Add latest changes from gitlab-org/gitlab@master

7 files changed, 70 insertions, 55 deletions

diff --git a/doc/api/merge_request_approvals.md b/doc/api/merge_request_approvals.md
index 1d0397aaa2b..796971e20eb 100644
--- a/doc/api/merge_request_approvals.md
+++ b/doc/api/merge_request_approvals.md
@@ -972,11 +972,11 @@ Supported attributes:
 | Attribute              | Type              | Required               | Description                                                                   |
 |------------------------|-------------------|------------------------|-------------------------------------------------------------------------------|
 | `id`                   | integer or string | **{check-circle}** Yes | The ID or [URL-encoded path of a project](rest/index.md#namespaced-path-encoding). |
-| `approvals_required`   | integer           | **{check-circle}** Yes | The number of required approvals for this rule.                               |
 | `approval_rule_id`     | integer           | **{check-circle}** Yes | The ID of an approval rule.                                                   |
 | `merge_request_iid`    | integer           | **{check-circle}** Yes | The IID of a merge request.                                                   |
-| `name`                 | string            | **{check-circle}** Yes | The name of the approval rule.                                                |
+| `approvals_required`   | integer           | **{check-circle}**  No | The number of required approvals for this rule.                               |
 | `group_ids`            | Array             | **{dotted-circle}** No | The IDs of groups as approvers.                                               |
+| `name`                 | string            | **{check-circle}**  No | The name of the approval rule.                                                |
 | `remove_hidden_groups` | boolean           | **{dotted-circle}** No | Whether hidden groups should be removed.                                      |
 | `user_ids`             | Array             | **{dotted-circle}** No | The IDs of users as approvers.                                                |
 | `usernames`            | string array      | **{dotted-circle}** No | The usernames for this rule.                                                  |
diff --git a/doc/ci/runners/register_runner.md b/doc/ci/runners/register_runner.md
index 7b22e6215ba..21f72552ce3 100644
--- a/doc/ci/runners/register_runner.md
+++ b/doc/ci/runners/register_runner.md
@@ -47,11 +47,11 @@ and is then saved in `config.toml`.
 ## Generate a registration token (deprecated)
 
 WARNING:
-The ability to pass a runner registration token was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6 and is
-planned for removal in 17.0, along with support for certain configuration arguments. This change is a breaking change. GitLab plans to introduce a new
-[GitLab Runner token architecture](../../architecture/blueprints/runner_tokens/index.md), which introduces
-a new method for registering runners and eliminates the legacy
-[runner registration token](../../security/token_overview.md#runner-registration-tokens-deprecated).
+The ability to pass a runner registration token, and support for certain configuration arguments was
+[deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/380872) in GitLab 15.6. Authentication tokens
+will be used instead to register runners. Registration tokens, and support for certain configuration arguments
+will be disabled behind a feature flag in GitLab 16.6 and removed in GitLab 17.0. The configuration arguments disabled for `glrt-` tokens are `--locked`, `--access-level`, `--run-untagged`, `--maximum-timeout`, `--paused`, `--tag-list`, and `--maintenance-note`. This change is a breaking
+change.
 
 ### For a shared runner
 
diff --git a/doc/integration/jira/development_panel.md b/doc/integration/jira/development_panel.md
index f8c37394f85..e4fe94476bd 100644
--- a/doc/integration/jira/development_panel.md
+++ b/doc/integration/jira/development_panel.md
@@ -45,9 +45,9 @@ The Jira development panel connects a Jira instance with all its projects to the
 
 ## Information displayed in the development panel
 
-You can [view GitLab activity for a Jira issue](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/) in the Jira development panel by referring to the Jira issue by ID in GitLab.
-
-The information displayed in the development panel depends on where you mention the Jira issue ID in GitLab.
+You can [view GitLab activity for a Jira issue](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/)
+in the Jira development panel by referring to the Jira issue by ID in GitLab. The information displayed in the development panel
+depends on where you mention the Jira issue ID in GitLab.
 
 | GitLab: where you mention the Jira issue ID    | Jira development panel: what information is displayed |
 |------------------------------------------------|-------------------------------------------------------|
@@ -70,8 +70,6 @@ Jira Smart Commits are special commands to process a Jira issue. With these comm
 - Log time against a Jira issue.
 - Transition a Jira issue to any status defined in the project workflow.
 
-### Smart Commit syntax
-
 Smart Commits must follow this syntax:
 
 ```plaintext
@@ -80,6 +78,8 @@ Smart Commits must follow this syntax:
 
 You can execute one or more commands in a single commit.
 
+### Smart Commit syntax
+
 | Commands                                        | Syntax                                                       |
 |-------------------------------------------------|--------------------------------------------------------------|
 | Add a comment                                   | `KEY-123 #comment Bug is fixed`                              |
diff --git a/doc/integration/jira/dvcs/index.md b/doc/integration/jira/dvcs/index.md
index ceaa6255047..dc2b488e043 100644
--- a/doc/integration/jira/dvcs/index.md
+++ b/doc/integration/jira/dvcs/index.md
@@ -26,15 +26,14 @@ If you're on Jira Cloud, migrate to the GitLab for Jira Cloud app. For more info
 
 ### Create a GitLab application for DVCS
 
-For projects in a single group, you should create a [group application](../../oauth_provider.md#create-a-group-owned-application).
+- **For projects in a single group**, you should create a [group application](../../oauth_provider.md#create-a-group-owned-application).
+- **For projects across multiple groups**, you should create a separate GitLab user account for Jira integration work only.
+  This account ensures regular maintenance does not affect your integration.
+- **If you cannot create a group application or separate user account**, you can create instead:
+  - [An instance-wide application](../../oauth_provider.md#create-an-instance-wide-application)
+  - [A user-owned application](../../oauth_provider.md#create-a-user-owned-application)
 
-For projects across multiple groups, you should create a new user account in GitLab for Jira integration work only.
-A separate account ensures regular account maintenance does not affect your integration.
-
-If it's not possible to create a separate user account or group application, you can set up this integration by creating:
-
-- [An instance-wide application](../../oauth_provider.md#create-an-instance-wide-application)
-- [A user-owned application](../../oauth_provider.md#create-a-user-owned-application)
+To create a GitLab application for DVCS:
 
 1. Go to the [appropriate **Applications** section](../../oauth_provider.md).
 1. In the **Name** text box, enter a descriptive name for the integration (for example, `Jira`).
@@ -48,14 +47,14 @@ If it's not possible to create a separate user account or group application, you
 
 ### Configure Jira for DVCS
 
-1. Go to your DVCS account:
-   - **For Jira Server**, select **Settings (gear) > Applications > DVCS accounts**.
+To configure Jira for DVCS:
+
+1. Go to your DVCS account. **For Jira Server**, select **Settings (gear) > Applications > DVCS accounts**.
 1. To create a new integration, for **Host**, select **GitLab** or **GitLab Self-Managed**.
 1. For **Team or User Account**, enter the relative path of a top-level GitLab group that [the GitLab user](#create-a-gitlab-application-for-dvcs) can access.
 1. In the **Host URL** text box, enter the appropriate URL.
    Replace `<gitlab.example.com>` with your GitLab instance domain.
    Use `https://<gitlab.example.com>`.
-
 1. For **Client ID**, use the [**Application ID** value](#create-a-gitlab-application-for-dvcs).
 1. For **Client Secret**, use the [**Secret** value](#create-a-gitlab-application-for-dvcs).
 1. Ensure that all other checkboxes are selected.
diff --git a/doc/integration/jira/index.md b/doc/integration/jira/index.md
index 17d68349cb1..2b6395f437b 100644
--- a/doc/integration/jira/index.md
+++ b/doc/integration/jira/index.md
@@ -12,8 +12,8 @@ If you want to continue to use Jira, you can integrate Jira with GitLab instead.
 
 ## Jira integrations
 
-GitLab offers two types of Jira integrations. You can
-use one or both depending on the capabilities you need.
+GitLab offers two types of Jira integrations. You can use one or both integrations
+[depending on the capabilities you need](#jira-integration-capabilities).
 
 ### Jira issue integration
 
@@ -33,18 +33,20 @@ including related branches, commits, and merge requests. To configure the Jira d
 
 ## Jira integration capabilities
 
+This table shows the capabilities available with the Jira issue integration and the Jira development panel:
+
 | Capability | Jira issue integration | Jira development panel |
 |-|-|-|
-| Mention a Jira issue ID in a GitLab commit or merge request, and a link to the Jira issue is created. | Yes. | No. |
-| Mention a Jira issue ID in GitLab and the Jira issue shows the GitLab issue or merge request. | Yes. A Jira comment with the GitLab issue or MR title links to GitLab. The first mention is also added to the Jira issue under **Web links**. | Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/). |
-| Mention a Jira issue ID in a GitLab commit message and the Jira issue shows the commit message. | Yes. The entire commit message is displayed in the Jira issue as a comment and under **Web links**. Each message links back to the commit in GitLab. | Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/) and optionally with a custom comment on the Jira issue using Jira [Smart Commits](https://confluence.atlassian.com/fisheye/using-smart-commits-960155400.html). |
-| Mention a Jira issue ID in a GitLab branch name and the Jira issue shows the branch name. | No. | Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/). |
-| Add Jira time tracking to an issue. | No. | Yes. Time can be specified using Jira Smart Commits. |
-| Use a Git commit or merge request to transition or close a Jira issue. | Yes. Only a single transition type, typically configured to close the issue by setting it to Done. | Yes. Transition to any state using Jira Smart Commits. |
-| Display a list of [Jira issues](issues.md#view-jira-issues). | Yes. | No. |
-| Create a Jira issue from a [vulnerability or finding](../../user/application_security/vulnerabilities/index.md#create-a-jira-issue-for-a-vulnerability). | Yes. | No. |
-| Create a GitLab branch from a Jira issue. | No. | Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/). |
-| Mention a Jira issue ID in a GitLab merge request, and deployments are synced. | No. | Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/). |
+| Mention a Jira issue ID in a GitLab commit or merge request, and a link to the Jira issue is created | **{check-circle}** Yes | **{dotted-circle}** No |
+| Mention a Jira issue ID in GitLab, and the Jira issue shows the GitLab issue or merge request | **{check-circle}** Yes, a Jira comment with the GitLab issue or merge request title links to GitLab. The first mention is also added to the Jira issue under **Web links** | **{check-circle}** Yes, in the issue's [development panel](https://support.atlassian.com/jira-software-cloud/docs/view-development-information-for-an-issue/) |
+| Mention a Jira issue ID in a GitLab commit message, and the Jira issue shows the commit message | **{check-circle}** Yes, the entire commit message is displayed in the Jira issue as a comment and under **Web links**. Each message links back to the commit in GitLab | **{check-circle}** Yes, in the issue's development panel and optionally with a custom comment on the Jira issue by using [Jira Smart Commits](https://confluence.atlassian.com/fisheye/using-smart-commits-960155400.html) |
+| Mention a Jira issue ID in a GitLab branch name, and the Jira issue shows the branch name | **{dotted-circle}** No | **{check-circle}** Yes, in the issue's development panel |
+| Add time tracking to a Jira issue | **{dotted-circle}** No | **{check-circle}** Yes, time can be specified by using Jira Smart Commits |
+| Use a Git commit or merge request to transition or close a Jira issue |**{check-circle}** Yes, only a single transition type. Typically configured to close the issue by setting it to **Done** | **{check-circle}** Yes, transition to any state by using Jira Smart Commits |
+| [View a list of Jira issues](issues.md#view-jira-issues) | **{check-circle}** Yes | **{dotted-circle}** No |
+| [Create a Jira issue for a vulnerability](../../user/application_security/vulnerabilities/index.md#create-a-jira-issue-for-a-vulnerability) | **{check-circle}** Yes | **{dotted-circle}** No |
+| Create a GitLab branch from a Jira issue | **{dotted-circle}** No | **{check-circle}** Yes, in the issue's development panel |
+| Mention a Jira issue ID in a GitLab merge request, and deployments are synced | **{dotted-circle}** No | **{check-circle}** Yes, in the issue's development panel |
 
 ## Privacy considerations
 
diff --git a/doc/update/deprecations.md b/doc/update/deprecations.md
index c7a190964c8..7b63cf2a103 100644
--- a/doc/update/deprecations.md
+++ b/doc/update/deprecations.md
@@ -231,10 +231,15 @@ are deprecated and will be removed from the GraphQL API. For installation instru
 - [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
 </div>
 
-The [`runner-registration-token`](https://docs.gitlab.com/runner/install/operator.html#install-the-kubernetes-operator) parameter that uses the OpenShift and k8s Vanilla Operator to install a runner on Kubernetes is deprecated.
-We plan to implement a new method to bind runners to a GitLab instance
-as part of the new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/).
-The work is planned in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/7633).
+The [`runner-registration-token`](https://docs.gitlab.com/runner/install/operator.html#install-the-kubernetes-operator) parameter that uses the OpenShift and Kubernetes Vanilla Operator to install a runner on Kubernetes is deprecated. Authentication tokens will be used to register runners instead. Registration tokens, and support for certain configuration arguments,
+will be disabled behind a feature flag in GitLab 16.6 and removed in GitLab 17.0. The configuration arguments disabled for authentication tokens are:
+
+- `--locked`
+- `--access-level`
+- `--run-untagged`
+- `--tag-list`
+
+This change is a breaking change. You should use an [authentication token](../ci/runners/register_runner.md) in the `gitlab-runner register` command instead.
 
 </div>
 
@@ -294,15 +299,18 @@ While the above approach is recommended for most instances, Sidekiq can also be
 
 The support for registration tokens and certain runner configuration arguments in the `POST` method operation on the `/api/v4/runners` endpoint is deprecated.
 This endpoint [registers](https://docs.gitlab.com/ee/api/runners.html#register-a-new-runner) a runner
-with a GitLab instance at the instance, group, or project level through the API. We plan to remove the support for
-registration tokens and certain configuration arguments in this endpoint in GitLab 17.0.
+with a GitLab instance at the instance, group, or project level through the API. Registration tokens, and support for certain configuration arguments,
+will be disabled behind a feature flag in GitLab 16.6 and removed in GitLab 17.0. The configuration arguments disabled for authentication tokens are:
 
-We plan to implement a new method to bind runners to a GitLab instance
-as part of the new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/).
-The work is planned in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/7633).
-This new architecture introduces a new method for registering runners and will eliminate the legacy
-[runner registration token](https://docs.gitlab.com/ee/security/token_overview.html#runner-registration-tokens).
-From GitLab 17.0 and later, the runner registration methods implemented by the new GitLab Runner token architecture will be the only supported methods.
+- `--locked`
+- `--access-level`
+- `--run-untagged`
+- `--maximum-timeout`
+- `--paused`
+- `--tag-list`
+- `--maintenance-note`
+
+This change is a breaking change. You should [create a runner in the UI](../ci/runners/register_runner.md) to add configurations, and use the authentication token in the `gitlab-runner register` command instead.
 
 </div>
 
@@ -316,13 +324,19 @@ From GitLab 17.0 and later, the runner registration methods implemented by the n
 - [Breaking change](https://docs.gitlab.com/ee/development/deprecation_guidelines/)
 </div>
 
-The support for registration tokens and certain configuration arguments in the command to [register](https://docs.gitlab.com/runner/register/) a runner, `gitlab-runner register` is deprecated.
-We plan to implement a new method to bind runners to a GitLab instance
-as part of the new [GitLab Runner token architecture](https://docs.gitlab.com/ee/architecture/blueprints/runner_tokens/).
-The work is planned in [this epic](https://gitlab.com/groups/gitlab-org/-/epics/7633).
-The new method will involve creating the runner in the GitLab UI and passing the
-[runner authentication token](https://docs.gitlab.com/ee/security/token_overview.html#runner-authentication-tokens-also-called-runner-tokens)
-to the `gitlab-runner register` command.
+Registration tokens and certain configuration arguments in the command `gitlab-runner register` that [registers](https://docs.gitlab.com/runner/register/) a runner, are deprecated.
+Authentication tokens will be used to register runners instead. Registration tokens, and support for certain configuration arguments,
+will be disabled behind a feature flag in GitLab 16.6 and removed in GitLab 17.0. The configuration arguments disabled for authentication tokens are:
+
+- `--locked`
+- `--access-level`
+- `--run-untagged`
+- `--maximum-timeout`
+- `--paused`
+- `--tag-list`
+- `--maintenance-note`
+
+This change is a breaking change. You should [create a runner in the UI](../ci/runners/register_runner.md) to add configurations, and use the authentication token in the `gitlab-runner register` command instead.
 
 </div>
 
diff --git a/doc/user/project/protected_branches.md b/doc/user/project/protected_branches.md
index 307a17a53d1..8d4d16ffbc3 100644
--- a/doc/user/project/protected_branches.md
+++ b/doc/user/project/protected_branches.md
@@ -27,7 +27,7 @@ When a branch is protected, the default behavior enforces these restrictions on
 | Action                   | Who can do it                                                     |
 |:-------------------------|:------------------------------------------------------------------|
 | Protect a branch         | At least the Maintainer role.                                     |
-| Push to the branch       | GitLab administrators and anyone with **Allowed** permission. (1) |
+| Push to the branch       | Anyone with **Allowed** permission. (1) |
 | Force push to the branch | No one.                                                           |
 | Delete the branch        | No one. (2)                                                       |