Add latest changes from gitlab-org/gitlab@13-7-stable-eev13.7.0-rc42

21 files changed, 422 insertions, 78 deletions

diff --git a/.gitlab/CODEOWNERS b/.gitlab/CODEOWNERS
index a24fef5e44d..70d9dbc9ad7 100644
--- a/.gitlab/CODEOWNERS
+++ b/.gitlab/CODEOWNERS
@@ -147,6 +147,8 @@
 /ee/spec/javascripts/ @gitlab-org/maintainers/frontend
 /spec/frontend/ @gitlab-org/maintainers/frontend
 /ee/spec/frontend/ @gitlab-org/maintainers/frontend
+/spec/frontend_integration/ @gitlab-org/maintainers/frontend
+/ee/spec/frontend_integration/ @gitlab-org/maintainers/frontend
 
 [Database]
 /db/ @gitlab-org/maintainers/database
@@ -159,6 +161,7 @@
 /lib/gitlab/github_import/ @gitlab-org/maintainers/database
 /app/finders/ @gitlab-org/maintainers/database
 /ee/app/finders/ @gitlab-org/maintainers/database
+/rubocop/rubocop-migrations.yml @gitlab-org/maintainers/database
 
 [Engineering Productivity]
 /.gitlab-ci.yml @gl-quality/eng-prod
@@ -194,12 +197,17 @@ Dangerfile @gl-quality/eng-prod
 
 # Secure & Threat Management ownership delineation
 # https://about.gitlab.com/handbook/engineering/development/threat-management/delineate-secure-threat-management.html#technical-boundaries
-[Secure]
+[Threat Insights]
 /ee/app/finders/security/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/models/security/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/models/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
 /ee/app/models/vulnerability.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/app/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
+/ee/app/policies/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
 /ee/lib/api/vulnerabilit*.rb @gitlab-org/secure/threat-insights-backend-team
+/ee/spec/policies/vulnerabilities/ @gitlab-org/secure/threat-insights-backend-team
+/ee/spec/policies/vulnerabilities/vulnerability*.rb @gitlab-org/secure/threat-insights-backend-team
+[Secure]
 /ee/lib/gitlab/ci/parsers/license_compliance/ @gitlab-org/secure/composition-analysis-be
 /ee/lib/gitlab/ci/parsers/security/ @gitlab-org/secure/composition-analysis-be @gitlab-org/secure/dynamic-analysis-be @gitlab-org/secure/static-analysis-be @gitlab-org/secure/fuzzing-be
 /ee/lib/gitlab/ci/reports/coverage_fuzzing/ @gitlab-org/secure/fuzzing-be
diff --git a/.gitlab/ci/dev-fixtures.gitlab-ci.yml b/.gitlab/ci/dev-fixtures.gitlab-ci.yml
index 4141cc7f071..c19dce7e4a9 100644
--- a/.gitlab/ci/dev-fixtures.gitlab-ci.yml
+++ b/.gitlab/ci/dev-fixtures.gitlab-ci.yml
@@ -8,9 +8,9 @@
   needs: ["setup-test-env"]
   variables:
     FIXTURE_PATH: "db/fixtures/development"
-    SEED_CYCLE_ANALYTICS: "true"
+    SEED_VSA: "true"
     SEED_PRODUCTIVITY_ANALYTICS: "true"
-    CYCLE_ANALYTICS_ISSUE_COUNT: 1
+    VSA_ISSUE_COUNT: 1
     SIZE: 0  # number of external projects to fork, requires network connection
     # SEED_NESTED_GROUPS: "false" # requires network connection
 
diff --git a/.gitlab/ci/docs.gitlab-ci.yml b/.gitlab/ci/docs.gitlab-ci.yml
index b258eb73515..d6dc709a11a 100644
--- a/.gitlab/ci/docs.gitlab-ci.yml
+++ b/.gitlab/ci/docs.gitlab-ci.yml
@@ -53,7 +53,7 @@ docs-lint links:
   extends:
     - .default-retry
     - .docs:rules:docs-lint
-  image: "registry.gitlab.com/gitlab-org/gitlab-docs/lint:ruby-2.7.2-alpine-3.12-vale-2.4.3-markdownlint-0.24.0"
+  image: "registry.gitlab.com/gitlab-org/gitlab-docs/lint-html:alpine-3.12-ruby-2.7.2"
   stage: test
   needs: []
   script:
@@ -66,6 +66,13 @@ docs-lint links:
     - bundle exec nanoc
     # Check the internal links
     - bundle exec nanoc check internal_links
+    # Delete the redirect files, rebuild, and check internal links again, to see if we are linking to redirects.
+    # Don't delete the documentation/index.md, which is a false positive for the simple grep.
+    - grep -rl "redirect_to:" /tmp/gitlab-docs/content/ee/ | grep -v "development/documentation/index.md" | xargs rm -f
+    - bundle exec nanoc
+    - echo -e "\e[1;96mThe following test fails when a doc links to a redirect file."
+    - echo -e "\e[1;96mMake sure all links point to the correct page."
+    - bundle exec nanoc check internal_links
     # Check the internal anchor links
     - bundle exec nanoc check internal_anchors
 
diff --git a/.gitlab/ci/rails.gitlab-ci.yml b/.gitlab/ci/rails.gitlab-ci.yml
index 14b07dd4a2a..2818b6be176 100644
--- a/.gitlab/ci/rails.gitlab-ci.yml
+++ b/.gitlab/ci/rails.gitlab-ci.yml
@@ -14,6 +14,10 @@
   - run_timed_command "scripts/gitaly-test-spawn"
   - source ./scripts/rspec_helpers.sh
 
+.minimal-rspec-tests:
+  variables:
+    RSPEC_TESTS_MAPPING_ENABLED: "true"
+
 .rspec-base:
   extends: .rails-job-base
   stage: test
@@ -21,7 +25,8 @@
     RUBY_GC_MALLOC_LIMIT: 67108864
     RUBY_GC_MALLOC_LIMIT_MAX: 134217728
     CRYSTALBALL: "true"
-  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets"]
+    RECORD_DEPRECATIONS: "true"
+  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets", "detect-tests"]
   script:
     - *base-script
     - rspec_paralellized_job "--tag ~quarantine --tag ~geo --tag ~level:migration"
@@ -31,6 +36,7 @@
     paths:
       - coverage/
       - crystalball/
+      - deprecations/
       - knapsack/
       - rspec_flaky/
       - rspec_profiling/
@@ -62,7 +68,7 @@
     - .rspec-base
     - .as-if-foss
     - .use-pg11
-  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss"]
+  needs: ["setup-test-env", "retrieve-tests-metadata", "compile-test-assets as-if-foss", "detect-tests"]
 
 .rspec-ee-base-pg11:
   extends:
@@ -238,24 +244,48 @@ rspec migration pg11:
     - .rspec-base-migration
     - .rspec-migration-parallel
 
+rspec migration pg11 minimal:
+  extends:
+    - rspec migration pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-and-foss-migration:minimal
+
 rspec unit pg11:
   extends:
     - .rspec-base-pg11
     - .rails:rules:ee-and-foss-unit
     - .rspec-unit-parallel
 
+rspec unit pg11 minimal:
+  extends:
+    - rspec unit pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-and-foss-unit:minimal
+
 rspec integration pg11:
   extends:
     - .rspec-base-pg11
     - .rails:rules:ee-and-foss-integration
     - .rspec-integration-parallel
 
+rspec integration pg11 minimal:
+  extends:
+    - rspec integration pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-and-foss-integration:minimal
+
 rspec system pg11:
   extends:
     - .rspec-base-pg11
     - .rails:rules:ee-and-foss-system
     - .rspec-system-parallel
 
+rspec system pg11 minimal:
+  extends:
+    - rspec system pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-and-foss-system:minimal
+
 rspec fast_spec_helper:
   extends:
     - .rspec-base-pg11
@@ -263,6 +293,12 @@ rspec fast_spec_helper:
   script:
     - bin/rspec spec/fast_spec_helper.rb
 
+rspec fast_spec_helper minimal:
+  extends:
+    - rspec fast_spec_helper
+    - .minimal-rspec-tests
+    - .rails:rules:ee-and-foss-fast_spec_helper:minimal
+
 db:migrate:reset:
   extends: .db-job-base
   script:
@@ -284,7 +320,7 @@ db:migrate-from-v12.10.0:
     - export TAG_TO_CHECKOUT="v12.10.0-ee"
     - '[[ -d "ee/" ]] || export PROJECT_TO_CHECKOUT="gitlab-foss"'
     - '[[ -d "ee/" ]] || export TAG_TO_CHECKOUT="v12.10.0"'
-    - git fetch https://gitlab.com/gitlab-org/$PROJECT_TO_CHECKOUT.git $TAG_TO_CHECKOUT
+    - retry 'git fetch https://gitlab.com/gitlab-org/$PROJECT_TO_CHECKOUT.git $TAG_TO_CHECKOUT'
     - git checkout -f FETCH_HEAD
     - sed -i -e "s/gem 'grpc', '~> 1.24.0'/gem 'grpc', '~> 1.30.2'/" Gemfile  # Update gRPC for Ruby 2.7
     - sed -i -e "s/gem 'google-protobuf', '~> 3.8.0'/gem 'google-protobuf', '~> 3.12.0'/" Gemfile
@@ -382,6 +418,7 @@ rspec:feature-flags:
     - .coverage-base
     - .rails:rules:rspec-feature-flags
   stage: post-test
+  allow_failure: true
   # We cannot use needs since it would mean needing 84 jobs (since most are parallelized)
   # so we use `dependencies` here.
   dependencies:
@@ -401,7 +438,8 @@ rspec:feature-flags:
     - memory-on-boot
   script:
     - run_timed_command "bundle install --jobs=$(nproc) --path=vendor --retry=3 --quiet --without default development test production puma unicorn kerberos metrics omnibus ed25519"
-    - run_timed_command "bundle exec scripts/used-feature-flags"
+    - 'run_timed_command "bundle exec scripts/used-feature-flags" || (scripts/slack master-broken "☠️ \`${CI_JOB_NAME}\` failed! ☠️ See ${CI_JOB_URL}" ci_failing "GitLab Bot" && exit 1)'
+
 # EE/FOSS: default refs (MRs, master, schedules) jobs #
 #######################################################
 
@@ -414,24 +452,48 @@ rspec migration pg11-as-if-foss:
     - .rails:rules:as-if-foss-migration
     - .rspec-migration-parallel
 
+rspec migration pg11-as-if-foss minimal:
+  extends:
+    - rspec migration pg11-as-if-foss
+    - .minimal-rspec-tests
+    - .rails:rules:as-if-foss-migration:minimal
+
 rspec unit pg11-as-if-foss:
   extends:
     - .rspec-base-pg11-as-if-foss
     - .rails:rules:as-if-foss-unit
     - .rspec-unit-parallel
 
+rspec unit pg11-as-if-foss minimal:
+  extends:
+    - rspec unit pg11-as-if-foss
+    - .minimal-rspec-tests
+    - .rails:rules:as-if-foss-unit:minimal
+
 rspec integration pg11-as-if-foss:
   extends:
     - .rspec-base-pg11-as-if-foss
     - .rails:rules:as-if-foss-integration
     - .rspec-integration-parallel
 
+rspec integration pg11-as-if-foss minimal:
+  extends:
+    - rspec integration pg11-as-if-foss
+    - .minimal-rspec-tests
+    - .rails:rules:as-if-foss-integration:minimal
+
 rspec system pg11-as-if-foss:
   extends:
     - .rspec-base-pg11-as-if-foss
     - .rails:rules:as-if-foss-system
     - .rspec-system-parallel
 
+rspec system pg11-as-if-foss minimal:
+  extends:
+    - rspec system pg11-as-if-foss
+    - .minimal-rspec-tests
+    - .rails:rules:as-if-foss-system:minimal
+
 rspec-ee migration pg11:
   extends:
     - .rspec-ee-base-pg11
@@ -439,40 +501,82 @@ rspec-ee migration pg11:
     - .rails:rules:ee-only-migration
     - .rspec-ee-migration-parallel
 
+rspec-ee migration pg11 minimal:
+  extends:
+    - rspec-ee migration pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-migration:minimal
+
 rspec-ee unit pg11:
   extends:
     - .rspec-ee-base-pg11
     - .rails:rules:ee-only-unit
     - .rspec-ee-unit-parallel
 
+rspec-ee unit pg11 minimal:
+  extends:
+    - rspec-ee unit pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-unit:minimal
+
 rspec-ee integration pg11:
   extends:
     - .rspec-ee-base-pg11
     - .rails:rules:ee-only-integration
     - .rspec-ee-integration-parallel
 
+rspec-ee integration pg11 minimal:
+  extends:
+    - rspec-ee integration pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-integration:minimal
+
 rspec-ee system pg11:
   extends:
     - .rspec-ee-base-pg11
     - .rails:rules:ee-only-system
     - .rspec-ee-system-parallel
 
+rspec-ee system pg11 minimal:
+  extends:
+    - rspec-ee system pg11
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-system:minimal
+
 rspec-ee unit pg11 geo:
   extends:
     - .rspec-ee-base-geo-pg11
     - .rails:rules:ee-only-unit
     - .rspec-ee-unit-geo-parallel
 
+rspec-ee unit pg11 geo minimal:
+  extends:
+    - rspec-ee unit pg11 geo
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-unit:minimal
+
 rspec-ee integration pg11 geo:
   extends:
     - .rspec-ee-base-geo-pg11
     - .rails:rules:ee-only-integration
 
+rspec-ee integration pg11 geo minimal:
+  extends:
+    - rspec-ee integration pg11 geo
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-integration:minimal
+
 rspec-ee system pg11 geo:
   extends:
     - .rspec-ee-base-geo-pg11
     - .rails:rules:ee-only-system
 
+rspec-ee system pg11 geo minimal:
+  extends:
+    - rspec-ee system pg11 geo
+    - .minimal-rspec-tests
+    - .rails:rules:ee-only-system:minimal
+
 db:rollback geo:
   extends:
     - db:rollback
diff --git a/.gitlab/ci/reports.gitlab-ci.yml b/.gitlab/ci/reports.gitlab-ci.yml
index 565ed93967c..85aec070557 100644
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -145,6 +145,10 @@ dependency_scanning:
         --volume "$PWD:/code" \
         --volume /var/run/docker.sock:/var/run/docker.sock \
         "registry.gitlab.com/gitlab-org/security-products/dependency-scanning:$DS_MAJOR_VERSION" /code
+    # Post-processing: This will be an after_script once this job will use the Dependency Scanning CI template
+    - apk add jq
+    # Lower execa severity based on https://gitlab.com/gitlab-org/gitlab/-/issues/223859#note_452922390
+    - jq '(.vulnerabilities[] | select (.cve == "yarn.lock:execa:gemnasium:05cfa2e8-2d0c-42c1-8894-638e2f12ff3d")).severity = "Medium"' gl-dependency-scanning-report.json > temp.json && mv temp.json gl-dependency-scanning-report.json
   artifacts:
     paths:
       - gl-dependency-scanning-report.json  # GitLab-specific
diff --git a/.gitlab/ci/review.gitlab-ci.yml b/.gitlab/ci/review.gitlab-ci.yml
index d3069657e88..f1bd173ff6d 100644
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@@ -38,7 +38,7 @@ review-build-cng:
     - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
     # When the job is manual, review-deploy is also manual and we don't want people
     # to have to manually start the jobs in sequence, so we do it for them.
-    - '[ -z $CI_JOB_MANUAL ] || play_job "review-deploy"'
+    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-deploy"'
 
 .review-workflow-base:
   extends:
@@ -78,8 +78,8 @@ review-deploy:
     - disable_sign_ups || (delete_release && exit 1)
     # When the job is manual, review-qa-smoke is also manual and we don't want people
     # to have to manually start the jobs in sequence, so we do it for them.
-    - '[ -z $CI_JOB_MANUAL ] || play_job "review-qa-smoke"'
-    - '[ -z $CI_JOB_MANUAL ] || play_job "review-performance"'
+    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-qa-smoke"'
+    - '[ -z $CI_JOB_MANUAL ] || scripts/api/play_job --job-name "review-performance"'
   after_script:
     # Run seed-dast-test-data.sh only when DAST_RUN is set to true. This is to pupulate review app with data for DAST scan.
     # Set DAST_RUN to true when jobs are manually scheduled.
diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index 7f469221da2..159defc83c3 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -46,6 +46,9 @@
 .if-security-merge-request: &if-security-merge-request
   if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_MERGE_REQUEST_IID'
 
+.if-security-schedule: &if-security-schedule
+  if: '$CI_PROJECT_NAMESPACE == "gitlab-org/security" && $CI_PIPELINE_SOURCE == "schedule"'
+
 .if-dot-com-gitlab-org-schedule: &if-dot-com-gitlab-org-schedule
   if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_PIPELINE_SOURCE == "schedule"'
 
@@ -67,6 +70,9 @@
 .if-cache-credentials-schedule: &if-cache-credentials-schedule
   if: '$CI_REPO_CACHE_CREDENTIALS && $CI_PIPELINE_SOURCE == "schedule"'
 
+.if-merge-request-rspec-minimal-disabled: &if-merge-request-rspec-minimal-disabled
+  if: '$CI_MERGE_REQUEST_IID && $RSPEC_MINIMAL_ENABLED != "true"'
+
 .if-rspec-fail-fast-disabled: &if-rspec-fail-fast-disabled
   if: '$RSPEC_FAIL_FAST_ENABLED != "true"'
 
@@ -103,6 +109,10 @@
   - ".gitlab/ci/build-images.gitlab-ci.yml"
   - ".gitlab/ci/qa.gitlab-ci.yml"
 
+.workhorse-patterns: &workhorse-patterns
+  - "GITLAB_WORKHORSE_VERSION"
+  - "workhorse/**/*"
+
 .yaml-lint-patterns: &yaml-lint-patterns
   - ".gitlab-ci.yml"
   - ".gitlab/ci/**/*.yml"
@@ -154,6 +164,7 @@
   - "{,ee/}fixtures/**/*"
   - "{,ee/}rubocop/**/*"
   - "{,ee/}spec/**/*"
+  - "{,spec/}tooling/**/*"
 
 .code-patterns: &code-patterns
   - "{package.json,yarn.lock}"
@@ -200,6 +211,7 @@
   - "{,ee/}fixtures/**/*"
   - "{,ee/}rubocop/**/*"
   - "{,ee/}spec/**/*"
+  - "{,spec/}tooling/**/*"
 
 .code-qa-patterns: &code-qa-patterns
   - "{package.json,yarn.lock}"
@@ -245,6 +257,7 @@
   - "{,ee/}fixtures/**/*"
   - "{,ee/}rubocop/**/*"
   - "{,ee/}spec/**/*"
+  - "{,spec/}tooling/**/*"
   # QA changes
   - ".dockerignore"
   - "qa/**/*"
@@ -255,6 +268,7 @@
 .shared:rules:update-cache:
   rules:
     - <<: *if-master-schedule-2-hourly
+    - <<: *if-security-schedule
     - <<: *if-merge-request-title-update-caches
 
 ######################
@@ -395,6 +409,7 @@
       when: never
     - <<: *if-merge-request
       changes: *code-backstage-patterns
+      when: always
     - <<: *if-master-refs
       changes: *code-backstage-patterns
 
@@ -480,26 +495,86 @@
     - changes: *db-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-and-foss-migration:minimal:
+  rules:
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *db-patterns
+
 .rails:rules:ee-and-foss-unit:
   rules:
     - changes: *backend-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-and-foss-unit:minimal:
+  rules:
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *backend-patterns
+
 .rails:rules:ee-and-foss-integration:
   rules:
     - changes: *backend-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-and-foss-integration:minimal:
+  rules:
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *backend-patterns
+
 .rails:rules:ee-and-foss-system:
   rules:
     - changes: *code-backstage-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-and-foss-system:minimal:
+  rules:
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *code-backstage-patterns
+
 .rails:rules:ee-and-foss-fast_spec_helper:
   rules:
     - changes: ["config/**/*"]
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-and-foss-fast_spec_helper:minimal:
+  rules:
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: ["config/**/*"]
+
 .rails:rules:default-refs-code-backstage-qa:
   rules:
     - <<: *if-default-refs
@@ -513,6 +588,20 @@
     - changes: *db-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-only-migration:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *db-patterns
+
 .rails:rules:ee-only-unit:
   rules:
     - <<: *if-not-ee
@@ -520,6 +609,20 @@
     - changes: *backend-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-only-unit:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *backend-patterns
+
 .rails:rules:ee-only-integration:
   rules:
     - <<: *if-not-ee
@@ -527,6 +630,20 @@
     - changes: *backend-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-only-integration:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *backend-patterns
+
 .rails:rules:ee-only-system:
   rules:
     - <<: *if-not-ee
@@ -534,6 +651,20 @@
     - changes: *code-backstage-patterns
     - <<: *if-merge-request-title-run-all-rspec
 
+.rails:rules:ee-only-system:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request-title-run-all-rspec
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-merge-request
+      changes: *code-backstage-patterns
+
 .rails:rules:as-if-foss-migration:
   rules:
     - <<: *if-not-ee
@@ -545,6 +676,20 @@
     - <<: *if-merge-request
       changes: *ci-patterns
 
+.rails:rules:as-if-foss-migration:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-security-merge-request
+      changes: *db-patterns
+    - <<: *if-merge-request-title-as-if-foss
+      changes: *db-patterns
+
 .rails:rules:as-if-foss-unit:
   rules:
     - <<: *if-not-ee
@@ -556,6 +701,20 @@
     - <<: *if-merge-request
       changes: *ci-patterns
 
+.rails:rules:as-if-foss-unit:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-security-merge-request
+      changes: *backend-patterns
+    - <<: *if-merge-request-title-as-if-foss
+      changes: *backend-patterns
+
 .rails:rules:as-if-foss-integration:
   rules:
     - <<: *if-not-ee
@@ -567,6 +726,20 @@
     - <<: *if-merge-request
       changes: *ci-patterns
 
+.rails:rules:as-if-foss-integration:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-security-merge-request
+      changes: *backend-patterns
+    - <<: *if-merge-request-title-as-if-foss
+      changes: *backend-patterns
+
 .rails:rules:as-if-foss-system:
   rules:
     - <<: *if-not-ee
@@ -578,6 +751,20 @@
     - <<: *if-merge-request
       changes: *ci-patterns
 
+.rails:rules:as-if-foss-system:minimal:
+  rules:
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request-rspec-minimal-disabled
+      when: never
+    - <<: *if-merge-request
+      changes: *ci-patterns
+      when: never
+    - <<: *if-security-merge-request
+      changes: *code-backstage-patterns
+    - <<: *if-merge-request-title-as-if-foss
+      changes: *code-backstage-patterns
+
 .rails:rules:ee-mr-and-master-only:
   rules:
     - <<: *if-not-ee
@@ -590,12 +777,9 @@
 
 .rails:rules:detect-tests:
   rules:
-    - <<: *if-not-ee
-      when: never
-    - <<: *if-security-merge-request
-      changes: *code-backstage-patterns
-    - <<: *if-dot-com-gitlab-org-merge-request
+    - <<: *if-default-refs
       changes: *code-backstage-patterns
+    - <<: *if-merge-request-title-run-all-rspec
 
 .rails:rules:rspec-foss-impact:
   rules:
@@ -647,8 +831,10 @@
       when: never
     - <<: *if-merge-request
       changes: *code-backstage-patterns
+      when: always
     - <<: *if-master-schedule-2-hourly
     - <<: *if-merge-request-title-run-all-rspec
+      when: always
 
 .rails:rules:rspec-feature-flags:
   rules:
@@ -913,6 +1099,14 @@
       changes: *code-backstage-patterns
 
 ###################
+# workhorse rules #
+###################
+.workhorse:rules:workhorse:
+  rules:
+    - <<: *if-default-refs
+      changes: *workhorse-patterns
+
+###################
 # yaml-lint rules #
 ###################
 .yaml-lint:rules:
diff --git a/.gitlab/ci/setup.gitlab-ci.yml b/.gitlab/ci/setup.gitlab-ci.yml
index abe7625c740..74510a0a03a 100644
--- a/.gitlab/ci/setup.gitlab-ci.yml
+++ b/.gitlab/ci/setup.gitlab-ci.yml
@@ -61,15 +61,17 @@ verify-tests-yml:
     - scripts/verify-tff-mapping
 
 .detect-test-base:
-  image: ruby:2.7-alpine
+  image: ruby:2.7
   needs: []
   stage: prepare
   script:
-    - source scripts/utils.sh
+    - source ./scripts/utils.sh
+    - source ./scripts/rspec_helpers.sh
     - install_gitlab_gem
     - install_tff_gem
-    - tooling/bin/find_foss_tests ${MATCHED_TESTS_FILE}
-    - 'echo "test files affected: $(cat $MATCHED_TESTS_FILE)"'
+    - retrieve_tests_mapping
+    - 'if [ -n "$CI_MERGE_REQUEST_IID" ]; then tooling/bin/find_tests ${MATCHED_TESTS_FILE}; fi'
+    - 'if [ -n "$CI_MERGE_REQUEST_IID" ]; then echo "test files affected: $(cat $MATCHED_TESTS_FILE)"; fi'
   artifacts:
     expire_in: 7d
     paths:
@@ -80,6 +82,7 @@ detect-tests:
     - .detect-test-base
     - .rails:rules:detect-tests
   variables:
+    RSPEC_TESTS_MAPPING_ENABLED: "true"
     MATCHED_TESTS_FILE: tmp/matching_tests.txt
 
 detect-tests as-if-foss:
diff --git a/.gitlab/ci/test-metadata.gitlab-ci.yml b/.gitlab/ci/test-metadata.gitlab-ci.yml
index e4b7047ef71..aec0a1640f1 100644
--- a/.gitlab/ci/test-metadata.gitlab-ci.yml
+++ b/.gitlab/ci/test-metadata.gitlab-ci.yml
@@ -1,6 +1,5 @@
 .tests-metadata-state:
-  variables:
-    TESTS_METADATA_S3_BUCKET: "gitlab-ce-cache"
+  image: ruby:2.7
   before_script:
     - source scripts/utils.sh
   artifacts:
@@ -17,7 +16,8 @@ retrieve-tests-metadata:
     - .test-metadata:rules:retrieve-tests-metadata
   stage: prepare
   script:
-    - source scripts/rspec_helpers.sh
+    - install_gitlab_gem
+    - source ./scripts/rspec_helpers.sh
     - retrieve_tests_metadata
 
 update-tests-metadata:
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
new file mode 100644
index 00000000000..29131159876
--- /dev/null
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -0,0 +1,10 @@
+workhorse:
+  extends: .workhorse:rules:workhorse
+  image: golang:1.14
+  stage: test
+  needs: []
+  script:
+    - rm .git/hooks/post-checkout
+    - git checkout .
+    - scripts/update-workhorse check
+    - make -C workhorse
diff --git a/.gitlab/issue_templates/Doc Review.md b/.gitlab/issue_templates/Doc Review.md
index bd3843ac5cd..5b470ed7c75 100644
--- a/.gitlab/issue_templates/Doc Review.md
+++ b/.gitlab/issue_templates/Doc Review.md
@@ -3,7 +3,7 @@
 
 <!-- NOTE: Please add a DevOps stage label (format `devops:<stage_name>`)
      and assign the technical writer who is
-     [listed for that stage](https://about.gitlab.com/handbook/product/product-categories/#devops-stages). -->
+     [listed for that stage](https://about.gitlab.com/handbook/product/categories/#devops-stages). -->
 
 
 ## References
diff --git a/.gitlab/issue_templates/Experiment Successful Cleanup.md b/.gitlab/issue_templates/Experiment Successful Cleanup.md
new file mode 100644
index 00000000000..3f148ec00b1
--- /dev/null
+++ b/.gitlab/issue_templates/Experiment Successful Cleanup.md
@@ -0,0 +1,18 @@
+<!-- Title suggestion: [Experiment Name] Successful Cleanup -->
+
+## Summary
+
+The experiment is currently rolled out to 100% of users and has been deemed a success.
+The changes need to become an official part of the product.
+
+## Steps
+
+- [ ] Determine whether the feature should apply to SaaS and/or self-managed
+- [ ] Determine whether the feature should apply to EE - and which tiers - and/or Core
+- [ ] Determine if tracking should be kept as is, removed, or modified.
+- [ ] Migrate experiment to a default enabled [feature flag](https://docs.gitlab.com/ee/development/feature_flags/development.html) for one milestone and add a changelog. Converting to a feature flag can be skipped at the ICs discretion if risk is deemed low with consideration to both SaaS and (if applicable) self managed.
+- [ ] Ensure any relevant documentation has been updated.
+- [ ] In the next milestone, [remove the feature flag](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up).
+- [ ] After the flag removal is deployed, [clean up the feature/experiment feature flags](https://docs.gitlab.com/ee/development/feature_flags/controls.html#cleaning-up) by running chatops command in `#production` channel
+
+/label ~"feature" ~"feature::maintenance" ~"workflow::scheduling" ~"growth experiment" ~"feature flag"  
diff --git a/.gitlab/issue_templates/Feature Flag Roll Out.md b/.gitlab/issue_templates/Feature Flag Roll Out.md
index a0b64b53250..67686b654bd 100644
--- a/.gitlab/issue_templates/Feature Flag Roll Out.md
+++ b/.gitlab/issue_templates/Feature Flag Roll Out.md
@@ -18,7 +18,8 @@ Remove the `:feature_name` feature flag ...
 
 ### What can we monitor to detect problems with this?
 
-<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? -->
+<!-- Which dashboards from https://dashboards.gitlab.net are most relevant? Sentry errors reports can alse be useful to review -->
+
 
 ## Beta groups/projects
 
@@ -30,13 +31,13 @@ If applicable, any groups/projects that are happy to have this feature turned on
 
 ## Roll Out Steps
 
+- [ ] Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant [stable counterpart in the Quality department](https://about.gitlab.com/handbook/engineering/quality/#individual-contributors))
 - [ ] Enable on staging (`/chatops run feature set feature_name true --staging`)
 - [ ] Test on staging
 - [ ] Ensure that documentation has been updated
 - [ ] Enable on GitLab.com for individual groups/projects listed above and verify behaviour  (`/chatops run feature set --project=gitlab-org/gitlab feature_name true`)
 - [ ] Coordinate a time to enable the flag with the SRE oncall and release managers
-  - In `#production` by pinging `@sre-oncall`
-  - In `#g_delivery` by pinging `@release-managers`
+  - In `#production` mention `@sre-oncall` and `@release-managers`. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
 - [ ] Announce on the issue an estimated time this will be enabled on GitLab.com
 - [ ] Enable on GitLab.com by running chatops command in `#production` (`/chatops run feature set feature_name true`)
 - [ ] Cross post chatops Slack command to `#support_gitlab-com` ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/ee/development/feature_flags/controls.html#where-to-run-commands)) and in your team channel
diff --git a/.gitlab/issue_templates/Feature proposal.md b/.gitlab/issue_templates/Feature proposal.md
index b6f83be9121..5ab46bfa26f 100644
--- a/.gitlab/issue_templates/Feature proposal.md
+++ b/.gitlab/issue_templates/Feature proposal.md
@@ -96,8 +96,11 @@ In which enterprise tier should this feature go? See https://about.gitlab.com/ha
 
 ### Links / references
 
-<!--  Label reminders - you should have one of each of the following labels.
-Read the descriptions on https://gitlab.com/gitlab-org/gitlab/-/labels to find the correct ones -->
+<!-- Label reminders - you should have one of each of the following labels.
+Use the following resources to find the appropriate labels:
+- https://gitlab.com/gitlab-org/gitlab/-/labels
+- https://about.gitlab.com/handbook/product/categories/features/
+-->
 /label ~devops:: ~group: ~Category:
 
 /label ~feature
diff --git a/.gitlab/issue_templates/Implementation.md b/.gitlab/issue_templates/Implementation.md
index dc5eb18a25e..888c993766a 100644
--- a/.gitlab/issue_templates/Implementation.md
+++ b/.gitlab/issue_templates/Implementation.md
@@ -42,7 +42,7 @@ call-out responsibilities for other team members or teams.
 -->
 
 - [ ] ~frontend Step 1
-  - [ ] @person Step 1a
+  - [ ] `@person` Step 1a
 - [ ] ~frontend Step 2
 
 
diff --git a/.gitlab/issue_templates/Lean Feature Proposal.md b/.gitlab/issue_templates/Lean Feature Proposal.md
index b1cb98ba5e9..44210a89023 100644
--- a/.gitlab/issue_templates/Lean Feature Proposal.md
+++ b/.gitlab/issue_templates/Lean Feature Proposal.md
@@ -17,7 +17,11 @@
 /label ~"feature" ~"group::" ~"section::"  ~"Category::" ~"GitLab Core"/~"GitLab Starter"/~"GitLab Premium"/~"GitLab Ultimate"
 
 
-<!-- Read the labels descriptions on https://gitlab.com/gitlab-org/gitlab/-/labels to find the appropriate labels. Consider adding related issues and epics to this issue. You can also reference the Feature Proposal Template (https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal.md) for additional details to consider adding to this issue. Additionally, as a data oriented organization, when your feature exits planning breakdown, consider adding the `What does success look like, and how can we measure that?` section.
+<!--- Use the following resources to find the appropriate labels:
+- https://gitlab.com/gitlab-org/gitlab/-/labels
+- https://about.gitlab.com/handbook/product/categories/features/
+
+Consider adding related issues and epics to this issue. You can also reference the Feature Proposal Template (https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Feature%20proposal.md) for additional details to consider adding to this issue. Additionally, as a data oriented organization, when your feature exits planning breakdown, consider adding the `What does success look like, and how can we measure that?` section.
 
 Other sections to consider adding: 
 
diff --git a/.gitlab/issue_templates/Security Release Tracking Issue.md b/.gitlab/issue_templates/Security Release Tracking Issue.md
deleted file mode 100644
index fce68d61204..00000000000
--- a/.gitlab/issue_templates/Security Release Tracking Issue.md
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-# Read me first!
-
-Set the title to: `Security Release: 12.2.X, 12.1.X, and 12.0.X`
--->
-
-:warning: **Only Release Managers and members of the AppSec team can edit the description of this issue**
-
--------
-
-## Version issues:
-
-12.2.X, 12.1.X, 12.0.X: {release task link}
-
-## Issues in GitLab Security
-
-To include your issue and merge requests in this Security Release, please mark
-your security issues as related to this release tracking issue. You can do this
-in the "Linked issues" section below this issue description.
-
-:warning: If your security issues are not marked as related to this release
-tracking issue, their merge requests will not be included in the security
-release.
-
-### Branches to target in GitLab Security
-
-Your Security Implementation Issue should have `4` merge requests associated:
-
-- [master and 3 backports](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#backports)
-- Backports should target the stable branches for the versions mentioned included in this Security Release
-
-## Blog post
-
-Security: {https://gitlab.com/gitlab-org/security/www-gitlab-com/merge_requests/ link}<br/>
-GitLab.com: {https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/ link}
-
-## Email notification
-{https://gitlab.com/gitlab-com/marketing/general/issues/ link}
-
-/label ~security ~"upcoming security release"
-/confidential
diff --git a/.gitlab/issue_templates/Snowplow event tracking.md b/.gitlab/issue_templates/Snowplow event tracking.md
index 47b97f377c2..4a906b61378 100644
--- a/.gitlab/issue_templates/Snowplow event tracking.md
+++ b/.gitlab/issue_templates/Snowplow event tracking.md
@@ -37,6 +37,10 @@ We generally recommend events be tracked using a [structured event](https://docs
 * [ ] Create chart(s) to track your event(s) in the relevant dashboard
   * [ ] Use the [Chart Snowplow Actions](https://app.periscopedata.com/app/gitlab/snippet/Chart-Snowplow-Actions/5546da87ae2c4a3fbc98415c88b3eedd/edit) SQL snippet to quickly visualize usage. See [example](https://app.periscopedata.com/app/gitlab/737489/Health-Group-Dashboard?widget=9797112&udv=0)
 
-<!--  Label reminders - you should have one of each of the following labels if you can figure out the correct ones -->
+<!-- Label reminders - you should have one of each of the following labels.
+Use the following resources to find the appropriate labels:
+- https://gitlab.com/gitlab-org/gitlab/-/labels
+- https://about.gitlab.com/handbook/product/categories/features/
+-->
 /label ~devops:: ~group: ~Category:
 /label ~"snowplow tracking events"
diff --git a/.gitlab/issue_templates/actionable_insight.md b/.gitlab/issue_templates/actionable_insight.md
index 68b2b153831..ff6a4f12918 100644
--- a/.gitlab/issue_templates/actionable_insight.md
+++ b/.gitlab/issue_templates/actionable_insight.md
@@ -31,5 +31,4 @@ Actionable insights always have a follow-up action that needs to take place as a
 
 
 
-
- /label ~"Actionable Insight" 
+/label ~"Actionable Insight"
diff --git a/.gitlab/merge_request_templates/Documentation.md b/.gitlab/merge_request_templates/Documentation.md
index b059c1f68ad..9113bf7d028 100644
--- a/.gitlab/merge_request_templates/Documentation.md
+++ b/.gitlab/merge_request_templates/Documentation.md
@@ -15,9 +15,9 @@
 
 ## Author's checklist (required)
 
-- [ ] Follow the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide.html).
+- [ ] Follow the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
 - If you have **Developer** permissions or higher:
-  - [ ] Ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide.html#product-badges) is added to doc's `h1`.
+  - [ ] Ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added to doc's `h1`.
   - [ ] Apply the ~documentation label, plus:
     - The corresponding DevOps stage and group labels, if applicable.
     - ~"development guidelines" when changing docs under `doc/development/*`, `CONTRIBUTING.md`, or `README.md`.
@@ -45,7 +45,7 @@ All reviewers can help ensure accuracy, clarity, completeness, and adherence to
 
 **2. Technical Writer**
 
-- [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/product-categories/#devops-stages).
+- [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages).
   - [ ] Ensure docs metadata are present and up-to-date.
   - [ ] Ensure ~"Technical Writing" and ~"documentation" are added.
   - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?utf8=%E2%9C%93&subscribed=&search=docs%3A%3A).
diff --git a/.gitlab/merge_request_templates/New End To End Test.md b/.gitlab/merge_request_templates/New End To End Test.md
new file mode 100644
index 00000000000..9bd7f11d4a5
--- /dev/null
+++ b/.gitlab/merge_request_templates/New End To End Test.md
@@ -0,0 +1,26 @@
+## Description of the test
+
+<!--
+Please link to the respective test case in the testcases project
+-->
+
+### Check-list
+
+- [ ] Confirm the test has a [`testcase:` tag linking to an existing test case](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/best_practices.html#link-a-test-to-its-test-case-issue) in the test case project.
+- [ ] Note if the test is intended to run in specific scenarios. If a scenario is new, add a link to the MR that adds the new scenario.
+- [ ] Follow the end-to-end tests [style guide](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/style_guide.html) and [best practices](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/best_practices.html).
+- [ ] Use the appropriate [RSpec metadata tag(s)](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/rspec_metadata_tests.html#rspec-metadata-for-end-to-end-tests).
+- [ ] Ensure that a created resource is removed after test execution.
+- [ ] Verify the tags to ensure it runs on the desired test environments.
+- [ ] If this MR has a dependency on another MR, such as a GitLab QA MR, specify the order in which the MRs should be merged.
+- [ ] (If applicable) Create a follow-up issue to document [the special setup](https://docs.gitlab.com/ee/development/testing_guide/end_to_end/running_tests_that_require_special_setup.html) necessary to run the test: ISSUE_LINK 
+
+<!-- Base labels. -->
+/label ~"Quality" ~"QA" ~test
+
+<!-- If the test is addressing a test gap, select a label according to the feature under test, please use just one. -->
+
+/label ~"Quality:test-gap" ~"Quality:EE test gaps"
+
+<!-- Select the appropriate feature label, ~"feature::addition" for tests added for new features, ~"feature::maintenance" for tests added for existing features -->
+/label ~"feature::addition" ~"feature::maintenance"