Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40

16 files changed, 257 insertions, 86 deletions

diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index 0d34eeccf8c..2eda1a890d9 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -24,7 +24,6 @@
 /doc/administration/troubleshooting @axil @marcia @mjang1
 /doc/ci/ @marcel.amirault @sselhorn
 /doc/ci/environments/ @axil
-/doc/ci/release/ @axil
 /doc/ci/services/ @sselhorn
 /doc/ci/test_cases/ @msedlakjakubowski
 /doc/development/ @marcia @mjang1
@@ -101,6 +100,7 @@
 /doc/api/repository_files.md @aqualls
 /doc/api/repository_submodules.md @aqualls
 /doc/api/search.md @aqualls
+/doc/api/services.md @aqualls
 /doc/api/snippets.md @aqualls
 /doc/api/suggestions.md @aqualls
 /doc/api/tags.md @aqualls
@@ -110,6 +110,7 @@
 /doc/topics/gitlab_flow.md @aqualls
 /doc/user/admin_area/settings/account_and_limit_settings.md @aqualls
 /doc/user/admin_area/settings/instance_template_repository.md @aqualls
+/doc/user/admin_area/settings/project_integration_management.md @aqualls
 /doc/user/admin_area/settings/push_event_activities_limit.md @aqualls
 /doc/user/admin_area/settings/visibility_and_access_controls.md @aqualls
 /doc/user/asciidoc.md @aqualls
@@ -129,6 +130,15 @@
 /doc/user/project/settings/import_export.md @aqualls
 /doc/user/snippets.md @aqualls
 
+[Docs Growth]
+/doc/administration/instance_review.md @aqualls
+/doc/api/invitations.md @aqualls
+/doc/api/experiments.md @aqualls 
+/doc/development/experiment_guide/ @aqualls
+/doc/development/snowplow.md @aqualls
+/doc/development/usage_ping/ @aqualls
+/doc/user/admin_area/license.md @aqualls
+
 [Frontend]
 *.scss @annabeldunstone @gitlab-org/maintainers/frontend
 *.js @gitlab-org/maintainers/frontend
@@ -170,6 +180,11 @@ Dangerfile @gl-quality/eng-prod
 /scripts/review_apps/seed-dast-test-data.sh @dappelt @ngeorge1 @gl-quality/eng-prod
 .editorconfig @gl-quality/eng-prod
 
+[Backend Static Code Analysis]
+.rubocop*.yml @dstull @splattael @gl-quality/eng-prod 
+/rubocop/ @dstull @splattael @gl-quality/eng-prod 
+/spec/rubocop/ @dstull @splattael @gl-quality/eng-prod 
+
 [End-to-end]
 /qa/ @gl-quality
 
@@ -189,15 +204,16 @@ Dangerfile @gl-quality/eng-prod
 # Secure & Threat Management ownership delineation
 # https://about.gitlab.com/handbook/engineering/development/threat-management/delineate-secure-threat-management.html#technical-boundaries
 [Threat Insights]
+/app/models/vulnerability.rb @gitlab-org/secure/threat-insights-backend-team
 /ee/app/finders/security/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/models/security/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/models/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
-/ee/app/models/vulnerability.rb @gitlab-org/secure/threat-insights-backend-team
 /ee/app/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
 /ee/lib/api/vulnerabilit*.rb @gitlab-org/secure/threat-insights-backend-team
 /ee/spec/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
-/ee/spec/policies/vulnerabilities/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/spec/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
+
 [Secure]
 /ee/lib/gitlab/ci/parsers/license_compliance/ @gitlab-org/secure/composition-analysis-be
 /ee/lib/gitlab/ci/parsers/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be
@@ -244,9 +260,7 @@ Dangerfile @gl-quality/eng-prod
 [Product Intelligence]
 /ee/lib/gitlab/usage_data_counters/ @gitlab-org/growth/product-intelligence/engineers
 /ee/lib/ee/gitlab/usage_data.rb @gitlab-org/growth/product-intelligence/engineers
-/lib/gitlab/grafana_embed_usage_data.rb @gitlab-org/growth/product-intelligence/engineers
 /lib/gitlab/usage_data.rb @gitlab-org/growth/product_intelligence/engineers
-/lib/gitlab/cycle_analytics/usage_data.rb @gitlab-org/growth/product-intelligence/engineers
 /lib/gitlab/usage_data_counters/ @gitlab-org/growth/product-intelligence/engineers
 
 [Growth Experiments]
@@ -266,3 +280,6 @@ Dangerfile @gl-quality/eng-prod
 
 [Legal]
 /config/dependency_decisions.yml @gitlab-org/legal-reviewers
+
+[Workhorse]
+/workhorse/ @jacobvosmaer-gitlab @nick.thomas @nolith @patrickbajao 
diff --git a/.gitlab/ci/cache-repo.gitlab-ci.yml b/.gitlab/ci/cache-repo.gitlab-ci.yml
index 18e1ca1644d..324c8615083 100644
--- a/.gitlab/ci/cache-repo.gitlab-ci.yml
+++ b/.gitlab/ci/cache-repo.gitlab-ci.yml
@@ -29,6 +29,7 @@ cache-repo:
     - '[ -z "$CI_REPO_CACHE_CREDENTIALS" ] || gcloud auth activate-service-account --key-file=$CI_REPO_CACHE_CREDENTIALS'
   script:
     # Enable shallow repo caching only if the $ENABLE_SHALLOW_REPO_CACHING variable exists
+    # The `git repack` call works around a Git bug with shallow clones: https://gitlab.com/gitlab-org/git/-/issues/86
     - if [ -n "$ENABLE_SHALLOW_REPO_CACHING" ]; then
         cd .. && rm -rf $CI_PROJECT_NAME;
         today=$(date +%Y-%m-%d);
@@ -38,6 +39,7 @@ cache-repo:
         echo "Cloning $CI_REPOSITORY_URL into $CI_PROJECT_NAME with commits from $one_year_ago.";
         time git clone --progress --no-checkout --shallow-since=$one_year_ago $CI_REPOSITORY_URL $CI_PROJECT_NAME;
         cd $CI_PROJECT_NAME;
+        time git repack -d;
         echo "Archiving $CI_PROJECT_NAME into /tmp/$SHALLOW_CLONE_TAR_FILENAME.";
         time tar cf /tmp/$SHALLOW_CLONE_TAR_FILENAME .;
         echo "GZipping /tmp/$SHALLOW_CLONE_TAR_FILENAME.";
diff --git a/.gitlab/ci/frontend.gitlab-ci.yml b/.gitlab/ci/frontend.gitlab-ci.yml
index 1b4b8a12772..910a58bcd0e 100644
--- a/.gitlab/ci/frontend.gitlab-ci.yml
+++ b/.gitlab/ci/frontend.gitlab-ci.yml
@@ -131,6 +131,24 @@ rspec-ee frontend_fixture:
     - .frontend:rules:default-frontend-jobs
   parallel: 2
 
+graphql-schema-dump:
+  variables:
+    SETUP_DB: "false"
+  extends:
+    - .default-retry
+    - .rails-cache
+    - .default-before_script
+    - .frontend:rules:default-frontend-jobs
+  stage: fixtures
+  needs: []
+  script:
+    - bundle exec rake gitlab:graphql:schema:dump
+  artifacts:
+    name: graphql-schema
+    paths:
+      - tmp/tests/graphql/gitlab_schema.graphql
+      - tmp/tests/graphql/gitlab_schema.json
+
 .frontend-test-base:
   extends:
     - .frontend-base
@@ -214,7 +232,7 @@ jest-integration:
     - *yarn-install
     - run_timed_command "yarn jest:integration --ci"
   # Don't use `needs` since `rspec-ee frontend_fixture` doesn't exist in `gitlab-foss` pipelines.
-  dependencies: ["rspec frontend_fixture", "rspec-ee frontend_fixture"]
+  dependencies: ["rspec frontend_fixture", "rspec-ee frontend_fixture", "graphql-schema-dump"]
 
 jest-as-if-foss:
   extends:
diff --git a/.gitlab/ci/global.gitlab-ci.yml b/.gitlab/ci/global.gitlab-ci.yml
index 5de8a6bc250..de4b609098d 100644
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@@ -49,6 +49,14 @@
       - vendor/ruby/
     policy: pull
 
+.danger-review-cache:
+  cache:
+    key: "danger-review-v1"
+    paths:
+      - vendor/ruby/
+      - node_modules/
+    policy: pull
+
 .qa-cache:
   cache:
     key: "qa-v2"
@@ -102,7 +110,7 @@
     - name: postgres:11.6
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
     - name: redis:5.0-alpine
-    - name: elasticsearch:7.10.1
+    - name: elasticsearch:7.11.1
       command: ["elasticsearch", "-E", "discovery.type=single-node"]
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
@@ -113,7 +121,7 @@
     - name: postgres:12
       command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
     - name: redis:5.0-alpine
-    - name: elasticsearch:7.10.1
+    - name: elasticsearch:7.11.1
       command: ["elasticsearch", "-E", "discovery.type=single-node"]
   variables:
     POSTGRES_HOST_AUTH_METHOD: trust
diff --git a/.gitlab/ci/graphql.gitlab-ci.yml b/.gitlab/ci/graphql.gitlab-ci.yml
index 4aff0ef6306..1a05f68b178 100644
--- a/.gitlab/ci/graphql.gitlab-ci.yml
+++ b/.gitlab/ci/graphql.gitlab-ci.yml
@@ -11,4 +11,3 @@ graphql-verify:
   script:
     - bundle exec rake gitlab:graphql:validate
     - bundle exec rake gitlab:graphql:check_docs
-    - bundle exec rake gitlab:graphql:check_schema
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 22aa92779ea..e1ddefca99e 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -6,12 +6,17 @@
     - .default-before_script
     - .rails-cache
 
-.base-script: &base-script
-  # Only install knapsack after bundle install! Otherwise oddly some native
-  # gems could not be found under some circumstance. No idea why, hours wasted.
-  - run_timed_command "gem install knapsack --no-document"
-  - run_timed_command "scripts/gitaly-test-spawn"
-  - source ./scripts/rspec_helpers.sh
+.minimal-bundle-install:
+  script:
+    - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --without default development test production puma unicorn kerberos metrics omnibus ed25519"
+
+.base-script:
+  script:
+    # Only install knapsack after bundle install! Otherwise oddly some native
+    # gems could not be found under some circumstance. No idea why, hours wasted.
+    - run_timed_command "gem install knapsack --no-document"
+    - run_timed_command "scripts/gitaly-test-spawn"
+    - source ./scripts/rspec_helpers.sh
 
 .minimal-rspec-tests:
   variables:
@@ -27,7 +32,7 @@
     RECORD_DEPRECATIONS: "true"
   needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"]
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration"
   artifacts:
     expire_in: 31d
@@ -49,7 +54,7 @@
 .rspec-base-migration:
   extends: .rails:rules:ee-and-foss-migration
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag level:migration"
 
 .rspec-base-pg11:
@@ -82,7 +87,7 @@
 .rspec-ee-base-geo:
   extends: .rspec-base
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_paralellized_job "--tag ~quarantine --tag geo"
 
 .rspec-ee-base-geo-pg11:
@@ -142,7 +147,7 @@ setup-test-env:
   extends:
     - .rails-job-base
     - .setup-test-env-cache
-    - .rails:rules:default-refs-code-backstage-qa
+    - .rails:rules:code-backstage-qa
     - .use-pg11
   stage: prepare
   variables:
@@ -162,6 +167,7 @@ setup-test-env:
       - tmp/tests/gitaly/gitaly-lfs-smudge
       - tmp/tests/gitaly/gitaly-ssh
       - tmp/tests/gitaly/internal/
+      - tmp/tests/gitaly/internal_gitaly2/
       - tmp/tests/gitaly/internal_sockets/
       - tmp/tests/gitaly/Makefile
       - tmp/tests/gitaly/praefect
@@ -212,7 +218,7 @@ update-coverage-cache:
     - .shared:rules:update-cache
   stage: prepare
   script:
-    - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --without default development test production puma unicorn kerberos metrics omnibus ed25519"
+    - !reference [.minimal-bundle-install, script]
   cache:
     policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
 
@@ -243,7 +249,7 @@ update-static-analysis-cache:
 static-analysis:
   extends:
     - .static-analysis-base
-    - .rails:rules:default-refs-code-backstage-qa
+    - .rails:rules:code-backstage-qa
   stage: test
   parallel: 4
   script:
@@ -316,7 +322,7 @@ rspec db-library-code pg12:
     - .rspec-base-pg12
     - .rails:rules:ee-and-foss-db-library-code
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_db_library_code
 
 rspec fast_spec_helper:
@@ -405,7 +411,7 @@ gitlab:setup:
     # db/fixtures/development/04_project.rb thanks to SIZE=1 below
     - git clone https://gitlab.com/gitlab-org/gitlab-test.git
        /home/git/repositories/gitlab-org/gitlab-test.git
-    - *base-script
+    - !reference [.base-script, script]
     - force=yes SIZE=1 FIXTURE_PATH="db/fixtures/development" bundle exec rake gitlab:setup
   artifacts:
     when: on_failure
@@ -485,7 +491,7 @@ rspec:coverage:
     - memory-static
     - memory-on-boot
   script:
-    - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --without default development test production puma unicorn kerberos metrics omnibus ed25519"
+    - !reference [.minimal-bundle-install, script]
     - run_timed_command "bundle exec scripts/merge-simplecov"
     - run_timed_command "bundle exec scripts/gather-test-memory-data"
   coverage: '/LOC \((\d+\.\d+%)\) covered.$/'
@@ -522,7 +528,7 @@ rspec:feature-flags:
     - memory-static
     - memory-on-boot
   script:
-    - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --without default development test production puma unicorn kerberos metrics omnibus ed25519"
+    - !reference [.minimal-bundle-install, script]
     - if [ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]; then
         run_timed_command "bundle exec scripts/used-feature-flags" || (scripts/slack master-broken "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL}" ci_failing "GitLab Bot" && exit 1);
       else
@@ -762,7 +768,7 @@ rspec fail-fast:
   stage: test
   needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"]
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_fail_fast tmp/matching_tests.txt "--tag ~quarantine"
   artifacts:
     expire_in: 7d
@@ -775,7 +781,7 @@ rspec foss-impact:
     - .rails:rules:rspec-foss-impact
   needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss", "detect-tests as-if-foss"]
   script:
-    - *base-script
+    - !reference [.base-script, script]
     - rspec_matched_foss_tests tmp/matching_foss_tests.txt "--tag ~quarantine"
   artifacts:
     expire_in: 7d
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 77ada89aa6a..4d54380cefe 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -15,7 +15,7 @@ code_quality:
   stage: test
   needs: []
   variables:
-    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.18"
+    CODE_QUALITY_IMAGE: "registry.gitlab.com/gitlab-org/ci-cd/codequality:0.85.23"
   script:
     - |
       if ! docker info &>/dev/null; then
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index c18e898dc12..76191a923bf 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -225,12 +225,22 @@ parallel-spec-reports:
 danger-review:
   extends:
     - .default-retry
-    - .yarn-cache
+    - .danger-review-cache
     - .review:rules:danger
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:danger
   stage: test
   needs: []
-  script:
+  before_script:
     - source ./scripts/utils.sh
+    - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --with danger"
     - run_timed_command "retry yarn install --frozen-lockfile"
-    - danger --fail-on-errors=true --verbose
+  script:
+    - run_timed_command "bundle exec danger --fail-on-errors=true --verbose"
+
+update-danger-review-cache:
+  extends:
+    - danger-review
+    - .shared:rules:update-cache
+  stage: prepare
+  script: echo 'Cache is fresh!'
+  cache:
+    policy: push  # We want to rebuild the cache from scratch to ensure stale dependencies are cleaned up.
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 1eafd024f5e..e76b0f2d07f 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -11,25 +11,25 @@
   if: '$CI_PROJECT_NAME != "gitlab-foss" && $CI_PROJECT_NAME != "gitlab-ce" && $CI_PROJECT_NAME != "gitlabhq"'
 
 .if-default-refs: &if-default-refs
-  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI'
+  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_REF_NAME =~ /^[\d-]+-stable(-ee)?$/ || $CI_COMMIT_REF_NAME =~ /^\d+-\d+-auto-deploy-\d+$/ || $CI_COMMIT_REF_NAME =~ /^security\// || $CI_MERGE_REQUEST_IID || $CI_COMMIT_TAG || $FORCE_GITLAB_CI'
 
 .if-master-refs: &if-master-refs
-  if: '$CI_COMMIT_REF_NAME == "master"'
+  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main"'
 
 .if-master-push: &if-master-push
-  if: '$CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "push"'
+  if: '($CI_COMMIT_BRANCH == "master" || $CI_COMMIT_REF_NAME == "main") && $CI_PIPELINE_SOURCE == "push"'
 
 .if-master-schedule-2-hourly: &if-master-schedule-2-hourly
-  if: '$CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
+  if: '($CI_COMMIT_BRANCH == "master" || $CI_COMMIT_REF_NAME == "main") && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "2-hourly"'
 
 .if-master-schedule-nightly: &if-master-schedule-nightly
-  if: '$CI_COMMIT_BRANCH == "master" && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"'
+  if: '($CI_COMMIT_BRANCH == "master" || $CI_COMMIT_REF_NAME == "main") && $CI_PIPELINE_SOURCE == "schedule" && $FREQUENCY == "nightly"'
 
 .if-auto-deploy-branches: &if-auto-deploy-branches
   if: '$CI_COMMIT_BRANCH =~ /^\d+-\d+-auto-deploy-\d+$/'
 
 .if-master-or-tag: &if-master-or-tag
-  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_TAG'
+  if: '$CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main" || $CI_COMMIT_TAG'
 
 .if-merge-request: &if-merge-request
   if: '$CI_MERGE_REQUEST_IID'
@@ -53,7 +53,7 @@
   if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
 
 .if-dot-com-gitlab-org-master: &if-dot-com-gitlab-org-master
-  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_COMMIT_REF_NAME == "master"'
+  if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && ($CI_COMMIT_REF_NAME == "master" || $CI_COMMIT_REF_NAME == "main")'
 
 .if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request
   if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID'
@@ -149,6 +149,7 @@
   - "{,ee/}{app/channels,app/controllers,app/finders,app/graphql,app/helpers,app/mailers,app/models,app/policies,app/presenters,app/serializers,app/services,app/uploaders,app/validators,app/views,app/workers}/**/*"
   - "{,ee/}{bin,cable,config,db,lib}/**/*"
   - "{,ee/}spec/**/*.rb"
+  # CI changes
   - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
   - "*_VERSION"
@@ -162,6 +163,9 @@
   - "{,ee/}spec/support/helpers/database/**/*"
   - "config/prometheus/common_metrics.yml"  # Used by Gitlab::DatabaseImporters::CommonMetrics::Importer
   - "{,ee/}app/models/project_statistics.rb"  # Used to calculate sizes in migration specs
+  # CI changes
+  - ".gitlab-ci.yml"
+  - ".gitlab/ci/**/*"
 
 .db-library-patterns: &db-library-patterns
   - "{,ee/}{,spec/}lib/{,ee/}gitlab/database/**/*"
@@ -183,9 +187,11 @@
   - ".csscomb.json"
   - "Dockerfile.assets"
   - "vendor/assets/**/*"
+  # CI changes
+  - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
   - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
-  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo,scss-lint}.yml"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
   - "*_VERSION"
   - "Gemfile{,.lock}"
   - "Rakefile"
@@ -193,6 +199,7 @@
   - "config.ru"
   - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
   - "doc/api/graphql/reference/*"  # Files in this folder are auto-generated
+  - "data/whats_new/*.yml"
 
 .qa-patterns: &qa-patterns
   - ".dockerignore"
@@ -205,9 +212,11 @@
   - ".csscomb.json"
   - "Dockerfile.assets"
   - "vendor/assets/**/*"
+  # CI changes
+  - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
   - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
-  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo,scss-lint}.yml"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
   - "*_VERSION"
   - "Gemfile{,.lock}"
   - "Rakefile"
@@ -215,6 +224,7 @@
   - "config.ru"
   - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
   - "doc/api/graphql/reference/*"  # Files in this folder are auto-generated
+  - "data/whats_new/*.yml"
   # Backstage changes
   - "Dangerfile"
   - "danger/**/*"
@@ -230,9 +240,11 @@
   - ".csscomb.json"
   - "Dockerfile.assets"
   - "vendor/assets/**/*"
+  # CI changes
+  - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
   - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
-  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo,scss-lint}.yml"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
   - "*_VERSION"
   - "Gemfile{,.lock}"
   - "Rakefile"
@@ -240,6 +252,7 @@
   - "config.ru"
   - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
   - "doc/api/graphql/reference/*"  # Files in this folder are auto-generated
+  - "data/whats_new/*.yml"
   # QA changes
   - ".dockerignore"
   - "qa/**/*"
@@ -251,9 +264,11 @@
   - ".csscomb.json"
   - "Dockerfile.assets"
   - "vendor/assets/**/*"
+  # CI changes
+  - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*"
   - ".{eslintignore,gitattributes,nvmrc,prettierrc,stylelintrc,yamllint}"
-  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo,scss-lint}.yml"
+  - ".{codeclimate,eslintrc,gitlab-ci,haml-lint,haml-lint_todo,rubocop,rubocop_todo,rubocop_manual_todo}.yml"
   - "*_VERSION"
   - "Gemfile{,.lock}"
   - "Rakefile"
@@ -261,6 +276,7 @@
   - "config.ru"
   - "{,ee/}{app,bin,config,db,haml_lint,lib,locale,public,scripts,symbol,vendor}/**/*"
   - "doc/api/graphql/reference/*"  # Files in this folder are auto-generated
+  - "data/whats_new/*.yml"
   # Backstage changes
   - "Dangerfile"
   - "danger/**/*"
@@ -405,6 +421,7 @@
     - <<: *if-security-merge-request
       changes: *code-backstage-patterns
     - <<: *if-merge-request-title-as-if-foss
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -445,7 +462,9 @@
 
 .frontend:rules:bundle-size-review:
   rules:
-    - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
+    - <<: *if-not-canonical-namespace
+      when: never
+    - if: '$DANGER_GITLAB_API_TOKEN && $CI_MERGE_REQUEST_IID && ($CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main")'
       changes: *frontend-patterns
       allow_failure: true
 
@@ -483,6 +502,7 @@
     - <<: *if-security-merge-request
       changes: *code-qa-patterns
     - <<: *if-merge-request-title-as-if-foss
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -602,10 +622,9 @@
     - <<: *if-merge-request
       changes: ["config/**/*"]
 
-.rails:rules:default-refs-code-backstage-qa:
+.rails:rules:code-backstage-qa:
   rules:
-    - <<: *if-default-refs
-      changes: *code-backstage-qa-patterns
+    - changes: *code-backstage-qa-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:ee-only-migration:
@@ -700,6 +719,7 @@
       changes: *db-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *db-patterns
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -716,6 +736,7 @@
       changes: *db-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *db-patterns
+    - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:as-if-foss-unit:
   rules:
@@ -725,6 +746,7 @@
       changes: *backend-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *backend-patterns
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -741,6 +763,7 @@
       changes: *backend-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *backend-patterns
+    - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:as-if-foss-integration:
   rules:
@@ -750,6 +773,7 @@
       changes: *backend-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *backend-patterns
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -766,6 +790,7 @@
       changes: *backend-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *backend-patterns
+    - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:as-if-foss-system:
   rules:
@@ -775,6 +800,7 @@
       changes: *code-backstage-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *code-backstage-patterns
+    - <<: *if-merge-request-title-run-all-rspec
     - <<: *if-merge-request
       changes: *ci-patterns
 
@@ -791,6 +817,7 @@
       changes: *code-backstage-patterns
     - <<: *if-merge-request-title-as-if-foss
       changes: *code-backstage-patterns
+    - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:ee-and-foss-db-library-code:
   rules:
@@ -809,8 +836,7 @@
 
 .rails:rules:detect-tests:
   rules:
-    - <<: *if-default-refs
-      changes: *code-backstage-patterns
+    - changes: *code-backstage-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:rspec-foss-impact:
@@ -1123,8 +1149,7 @@
 #######################
 .test-metadata:rules:retrieve-tests-metadata:
   rules:
-    - <<: *if-default-refs
-      changes: *code-backstage-patterns
+    - changes: *code-backstage-patterns
       when: on_success
     - <<: *if-merge-request-title-run-all-rspec
 
@@ -1136,7 +1161,6 @@
         - ".gitlab/ci/test-metadata.gitlab-ci.yml"
         - "scripts/rspec_helpers.sh"
     - <<: *if-dot-com-ee-schedule
-      changes: *code-backstage-patterns
 
 ###################
 # workhorse rules #
diff --git a/.gitlab/ci/verify-lockfile.gitlab-ci.yml b/.gitlab/ci/verify-lockfile.gitlab-ci.yml
deleted file mode 100644
index 6336a428b4b..00000000000
--- a/.gitlab/ci/verify-lockfile.gitlab-ci.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-verify_lockfile:
-  stage: test
-  image: registry.gitlab.com/gitlab-org/gitlab-build-images:ruby-2.7.2-git-2.29-lfs-2.9-node-14.15-yarn-1.22-graphicsmagick-1.3.34
-  needs: []
-  rules:
-    - changes:
-        - yarn.lock
-  script:
-    - npm config set @dappelt:registry https://gitlab.com/api/v4/projects/22564149/packages/npm/
-    - npx lockfile-lint@4.3.7 --path yarn.lock --allowed-hosts yarn --validate-https
-    - npx @dappelt/untamper-my-lockfile --lockfile yarn.lock
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index a40eebd131b..8361d20d2b7 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -1,20 +1,10 @@
-workhorse:
-  extends: .workhorse:rules:workhorse
-  image: ${GITLAB_DEPENDENCY_PROXY}golang:1.14
-  stage: test
-  needs: []
-  script:
-    - rm .git/hooks/post-checkout
-    - git checkout .
-    - scripts/update-workhorse check
-    - make -C workhorse
-
 workhorse:verify:
   extends: .workhorse:rules:workhorse
   image: ${GITLAB_DEPENDENCY_PROXY}golang:1.15
   stage: test
   needs: []
   script:
+    - make -C workhorse # test build
     - make -C workhorse verify
 
 .workhorse:test:
diff --git a/.gitlab/issue_templates/Experiment Successful Cleanup.md b/.gitlab/issue_templates/Experiment Successful Cleanup.md
index 3f148ec00b1..afe4793cdfc 100644
--- a/.gitlab/issue_templates/Experiment Successful Cleanup.md
+++ b/.gitlab/issue_templates/Experiment Successful Cleanup.md
@@ -10,9 +10,10 @@ The changes need to become an official part of the product.
 - [ ] Determine whether the feature should apply to SaaS and/or self-managed
 - [ ] Determine whether the feature should apply to EE - and which tiers - and/or Core
 - [ ] Determine if tracking should be kept as is, removed, or modified.
-- [ ] Migrate experiment to a default enabled [feature flag](https://docs.gitlab.com/ee/development/feature_flags/development.html) for one milestone and add a changelog. Converting to a feature flag can be skipped at the ICs discretion if risk is deemed low with consideration to both SaaS and (if applicable) self managed.
 - [ ] Ensure any relevant documentation has been updated.
-- [ ] In the next milestone, [remove the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up).
+- [ ] Consider changes to any `feature_category:` introduced by the experiment if ownership is changing (PM for Growth and PM for the new category as DRIs)
+- [ ] Optional: Migrate experiment to a default enabled [feature flag](https://docs.gitlab.com/ee/development/feature_flags) for one milestone and add a changelog. Converting to a feature flag can be skipped at the ICs discretion if risk is deemed low with consideration to both SaaS and (if applicable) self managed
+- [ ] In the next milestone, [remove the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) if applicable
 - [ ] After the flag removal is deployed, [clean up the feature/experiment feature flags](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) by running chatops command in `#production` channel
 
 /label ~"feature" ~"feature::maintenance" ~"workflow::scheduling" ~"growth experiment" ~"feature flag"  
diff --git a/.gitlab/issue_templates/Adoption Engineering.md b/.gitlab/issue_templates/Experimentation.md
index 01e9d0ea033..f84c4305c2c 100644
--- a/.gitlab/issue_templates/Adoption Engineering.md
+++ b/.gitlab/issue_templates/Experimentation.md
@@ -1,14 +1,25 @@
-#Design
-<!-- This should include the contexts that determine the reproducibility (stickiness) of an experiment. This means that if you want the same behavior for a user, the context would be user, or if you want all users when viewing a specific project, the context would be the project being viewed, etc. -->
+<!-- Title suggestion: Experiment: [description] -->
+
+# Experiment Summary
+<!-- Quick rundown of what is being done -->
 
+# Design
+<!-- This should include the contexts that determine the reproducibility (stickiness) of an experiment. This means that if you want the same behavior for a user, the context would be user, or if you want all users when viewing a specific project, the context would be the project being viewed, etc. -->
 
-#Rollout strategy
+# Rollout strategy
 <!-- This is currently called A/B test, which isn't accurate for multi-variants. Let's call this rollout strategy. It should outline the percentages for variants and if there's more than one step to this, each of those steps and the timing for those steps (e.g. 30 days after initial rollout). -->
 
-#Inclusions and exclusions
+# Inclusions and exclusions
 <!-- These would be the rules for which given context (and are limited to context or resolvable at experiment time details) is included or excluded from the test. An example of this would be to only run an experiment on groups less than N number of days old. -->
 
-#Segmentation 
+# Segmentation 
 <!-- Rules for always saying context with these criteria always get this variant. For instance, if you want to always give groups less than N number of days old the experiment experience, they are specified here. This is different from the exclusion rules above. -->
 
-#Tracking
+# Tracking Details
+
+- [json schema](https://gitlab.com/gitlab-org/iglu/-/blob/master/public/schemas/com.gitlab/gitlab_experiment/jsonschema/0-3-0) used in `gitlab-experiment` tracking.
+- see [taxonomy](https://docs.gitlab.com/ee/development/snowplow.html#structured-event-taxonomy) for a guide.
+
+| activity | category | action | label | context | property | value |
+| -------- | -------- | ------ | ----- | ------- | -------- | ----- |
+|  |  |  |  | json schema |  |  |
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index 615fb644967..fe263b932ae 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md
@@ -18,7 +18,7 @@ Remove the `:feature_name` feature flag ...
 
 ### What can we monitor to detect problems with this?
 
-<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? Sentry errors reports can alse be useful to review -->
+<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? Sentry errors reports can also be useful to review -->
 
 
 ## Beta groups/projects
diff --git a/.gitlab/issue_templates/Query Performance Investigation.md b/.gitlab/issue_templates/Query Performance Investigation.md
index 3f2a6361d64..ddd361e4f2f 100644
--- a/.gitlab/issue_templates/Query Performance Investigation.md
+++ b/.gitlab/issue_templates/Query Performance Investigation.md
@@ -1,6 +1,6 @@
 ## Description
 
-As the name implies, the purpose of the template is to detail underperforming queries for futher investigation.
+As the name implies, the purpose of the template is to detail underperforming queries for further investigation.
 
 ### Steps
 
@@ -14,8 +14,10 @@ As the name implies, the purpose of the template is to detail underperforming qu
 
 Please provide as many of these fields as possible when submitting a query performance report.
 
-- TPS
-- Duration
+- Queries per second (on average or peak)
+- Number of calls per second and relative to total number of calls
+- Query timings (on average or peak)
+- Database time relative to total database time
 - Source of calls (Sidekiq, WebAPI, etc)
 - Query ID
 - SQL Statement
diff --git a/.gitlab/issue_templates/experiment_tracking_template.md b/.gitlab/issue_templates/experiment_tracking_template.md
new file mode 100644
index 00000000000..432ae57e594
--- /dev/null
+++ b/.gitlab/issue_templates/experiment_tracking_template.md
@@ -0,0 +1,94 @@
+<!-- Title suggestion: [Experiment Tracking] experiment-key - description of experiment -->
+
+## What
+
+Track the status of an experiment through to removal.
+
+1. Experiment key: `<experiment-key>`
+1. Framework: `experimentation.rb` | `gitlab_experiment`
+1. Feature flag name: <experiment-key>_experiment_percentage` | `<experiment-key>`
+
+This is an experiment tracking issue for: `<issue or epic link>` 
+using the scoped [experiment label](https://about.gitlab.com/handbook/engineering/development/growth/#experiment-tracking-issue).
+
+As well as defining the experiment rollout and cleanup, this issue incorporates the relevant 
+[`Feature Flag Roll Out`](https://gitlab.com/gitlab-org/gitlab/-/edit/master/.gitlab/issue_templates/Feature%20Flag%20Roll%20Out.md) steps. 
+
+## Owners
+
+- Team: `group::TEAM_NAME`
+- Most appropriate slack channel to reach out to: `#g_TEAM_NAME`
+- Best individual to reach out to: NAME
+
+## Expectations
+
+### What are we expecting to happen?
+
+### What might happen if this goes wrong?
+
+### What can we monitor to detect problems with this?
+<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? Sentry errors reports can alse be useful to review -->
+
+### Tracked data
+<!-- brief description or link to issue or Sisense dashboard -->
+ 
+ Note: you can utilize [CXL calculator](https://cxl.com/ab-test-calculator/) to determine if your experiment has reached signifigance, it also includes an estimate for how much longer an experiment will need to run for before reaching signifigance.
+
+### Staging Test
+<!-- For experiments using `experimentation.rb`: To force this experiment on staging use `?force_experiment=<experiment-key>` -->
+<!-- list any steps required to setup this experiment, and link to a separate Staging environment test issue is applicable -->
+
+<!-- uncomment if testing with specific groups/projects on GitLab.com
+## Beta groups/projects
+
+If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.
+
+- `gitlab-org/gitlab` project
+- `gitlab-org`/`gitlab-com` groups
+- ...
+-->
+
+### Experiment tracking log
+<!-- Add an overview and method for modifying the feature flag
+
+* Runtime: 30 days or until we reach statistical significance
+* We will roll this out behind a feature flag and expose this to 20% of users to start then ramp it up from there.
+* feature flag based on experiment key `<experiment-key>` (see `experimentation.rb` in GitLab, append '_experiment_percentage')
+
+`/chatops run feature set <experiment-key>_experiment_percentage <INITIAL_PERCENTAGE>`
+-->
+<!-- Add bullet points to track changes to the rollout of this experiment (feature flag changes) 
+
+* YYYY-MM-DD UTC - initial rollout to 20% of users
+* TBD - review - increase to 50% of users
+-->
+
+### Experiment Results
+<!-- update when experiment in/validated, set the scoped `~experiment::` status accordingly -->
+
+## Roll Out Steps
+
+- [ ] Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant [stable counterpart in the Quality department](https://about.gitlab.com/handbook/engineering/quality/#individual-contributors))
+- [ ] Enable on staging (`/chatops run feature set feature_name true --staging`)
+- [ ] Test on staging
+- [ ] Ensure that documentation has been updated
+- [ ] Enable on GitLab.com for individual groups/projects listed above and verify behaviour  (`/chatops run feature set --project=gitlab-org/gitlab feature_name true`)
+- [ ] Coordinate a time to enable the flag with the SRE oncall and release managers
+  - In `#production` mention `@sre-oncall` and `@release-managers`. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
+- [ ] Announce on the issue an estimated time this will be enabled on GitLab.com
+- [ ] Enable on GitLab.com by running chatops command in `#production` (`/chatops run feature set feature_name true`)
+- [ ] Cross post chatops Slack command to `#support_gitlab-com` ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#where-to-run-commands)) and in your team channel
+- [ ] Announce on the issue that the flag has been enabled
+- [ ] Remove experiment code and feature flag and add changelog entry - a separate [cleanup issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Experiment%20Successful%20Cleanup) might be required
+- [ ] After the flag removal is deployed, [clean up the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) by running chatops command in `#production` channel
+
+## Rollback Steps
+
+- [ ] This feature can be disabled by running the following Chatops command:
+
+```
+/chatops run feature set feature_name false
+```
+
+/label ~"feature flag" ~"devops::growth" ~"growth experiment" ~"experiment tracking" ~Engineering ~"workflow::scheduling" ~"experiment::pending"
+