Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42

8 files changed, 194 insertions, 10 deletions

diff --git a/data/deprecations/14-7-deprecate-artifacts-keyword.yml b/data/deprecations/14-7-deprecate-artifacts-keyword.yml
index 20be00ef6d0..29b5ec39193 100644
--- a/data/deprecations/14-7-deprecate-artifacts-keyword.yml
+++ b/data/deprecations/14-7-deprecate-artifacts-keyword.yml
@@ -1,4 +1,4 @@
-- name: "`artifacts:report:cobertura` keyword"
+- name: "`artifacts:reports:cobertura` keyword"
   announcement_milestone: "14.7"
   announcement_date: "2022-01-22"
   removal_milestone: "15.0"
@@ -6,7 +6,7 @@
   breaking_change: false
   body: |
      Currently, test coverage visualizations in GitLab only support Cobertura reports. Starting 15.0, the
-     `artifacts:report:cobertura` keyword will be replaced by
+     `artifacts:reports:cobertura` keyword will be replaced by
      [`artifacts:reports:coverage_report`](https://gitlab.com/gitlab-org/gitlab/-/issues/344533). Cobertura will be the
      only supported report file in 15.0, but this is the first step towards GitLab supporting other report types.
 
diff --git a/data/deprecations/14-8-sast-analyzer-removals.yml b/data/deprecations/14-8-sast-analyzer-removals.yml
index cf9549f7315..85d1533b762 100644
--- a/data/deprecations/14-8-sast-analyzer-removals.yml
+++ b/data/deprecations/14-8-sast-analyzer-removals.yml
@@ -1,17 +1,17 @@
 - name: "SAST analyzer consolidation and CI/CD template changes"
   announcement_milestone: "14.8"
   announcement_date: "2022-02-22"
-  removal_milestone: "15.2"
-  removal_date: "2022-07-22"
+  removal_milestone: "15.4"
+  removal_date: "2022-09-22"
   breaking_change: true
   reporter: connorgilbert
   body: |  # Do not modify this line, instead modify the lines below.
     GitLab SAST uses various [analyzers](https://docs.gitlab.com/ee/user/application_security/sast/analyzers/) to scan code for vulnerabilities.
 
     We are reducing the number of analyzers used in GitLab SAST as part of our long-term strategy to deliver a better and more consistent user experience.
-    Streamlining the set of analyzers will also enable faster [iteration](https://about.gitlab.com/handbook/values/#iteration), better [results](https://about.gitlab.com/handbook/values/#results), and greater [efficiency](https://about.gitlab.com/handbook/values/#results) (including a reduction in CI runner usage in most cases).
+    Streamlining the set of analyzers will also enable faster [iteration](https://about.gitlab.com/handbook/values/#iteration), better [results](https://about.gitlab.com/handbook/values/#results), and greater [efficiency](https://about.gitlab.com/handbook/values/#efficiency) (including a reduction in CI runner usage in most cases).
 
-    In GitLab 15.2, GitLab SAST will no longer use the following analyzers:
+    In GitLab 15.4, GitLab SAST will no longer use the following analyzers:
 
     - [ESLint](https://gitlab.com/gitlab-org/security-products/analyzers/eslint) (JavaScript, TypeScript, React)
     - [Gosec](https://gitlab.com/gitlab-org/security-products/analyzers/gosec) (Go)
@@ -26,7 +26,14 @@
 
     We will also remove Java from the scope of the [SpotBugs](https://gitlab.com/gitlab-org/security-products/analyzers/spotbugs) analyzer and replace it with the [Semgrep-based analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/semgrep).
     This change will make it simpler to scan Java code; compilation will no longer be required.
-    This change will be reflected in the automatic language detection portion of the [GitLab-managed SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml).
+    This change will be reflected in the automatic language detection portion of the [GitLab-managed SAST CI/CD template](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml). Note that the SpotBugs-based analyzer will continue to cover Groovy, Kotlin, and Scala.
+
+    If you've already dismissed a vulnerability finding from one of the deprecated analyzers, the replacement attempts to respect your previous dismissal. The system behavior depends on:
+
+    - whether you’ve excluded the Semgrep-based analyzer from running in the past.
+    - which analyzer first discovered the vulnerabilities shown in the project’s Vulnerability Report.
+
+    See [Vulnerability translation documentation](https://docs.gitlab.com/ee/user/application_security/sast/analyzers.html#vulnerability-translation) for further details.
 
     If you applied customizations to any of the affected analyzers or if you currently disable the Semgrep analyzer in your pipelines, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352554#breaking-change).
 # The following items are not published on the docs page, but may be used in the future.
diff --git a/data/deprecations/15-2-job_age-deprecation.yml b/data/deprecations/15-2-job_age-deprecation.yml
new file mode 100644
index 00000000000..889c8651bbe
--- /dev/null
+++ b/data/deprecations/15-2-job_age-deprecation.yml
@@ -0,0 +1,41 @@
+# This is a template for a feature deprecation.
+#
+# Please refer to the deprecation guidelines to confirm your understanding of GitLab's definitions.
+# https://docs.gitlab.com/ee/development/deprecation_guidelines/#terminology
+#
+# Deprecations must be announced at least three releases prior to removal.
+#
+# If an End of Support period applies, the announcement should be shared with GitLab Support
+# in the `#spt_managers` on Slack and mention `@gitlab-com/support` in this MR.
+#
+# Breaking changes must happen in a major release.
+#
+# For more information please refer to the handbook documentation here:
+# https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations
+#
+# Please delete this line and above before submitting your merge request.
+#
+# REQUIRED FIELDS
+#
+- name: "Remove `job_age` parameter from `POST /jobs/request` Runner endpoint"  # (required) The name of the feature to be deprecated
+  announcement_milestone: "15.2"  # (required) The milestone when this feature was first announced as deprecated.
+  announcement_date: "2022-07-22"  # (required) The date of the milestone release when this feature was first announced as deprecated. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  removal_milestone: "16.0"  # (required) The milestone when this feature is planned to be removed
+  removal_date: "2023-05-22"  # (required) The date of the milestone release when this feature is planned to be removed. This should almost always be the 22nd of a month (YYYY-MM-22), unless you did an out of band blog post.
+  breaking_change: true  # (required) If this deprecation is a breaking change, set this value to true
+  reporter: jheimbuck_gl  # (required) GitLab username of the person reporting the deprecation
+  stage: Verify # (required) String value of the stage that the feature was created in. e.g., Growth
+  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/334253  # (required) Link to the deprecation issue in GitLab
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    The `job_age` parameter, returned from the `POST /jobs/request` API endpoint used in communication with GitLab Runner, was never used by any GitLab or Runner feature. This parameter will be removed in GitLab 16.0.
+
+    This could be a breaking change for anyone that developed their own runner that relies on this parameter being returned by the endpoint. This is not a breaking change for anyone using an officially released version of GitLab Runner, including public shared runners on GitLab.com.
+#
+# OPTIONAL FIELDS
+#
+  end_of_support_milestone:  # (optional) Use "XX.YY" format. The milestone when support for this feature will end.
+  end_of_support_date:  # (optional) The date of the milestone release when support for this feature will end.
+  tiers:  # (optional - may be required in the future) An array of tiers that the feature is available in currently.  e.g., [Free, Silver, Gold, Core, Premium, Ultimate]
+  documentation_url:  # (optional) This is a link to the current documentation page
+  image_url:  # (optional) This is a link to a thumbnail image depicting the feature
+  video_url:  # (optional) Use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
diff --git a/data/removals/15_0/15-0-configure-self-managed-cert-based-kube-feature-flag.yml b/data/removals/15_0/15-0-configure-self-managed-cert-based-kube-feature-flag.yml
new file mode 100644
index 00000000000..a4b8b422dd9
--- /dev/null
+++ b/data/removals/15_0/15-0-configure-self-managed-cert-based-kube-feature-flag.yml
@@ -0,0 +1,24 @@
+- name: "Self-managed certificate-based integration with Kubernetes feature flagged"
+  announcement_milestone: "14.5"
+  announcement_date: "2021-11-15"
+  removal_milestone: "15.0"
+  removal_date: "2022-05-22"
+  breaking_change: true
+  reporter: nagyv-gitlab
+  stage: Configure
+  issue_url: https://gitlab.com/groups/gitlab-org/configure/-/epics/8
+  body: |  # (required) Do not modify this line, instead modify the lines below.
+    In 15.0 the certificate-based integration with Kubernetes will be disabled by default.
+
+    After 15.0, you should use the [agent for Kubernetes](https://docs.gitlab.com/ee/user/clusters/agent/) to connect Kubernetes clusters with GitLab. The agent for Kubernetes is a more robust, secure, and reliable integration with Kubernetes. [How do I migrate to the agent?](https://docs.gitlab.com/ee/user/infrastructure/clusters/migrate_to_gitlab_agent.html)
+
+    If you need more time to migrate, you can enable the `certificate_based_clusters` [feature flag](https://docs.gitlab.com/ee/administration/feature_flags.html), which re-enables the certificate-based integration.
+
+    In GitLab 16.0, we will [remove the feature, its related code, and the feature flag](https://about.gitlab.com/blog/2021/11/15/deprecating-the-cert-based-kubernetes-integration/). GitLab will continue to fix any security or critical issues until 16.0.
+
+    For updates and details, follow [this epic](https://gitlab.com/groups/gitlab-org/configure/-/epics/8).
+#
+# OPTIONAL FIELDS
+#
+  tiers: [Core, Premium, Ultimate]
+  documentation_url: 'https://docs.gitlab.com/ee/user/infrastructure/clusters/#certificate-based-kubernetes-integration-deprecated'
diff --git a/data/removals/15_0/15-0-removal-artifacts-keyword.yml b/data/removals/15_0/15-0-removal-artifacts-keyword.yml
index 39f618c47f5..29edd922eae 100644
--- a/data/removals/15_0/15-0-removal-artifacts-keyword.yml
+++ b/data/removals/15_0/15-0-removal-artifacts-keyword.yml
@@ -1,11 +1,11 @@
-- name: "`artifacts:report:cobertura` keyword"
+- name: "`artifacts:reports:cobertura` keyword"
   announcement_milestone: "14.7"
   announcement_date: "2022-02-22"
   removal_milestone: "15.0"
   removal_date: "2022-05-22"
   breaking_change: false
   body: |
-     As of GitLab 15.0, the [`artifacts:report:cobertura`](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscobertura-removed)
+     As of GitLab 15.0, the [`artifacts:reports:cobertura`](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscobertura-removed)
      keyword has been [replaced](https://gitlab.com/gitlab-org/gitlab/-/issues/344533) by
      [`artifacts:reports:coverage_report`](https://docs.gitlab.com/ee/ci/yaml/artifacts_reports.html#artifactsreportscoverage_report).
      Cobertura is the only supported report file, but this is the first step towards GitLab supporting other report types.
diff --git a/data/removals/15_0/15-0-remove-background-upload-object-storage.yml b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
index 7d077175b29..16aab3d14c2 100644
--- a/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
+++ b/data/removals/15_0/15-0-remove-background-upload-object-storage.yml
@@ -7,13 +7,46 @@
   reporter: fzimmer
   body: |  # Do not modify this line, instead modify the lines below.
     To reduce the overall complexity and maintenance burden of GitLab's [object storage feature](https://docs.gitlab.com/ee/administration/object_storage.html), support for using `background_upload` has been removed in GitLab 15.0.
+    By default [direct upload](https://docs.gitlab.com/ee/development/uploads/index.html#direct-upload) will be used.
 
-    This impacts a small subset of object storage providers, including but not limited to:
+    This impacts a subset of object storage providers, including but not limited to:
 
     - **OpenStack** Customers using OpenStack need to change their configuration to use the S3 API instead of Swift.
     - **RackSpace** Customers using RackSpace-based object storage need to migrate data to a different provider.
 
     If your object storage provider does not support `background_upload`, please [migrate objects to a supported object storage provider](https://docs.gitlab.com/ee/administration/object_storage.html#migrate-objects-to-a-different-object-storage-provider).
+
+    #### Encrypted S3 buckets
+
+    Additionally, this also breaks the use of [encrypted S3 buckets](https://docs.gitlab.com/ee/administration/object_storage.html#encrypted-s3-buckets) with [storage-specific configuration form](https://docs.gitlab.com/ee/administration/object_storage.html#storage-specific-configuration).
+
+    If your S3 buckets have [SSE-S3 or SSE-KMS encryption enabled](https://docs.aws.amazon.com/kms/latest/developerguide/services-s3.html), please [migrate your configuration to use consolidated object storage form](https://docs.gitlab.com/ee/administration/object_storage.html#transition-to-consolidated-form) before upgrading to GitLab 15.0. Otherwise, you may start getting `ETag mismatch` errors during objects upload.
+
+    #### 403 errors
+
+    If you see 403 errors when uploading to object storage after
+    upgrading to GitLab 15.0, check that the [correct permissions](https://docs.gitlab.com/ee/administration/object_storage.html#iam-permissions)
+    are assigned to the bucket. Direct upload needs the ability to delete an
+    object (example: `s3:DeleteObject`), but background uploads do not.
+
+    #### `remote_directory` with a path prefix
+
+    If the object storage `remote_directory` configuration contains a slash (`/`) after the bucket (example: `gitlab/uploads`), be aware that this [was never officially supported](https://gitlab.com/gitlab-org/gitlab/-/issues/292958).
+    Some users found that they could specify a path prefix to the bucket. In direct upload mode, object storage uploads will fail if a slash is present in GitLab 15.0.
+
+    If you have set a prefix, you can use a workaround to revert to background uploads:
+
+    1. Continue to use [storage-specific configuration](https://docs.gitlab.com/ee/administration/object_storage.html#storage-specific-configuration).
+    1. In Omnibus GitLab, set the `GITLAB_LEGACY_BACKGROUND_UPLOADS` to re-enable background uploads:
+
+        ```ruby
+        gitlab_rails['env'] = { 'GITLAB_LEGACY_BACKGROUND_UPLOADS' => 'artifacts,external_diffs,lfs,uploads,packages,dependency_proxy,terraform_state,pages' }
+        ```
+
+    Prefixes will be supported officially in [GitLab 15.2](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/91307).
+    This workaround will be dropped, so we encourage migrating to consolidated object storage.
+
+
   stage: Enablement
   tiers: [Core, Premium, Ultimate]
   issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/26600
diff --git a/data/removals/15_2/removal-outdated-browser-support.yml b/data/removals/15_2/removal-outdated-browser-support.yml
new file mode 100644
index 00000000000..84b2fa32020
--- /dev/null
+++ b/data/removals/15_2/removal-outdated-browser-support.yml
@@ -0,0 +1,20 @@
+- name: "Support for older browsers"
+  removal_date: July 22, 2022
+  removal_milestone: "15.2"
+  reporter: leipert
+  breaking_change: false
+  body: |
+    In GitLab 15.2, we are cleaning up and [removing old code](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/86003) that was specific for browsers that we no longer support. This has no impact on users if they use one of our [supported web browsers](https://docs.gitlab.com/ee/install/requirements.html#supported-web-browsers).
+
+    Most notably, support for the following browsers has been removed:
+
+    - Apple Safari 14 and older.
+    - Mozilla Firefox 78.
+
+    The minimum supported browser versions are:
+
+    - Apple Safari 14.1.
+    - Mozilla Firefox 91.
+    - Google Chrome 92.
+    - Chromium 92.
+    - Microsoft Edge 92.
diff --git a/data/whats_new/202206220001_15_1.yml b/data/whats_new/202206220001_15_1.yml
new file mode 100644
index 00000000000..76ef7fd1a46
--- /dev/null
+++ b/data/whats_new/202206220001_15_1.yml
@@ -0,0 +1,59 @@
+# This is a template for a "Whats New" release.
+# A release typically contains multiple entries of features that we'd like to highlight.
+#
+# Below is an example of what a single entry should look like, it's required attributes,
+# and what types we expect those attribute values to be. All attributes are required.
+#
+# For more information please refer to the handbook documentation here:
+# https://about.gitlab.com/handbook/marketing/blog/release-posts/index.html#create-mr-for-whats-new-entries
+#
+# Please delete this line and above before submitting your merge request.
+
+- title: SAML Group Sync for self-managed GitLab
+  body: |  # Do not modify this line, instead modify the lines below.
+    You can now map a group in your identity provider to a self-managed GitLab group using SAML group links. Previously, this feature was only available for GitLab.com. Group memberships are updated when a user logs into GitLab through their SAML provider. This new functionality decreases the workload for GitLab administrators and reduces onboarding time for group members.
+  stage: manage  # String value of the stage that the feature was created in. e.g., Growth
+  self-managed: true
+  gitlab-com: true
+  packages: [Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/group/saml_sso/group_sync.html
+  image_url: https://about.gitlab.com/images/15_1/SAML_Group_Sync.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
+  published_at: 2022-06-22
+  release: 15.1
+- title: Enhancing visibility into Value Stream with DORA metrics
+  body: |  # Do not modify this line, instead modify the lines below.
+    With the addition of the four [DORA metrics](https://docs.gitlab.com/ee/user/analytics/#devops-research-and-assessment-dora-key-metrics) tiles to the [Value Stream Analytics](https://docs.gitlab.com/ee/user/group/value_stream_analytics/) dashboard, you can now track team performance and value flow from ideation to customer delivery. Additionally, we added a new trend chart for the DORA [Time to restore service](https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html) metric to provide insights into software stability and reliability trends. This new chart shows information about how long it takes an organization to recover from a failure in production. This is the third DORA chart that's available out of the box in GitLab. We plan to keep improving the visibility into DORA metrics and also add charts for the fourth metric- Change failure rate.
+  stage: manage  # String value of the stage that the feature was created in. e.g., Growth
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/user/analytics/ci_cd_analytics.html
+  image_url: https://about.gitlab.com/images/15_1/vsa_dora_n_ttrs.png # This should be a full URL, generally taken from the release post content. If a video, use the youtube thumbnail URL with the structure of https://img.youtube.com/vi/UNIQUEID/hqdefault.jpg
+  published_at: 2022-06-22
+  release: 15.1
+- title: "SLSA-2 attestation included for build artifacts"
+  body: |  # Do not modify this line, instead modify the lines below.
+    [Supply-chain Levels for Software Artifacts (SLSA)](https://github.com/slsa-framework/slsa) is a security framework that helps ensure the security and integrity of your software supply chain. By default, GitLab Runner is now capable of generating and producing SLSA-2 compliant attestation metadata for build artifacts.
+        If the artifact is stored in a registry, then the attestation metadata is stored alongside the artifact in that registry. Otherwise, the metadata is in rendered in a plain text `.json` file that's stored with the artifact.
+        This new attestation information can help you more easily verify that your build artifacts have not been tampered with. To enable this feature, simply set `RUNNER_GENERATE_ARTIFACTS_METADATA = "true"` in your `.gitlab-ci.yml` file.
+        As part of the Limited Availability release, CI jobs that run on the macOS runners will count toward your CI/CD minutes quota at a [cost factor](https://docs.gitlab.com/ee/ci/pipelines/cicd_minutes.html#cost-factor) of 6.
+  stage: verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation
+  image_url: https://www.youtube.com/embed/MlIdqrDgI8U
+  published_at: 2022-06-22
+  release: 15.1
+- title: "Link to included CI/CD configuration from the pipeline editor"
+  body: |  # Do not modify this line, instead modify the lines below.
+    A typical CI/CD configuration uses the `include` keyword to import configuration stored in other files or CI/CD templates. When editing or troubleshooting your configuration though, it can be difficult to understand how all the configuration works together because the included configuration is not visible in your `.gitlab-ci-yml`, you only see the `include` entry.
+      In this release, we added links to all included configuration files and templates to the pipeline editor. Now you can easily access and view all the CI/CD configuration your pipeline uses, making it much easier to manage large and complex pipelines.
+  stage: verify
+  self-managed: true
+  gitlab-com: true
+  packages: [Free, Premium, Ultimate]
+  url: https://docs.gitlab.com/ee/ci/pipeline_editor/
+  image_url: https://www.youtube.com/embed/7BNDUYfY_ok
+  published_at: 2022-06-22
+  release: 15.1