Add latest changes from gitlab-org/gitlab@14-7-stable-eev14.7.0-rc42

21 files changed, 414 insertions, 279 deletions

diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 5eb96d1addd..71e4571b603 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -6,161 +6,6 @@
 *.rb @gitlab-org/maintainers/rails-backend
 *.rake @gitlab-org/maintainers/rails-backend
 
-[Documentation Directories]
-.markdownlint.yml @marcel.amirault @eread @aqualls @cnorris
-/doc/.markdownlint @marcel.amirault @eread @aqualls @cnorris
-/doc/ @gl-docsteam
-/doc/.vale/ @marcel.amirault @eread @aqualls @cnorris
-/doc/administration/geo/ @axil
-/doc/administration/gitaly/ @eread
-/doc/administration/lfs/ @aqualls
-/doc/administration/monitoring/ @ngaskill
-/doc/administration/operations/ @axil @eread @marcia
-/doc/administration/packages/ @ngaskill
-/doc/administration/pages/ @rdickenson @kpaizee
-/doc/administration/postgresql/ @marcia
-/doc/administration/raketasks/ @axil @eread
-/doc/administration/redis/ @axil
-/doc/administration/reference_architectures/ @axil
-/doc/administration/snippets/ @aqualls
-/doc/administration/troubleshooting @axil @marcia @eread
-/doc/api/graphql/ @msedlakjakubowski @kpaizee
-/doc/api/graphql/reference/ @kpaizee
-/doc/api/group_activity_analytics.md @fneill
-/doc/api/vulnerabilities.md @fneill
-/doc/ci/ @marcel.amirault @sselhorn
-/doc/ci/environments/ @rdickenson
-/doc/ci/services/ @sselhorn
-/doc/ci/test_cases/ @msedlakjakubowski
-/doc/development/ @marcia
-/doc/development/documentation/ @cnorris @dianalogan
-/doc/development/i18n/ @ngaskill
-/doc/development/value_stream_analytics.md @fneill
-/doc/gitlab-basics/ @aqualls
-/doc/install/ @axil
-/doc/operations/ @ngaskill @rdickenson
-/doc/push_rules/ @aqualls
-/doc/security/ @eread
-/doc/ssh/ @eread
-/doc/subscriptions/ @sselhorn
-/doc/topics/autodevops/ @marcia
-/doc/topics/git/ @aqualls
-/doc/update/ @axil @marcia
-/doc/user/analytics/ @fneill @ngaskill
-/doc/user/application_security/ @rdickenson
-/doc/user/application_security/container_scanning/ @ngaskill
-/doc/user/application_security/cluster_image_scanning/ @ngaskill
-/doc/user/application_security/cve_id_request.md @fneill
-/doc/user/application_security/security_dashboard @fneill
-/doc/user/application_security/vulnerabilities @fneill
-/doc/user/application_security/vulnerability_report @fneill
-/doc/user/clusters/ @marcia
-/doc/user/compliance/ @rdickenson @eread
-/doc/user/group/ @msedlakjakubowski
-/doc/user/group/devops_adoption/ @fneill
-/doc/user/group/epics/ @msedlakjakubowski
-/doc/user/group/insights/ @fneill
-/doc/user/group/iterations/ @msedlakjakubowski
-/doc/user/group/roadmap/ @msedlakjakubowski
-/doc/user/group/value_stream_analytics/ @fneill
-/doc/user/infrastructure/ @marcia
-/doc/user/packages/ @ngaskill
-/doc/user/packages/infrastructure_registry/ @marcia
-/doc/user/packages/terraform_module_registry/ @marcia
-/doc/user/profile/ @msedlakjakubowski @eread
-/doc/user/project/ @aqualls @rdickenson @eread @msedlakjakubowski @ngaskill
-/doc/user/project/clusters/ @marcia
-/doc/user/project/import/ @ngaskill @msedlakjakubowski
-/doc/user/project/issues/ @msedlakjakubowski
-/doc/user/project/merge_requests/ @aqualls @eread
-/doc/user/project/milestones/ @msedlakjakubowski
-/doc/user/project/pages/ @rdickenson
-/doc/user/project/repository/ @aqualls
-/doc/user/project/settings/ @aqualls @eread
-/doc/user/project/static_site_editor/index.md @aqualls
-/doc/user/project/web_ide/index.md @aqualls
-/doc/user/project/wiki/index.md @aqualls
-/doc/user/search/ @marcia @aqualls
-/doc/user/workspace/ @fneill 
-
-[Docs Create]
-/doc/administration/file_hooks.md @aqualls
-/doc/administration/git_protocol.md @aqualls
-/doc/administration/invalidate_markdown_cache.md @aqualls
-/doc/administration/issue_closing_pattern.md @aqualls
-/doc/administration/merge_request_diffs.md @aqualls
-/doc/administration/repository_checks.md @aqualls
-/doc/administration/static_objects_external_storage.md @aqualls
-/doc/api/access_requests.md @aqualls
-/doc/api/branches.md @aqualls
-/doc/api/commits.md @aqualls
-/doc/api/discussions.md @aqualls
-/doc/api/group_wikis.md @aqualls
-/doc/api/keys.md @aqualls
-/doc/api/markdown.md @aqualls
-/doc/api/merge_request_approvals.md @aqualls
-/doc/api/merge_request_context_commits.md @aqualls
-/doc/api/merge_requests.md @aqualls
-/doc/api/project_aliases.md @aqualls
-/doc/api/project_badges.md @aqualls
-/doc/api/project_import_export.md @aqualls
-/doc/api/project_level_variables.md @aqualls
-/doc/api/project_snippets.md @aqualls
-/doc/api/project_statistics.md @aqualls
-/doc/api/project_templates.md @aqualls
-/doc/api/project_vulnerabilities.md @aqualls
-/doc/api/protected_branches.md @aqualls
-/doc/api/protected_tags.md @aqualls
-/doc/api/remote_mirrors.md @aqualls
-/doc/api/repositories.md @aqualls
-/doc/api/repository_files.md @aqualls
-/doc/api/repository_submodules.md @aqualls
-/doc/api/search.md @aqualls
-/doc/api/services.md @aqualls
-/doc/api/snippets.md @aqualls
-/doc/api/suggestions.md @aqualls
-/doc/api/tags.md @aqualls
-/doc/api/visual_review_discussions.md @aqualls
-/doc/api/wikis.md @aqualls
-/doc/intro/index.md @aqualls
-/doc/topics/gitlab_flow.md @aqualls
-/doc/user/admin_area/settings/account_and_limit_settings.md @aqualls
-/doc/user/admin_area/settings/instance_template_repository.md @aqualls
-/doc/user/admin_area/settings/project_integration_management.md @aqualls
-/doc/user/admin_area/settings/push_event_activities_limit.md @aqualls
-/doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls
-/doc/user/asciidoc.md @aqualls
-/doc/user/index.md @aqualls
-/doc/user/markdown.md @aqualls
-/doc/user/project/autocomplete_characters.md @aqualls
-/doc/user/project/badges.md @aqualls
-/doc/user/project/code_intelligence.md @aqualls
-/doc/user/project/code_owners.md @aqualls
-/doc/user/project/file_lock.md @aqualls
-/doc/user/project/git_attributes.md @aqualls
-/doc/user/project/highlighting.md @aqualls
-/doc/user/project/index.md @aqualls
-/doc/user/project/protected_branches.md @aqualls
-/doc/user/project/protected_tags.md @aqualls
-/doc/user/project/push_options.md @aqualls
-/doc/user/project/settings/import_export.md @aqualls
-/doc/user/snippets.md @aqualls
-
-[Docs Ecosystem]
-/doc/administration/integration/ @kpaizee
-/doc/integration/ @kpaizee
-/doc/user/project/integrations/ @kpaizee
-/doc/user/project/integrations/prometheus_library/ @ngaskill
-
-[Docs Growth]
-/doc/administration/instance_review.md @kpaizee
-/doc/api/invitations.md @kpaizee
-/doc/api/experiments.md @kpaizee
-/doc/development/experiment_guide/ @kpaizee
-/doc/development/snowplow/ @fneill
-/doc/development/service_ping/ @fneill
-/doc/user/admin_area/license.md @kpaizee
-
 [Frontend]
 *.scss @annabeldunstone @gitlab-org/maintainers/frontend
 *.js @gitlab-org/maintainers/frontend
@@ -357,3 +202,158 @@ ee/lib/ee/gitlab/git_access.rb @proglottis @toon @zj-gitlab
 ee/lib/ee/gitlab/git_access_*.rb @proglottis @toon @zj-gitlab
 ee/lib/ee/gitlab/checks/** @proglottis @toon @zj-gitlab
 lib/gitlab/checks/** @proglottis @toon @zj-gitlab
+
+[Documentation Directories]
+.markdownlint.yml @marcel.amirault @eread @aqualls @cnorris
+/doc/.markdownlint @marcel.amirault @eread @aqualls @cnorris
+/doc/ @gl-docsteam
+/doc/.vale/ @marcel.amirault @eread @aqualls @cnorris
+/doc/administration/geo/ @axil
+/doc/administration/gitaly/ @eread
+/doc/administration/lfs/ @aqualls
+/doc/administration/monitoring/ @ngaskill
+/doc/administration/operations/ @axil @eread @marcia
+/doc/administration/packages/ @ngaskill
+/doc/administration/pages/ @rdickenson @kpaizee
+/doc/administration/postgresql/ @marcia
+/doc/administration/raketasks/ @axil @eread
+/doc/administration/redis/ @axil
+/doc/administration/reference_architectures/ @axil
+/doc/administration/snippets/ @aqualls
+/doc/administration/troubleshooting @axil @marcia @eread
+/doc/api/graphql/ @msedlakjakubowski @kpaizee
+/doc/api/graphql/reference/ @kpaizee
+/doc/api/group_activity_analytics.md @fneill
+/doc/api/vulnerabilities.md @fneill
+/doc/ci/ @marcel.amirault @sselhorn
+/doc/ci/environments/ @rdickenson
+/doc/ci/services/ @sselhorn
+/doc/ci/test_cases/ @msedlakjakubowski
+/doc/development/ @marcia
+/doc/development/documentation/ @cnorris @dianalogan
+/doc/development/i18n/ @ngaskill
+/doc/development/value_stream_analytics.md @fneill
+/doc/gitlab-basics/ @aqualls
+/doc/install/ @axil
+/doc/operations/ @ngaskill @rdickenson
+/doc/push_rules/ @aqualls
+/doc/security/ @eread
+/doc/ssh/ @eread
+/doc/subscriptions/ @sselhorn
+/doc/topics/autodevops/ @marcia
+/doc/topics/git/ @aqualls
+/doc/update/ @axil @marcia
+/doc/user/analytics/ @fneill @ngaskill
+/doc/user/application_security/ @rdickenson
+/doc/user/application_security/container_scanning/ @ngaskill
+/doc/user/application_security/cluster_image_scanning/ @ngaskill
+/doc/user/application_security/cve_id_request.md @fneill
+/doc/user/application_security/security_dashboard @fneill
+/doc/user/application_security/vulnerabilities @fneill
+/doc/user/application_security/vulnerability_report @fneill
+/doc/user/clusters/ @marcia
+/doc/user/compliance/ @rdickenson @eread
+/doc/user/group/ @msedlakjakubowski
+/doc/user/group/devops_adoption/ @fneill
+/doc/user/group/epics/ @msedlakjakubowski
+/doc/user/group/insights/ @fneill
+/doc/user/group/iterations/ @msedlakjakubowski
+/doc/user/group/roadmap/ @msedlakjakubowski
+/doc/user/group/value_stream_analytics/ @fneill
+/doc/user/infrastructure/ @marcia
+/doc/user/packages/ @ngaskill
+/doc/user/packages/infrastructure_registry/ @marcia
+/doc/user/packages/terraform_module_registry/ @marcia
+/doc/user/profile/ @msedlakjakubowski @eread
+/doc/user/project/ @aqualls @rdickenson @eread @msedlakjakubowski @ngaskill
+/doc/user/project/clusters/ @marcia
+/doc/user/project/import/ @ngaskill @msedlakjakubowski
+/doc/user/project/issues/ @msedlakjakubowski
+/doc/user/project/merge_requests/ @aqualls @eread
+/doc/user/project/milestones/ @msedlakjakubowski
+/doc/user/project/pages/ @rdickenson
+/doc/user/project/repository/ @aqualls
+/doc/user/project/settings/ @aqualls @eread
+/doc/user/project/static_site_editor/index.md @aqualls
+/doc/user/project/web_ide/index.md @aqualls
+/doc/user/project/wiki/index.md @aqualls
+/doc/user/search/ @marcia @aqualls
+/doc/user/workspace/ @fneill 
+
+[Docs Create]
+/doc/administration/file_hooks.md @aqualls
+/doc/administration/git_protocol.md @aqualls
+/doc/administration/invalidate_markdown_cache.md @aqualls
+/doc/administration/issue_closing_pattern.md @aqualls
+/doc/administration/merge_request_diffs.md @aqualls
+/doc/administration/repository_checks.md @aqualls
+/doc/administration/static_objects_external_storage.md @aqualls
+/doc/api/access_requests.md @aqualls
+/doc/api/branches.md @aqualls
+/doc/api/commits.md @aqualls
+/doc/api/discussions.md @aqualls
+/doc/api/group_wikis.md @aqualls
+/doc/api/keys.md @aqualls
+/doc/api/markdown.md @aqualls
+/doc/api/merge_request_approvals.md @aqualls
+/doc/api/merge_request_context_commits.md @aqualls
+/doc/api/merge_requests.md @aqualls
+/doc/api/project_aliases.md @aqualls
+/doc/api/project_badges.md @aqualls
+/doc/api/project_import_export.md @aqualls
+/doc/api/project_level_variables.md @aqualls
+/doc/api/project_snippets.md @aqualls
+/doc/api/project_statistics.md @aqualls
+/doc/api/project_templates.md @aqualls
+/doc/api/project_vulnerabilities.md @aqualls
+/doc/api/protected_branches.md @aqualls
+/doc/api/protected_tags.md @aqualls
+/doc/api/remote_mirrors.md @aqualls
+/doc/api/repositories.md @aqualls
+/doc/api/repository_files.md @aqualls
+/doc/api/repository_submodules.md @aqualls
+/doc/api/search.md @aqualls
+/doc/api/services.md @aqualls
+/doc/api/snippets.md @aqualls
+/doc/api/suggestions.md @aqualls
+/doc/api/tags.md @aqualls
+/doc/api/visual_review_discussions.md @aqualls
+/doc/api/wikis.md @aqualls
+/doc/intro/index.md @aqualls
+/doc/topics/gitlab_flow.md @aqualls
+/doc/user/admin_area/settings/account_and_limit_settings.md @aqualls
+/doc/user/admin_area/settings/instance_template_repository.md @aqualls
+/doc/user/admin_area/settings/project_integration_management.md @aqualls
+/doc/user/admin_area/settings/push_event_activities_limit.md @aqualls
+/doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls
+/doc/user/asciidoc.md @aqualls
+/doc/user/index.md @aqualls
+/doc/user/markdown.md @aqualls
+/doc/user/project/autocomplete_characters.md @aqualls
+/doc/user/project/badges.md @aqualls
+/doc/user/project/code_intelligence.md @aqualls
+/doc/user/project/code_owners.md @aqualls
+/doc/user/project/file_lock.md @aqualls
+/doc/user/project/git_attributes.md @aqualls
+/doc/user/project/highlighting.md @aqualls
+/doc/user/project/index.md @aqualls
+/doc/user/project/protected_branches.md @aqualls
+/doc/user/project/protected_tags.md @aqualls
+/doc/user/project/push_options.md @aqualls
+/doc/user/project/settings/import_export.md @aqualls
+/doc/user/snippets.md @aqualls
+
+[Docs Ecosystem]
+/doc/administration/integration/ @kpaizee
+/doc/integration/ @kpaizee
+/doc/user/project/integrations/ @kpaizee
+/doc/user/project/integrations/prometheus_library/ @ngaskill
+
+[Docs Growth]
+/doc/administration/instance_review.md @kpaizee
+/doc/api/invitations.md @kpaizee
+/doc/api/experiments.md @kpaizee
+/doc/development/experiment_guide/ @kpaizee
+/doc/development/snowplow/ @fneill
+/doc/development/service_ping/ @fneill
+/doc/user/admin_area/license.md @kpaizee
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index ae36c0cea70..c439e9a7c80 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -44,7 +44,7 @@ docs-lint markdown:
     - .default-retry
     - .docs:rules:docs-lint
   # When updating the image version here, update it in /scripts/lint-doc.sh too.
-  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.14-vale-2.12.0-markdownlint-0.29.0
+  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-markdown:alpine-3.15-vale-2.14.0-markdownlint-0.30.0
   stage: lint
   needs: []
   script:
@@ -53,7 +53,7 @@ docs-lint markdown:
 docs-lint links:
   extends:
     - .docs:rules:docs-lint
-  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.14-ruby-2.7.5-08847baa
+  image: registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.15-ruby-2.7.5-cee62c13
   stage: lint
   needs: []
   script:
@@ -77,15 +77,16 @@ ui-docs-links lint:
   script:
     - bundle exec haml-lint -i DocumentationLinks
 
-docs-lint deprecations:
+docs-lint deprecations-and-removals:
   variables:
     SETUP_DB: "false"
   extends:
     - .default-retry
     - .rails-cache
     - .default-before_script
-    - .docs:rules:deprecations
+    - .docs:rules:deprecations-and-removals
   stage: lint
   needs: []
   script:
     - bundle exec rake gitlab:docs:check_deprecations
+    - bundle exec rake gitlab:docs:check_removals
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index ea4ae3b0492..1dd5285e0ae 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -306,6 +306,11 @@ qa-frontend-node:latest:
     - .qa-frontend-node
     - .frontend:rules:qa-frontend-node-latest
   image: ${GITLAB_DEPENDENCY_PROXY}node:latest
+  # This is a workaround for https://github.com/webpack/webpack/issues/14532 until
+  # we can upgrade to Webpack 5 and switch to SHA256: https://gitlab.com/gitlab-org/gitlab/-/issues/350120
+  script:
+    - *yarn-install
+    - run_timed_command "retry yarn run webpack-prod-node-latest"
 
 webpack-dev-server:
   extends:
diff --git a/.gitlab/ci/qa.gitlab-ci.yml b/.gitlab/ci/qa.gitlab-ci.yml
index 4fec223e66d..b12f76f2823 100644
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@@ -33,6 +33,15 @@ qa:selectors:
   script:
     - bundle exec bin/qa Test::Sanity::Selectors
 
+qa:auto_quarantine:
+  extends:
+    - .qa-job-base
+  rules:
+    - if: '$QA_TRIGGER_AUTO_QUARANTINE =~ /true|yes|1/i'
+  script:
+    - bundle exec confiner -r .confiner/quarantine.yml
+  allow_failure: true
+
 qa:selectors-as-if-foss:
   extends:
     - qa:selectors
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index d676dc2f331..1d2f94b616d 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -346,7 +346,7 @@ rspec fast_spec_helper minimal:
 db:rollback:
   extends: .db-job-base
   script:
-    - scripts/db_tasks db:migrate VERSION=20181228175414
+    - scripts/db_tasks db:migrate VERSION=20210301200959
     - scripts/db_tasks db:migrate SKIP_SCHEMA_VERSION_CHECK=true
 
 db:rollback decomposed:
@@ -360,6 +360,12 @@ db:migrate:reset:
   script:
     - bundle exec rake db:migrate:reset
 
+db:migrate:reset decomposed:
+  extends:
+    - db:migrate:reset
+    - .decomposed-database
+    - .rails:rules:decomposed-databases
+
 db:migrate-from-previous-major-version:
   extends: .db-job-base
   variables:
@@ -457,7 +463,7 @@ db:backup_and_restore:
   script:
     - . scripts/prepare_build.sh
     - bundle exec rake db:drop db:create db:structure:load db:seed_fu
-    - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,registry}
+    - mkdir -p tmp/tests/public/uploads tmp/tests/{artifacts,pages,lfs-objects,terraform_state,registry,packages}
     - bundle exec rake gitlab:backup:create
     - date
     - bundle exec rake gitlab:backup:restore
@@ -592,8 +598,10 @@ rspec:undercoverage:
       else
         echo "Using \$CI_COMMIT_SHA ($CI_COMMIT_SHA) for this non-merge result pipeline.";
       fi;
+    - UNDERCOVERAGE_COMPARE="${CI_MERGE_REQUEST_DIFF_BASE_SHA:-$(git merge-base origin/master HEAD)}"
+    - echo "Undercoverage comparing with ${UNDERCOVERAGE_COMPARE}"
     - if [ -f scripts/undercoverage ]; then
-        run_timed_command "scripts/undercoverage";
+        run_timed_command "scripts/undercoverage ${UNDERCOVERAGE_COMPARE}";
       fi;
 
 rspec:feature-flags:
diff --git a/.gitlab/ci/review-apps/dast.gitlab-ci.yml b/.gitlab/ci/review-apps/dast.gitlab-ci.yml
index 512c850b7da..d0ad4d23a82 100644
--- a/.gitlab/ci/review-apps/dast.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/dast.gitlab-ci.yml
@@ -45,7 +45,6 @@
 # 10019, 10021	Missing security headers
 # 10023, 10024, 10025, 10037 Information Disclosure
 # 10040	Secure Pages Include Mixed Content
-# 10055	CSP
 # 10056	X-Debug-Token Information Leak
 # Duration: 14 minutes 20 seconds
 
@@ -54,7 +53,7 @@ dast:secureHeaders-csp-infoLeak:
     - .dast_conf
   variables:
     DAST_USERNAME: "user1"
-    DAST_ONLY_INCLUDE_RULES: "10019,10021,10023,10024,10025,10037,10040,10055,10056"
+    DAST_ONLY_INCLUDE_RULES: "10019,10021,10023,10024,10025,10037,10040,10056"
   script:
     - /analyze
 
diff --git a/.gitlab/ci/review-apps/qa.gitlab-ci.yml b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
index af4674b802b..4ef6efa2604 100644
--- a/.gitlab/ci/review-apps/qa.gitlab-ci.yml
+++ b/.gitlab/ci/review-apps/qa.gitlab-ci.yml
@@ -26,35 +26,22 @@
     - export CI_ENVIRONMENT_URL="$(cat environment_url.txt)"
     - echo "${CI_ENVIRONMENT_URL}"
     - cd qa
-    - if [ -n "$KNAPSACK_REPORT_PATH" ]; then
-        bundle exec rake knapsack:download;
-      fi
-  artifacts:
-    paths:
-      - qa/tmp
-    expire_in: 7 days
-    when: always
-
-.parallel-qa-base:
-  parallel: 5
-  variables:
-    KNAPSACK_TEST_FILE_PATTERN: "qa/specs/features/**/*_spec.rb"
   script:
     - |
       bin/test "${QA_SCENARIO}" "${CI_ENVIRONMENT_URL}" \
         -- \
         --color --format documentation \
         --format RspecJunitFormatter --out tmp/rspec.xml
-  after_script:
-    - if [ -n "$KNAPSACK_GENERATE_REPORT" ]; then
-        mv qa/${KNAPSACK_REPORT_PATH} qa/knapsack/gcs/regenerated-${CI_NODE_INDEX}.json;
-      fi
   artifacts:
     paths:
-      - qa/tmp # we can't merge list so need to include explicitly once more
-      - qa/knapsack/gcs/regenerated-*.json
+      - qa/tmp
     reports:
       junit: qa/tmp/rspec.xml
+    expire_in: 7 days
+    when: always
+
+.parallel-qa-base:
+  parallel: 5
 
 .allure-report-base:
   image:
@@ -79,16 +66,6 @@
         --ignore-missing-results \
         --color
 
-.knapsack-upload-base:
-  image:
-    name: ${QA_IMAGE}
-    entrypoint: [""]
-  stage: post-qa
-  before_script:
-    - cd qa
-  script:
-    - bundle exec rake 'knapsack:upload[knapsack/gcs/regenerated-*.json]'
-
 review-qa-smoke:
   extends:
     - .review-qa-base
@@ -96,8 +73,8 @@ review-qa-smoke:
   retry: 1  # This is confusing but this means "2 runs at max".
   variables:
     QA_RUN_TYPE: review-qa-smoke
-  script:
-    - bin/test Test::Instance::Smoke "${CI_ENVIRONMENT_URL}"
+    QA_SCENARIO: Test::Instance::Smoke
+
 
 review-qa-reliable:
   extends:
@@ -108,7 +85,6 @@ review-qa-reliable:
   variables:
     QA_RUN_TYPE: review-qa-reliable
     QA_SCENARIO: Test::Instance::Reliable
-    KNAPSACK_REPORT_PATH: knapsack/gcs/review-qa-reliable.json
 
 review-qa-all:
   extends:
@@ -118,7 +94,6 @@ review-qa-all:
   variables:
     QA_RUN_TYPE: review-qa-all
     QA_SCENARIO: Test::Instance::All
-    KNAPSACK_REPORT_PATH: knapsack/gcs/review-qa-all.json
 
 review-performance:
   extends:
@@ -155,6 +130,15 @@ allure-report-qa-smoke:
     ALLURE_REPORT_PATH_PREFIX: gitlab-review-smoke
     ALLURE_JOB_NAME: review-qa-smoke
 
+allure-report-qa-reliable:
+  extends:
+    - .allure-report-base
+    - .review:rules:review-qa-reliable-report
+  needs: ["review-qa-reliable"]
+  variables:
+    ALLURE_REPORT_PATH_PREFIX: gitlab-review-reliable
+    ALLURE_JOB_NAME: review-qa-reliable
+
 allure-report-qa-all:
   extends:
     - .allure-report-base
@@ -164,18 +148,15 @@ allure-report-qa-all:
     ALLURE_REPORT_PATH_PREFIX: gitlab-review-all
     ALLURE_JOB_NAME: review-qa-all
 
-knapsack-report-qa-all:
+knapsack-report:
   extends:
-    - .knapsack-upload-base
-    - .review:rules:knapsack-report-qa-all
-  needs: ["review-qa-all"]
-  variables:
-    KNAPSACK_REPORT_PATH: knapsack/gcs/review-qa-all.json
-
-knapsack-report-qa-reliable:
-  extends:
-    - .knapsack-upload-base
-    - .review:rules:knapsack-report-qa-reliable
-  needs: ["review-qa-reliable"]
-  variables:
-    KNAPSACK_REPORT_PATH: knapsack/gcs/review-qa-reliable.json
+    - .review:rules:knapsack-report
+  image:
+    name: ${QA_IMAGE}
+    entrypoint: [""]
+  stage: post-qa
+  allow_failure: true
+  before_script:
+    - cd qa
+  script:
+    - bundle exec rake 'knapsack:upload[tmp/knapsack/*/*.json]'
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index e62de4bc6dc..008b62f6a0f 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -171,12 +171,13 @@
   - ".markdownlint.yml"
   - "scripts/lint-doc.sh"
 
-.docs-deprecations-patterns: &docs-deprecations-patterns
+.docs-deprecations-and-removals-patterns: &docs-deprecations-and-removals-patterns
   - "doc/update/deprecations.md"
-  - "data/deprecations/*.yml"
-  - "data/deprecations/templates/_deprecation_template.md.erb"
+  - "doc/update/removals.md"
+  - "data/deprecations/**/*"
+  - "data/removals/**/*"
+  - "tooling/docs/**/*"
   - "lib/tasks/gitlab/docs/compile_deprecations.rake"
-  - "tooling/deprecations/docs.rb"
 
 .bundler-patterns: &bundler-patterns
   - '{Gemfile.lock,*/Gemfile.lock,*/*/Gemfile.lock}'
@@ -228,6 +229,9 @@
   - "vendor/assets/**/*"
   - "{,ee/,jh/}{app/assets,app/helpers,app/presenters,app/views,locale,public,symbol}/**/*"
 
+.controllers-patterns: &controllers-patterns
+  - "{,ee/,jh/}{app/controllers}/**/*"
+
 .startup-css-patterns: &startup-css-patterns
   - "{,ee/,jh/}app/assets/stylesheets/startup/**/*"
 
@@ -256,7 +260,7 @@
   - "lib/gitlab/markdown_cache/active_record/**/*"
   - "config/prometheus/common_metrics.yml"  # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer
   - "{,ee/,jh/}app/models/project_statistics.rb"  # Used to calculate sizes in migration specs
-  - "GITALY_SERVER_VERSION" # Has interactions with background migrations:https://gitlab.com/gitlab-org/gitlab/-/issues/336538
+  - "GITALY_SERVER_VERSION"  # Has interactions with background migrations:https://gitlab.com/gitlab-org/gitlab/-/issues/336538
   # CI changes
   - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
@@ -279,7 +283,7 @@
   - ".dockerignore"
   - "qa/**/*"
 
-# Code patterns + .ci-patterns + .workhorse-patterns
+# Code patterns + .ci-patterns
 .code-patterns: &code-patterns
   - "{package.json,yarn.lock}"
   - ".browserslistrc"
@@ -541,10 +545,10 @@
       changes: *docs-patterns
       when: on_success
 
-.docs:rules:deprecations:
+.docs:rules:deprecations-and-removals:
   rules:
     - <<: *if-default-refs
-      changes: *docs-deprecations-patterns
+      changes: *docs-deprecations-and-removals-patterns
 
 ##################
 # GraphQL rules  #
@@ -1613,11 +1617,13 @@
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *frontend-patterns
     - <<: *if-dot-com-gitlab-org-merge-request
+      changes: *controllers-patterns
+    - <<: *if-dot-com-gitlab-org-merge-request
+      changes: *qa-patterns
+    - <<: *if-dot-com-gitlab-org-merge-request
       changes: *code-patterns
       when: manual
       allow_failure: true
-    - <<: *if-dot-com-gitlab-org-merge-request
-      changes: *qa-patterns
     - <<: *if-dot-com-gitlab-org-schedule
       variables:
         KNAPSACK_GENERATE_REPORT: "true"
@@ -1648,56 +1654,51 @@
   rules:
     - when: on_success
 
-# The rule needs to be duplicated between `on_success` and `on_failure`
-# because the jobs `needs` the previous job to complete.
-# With `when: always`, and the `review-qa-*` jobs are manual, the `allure-report-qa-*` jobs
-# would start running before the qa jobs have started.
-# See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559
+# If the needed job isn't allowed to fail, we need to use `when: always` in
+# order to keep the job always running after it.
+#
+# If the needed job is allowed to fail, we need to use both
+# `when: on_success` and `when: on_failure` in order to keep
+# the job always running after it.
+# Not that if the needed job has `when: on_success` we can use `when: always`
+# for the depending job.
+#
+# See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/76756
+
+# Since `review-qa-smoke` isn't allowed to fail, we need to use `when: always` for `review-qa-smoke-report`.
 .review:rules:review-qa-smoke-report:
   rules:
-    - when: on_success
-    - when: on_failure
+    - when: always
 
 .review:rules:review-qa-reliable:
   rules:
     - when: on_success
-      allow_failure: true
+
+# Since `review-qa-reliable` isn't allowed to fail, we need to use `when: always`for `review-qa-reliable-report`.
+.review:rules:review-qa-reliable-report:
+  rules:
+    - when: always
 
 .review:rules:review-qa-all:
   rules:
-    - <<: *if-merge-request-labels-run-review-app  # we explicitely don't allow the job to fail in that case
+    - <<: *if-merge-request-labels-run-review-app  # we explicitly don't allow the job to fail in that case
     - <<: *if-dot-com-gitlab-org-merge-request
       changes: *code-patterns
       when: manual
-      allow_failure: true # manual jobs needs to be allowd to fail, otherwise they block the pipeline
+      allow_failure: true  # manual jobs needs to be allowed to fail, otherwise they block the pipeline
     - when: on_success
       allow_failure: true
 
-# The rule needs to be duplicated between `on_success` and `on_failure`
-# because the jobs `needs` the previous job to complete.
-# With `when: always`, and the `review-qa-*` jobs are manual, the `allure-report-qa-*` jobs
-# would start running before the qa jobs have started.
-# See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/63844#note_599012559
+# Since `review-qa-all` is allowed to fail (and potentially manual), we need to use `when: on_success` and `when: on_failure` for `review-qa-all-report`.
 .review:rules:review-qa-all-report:
   rules:
     - when: on_success
-      allow_failure: true
     - when: on_failure
-      allow_failure: true
 
-# Generate knapsack report on successful runs only
-# Reliable suite will pass most of the time so this should yield best distribution
-.review:rules:knapsack-report-qa-reliable:
-  rules:
-    - if: '$KNAPSACK_GENERATE_REPORT == "true"'
-      when: on_success
-      allow_failure: true
-
-.review:rules:knapsack-report-qa-all:
+.review:rules:knapsack-report:
   rules:
     - if: '$KNAPSACK_GENERATE_REPORT == "true"'
       when: always
-      allow_failure: true
 
 .review:rules:review-cleanup:
   rules:
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index 1eb3bd2ea41..13108ba289a 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -151,14 +151,17 @@ detect-previous-failed-tests:
 
 add-jh-folder:
   extends: .setup:rules:add-jh-folder
-  image: ${GITLAB_DEPENDENCY_PROXY}alpine:edge
+  image: ${GITLAB_DEPENDENCY_PROXY}ruby:2.7
   stage: prepare
   before_script:
-    - apk add --no-cache --update curl bash
+    - source ./scripts/utils.sh
+    - install_gitlab_gem
   script:
-    - curl --location -o "jh-folder.tar.gz" "https://gitlab.com/gitlab-jh/gitlab/-/archive/main-jh/gitlab-main-jh.tar.gz?path=jh"
+    - JH_BRANCH=$(./scripts/setup/find-jh-branch.rb)
+    - 'echo "JH_BRANCH: ${JH_BRANCH}"'
+    - curl --location -o "jh-folder.tar.gz" "https://gitlab.com/gitlab-jh/gitlab/-/archive/${JH_BRANCH}/gitlab-${JH_BRANCH}.tar.gz?path=jh"
     - tar -xf "jh-folder.tar.gz"
-    - mv gitlab-main-jh-jh/jh/ ./
+    - mv "gitlab-${JH_BRANCH}-jh/jh/" ./
     - cp Gemfile.lock jh/
     - ls -l jh/
   artifacts:
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index cd53adc6d4b..aab077e575b 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -4,7 +4,7 @@ workhorse:verify:
   stage: test
   needs: []
   script:
-    - make -C workhorse # test build
+    - make -C workhorse  # test build
     - make -C workhorse verify
 
 .workhorse:test:
diff --git a/.gitlab/ci/yaml.gitlab-ci.yml b/.gitlab/ci/yaml.gitlab-ci.yml
index 590593b9d75..218dc0a7859 100644
--- a/.gitlab/ci/yaml.gitlab-ci.yml
+++ b/.gitlab/ci/yaml.gitlab-ci.yml
@@ -10,4 +10,4 @@ lint-yaml:
   variables:
     LINT_PATHS: .gitlab-ci.yml .gitlab/ci lib/gitlab/ci/templates
   script:
-    - yamllint -f colored $LINT_PATHS
+    - yamllint --strict -f colored $LINT_PATHS
diff --git a/.gitlab/issue_templates/Experiment Rollout.md b/.gitlab/issue_templates/Experiment Rollout.md
index a7d6b46220e..3ddcb5fe89d 100644
--- a/.gitlab/issue_templates/Experiment Rollout.md
+++ b/.gitlab/issue_templates/Experiment Rollout.md
@@ -1,10 +1,10 @@
-<!-- Title suggestion: [Experiment Rollout] experiment-key - description of experiment -->
+<!-- Title suggestion: [Experiment Rollout] feature-flag-name - description of experiment -->
 
 ## Summary
 
 This issue tracks the rollout and status of an experiment through to removal.
 
-1. Experiment key / feature flag name: `<experiment-key>`
+1. Feature flag name: `<feature-flag-name>`
 1. Epic or issue link: `<issue or epic link>`
 
 This is an experiment rollout issue
@@ -55,7 +55,7 @@ Note: you can use the [CXL calculator](https://cxl.com/ab-test-calculator/) to d
 - Runtime in days, or until we expect to reach statistical significance: `30`
 - We will roll this out behind a feature flag and expose this to `<rollout-percentage>`% of actors to start then ramp it up from there.
 
-`/chatops run feature set <experiment-key> <rollout-percentage> --actors`
+`/chatops run feature set <feature-flag-name> <rollout-percentage> --actors`
 
 ### Status
 
@@ -83,14 +83,14 @@ In this rollout issue, ensure the scoped `experiment::` label is kept accurate.
 ## Roll Out Steps
 
 - [ ] [Confirm that end-to-end tests pass with the feature flag enabled](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/feature_flags.html#confirming-that-end-to-end-tests-pass-with-a-feature-flag-enabled). If there are failing tests, contact the relevant [stable counterpart in the Quality department](https://about.gitlab.com/handbook/engineering/quality/#individual-contributors) to collaborate in updating the tests or confirming that the failing tests are not caused by the changes behind the enabled feature flag.
-- [ ] Enable on staging (`/chatops run feature set <experiment-key> true --staging`)
+- [ ] Enable on staging (`/chatops run feature set <feature-flag-name> true --staging`)
 - [ ] Test on staging
 - [ ] Ensure that documentation has been updated
-- [ ] Enable on GitLab.com for individual groups/projects listed above and verify behaviour  (`/chatops run feature set --project=gitlab-org/gitlab feature_name true`)
+- [ ] Enable on GitLab.com for individual groups/projects listed above and verify behaviour  (`/chatops run feature set --project=gitlab-org/gitlab <feature-flag-name> true`)
 - [ ] Coordinate a time to enable the flag with the SRE oncall and release managers
   - In `#production` mention `@sre-oncall` and `@release-managers`. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
 - [ ] Announce on the issue an estimated time this will be enabled on GitLab.com
-- [ ] Enable on GitLab.com by running chatops command in `#production` (`/chatops run feature set feature_name true`)
+- [ ] Enable on GitLab.com by running chatops command in `#production` (`/chatops run feature set <feature-flag-name> true`)
 - [ ] Cross post chatops Slack command to `#support_gitlab-com` ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#where-to-run-commands)) and in your team channel
 - [ ] Announce on the issue that the flag has been enabled
 - [ ] Remove experiment code and feature flag and add changelog entry - a separate [cleanup issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Experiment%20Successful%20Cleanup) might be required
@@ -102,7 +102,7 @@ In this rollout issue, ensure the scoped `experiment::` label is kept accurate.
 - [ ] This feature can be disabled by running the following Chatops command:
 
 ```
-/chatops run feature set <experiment-key> false
+/chatops run feature set <feature-flag-name> false
 ```
 
 ## Experiment Successful Cleanup Concerns
diff --git a/.gitlab/issue_templates/Feature Proposal - basic.md b/.gitlab/issue_templates/Feature Proposal - basic.md
index b16b5910b72..b447bcfe0ae 100644
--- a/.gitlab/issue_templates/Feature Proposal - basic.md
+++ b/.gitlab/issue_templates/Feature Proposal - basic.md
@@ -13,6 +13,6 @@ Use the following resources to find the appropriate labels:
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
 
-/label ~"group::" ~"section::" ~"Category::" 
+/label ~group:: ~section:: ~Category:
 /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate"
 /label ~"type::feature" ~"feature::addition" ~documentation
diff --git a/.gitlab/issue_templates/Feature Proposal - lean.md b/.gitlab/issue_templates/Feature Proposal - lean.md
index c5255315373..c826abe7e10 100644
--- a/.gitlab/issue_templates/Feature Proposal - lean.md
+++ b/.gitlab/issue_templates/Feature Proposal - lean.md
@@ -52,7 +52,6 @@ Use the following resources to find the appropriate labels:
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
 
-/label ~"type::feature"
-/label ~"group::" ~"section::"  ~"Category::"
+/label ~group:: ~section:: ~Category:
 /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate"
-/label ~documentation ~direction
+/label ~"type::feature" ~documentation ~direction
diff --git a/.gitlab/issue_templates/Feature proposal - detailed.md b/.gitlab/issue_templates/Feature proposal - detailed.md
index f75ee08bfcb..f7d0567f806 100644
--- a/.gitlab/issue_templates/Feature proposal - detailed.md
+++ b/.gitlab/issue_templates/Feature proposal - detailed.md
@@ -118,6 +118,6 @@ Use the following resources to find the appropriate labels:
 - https://gitlab.com/gitlab-org/gitlab/-/labels
 - https://about.gitlab.com/handbook/product/categories/features/
 -->
-/label ~"group::" ~"section::" ~"Category::"
+/label ~group:: ~section:: ~Category:
 /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate"
 /label ~"type::feature" ~documentation ~direction
diff --git a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
index 3c482105a22..256bddcbdab 100644
--- a/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new Git repository type.md
@@ -175,8 +175,8 @@ That's all of the required database changes.
 #### Step 1. Implement replication and verification
 
 - [ ] Add the following lines to the `cool_widget` model to accomplish some important tasks:
-  - Include `Gitlab::Geo::ReplicableModel` in the `CoolWidget` class, and specify the Replicator class `with_replicator Geo::CoolWidgetReplicator`.
-  - Include the `::Gitlab::Geo::VerificationState` concern.
+  - Include `::Geo::ReplicableModel` in the `CoolWidget` class, and specify the Replicator class `with_replicator Geo::CoolWidgetReplicator`.
+  - Include the `::Geo::VerifiableModel` concern.
   - Delegate verification related methods to the `cool_widget_state` model.
   - For verification, override some scopes to use the `cool_widget_states` table instead of the model table.
   - Implement the `verification_state_object` method to return the object that holds
@@ -192,8 +192,8 @@ That's all of the required database changes.
 
   class CoolWidget < ApplicationRecord
     ...
-    include ::Gitlab::Geo::ReplicableModel
-    include ::Gitlab::Geo::VerificationState
+    include ::Geo::ReplicableModel
+    include ::Geo::VerifiableModel
 
     with_replicator Geo::CoolWidgetReplicator
 
diff --git a/.gitlab/issue_templates/Geo Replicate a new blob type.md b/.gitlab/issue_templates/Geo Replicate a new blob type.md
index d2fc7307c88..44b80158e51 100644
--- a/.gitlab/issue_templates/Geo Replicate a new blob type.md
+++ b/.gitlab/issue_templates/Geo Replicate a new blob type.md
@@ -179,8 +179,8 @@ That's all of the required database changes.
 #### Step 1. Implement replication and verification
 
 - [ ] Add the following lines to the `cool_widget` model to accomplish some important tasks:
-  - Include `Gitlab::Geo::ReplicableModel` in the `CoolWidget` class, and specify the Replicator class `with_replicator Geo::CoolWidgetReplicator`.
-  - Include the `::Gitlab::Geo::VerificationState` concern.
+  - Include `::Geo::ReplicableModel` in the `CoolWidget` class, and specify the Replicator class `with_replicator Geo::CoolWidgetReplicator`.
+  - Include the `::Geo::VerifiableModel` concern.
   - Delegate verification related methods to the `cool_widget_state` model.
   - For verification, override some scopes to use the `cool_widget_states` table instead of the model table.
   - Implement the `verification_state_object` method to return the object that holds
@@ -194,8 +194,8 @@ That's all of the required database changes.
 
   class CoolWidget < ApplicationRecord
     ...
-    include ::Gitlab::Geo::ReplicableModel
-    include ::Gitlab::Geo::VerificationState
+    include ::Geo::ReplicableModel
+    include ::Geo::VerifiableModel
 
     with_replicator Geo::CoolWidgetReplicator
 
diff --git a/.gitlab/issue_templates/Performance Indicator Metric.md b/.gitlab/issue_templates/Performance Indicator Metric.md
new file mode 100644
index 00000000000..f4d8885b119
--- /dev/null
+++ b/.gitlab/issue_templates/Performance Indicator Metric.md
@@ -0,0 +1,23 @@
+<!--
+Performance Indicator Metric issues are used for adding, updating, or removing performance indicator type in Service Ping metrics.
+
+Please title your issue with the following format: "{action}(Add|Update|Remove) Metric name as performance indicator"
+
+Example of title: "Add static_site_editor_views as gmau"
+
+-->
+
+## Summary
+
+<!--
+Summary of the changes
+-->
+
+## Tasks
+
+- [ ] [Link to metric definition]()
+- [ ] Create issue in GitLab Data Team project using [Product Performance Indicator template](https://gitlab.com/gitlab-data/analytics/-/issues/new?issuable_template=Product%20Performance%20Indicator%20Template)
+
+See [Product Intelligence Guide](https://docs.gitlab.com/ee/development/service_ping/performance_indicator_metrics.html) for details
+
+/label ~"product intelligence" ~"Data Warehouse::Impact Check"
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index 6bf9e6971d7..e63727fe484 100644
--- a/.gitlab/issue_templates/Security developer workflow.md
+++ b/.gitlab/issue_templates/Security developer workflow.md
@@ -53,6 +53,7 @@ After your merge request has been approved according to our [approval guidelines
 | Description | Link |
 | -------- | -------- |
 | Issue on [GitLab](https://gitlab.com/gitlab-org/gitlab/issues) | #TODO  |
+| CVE ID request on [`gitlab-org/cves`](https://gitlab.com/gitlab-org/cves/-/issues?sort=created_date&state=opened) | #TODO for AppSec  |
 
 ### Details
 
diff --git a/.gitlab/merge_request_templates/Deprecations.md b/.gitlab/merge_request_templates/Deprecations.md
index 1cadf54ff1d..e0b4f127e4a 100644
--- a/.gitlab/merge_request_templates/Deprecations.md
+++ b/.gitlab/merge_request_templates/Deprecations.md
@@ -2,21 +2,23 @@
 
 /label ~"release post" ~"release post item" ~"Technical Writing" ~"devops::" ~"group::" ~"release post item::deprecation"
 /milestone %
-/assign `@PM`
+/assign `@EM/PM` (choose the DRI; remove backticks here, and below)
 
 **Be sure to link this MR to the relevant deprecation issue(s).**
 
+If the MR does not have a deprecation issue, hit pause and review [this handbook documentation](https://about.gitlab.com/handbook/product/gitlab-the-product/#process-for-deprecating-and-removing-a-feature) and connect with the Product Manager DRI. 
+
 Deprecation announcements can and should be created and merged into Docs at any time, to optimize user awareness and planning. We encourage confirmed deprecations to be merged as soon as the required reviews are complete, even if weeks ahead of the target milestone's release post. For the announcement to be included in a specific release post and that release's documentation packages, this MR must be reviewed/merged per the due dates below:
 
 **By the 10th**: Assign this MR to these team members as Reviewer and for Approval (optional unless noted as required):
 
 - Product Marketing: `@PMM`
 - Product Designer(s): `@ProductDesigners`
-- Group Manager or Director: `@manager`
+- Product Group Manager or Director: `@PM` - Required
 - Engineering Manager: `@EM` - Required
 - Technical writer: `@TW` - Required
 
-**By 11:59 AM PDT 15th**: PM assigns this MR to the TW reviewer for final review and merge: `@PM`
+**By 11:59 AM PDT 15th**: EM/PM assigns this MR to the TW reviewer for final review and merge: `@EM/PM`
 
 **By 11:59 PM PDT 17th**: TW Reviewer updates Docs by merging this MR to `master`: `@TW`
 
@@ -31,9 +33,9 @@ They are frequently updated, and everyone should make sure they are aware of the
 - Deprecation Issue:
 - Deprecation MR (optional):
 
-## PM release post item checklist
+## EM/PM release post item checklist
 
-- [ ] Set yourself as the Assignee.
+- [ ] Set yourself as the Assignee, meaning you are the DRI.
 - [ ] If the deprecation is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`.
 - [ ] Follow the process to [create a deprecation YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-deprecation-entry).
 - [ ] Add reviewers by the 10th.
diff --git a/.gitlab/merge_request_templates/Removals.md b/.gitlab/merge_request_templates/Removals.md
new file mode 100644
index 00000000000..398714826b9
--- /dev/null
+++ b/.gitlab/merge_request_templates/Removals.md
@@ -0,0 +1,103 @@
+<!-- Set the correct label and milestone using autocomplete for guidance. Please @mention only the DRI(s) for each stage or group rather than an entire department. -->
+
+**Be sure to link this MR to the relevant deprecation issue(s).**
+
+If the MR does not have a deprecation issue, hit pause and:
+
+- Review [this handbook documentation](https://about.gitlab.com/handbook/product/gitlab-the-product/#process-for-deprecating-and-removing-a-feature).
+- Connect with the Product Manager DRI. 
+
+Removals must be [announced as Deprecations](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations) at least 2 milestones in advance of the planned removal date. Removals can only be removed in a XX.0 major release if it creates a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-changes-deprecations-and-removing-features).
+
+**By the 10th**: Assign this MR to these team members as reviewers, and for approval:
+
+- Required:
+  - Product Group Manager or Director: `@PM`
+  - Engineering Manager: `@EM`
+  - Technical writer: `@TW`
+- Optional:
+  - Product Designer(s): `@ProductDesigners`
+  - Product Marketing: `@PMM`
+
+**By 7:59 PM UTC 15th (11:59 AM PT)**: EM/PM assigns this MR to the TW reviewer for final review and merge: `@EM/PM`
+
+**By 7:59 AM UTC 18th (11:59 PM PT 17th)**: TW Reviewer updates Docs by merging this MR to `master`: `@TW`
+
+---
+
+Please review the [guidelines for removals](https://about.gitlab.com/handbook/marketing/blog/release-posts/#removals).
+
+## Links
+
+- Removal Issue:
+- Removal MR (optional):
+
+## EM/PM release post item checklist
+
+- [ ] Set yourself as the Assignee, meaning you are the DRI.
+- [ ] If the removal is a [breaking change](https://about.gitlab.com/handbook/product/gitlab-the-product/#breaking-change), add label `breaking change`.
+- [ ] Follow the process to [create a removal YAML file](https://about.gitlab.com/handbook/marketing/blog/release-posts/#creating-a-removal-entry).
+- [ ] Add reviewers by the 10th.
+- [ ] When ready to be merged and not later than the 15th, add the ~ready label and @ message the TW for final review and merge.
+
+## Reviewers
+
+When the content is ready for review, the Technical Writer and Engineering Manager _must_
+review it. Optional reviewers can include Product Marketing, Product Design, and the Product Leaders
+for this area. Use the
+[Reviewers for Merge Requests](https://docs.gitlab.com/ee/user/project/merge_requests/getting_started#reviewer)
+feature for all reviews. Reviewers will `approve` the MR and remove themselves from the reviewers list when their review is complete.
+
+- [ ] (Recommended) PMM
+- [ ] (Optional) Product Designer
+- [ ] (Optional) Group Manager or Director
+- [ ] Required review and approval: [Technical Writer designated to the corresponding DevOps stage/group](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).
+
+### Tech writer review
+
+The TW should review according to the criteria listed below. Review a removal MR
+with the same process as regular docs MRs. Add suggestions as needed, @ message
+the PM to inform them the first review is complete, and remove
+yourself as a reviewer if it's not yet ready for merge.
+
+<details>
+<summary>Expand for Details</summary>
+
+- [ ] Title:
+  - Length limit: 7 words (not including articles or prepositions).
+  - Capitalization: ensure the title is [sentence cased](https://design.gitlab.com/content/punctuation#case).
+  - No Markdown `` `code` `` formatting in the title, as it doesn't render correctly in the release post.
+- [ ] Consistency:
+  - Ensure that all resources (docs, removal, etc.) refer to the feature with the same term / feature name.
+- [ ] Content:
+  - Make sure the removal is accurate based on your understanding. Look for typos or grammar mistakes. Work with PM and PMM to ensure a consistent GitLab style and tone for messaging, based on other features and removals.
+  - Review use of whitespace and bullet lists. Will the removal item be easily scannable when published? Consider adding line breaks or breaking content into bullets if you have more than a few sentences.
+  - Make sure there aren't acronyms readers may not understand per <https://about.gitlab.com/handbook/communication/#writing-style-guidelines>.
+- [ ] Links:
+  - All links must be full URLs, as the removal YAML files are used in multiple projects. Do not use relative links. The generated doc is an exception to the relative link rule and currently uses absolute links only.
+  - Make sure all links and anchors are correct. Do not link to the H1 (top) anchor on a docs page.
+- [ ] Code. Make sure any included code is wrapped in code blocks.
+- [ ] Capitalization. Make sure to capitalize feature names. Stay consistent with the Documentation Style Guidance on [Capitalization](https://docs.gitlab.com/ee/development/documentation/styleguide.html#capitalization).
+- [ ] Blank spaces. Remove unnecessary spaces (end of line spaces, double spaces, extra blank lines, and lines with only spaces).
+
+</details>
+
+When the PM indicates it is ready for merge and all issues have been addressed, start the merge process.
+
+#### Technical writer merge process
+
+The [removals doc's `.md` file](https://gitlab.com/gitlab-org/gitlab/blob/master/doc/update/removals.md)
+must be updated before this MR is merged:
+
+1. Check out the MR's branch (in the [`gitlab-org/gitlab`](https://gitlab.com/gitlab-org/gitlab) project).
+1. From the command line (in the branch), run `bin/rake gitlab:docs:compile_removals`.
+   If you want to double check that it worked, you can run `bin/rake gitlab:docs:check_removals`
+   to verify that the doc is up to date.
+1. Commit the updated file and push the changes.
+1. Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete).
+
+If you have trouble running the rake task, check the [troubleshooting steps](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecation-rake-task-troubleshooting).
+
+/label ~"release post" ~"release post item" ~"Technical Writing" ~devops:: ~group:: ~"release post item::removal"
+/milestone %
+/assign `@EM/PM` (choose the DRI; remove backticks here, and below)