merge_requests.updated_by_id',             # https://gitlab.com/gitlab-org/gitlab/-/issues/422080
      'merge_requests.merge_user_id',             # https://gitlab.com/gitlab-org/gitlab/-/issues/422080
--- a/spec/models/member_spec.rb
+++ b/spec/models/member_spec.rb
@ -1177,4 +1177,11 @@ RSpec.describe Member, feature_category: :groups_and_projects do
      expect(described_class.sort_by_attribute('oldest_last_activity')).to eq([member3, member2, member1])
    end
  end
+
+  context 'with loose foreign key on members.user_id' do
+    it_behaves_like 'cleanup by a loose foreign key' do
+      let!(:parent) { create(:user) }
+      let!(:model) { create(:group_member, user: parent) }
+    end
+  end
 end
				`@ -0,0 +1 @@`
				`0a51924454fb9fa8dbc4c7b757ef8f75afba9d45ade4b5a6afcc3885e95d3cdd`
				`@ -0,0 +1 @@`
				`9c51f4c28764dcb2e6ed5edcb485e9ff2c17973e6aad114cbf4ea816b7c6adb7`
				`@ -0,0 +1 @@`
				`ad22f41707b094bd7002ddcfa378437c4599a55bbfef12bb66f2775678c3c785`
				`@ -0,0 +1 @@`
				`eee2ddb8ebb459f2d7cb8144786f373604e33f4aa31b70f9709e2422bbf5c896`
				`@ -0,0 +1 @@`
				`f9bebf09d3265a506ab0f783cfd2a77415b05be27684c30998bd702a67ffc6b1`