2025-08-15 23:30:46 +00:00 · 2024-02-29 18:07:11 +00:00
parent 2cf2ca794c
commit d6ec710a39
77 changed files with 1486 additions and 1240 deletions
--- a/.gitignore
+++ b/.gitignore
@ -120,3 +120,6 @@ jest-snapshot-test-report.json

 # CSS compilation for cssbundling
 app/assets/builds/
+
+# ruby-lsp
+.index.yml
--- a/.gitlab/ci/qa.gitlab-ci.yml
+++ b/.gitlab/ci/qa.gitlab-ci.yml
@ -208,6 +208,20 @@ e2e:test-on-gdk:
    SKIP_MESSAGE: Skipping test-on-gdk due to mr containing only quarantine changes!
    GDK_IMAGE: "${CI_REGISTRY_IMAGE}/gitlab-qa-gdk:${CI_COMMIT_SHA}"

+e2e:test-on-cng:
+  extends:
+    - .e2e-trigger-base
+    - .qa:rules:e2e:test-on-cng
+  stage: qa
+  needs:
+    - build-assets-image
+    - e2e-test-pipeline-generate
+  variables:
+    QA_RUN_TYPE: e2e-test-on-cng
+    PIPELINE_NAME: E2E CNG
+    DYNAMIC_PIPELINE_YML: test-on-cng-pipeline.yml
+    SKIP_MESSAGE: Skipping test-on-cng due to mr containing only quarantine changes!
+
 e2e:code-suggestions-eval:
  extends:
    - .qa:rules:code-suggestions-eval
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@ -418,6 +418,7 @@
 .qa-patterns: &qa-patterns
  - ".dockerignore"
  - "{,jh/}qa/**/*"
+  - ".gitlab/ci/{package-and-test,qa-common,test-on-cng,test-on-gdk}/*"

 # Frontend view patterns + .qa-patterns
 .frontend-qa-patterns: &frontend-qa-patterns
@ -1725,6 +1726,13 @@
    - !reference [".qa:rules:e2e-blocking", rules]
    - !reference [".qa:rules:e2e-schedule-blocking", rules]

+.qa:rules:e2e:test-on-cng:
+  rules:
+    - !reference [".qa:rules:package-and-test-never-run", rules]
+    - <<: [*if-default-branch-schedule-nightly, *qa-e2e-test-schedule-variables]
+    - <<: *if-merge-request
+      changes: *qa-patterns
+
 .qa:rules:package-and-test-nightly:
  rules:
    - !reference [".qa:rules:package-and-test-never-run", rules]
--- a/.gitlab/ci/test-on-cng/main.gitlab-ci.yml
+++ b/.gitlab/ci/test-on-cng/main.gitlab-ci.yml
@ -0,0 +1,107 @@
+# This pipeline runs E2E tests against CNG build which is deployed via helm chart on a job local kind kubernetes cluster
+
+include:
+  - local: .gitlab/ci/cng/main.gitlab-ci.yml
+  - local: .gitlab/ci/qa-common/main.gitlab-ci.yml
+  - local: .gitlab/ci/qa-common/variables.gitlab-ci.yml
+  - local: .gitlab/ci/qa-common/rules.gitlab-ci.yml
+
+workflow:
+  rules:
+    - when: always
+
+.cng-base:
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images/${BUILD_OS}-${OS_VERSION}-ruby-${RUBY_VERSION}:bundler-${BUNDLER_VERSION}-chrome-${CHROME_VERSION}-docker-${DOCKER_VERSION}-kubectl-1.23-helm-3.14-kind-0.20
+  stage: test
+  extends: .qa-cache
+  needs: [build-cng]
+  tags: [saas-linux-2xlarge-amd64]
+  services:
+    - docker:${DOCKER_VERSION}-dind
+  variables:
+    DOCKER_HOST: tcp://docker:2375
+    FF_NETWORK_PER_BUILD: "true"
+    NAMESPACE: gitlab
+    KUBECONFIG: /root/.kube/config
+    BUNDLE_WITHOUT: development
+    GITLAB_USERNAME: root
+    GITLAB_PASSWORD: 5iveL!fe
+    GITLAB_ADMIN_USERNAME: root
+    GITLAB_ADMIN_PASSWORD: 5iveL!fe
+    GITLAB_QA_ADMIN_ACCESS_TOKEN: $QA_ADMIN_ACCESS_TOKEN
+    QA_DOCKER_NETWORK: host
+    QA_GENERATE_ALLURE_REPORT: "true"
+    QA_CAN_TEST_PRAEFECT: "false"
+  before_script:
+    - export GITLAB_DOMAIN="$(getent hosts docker | awk '{ print $1 }' | head -n1).nip.io"
+    - export QA_GITLAB_URL="http://gitlab.${GITLAB_DOMAIN}"
+    - source scripts/qa/cng_deploy/cng-kind.sh
+    - setup_cluster "scripts/qa/cng_deploy/config/kind-config.yml"
+    - deploy "${GITLAB_DOMAIN}"
+    - cd qa && bundle install
+  script:
+    - export QA_COMMAND="bundle exec bin/qa ${QA_SCENARIO:=Test::Instance::All} $QA_GITLAB_URL -- $QA_TESTS --force-color --order random --format documentation --format RspecJunitFormatter --out tmp/rspec-${CI_JOB_ID}.xml"
+    - echo "Running - '$QA_COMMAND'"
+    - eval "$QA_COMMAND"
+  after_script:
+    - source scripts/qa/cng_deploy/cng-kind.sh
+    - echo -e "\e[0Ksection_start:`date +%s`:log_deploy[collapsed=true]\r\e[0KDeployment info"
+    - save_install_logs
+    - echo -e "\e[0Ksection_end:`date +%s`:log_deploy\r\e[0K"
+  artifacts:
+    expire_in: 1 day
+    when: always
+    reports:
+      junit: qa/tmp/rspec-*.xml
+    paths:
+      - "*.log"
+      - qa/tmp/allure-results
+
+# ==========================================
+# Pre stage
+# ==========================================
+build-cng-env:
+  stage: .pre
+  extends: .build-cng-env
+
+build-cng:
+  stage: .pre
+  extends: .build-cng
+  needs: [build-cng-env]
+
+# ==========================================
+# Test stage
+# ==========================================
+cng-qa-smoke:
+  extends:
+    - .cng-base
+  variables:
+    QA_SCENARIO: Test::Instance::Smoke
+
+# Test run against environment with minimum supported redis version defined in lib/system_check/app/redis_version_check.rb
+cng-qa-min-redis-version:
+  extends: cng-qa-smoke
+  variables:
+    REDIS_VERSION_TYPE: MIN_REDIS_VERSION
+
+# ==========================================
+# Post test stage
+# ==========================================
+e2e-test-report:
+  extends: .rules:report:allure-report
+  variables:
+    ALLURE_REPORT_RESULTS_GLOB: "qa/tmp/allure-results"
+
+export-test-metrics:
+  extends:
+    - .export-test-metrics
+    - .rules:report:process-results
+  variables:
+    QA_METRICS_REPORT_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/test-metrics-*.json
+
+notify-slack:
+  extends:
+    - .notify-slack
+    - .rules:report:process-results
+  variables:
+    QA_RSPEC_XML_FILE_PATTERN: $CI_PROJECT_DIR/qa/tmp/rspec-*.xml
--- a/.index.yml.example
+++ b/.index.yml.example
@ -0,0 +1,8 @@
+included_patterns:
+  - "**/*.rb"
+
+excluded_patterns:
+  - "**/spec/**/*"
+  - qa/qa/specs/features/**/*
+  - vendor/**/*
+  - ".bundle/**/*"
--- a/.rubocop_todo/gitlab/avoid_gitlab_instance_checks.yml
+++ b/.rubocop_todo/gitlab/avoid_gitlab_instance_checks.yml
@ -91,7 +91,6 @@ Gitlab/AvoidGitlabInstanceChecks:
    - 'ee/app/services/llm/base_service.rb'
    - 'ee/app/services/namespaces/service_accounts/create_service.rb'
    - 'ee/app/workers/ee/ci/build_finished_worker.rb'
-    - 'ee/app/workers/elastic_remove_expired_namespace_subscriptions_from_index_cron_worker.rb'
    - 'ee/app/workers/gitlab_subscriptions/add_on_purchases/bulk_refresh_user_assignments_worker.rb'
    - 'ee/app/workers/gitlab_subscriptions/add_on_purchases/schedule_bulk_refresh_user_assignments_worker.rb'
    - 'ee/app/workers/gitlab_subscriptions/refresh_seats_worker.rb'
--- a/5
+++ b/5
@ -378,7 +378,10 @@ gem 'thrift', '>= 0.16.0' # rubocop:todo Gemfile/MissingFeatureCategory
 # I18n
 gem 'rails-i18n', '~> 7.0', feature_category: :internationalization
 gem 'gettext_i18n_rails', '~> 1.11.0', feature_category: :internationalization
-gem 'gettext', '~> 3.3', require: false, group: [:development, :test], feature_category: :internationalization
+gem 'gettext', '~> 3.4', '>= 3.4.9',
+  require: false,
+  group: [:development, :test],
+  feature_category: :internationalization

 gem 'batch-loader', '~> 2.0.1' # rubocop:todo Gemfile/MissingFeatureCategory

--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1905,7 +1905,7 @@ DEPENDENCIES
  fog-local (~> 0.8)
  fugit (~> 1.8.1)
  fuubar (~> 2.2.0)
-  gettext (~> 3.3)
+  gettext (~> 3.4, >= 3.4.9)
  gettext_i18n_rails (~> 1.11.0)
  gitaly (~> 16.9.1)
  gitlab-backup-cli!
--- a/app/assets/javascripts/authentication/password/components/password_input.vue
+++ b/app/assets/javascripts/authentication/password/components/password_input.vue
@ -81,7 +81,7 @@ export default {
    />
    <gl-button
      v-gl-tooltip="toggleVisibilityLabel"
-      class="input-icon-right gl-right-0!"
+      class="input-icon-right !gl-right-0"
      category="tertiary"
      :aria-label="toggleVisibilityLabel"
      :icon="toggleVisibilityIcon"
--- a/app/assets/javascripts/ci/catalog/components/list/ci_resources_list_item.vue
+++ b/app/assets/javascripts/ci/catalog/components/list/ci_resources_list_item.vue
@ -32,6 +32,12 @@ export default {
    authorName() {
      return this.latestVersion.author.name;
    },
+    authorUsername() {
+      return this.latestVersion.author.username;
+    },
+    authorId() {
+      return getIdFromGraphQLId(this.latestVersion.author.id);
+    },
    authorProfileUrl() {
      return this.latestVersion.author.webUrl;
    },
@ -162,7 +168,14 @@ export default {
                </span>
              </template>
              <template #author>
-                <gl-link :href="authorProfileUrl" data-testid="user-link">
+                <gl-link
+                  :data-name="authorName"
+                  :data-user-id="authorId"
+                  :data-username="authorUsername"
+                  data-testid="user-link"
+                  :href="authorProfileUrl"
+                  class="js-user-link"
+                >
                  <span>{{ authorName }}</span>
                </gl-link>
              </template>
--- a/app/assets/javascripts/ci/catalog/graphql/fragments/catalog_resource.fragment.graphql
+++ b/app/assets/javascripts/ci/catalog/graphql/fragments/catalog_resource.fragment.graphql
@ -19,6 +19,7 @@ fragment CatalogResourceFields on CiCatalogResource {
    author {
      id
      name
+      username
      webUrl
    }
  }
--- a/app/assets/javascripts/ci/pipeline_details/dag/components/dag_annotations.vue
+++ b/app/assets/javascripts/ci/pipeline_details/dag/components/dag_annotations.vue
@ -31,7 +31,7 @@ export default {
        'gl-flex-direction-column',
        'gl-fixed',
        'gl-right-1',
-        'gl-top-66vh',
+        'gl-deprecated-top-66vh',
        'gl-w-max-content',
        'gl-px-5',
        'gl-py-4',
--- a/app/assets/javascripts/ci/pipeline_mini_graph/legacy_pipeline_stage.vue
+++ b/app/assets/javascripts/ci/pipeline_mini_graph/legacy_pipeline_stage.vue
@ -25,7 +25,7 @@ export default {
    errorMessage: __('Something went wrong on our end.'),
    loadingText: __('Loading...'),
    mergeTrainMessage: s__('Pipeline|Merge train pipeline jobs can not be retried'),
-    stage: __('Stage:'),
+    stage: __('Stage'),
    viewStageLabel: __('View Stage: %{title}'),
  },
  components: {
@ -133,8 +133,13 @@ export default {
      <div
        class="gl-display-flex gl-align-items-center gl-p-4! gl-min-h-8 gl-border-b-1 gl-border-b-solid gl-border-b-gray-200 gl-font-sm gl-font-weight-bold gl-line-height-1"
      >
-        <span class="gl-mr-1">{{ $options.i18n.stage }}</span>
-        <span data-testid="pipeline-stage-dropdown-menu-title">{{ stageName }}</span>
+        <template v-if="isLoading">
+          <span>{{ $options.i18n.stage }}</span>
+        </template>
+        <template v-else>
+          <span class="gl-mr-1">{{ $options.i18n.stage }}:</span>
+          <span data-testid="pipeline-stage-dropdown-menu-title">{{ stageName }}</span>
+        </template>
      </div>
    </template>

@ -150,6 +155,7 @@ export default {
      v-else
      class="mini-pipeline-graph-dropdown-menu gl-overflow-y-auto gl-m-0 gl-p-0"
      data-testid="mini-pipeline-graph-dropdown-menu-list"
+      @click.stop
    >
      <legacy-job-item
        v-for="job in dropdownContent"
--- a/app/assets/javascripts/emoji/components/picker.vue
+++ b/app/assets/javascripts/emoji/components/picker.vue
@ -152,13 +152,13 @@ export default {
            </span>
            <span class="reaction-control-icon reaction-control-icon-positive">
              <gl-icon
-                class="award-control-icon-positive gl-button-icon gl-left-3!"
+                class="award-control-icon-positive gl-button-icon !gl-left-3"
                name="smiley"
              />
            </span>
            <span class="reaction-control-icon reaction-control-icon-super-positive">
              <gl-icon
-                class="award-control-icon-super-positive gl-button-icon gl-left-3!"
+                class="award-control-icon-super-positive gl-button-icon !gl-left-3"
                name="smile"
              />
            </span>
--- a/app/assets/javascripts/environments/environment_details/components/deployment_history.vue
+++ b/app/assets/javascripts/environments/environment_details/components/deployment_history.vue
@ -176,7 +176,7 @@ export default {
      v-if="isLoading"
      class="gl-absolute gl-top-0 gl-left-0 gl-w-full gl-h-full gl-z-index-200 gl-bg-gray-10 gl-opacity-3"
    ></div>
-    <gl-loading-icon v-if="isLoading" size="lg" class="gl-absolute gl-top-half gl-left-50p" />
+    <gl-loading-icon v-if="isLoading" size="lg" class="gl-absolute gl-top-1/2 gl-left-1/2" />
    <div v-if="isDeploymentTableShown">
      <deployments-table :deployments="deployments" />
      <pagination :page-info="pageInfo" :disabled="isPaginationDisabled" />
--- a/app/assets/javascripts/merge_requests/components/sticky_header.vue
+++ b/app/assets/javascripts/merge_requests/components/sticky_header.vue
@ -139,7 +139,7 @@ export default {

 <template>
  <gl-intersection-observer
-    class="gl-relative gl-top-n5"
+    class="gl-relative -gl-top-5"
    @appear="setStickyHeaderVisible(false)"
    @disappear="setStickyHeaderVisible(true)"
  >
--- a/app/assets/javascripts/sidebar/components/assignees/sidebar_participant.vue
+++ b/app/assets/javascripts/sidebar/components/assignees/sidebar_participant.vue
@ -58,7 +58,7 @@ export default {
        name="warning-solid"
        aria-hidden="true"
        class="merge-icon"
-        :class="{ 'gl-left-6!': selected }"
+        :class="{ '!gl-left-6': selected }"
        :size="12"
      />
      <gl-badge v-if="isBusy" size="sm" variant="warning" class="gl-ml-2">
--- a/app/assets/stylesheets/page_bundles/reports.scss
+++ b/app/assets/stylesheets/page_bundles/reports.scss
@ -76,13 +76,3 @@
  width: 600px;
 }

-.modal-security-report-dast {
-  .modal-dialog {
-    max-width: $modal-lg;
-  }
-
-  // This is temporary till we get the new modals hooked up
-  &.modal-hide-footer .modal-footer {
-    display: none;
-  }
-}
--- a/app/models/ci/stage.rb
+++ b/app/models/ci/stage.rb
@ -8,10 +8,15 @@ module Ci
    include Gitlab::OptimisticLocking
    include Presentable

+    ROUTING_FEATURE_FLAG = :ci_partitioning_use_ci_stages_routing_table
+
    self.primary_key = :id
    self.sequence_name = :ci_job_stages_id_seq

-    partitionable scope: :pipeline
+    partitionable scope: :pipeline, through: {
+      table: :p_ci_stages,
+      flag: ROUTING_FEATURE_FLAG
+    }

    enum status: Ci::HasStatus::STATUSES_ENUM

--- a/app/models/organizations.rb
+++ b/app/models/organizations.rb
@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Organizations
+  # to be used at multiple layers and pushed/used in frontend as needed
+  ORGANIZATION_HTTP_HEADER = 'HTTP_GITLAB_ORGANIZATION_ID'
+end
--- a/app/services/ci/queue/build_queue_service.rb
+++ b/app/services/ci/queue/build_queue_service.rb
@ -51,7 +51,7 @@ module Ci
      end

      def execute(relation)
-        strategy.build_ids(relation)
+        strategy.build_and_partition_ids(relation)
      end

      private
--- a/app/services/ci/queue/pending_builds_strategy.rb
+++ b/app/services/ci/queue/pending_builds_strategy.rb
@ -42,12 +42,8 @@ module Ci
        ::Ci::PendingBuild.all
      end

-      def build_ids(relation)
-        if Feature.enabled?(:use_partition_id_for_register_job_service, Feature.current_request)
-          relation.pluck(:build_id, :partition_id)
-        else
-          relation.pluck(:build_id)
-        end
+      def build_and_partition_ids(relation)
+        relation.pluck(:build_id, :partition_id)
      end

      private
--- a/app/services/ci/register_job_service.rb
+++ b/app/services/ci/register_job_service.rb
@ -129,14 +129,12 @@ module Ci
        builds = queue.builds_with_any_tags(builds)
      end

-      build_ids = retrieve_queue(-> { queue.execute(builds) })
+      build_and_partition_ids = retrieve_queue(-> { queue.execute(builds) })

-      @metrics.observe_queue_size(-> { build_ids.size }, @runner.runner_type)
+      @metrics.observe_queue_size(-> { build_and_partition_ids.size }, @runner.runner_type)

-      if Feature.enabled?(:use_partition_id_for_register_job_service, Feature.current_request)
-        build_ids.each { |build_id, partition_id| yield Ci::Build.find_by!(partition_id: partition_id, id: build_id) }
-      else
-        build_ids.each { |build_id| yield Ci::Build.find(build_id) }
+      build_and_partition_ids.each do |build_id, partition_id|
+        yield Ci::Build.find_by!(partition_id: partition_id, id: build_id)
      end
    end
    # rubocop: enable CodeReuse/ActiveRecord
--- a/app/services/members/invite_service.rb
+++ b/app/services/members/invite_service.rb
@ -76,3 +76,5 @@ module Members
    end
  end
 end
+
+Members::InviteService.prepend_mod
--- a/app/views/award_emoji/_awards_block.html.haml
+++ b/app/views/award_emoji/_awards_block.html.haml
@ -18,6 +18,6 @@
      .award-menu-holder.js-award-holder
        = render Pajamas::ButtonComponent.new(button_options: { class: 'award-control has-tooltip js-add-award btn-icon gl-relative', data: { title: _('Add reaction') }, aria: { label: _('Add reaction') } }) do
          = sprite_icon('slight-smile', css_class: 'award-control-icon-neutral gl-button-icon gl-icon')
-          = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon gl-left-3!')
-          = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon gl-left-3!')
+          = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon !gl-left-3')
+          = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon !gl-left-3')
    = yield
--- a/app/views/projects/notes/_actions.html.haml
+++ b/app/views/projects/notes/_actions.html.haml
@ -12,8 +12,8 @@
      = render Pajamas::ButtonComponent.new(category: :tertiary,
        button_options: { title: _('Add reaction'), class: 'btn-icon note-action-button note-emoji-button js-add-award js-note-emoji has-tooltip', data: { position: 'right', container: 'body' }, 'aria-label': _('Add reaction') }) do
        = sprite_icon('slight-smile', css_class: 'award-control-icon-neutral gl-button-icon gl-icon')
-        = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon gl-left-3!')
-        = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon gl-left-3! ')
+        = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon !gl-left-3')
+        = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon !gl-left-3 ')

  - if note_editable
    .note-actions-item.gl-ml-0
--- a/app/views/shared/milestones/_header.html.haml
+++ b/app/views/shared/milestones/_header.html.haml
@ -8,7 +8,7 @@
          = _('Milestone')
      - if milestone.due_date || milestone.start_date
        = milestone_date_range(milestone)
-      = render Pajamas::ButtonComponent.new(icon: 'chevron-double-lg-left', button_options: { 'aria-label' => _('Toggle sidebar'), class: 'btn-grouped gl-float-right! gl-sm-display-none js-sidebar-toggle' })
+      = render Pajamas::ButtonComponent.new(icon: 'chevron-double-lg-left', button_options: { 'aria-label' => _('Toggle sidebar'), class: 'btn-grouped !gl-float-right gl-sm-display-none js-sidebar-toggle' })

  - if can?(current_user, :admin_milestone, @group || @project)
    .milestone-buttons.detail-page-header-actions.gl-display-flex.gl-align-self-start
--- a/app/views/shared/wikis/_sidebar_wiki_page.html.haml
+++ b/app/views/shared/wikis/_sidebar_wiki_page.html.haml
@ -2,6 +2,6 @@

 %li{ class: active_when(params[:id] == wiki_page.slug) }
  .gl-relative.gl-display-flex.gl-align-items-center.js-wiki-list-toggle.wiki-list{ data: { testid: 'wiki-list' } }
-    = render Pajamas::ButtonComponent.new(icon: 'plus', size: :small, href: "#{wiki_path}/{new_page_title}", button_options: { class: 'wiki-list-create-child-button gl-bg-transparent! gl-hover-bg-gray-50! gl-focus-bg-gray-50! gl-absolute gl-top-half gl-translate-y-n50 gl-cursor-pointer gl-right-2' })
+    = render Pajamas::ButtonComponent.new(icon: 'plus', size: :small, href: "#{wiki_path}/{new_page_title}", button_options: { class: 'wiki-list-create-child-button gl-bg-transparent! gl-hover-bg-gray-50! gl-focus-bg-gray-50! gl-absolute gl-top-1/2 gl-translate-y-n50 gl-cursor-pointer gl-right-2' })
    = link_to wiki_path, data: { testid: 'wiki-page-link', qa_page_name: wiki_page.human_title } do
      = wiki_page.human_title
--- a/app/views/shared/wikis/_wiki_directory.html.haml
+++ b/app/views/shared/wikis/_wiki_directory.html.haml
@ -4,7 +4,7 @@
  .gl-relative.gl-display-flex.gl-align-items-center.js-wiki-list-toggle.wiki-list{ data: { testid: 'wiki-list' } }<
    = sprite_icon('chevron-right', css_class: 'js-wiki-list-expand-button wiki-list-expand-button gl-mr-2 gl-cursor-pointer')
    = sprite_icon('chevron-down', css_class: 'js-wiki-list-collapse-button wiki-list-collapse-button gl-mr-2 gl-cursor-pointer')
-    = render Pajamas::ButtonComponent.new(icon: 'plus', size: :small, href: "#{wiki_path}/{new_page_title}", button_options: { class: 'wiki-list-create-child-button gl-bg-transparent! gl-hover-bg-gray-50! gl-focus-bg-gray-50! gl-absolute gl-top-half gl-translate-y-n50 gl-cursor-pointer gl-right-2' })
+    = render Pajamas::ButtonComponent.new(icon: 'plus', size: :small, href: "#{wiki_path}/{new_page_title}", button_options: { class: 'wiki-list-create-child-button gl-bg-transparent! gl-hover-bg-gray-50! gl-focus-bg-gray-50! gl-absolute gl-top-1/2 gl-translate-y-n50 gl-cursor-pointer gl-right-2' })
    = link_to wiki_path, data: { testid: 'wiki-dir-page-link', qa_page_name: wiki_directory.title } do
      = wiki_directory.title
  %ul.gl-pl-8
--- a/app/views/snippets/notes/_actions.html.haml
+++ b/app/views/snippets/notes/_actions.html.haml
@ -3,8 +3,8 @@
    .note-actions-item
      = render Pajamas::ButtonComponent.new(category: :tertiary, button_options: { title: _('Add reaction'), class: 'btn-icon note-action-button note-emoji-button js-add-award js-note-emoji has-tooltip' }) do
        = sprite_icon('slight-smile', css_class: 'award-control-icon-neutral gl-button-icon gl-icon')
-        = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon gl-left-3!')
-        = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon gl-left-3! ')
+        = sprite_icon('smiley', css_class: 'award-control-icon-positive gl-button-icon gl-icon !gl-left-3')
+        = sprite_icon('smile', css_class: 'award-control-icon-super-positive gl-button-icon gl-icon !gl-left-3 ')

  - if note_editable
    .note-actions-item.gl-ml-0
--- a/app/views/users/show.html.haml
+++ b/app/views/users/show.html.haml
@ -30,7 +30,7 @@
        = link_to avatar_icon_for_user(@user, 400, current_user: current_user), target: '_blank', rel: 'noopener noreferrer', title: s_('UserProfile|View large avatar') do
          = render Pajamas::AvatarComponent.new(@user, alt: s_('UserProfile|User profile picture'), size: 96, avatar_options: { itemprop: "image" })
        - if @user.status&.busy?
-          = render Pajamas::BadgeComponent.new(s_('UserProfile|Busy'), size: 'sm', variant: 'warning', class: 'gl-absolute gl-display-flex gl-justify-content-center gl-align-items-center gl-left-50p gl-bg-gray-50 gl-border gl-border-white gl-translate-x-n50 gl-top-full gl-mt-n3')
+          = render Pajamas::BadgeComponent.new(s_('UserProfile|Busy'), size: 'sm', variant: 'warning', class: 'gl-absolute gl-display-flex gl-justify-content-center gl-align-items-center gl-left-1/2 gl-bg-gray-50 gl-border gl-border-white gl-translate-x-n50 gl-top-full gl-mt-n3')
      %div
        %h1.gl-heading-1.gl-line-height-1.gl-mr-2{ class: 'gl-my-0!', itemprop: 'name' }
          = user_display_name(@user)
--- a/config/feature_flags/gitlab_com_derisk/ci_partitioning_use_ci_stages_routing_table.yml
+++ b/config/feature_flags/gitlab_com_derisk/ci_partitioning_use_ci_stages_routing_table.yml
@ -1,8 +1,8 @@
 ---
-name: use_partition_id_for_register_job_service
-feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/437851
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144543
-rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17585
+name: ci_partitioning_use_ci_stages_routing_table
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/440759
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145902
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/443421
 milestone: '16.10'
 group: group::pipeline execution
 type: gitlab_com_derisk
--- a/config/gitlab_loose_foreign_keys.yml
+++ b/config/gitlab_loose_foreign_keys.yml
@ -149,10 +149,6 @@ ci_sources_projects:
  - table: projects
    column: source_project_id
    on_delete: async_delete
-ci_stages:
-  - table: projects
-    column: project_id
-    on_delete: async_delete
 ci_subscriptions_projects:
  - table: projects
    column: downstream_project_id
@ -298,6 +294,10 @@ p_ci_runner_machine_builds:
  - table: ci_runner_machines
    column: runner_machine_id
    on_delete: async_delete
+p_ci_stages:
+  - table: projects
+    column: project_id
+    on_delete: async_delete
 packages_build_infos:
  - table: ci_pipelines
    column: pipeline_id
--- a/config/tailwind.config.js
+++ b/config/tailwind.config.js
@ -11,7 +11,17 @@ module.exports = {
    './node_modules/@gitlab/ui/dist/**/*.{vue,js}',
  ],
  presets: [tailwindDefaults],
-  corePlugins: ['appearance', 'content', 'isolation', 'mixBlendMode', 'tableLayout', 'userSelect'],
+  corePlugins: [
+    'appearance',
+    'content',
+    'float',
+    'inset',
+    'isolation',
+    'mixBlendMode',
+    'position',
+    'tableLayout',
+    'userSelect',
+  ],
  blocklist: [
    // Prevents an irrelevant util from being generated.
    // In the long run, we'll look into disabling arbitrary values altogether, which should prevent
--- a/db/docs/approval_merge_request_rules_approved_approvers.yml
+++ b/db/docs/approval_merge_request_rules_approved_approvers.yml
@ -7,4 +7,20 @@ feature_categories:
 description: Join table for approved approvers and ApprovalMergeRequestRule
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/8497
 milestone: '11.7'
-gitlab_schema: gitlab_main
+gitlab_schema: gitlab_main_cell
+allow_cross_joins:
+- gitlab_main_clusterwide
+allow_cross_transactions:
+- gitlab_main_clusterwide
+allow_cross_foreign_keys:
+- gitlab_main_clusterwide
+desired_sharding_key:
+  project_id:
+    references: projects
+    backfill_via:
+      parent:
+        foreign_key: approval_merge_request_rule_id
+        table: approval_merge_request_rules
+        sharding_key: project_id
+        belongs_to: approval_merge_request_rule
+    awaiting_backfill_on_parent: true
--- a/db/docs/batched_background_migrations/backfill_onboarding_status_step_url.yml
+++ b/db/docs/batched_background_migrations/backfill_onboarding_status_step_url.yml
@ -0,0 +1,9 @@
+---
+migration_job_name: BackfillOnboardingStatusStepUrl
+description: Moves data from user_details.onboarding_step_url to the new jsonb column.
+feature_category: onboarding
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/145041
+milestone: '16.10'
+queued_migration_version: 20240226174509
+finalize_after: '2024-03-15'
+finalized_by: # version of the migration that finalized this BBM
--- a/db/docs/p_ci_stages.yml
+++ b/db/docs/p_ci_stages.yml
@ -2,6 +2,7 @@
 table_name: p_ci_stages
 classes:
 - Ci::Stage
+- Ci::Stage::Partitioned
 feature_categories:
 - continuous_integration
 description: Routing table for ci_stages
--- a/db/docs/project_statistics.yml
+++ b/db/docs/project_statistics.yml
@ -8,3 +8,5 @@ description: Records statistics about the usage of various product features
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/7754
 milestone: '8.16'
 gitlab_schema: gitlab_main_cell
+sharding_key:
+  project_id: projects
--- a/db/post_migrate/20240226174509_queue_backfill_onboarding_status_step_url.rb
+++ b/db/post_migrate/20240226174509_queue_backfill_onboarding_status_step_url.rb
@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class QueueBackfillOnboardingStatusStepUrl < Gitlab::Database::Migration[2.2]
+  milestone '16.10'
+
+  MIGRATION = 'BackfillOnboardingStatusStepUrl'
+  DELAY_INTERVAL = 2.minutes
+  BATCH_SIZE = 3_000
+  SUB_BATCH_SIZE = 250
+  MAX_BATCH_SIZE = 10_000
+
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  def up
+    queue_batched_background_migration(
+      MIGRATION,
+      :users,
+      :id,
+      job_interval: DELAY_INTERVAL,
+      batch_size: BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE,
+      max_batch_size: MAX_BATCH_SIZE
+    )
+  end
+
+  def down
+    delete_batched_background_migration(MIGRATION, :users, :id, [])
+  end
+end
--- a/db/schema_migrations/20240226174509
+++ b/db/schema_migrations/20240226174509
@ -0,0 +1 @@
+4cc51a39d3a9be5c86b9fdba0b6b9a03580a6941802cbf0773882917b999af40
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@ -15126,6 +15126,7 @@ Represents the approval policy.
 | <a id="approvalpolicyenabled"></a>`enabled` | [`Boolean!`](#boolean) | Indicates whether this policy is enabled. |
 | <a id="approvalpolicygroupapprovers"></a>`groupApprovers` **{warning-solid}** | [`[Group!]`](#group) | **Deprecated** in GitLab 16.5. Use `allGroupApprovers`. |
 | <a id="approvalpolicyname"></a>`name` | [`String!`](#string) | Name of the policy. |
+| <a id="approvalpolicypolicyscope"></a>`policyScope` | [`PolicyScope`](#policyscope) | Scope of the policy. |
 | <a id="approvalpolicyroleapprovers"></a>`roleApprovers` | [`[MemberAccessLevelName!]`](#memberaccesslevelname) | Approvers of the role type. Users belonging to these role(s) alone will be approvers. |
 | <a id="approvalpolicysource"></a>`source` | [`SecurityPolicySource!`](#securitypolicysource) | Source of the policy. Its fields depend on the source type. |
 | <a id="approvalpolicyupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp of when the policy YAML was last updated. |
@ -25209,6 +25210,16 @@ Represents vulnerability finding of a security report on the pipeline.
 | <a id="policyapprovalgroupid"></a>`id` | [`ID!`](#id) | ID of the namespace. |
 | <a id="policyapprovalgroupweburl"></a>`webUrl` | [`String!`](#string) | Web URL of the group. |

+### `PolicyScope`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="policyscopecomplianceframeworks"></a>`complianceFrameworks` | [`ComplianceFrameworkConnection!`](#complianceframeworkconnection) | Compliance Frameworks linked to the policy. (see [Connections](#connections)) |
+| <a id="policyscopeexcludingprojects"></a>`excludingProjects` | [`ProjectConnection!`](#projectconnection) | Projects to which the policy should not be applied to. (see [Connections](#connections)) |
+| <a id="policyscopeincludingprojects"></a>`includingProjects` | [`ProjectConnection!`](#projectconnection) | Projects to which the policy should be applied to. (see [Connections](#connections)) |
+
 ### `PreviewBillableUserChange`

 #### Fields
@ -27929,6 +27940,7 @@ Represents the scan execution policy.
 | <a id="scanexecutionpolicyeditpath"></a>`editPath` | [`String!`](#string) | URL of policy edit page. |
 | <a id="scanexecutionpolicyenabled"></a>`enabled` | [`Boolean!`](#boolean) | Indicates whether this policy is enabled. |
 | <a id="scanexecutionpolicyname"></a>`name` | [`String!`](#string) | Name of the policy. |
+| <a id="scanexecutionpolicypolicyscope"></a>`policyScope` | [`PolicyScope`](#policyscope) | Scope of the policy. |
 | <a id="scanexecutionpolicysource"></a>`source` | [`SecurityPolicySource!`](#securitypolicysource) | Source of the policy. Its fields depend on the source type. |
 | <a id="scanexecutionpolicyupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp of when the policy YAML was last updated. |
 | <a id="scanexecutionpolicyyaml"></a>`yaml` | [`String!`](#string) | YAML definition of the policy. |
@ -27947,6 +27959,7 @@ Represents the scan result policy.
 | <a id="scanresultpolicyenabled"></a>`enabled` | [`Boolean!`](#boolean) | Indicates whether this policy is enabled. |
 | <a id="scanresultpolicygroupapprovers"></a>`groupApprovers` **{warning-solid}** | [`[Group!]`](#group) | **Deprecated** in GitLab 16.5. Use `allGroupApprovers`. |
 | <a id="scanresultpolicyname"></a>`name` | [`String!`](#string) | Name of the policy. |
+| <a id="scanresultpolicypolicyscope"></a>`policyScope` | [`PolicyScope`](#policyscope) | Scope of the policy. |
 | <a id="scanresultpolicyroleapprovers"></a>`roleApprovers` | [`[MemberAccessLevelName!]`](#memberaccesslevelname) | Approvers of the role type. Users belonging to these role(s) alone will be approvers. |
 | <a id="scanresultpolicysource"></a>`source` | [`SecurityPolicySource!`](#securitypolicysource) | Source of the policy. Its fields depend on the source type. |
 | <a id="scanresultpolicyupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp of when the policy YAML was last updated. |
@ -34767,6 +34780,7 @@ Implementations:
 | <a id="orchestrationpolicyeditpath"></a>`editPath` | [`String!`](#string) | URL of policy edit page. |
 | <a id="orchestrationpolicyenabled"></a>`enabled` | [`Boolean!`](#boolean) | Indicates whether this policy is enabled. |
 | <a id="orchestrationpolicyname"></a>`name` | [`String!`](#string) | Name of the policy. |
+| <a id="orchestrationpolicypolicyscope"></a>`policyScope` | [`PolicyScope`](#policyscope) | Scope of the policy. |
 | <a id="orchestrationpolicyupdatedat"></a>`updatedAt` | [`Time!`](#time) | Timestamp of when the policy YAML was last updated. |
 | <a id="orchestrationpolicyyaml"></a>`yaml` | [`String!`](#string) | YAML definition of the policy. |

--- a/doc/api/group_releases.md
+++ b/doc/api/group_releases.md
@ -8,16 +8,16 @@ info: To determine the technical writer assigned to the Stage/Group associated w

 DETAILS:
 **Tier:** Free, Premium, Ultimate
-**Offering:** GitLab.com, Self-managed
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351703) in GitLab 14.10 [with a flag](../administration/feature_flags.md) named `group_releases_finder_inoperator`. Disabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/355463) in GitLab 15.0. Feature flag `group_releases_finder_inoperator` removed.

 Review your groups' [releases](../user/project/releases/index.md) with the REST API.

 NOTE:
 For more information about the project releases API, see [Releases API](releases/index.md).

-FLAG:
-On self-managed GitLab, by default this feature is not available. To make it available, an administrator can [enable the feature flag](../administration/feature_flags.md) named `group_releases_finder_inoperator`.
-
 ## List group releases

 Returns a list of group releases.
--- a/doc/ci/components/index.md
+++ b/doc/ci/components/index.md
@ -334,18 +334,20 @@ include:

 stages: [build, test, release]

-# Check if `component-job` is added.
+# Check if `component job of my-component` is added.
 # This example job could also test that the included component works as expected.
 # You can inspect data generated by the component, use GitLab API endpoints, or third-party tools.
 ensure-job-added:
  stage: test
  image: badouralix/curl-jq
+  # Replace "component job of my-component" with the job name in your component.
  script:
    - |
      route="${CI_API_V4_URL}/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
-      count=`curl --silent --header "PRIVATE-TOKEN: $API_TOKEN" $route | jq 'map(select(.name | contains("component-job"))) | length'`
+      count=`curl --silent --header "JOB-TOKEN: $CI_JOB_TOKEN" $route | jq 'map(select(.name | contains("component job of my-component"))) | length'`
      if [ "$count" != "1" ]; then
-        exit 1
+        exit 1; else
+        echo "Component Job present"
      fi

 # If the pipeline is for a new tag with a semantic version, and all previous jobs succeed,
--- a/doc/development/export_csv.md
+++ b/doc/development/export_csv.md
@ -11,7 +11,7 @@ This document lists the different implementations of CSV export in GitLab codeba
 | Export type | How it works | Advantages | Disadvantages | Existing examples                                                                                                                                                                                            |
 |---|---|---|---|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Streaming | - Query and yield data in batches to a response stream.<br>- Download starts immediately. | - Report available immediately. | - No progress indicator.<br>- Requires a reliable connection. | [Export Audit Event Log](../administration/audit_event_reports.md#exporting-audit-events)                                                                                                                                    |
-| Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when user navigates to a different page. | - [Export Chain of Custody Report](../user/compliance/compliance_center/index.md#chain-of-custody-report)<br>- [Export License Usage File](../subscriptions/self_managed/index.md#export-your-license-usage) |
+| Downloading | - Query and write data in batches to a temporary file.<br>- Loads the file into memory.<br>- Sends the file to the client. | - Report available immediately. | - Large amount of data might cause request timeout.<br>- Memory intensive.<br>- Request expires when user navigates to a different page. | - [Export Chain of Custody Report](../user/compliance/compliance_center/compliance_violations_report.md#chain-of-custody-report)<br>- [Export License Usage File](../subscriptions/self_managed/index.md#export-your-license-usage) |
 | As email attachment | - Asynchronously process the query with background job.<br>- Email uses the export as an attachment. | - Asynchronous processing. | - Requires users use a different app (email) to download the CSV.<br>- Email providers may limit attachment size. | - [Export issues](../user/project/issues/csv_export.md)<br>- [Export merge requests](../user/project/merge_requests/csv_export.md)                                                                           |
 | As downloadable link in email (*) | - Asynchronously process the query with background job.<br>- Email uses an export link. | - Asynchronous processing.<br>- Bypasses email provider attachment size limit. | - Requires users use a different app (email).<br>- Requires additional storage and cleanup. | [Export User Permissions](https://gitlab.com/gitlab-org/gitlab/-/issues/1772)                                                                                                                                |
 | Polling (non-persistent state) | - Asynchronously processes the query with the background job.<br>- Frontend(FE) polls every few seconds to check if CSV file is ready. | - Asynchronous processing.<br>- Automatically downloads to local machine on completion.<br>- In-app solution. | - Non-persistable request - request expires when user navigates to a different page.<br>- API is processed for each polling request. | [Export Vulnerabilities](../user/application_security/vulnerability_report/index.md#export-vulnerability-details)                                                                                            |
--- a/doc/development/testing_guide/end_to_end/test_pipelines.md
+++ b/doc/development/testing_guide/end_to_end/test_pipelines.md
@ -188,3 +188,39 @@ tests against the GDK instance running in the container.
 ##### report

 This stage is responsible for [allure test report](index.md#allure-report) generation.
+
+## `e2e:test-on-cng`
+
+The `e2e:test-on-cng` child pipeline runs tests against [Cloud Native GitLab](https://gitlab.com/gitlab-org/build/CNG) installation.
+Unlike `review-apps`, this pipeline uses local [kind](https://github.com/kubernetes-sigs/kind) Kubernetes cluster.
+
+Currently this pipeline is executed on nightly scheduled pipelines and is mainly responsible for testing compatibility with minimal supported version of `redis`.
+
+### Setup
+
+The pipeline setup consists of several jobs in the main GitLab pipeline:
+
+- `compile-production-assets` and `build-assets-image` jobs are responsible for compiling frontend assets which are required
+by [CNG](https://gitlab.com/gitlab-org/build/CNG-mirror) build pipeline.
+- `e2e-test-pipeline-generate` job is responsible for generating `e2e:test-on-cng` child pipeline
+
+### `e2e:test-on-cng` child pipeline
+
+Child pipeline consists of several stages that support E2E test execution.
+
+#### .pre
+
+- `build-cng-env` job is responsible for setting up all environment variables for [CNG](https://gitlab.com/gitlab-org/build/CNG-mirror) downstream pipeline
+- `build-cng` job triggers `CNG` downstream pipeline which is responsible for building all necessary images
+
+#### test
+
+Jobs in `test` stage perform following actions:
+
+- local k8s cluster setup using [`kind`](https://github.com/kubernetes-sigs/kind)
+- GitLab installation using official [`helm` chart](https://gitlab.com/gitlab-org/charts/gitlab)
+- E2E test execution against performed deployment
+
+#### report
+
+This stage is responsible for [allure test report](index.md#allure-report) generation as well as test metrics upload.
--- a/doc/integration/jira/configure.md
+++ b/doc/integration/jira/configure.md
@ -77,8 +77,12 @@ To configure your project settings in GitLab:
   When you enable Jira issues, all users with access to your GitLab project
   can view all issues from the Jira project you've specified.

-   - To [create Jira issues for vulnerabilities](#create-a-jira-issue-for-a-vulnerability),
-     select the **Enable Jira issue creation from vulnerabilities** checkbox.
+   - To [create Jira issues for vulnerabilities](#create-a-jira-issue-for-a-vulnerability):
+     1. Select the **Enable Jira issue creation from vulnerabilities** checkbox.
+     1. Select the type of Jira issues to create.
+
+     WARNING:
+     Before you select the issue type, you must enter the Jira project key and select **Save changes**.

   NOTE:
   You can enable this setting at the project and group levels only.
--- a/doc/subscriptions/subscription-add-ons.md
+++ b/doc/subscriptions/subscription-add-ons.md
@ -51,10 +51,9 @@ Prerequisites:

 #### Configure network and proxy settings

-For self-managed instances, you must also ensure that your firewalls and HTTP proxy servers
-allow outbound connections to `cloud.gitlab.com`.
-
-To use an HTTP proxy, ensure that both `gitLab _workhorse` and `gitLab_rails` set the necessary
+For self-managed instances, you must update your firewalls and HTTP proxy servers
+to allow outbound connections to `https://cloud.gitlab.com:443`.
+To use an HTTP/S proxy, set the `gitLab_workhorse` and `gitLab_rails`
 [web proxy environment variables](https://docs.gitlab.com/omnibus/settings/environment-variables.html).

 ### Assign seats in bulk
--- a/doc/user/compliance/compliance_center/compliance_frameworks_report.md
+++ b/doc/user/compliance/compliance_center/compliance_frameworks_report.md
@ -0,0 +1,80 @@
+---
+stage: Govern
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Compliance frameworks report
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422973) in GitLab 16.5 [with a flag](../../../administration/feature_flags.md) named `compliance_framework_report_ui`. Disabled by default.
+> - In GitLab 16.4 and earlier, **Compliance frameworks report** referred to what is now called **Compliance projects report**. The formally-named **Compliance frameworks report** was [renamed to **Compliance projects report**](https://gitlab.com/gitlab-org/gitlab/-/issues/422963) in GitLab 16.5.
+> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140825) in GitLab 16.8.
+
+FLAG:
+On self-managed GitLab, by default this feature is available. To hide the feature an administrator to [disable the feature flag](../../../administration/feature_flags.md) named
+`compliance_framework_report_ui`. On GitLab.com and GitLab Dedicated, this feature is available.
+
+With compliance frameworks report, you can see all the compliance frameworks in a group. Each row of the report shows:
+
+- Framework name.
+- Associated projects.
+
+The default framework for the group has a **default** badge.
+
+## View the compliance frameworks report for a group
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To view the compliance frameworks report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Frameworks** tab.
+
+## Create a new compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To create a new compliance framework from the compliance frameworks report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Frameworks** tab.
+1. Select the **New framework**.
+1. Select the **Add framework** to create compliance framework.
+
+## Edit a compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To edit a compliance framework from the compliance frameworks report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Frameworks** tab.
+1. Hover over framework and select **Edit the framework**.
+1. Select the **Save changes** to edit compliance framework.
+
+## Delete a compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To delete a compliance framework from the compliance frameworks report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Frameworks** tab.
+1. Hover over framework and select **Edit the framework**.
+1. Select the **Delete framework** to delete compliance framework.
--- a/doc/user/compliance/compliance_center/compliance_projects_report.md
+++ b/doc/user/compliance/compliance_center/compliance_projects_report.md
@ -0,0 +1,172 @@
+---
+stage: Govern
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Compliance projects report
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387910) in GitLab 15.10.
+> - [Renamed from **compliance frameworks report**](https://gitlab.com/gitlab-org/gitlab/-/issues/422963) in GitLab 16.5.
+
+With compliance projects report, you can see the compliance frameworks that are applied to projects in a group. Each row of the report shows:
+
+- Project name.
+- Project path.
+- Compliance framework label if the project has one assigned.
+
+The default framework for the group has a **default** badge.
+
+## View the compliance projects report for a group
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To view the compliance projects report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+
+## Apply a compliance framework to projects in a group
+
+> - Adding compliance frameworks using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/383209) in GitLab 15.11.
+> - Adding compliance frameworks without using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394795) in GitLab 16.0.
+
+You can apply a compliance framework to projects in a group.
+
+Prerequisites:
+
+- You must have the Owner role for the group.
+
+To apply a compliance framework to one project in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Next to the project you want to add the compliance framework to, select **{plus}** **Add framework**.
+1. Select an existing compliance framework or create a new one.
+
+To apply a compliance framework to multiple projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Select multiple projects.
+1. From the **Choose one bulk action** dropdown list, select **Apply framework to selected projects**.
+1. Select framework to apply.
+1. Select **Apply**.
+
+## Remove a compliance framework from projects in a group
+
+> - Removing compliance frameworks using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/383209) in GitLab 15.11.
+> - Removing compliance frameworks without using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394795) in GitLab 16.0.
+
+You can remove a compliance framework from projects in a group.
+
+Prerequisites:
+
+- You must have the Owner role for the group.
+
+To remove a compliance framework from one project in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Next to the compliance framework to remove from the project, select **{close}** on the framework label.
+
+To remove a compliance framework from multiple projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Select multiple projects.
+1. From the **Choose one bulk action** dropdown list, select **Remove framework from selected projects**.
+1. Select **Remove**.
+
+## Export a report of compliance frameworks on projects in a group
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387912) in GitLab 16.0.
+
+Export a report of compliance frameworks that are applied to projects in a group. Reports:
+
+- Do not use filters on the framework report.
+- Are truncated at 15 MB so the email attachment too large.
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To export a report of compliance frameworks on projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. In the top-right corner, select **Export**.
+1. Select **Export list of project frameworks**.
+
+A report is compiled and delivered to your email inbox as an attachment.
+
+## Filter the compliance projects report
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387911) in GitLab 15.11.
+
+To filter the list of compliance frameworks:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. In the search field:
+   1. Select the attribute you want to filter by.
+   1. Select an operator.
+   1. Select from the list of options or enter text for the search.
+1. Select **Search**.
+
+Repeat this process to filter by multiple attributes.
+
+## Create a new compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To create a new compliance framework from the compliance projects report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Select the **+ Add framework**.
+1. Select the **Create a new framework**.
+1. Select the **Add framework** to create compliance framework.
+
+## Edit a compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To edit a compliance framework from the compliance projects report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Hover over framework and select **Edit the framework**.
+1. Select the **Save changes** to edit compliance framework.
+
+## Delete a compliance framework
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To delete a compliance framework from the compliance projects report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. On the page, select the **Projects** tab.
+1. Hover over framework and select **Edit the framework**.
+1. Select the **Delete framework** to delete compliance framework.
--- a/doc/user/compliance/compliance_center/compliance_standards_adherence_dashboard.md
+++ b/doc/user/compliance/compliance_center/compliance_standards_adherence_dashboard.md
@ -0,0 +1,119 @@
+---
+stage: Govern
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Compliance standards adherence dashboard
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125875) GraphQL APIs in GitLab 16.2 [with a flag](../../../administration/feature_flags.md) named `compliance_adherence_report`. Disabled by default.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125444) compliance standards adherence dashboard in GitLab 16.3 [with a flag](../../../administration/feature_flags.md) named `adherence_report_ui`. Disabled by default.
+> - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/414495) in GitLab 16.5.
+> - [Feature flag `compliance_adherence_report` and `adherence_report_ui`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137398) removed in GitLab 16.7.
+> - Standards adherence filtering [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413734) in GitLab 16.7.
+> - Standards adherence grouping [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413735) in GitLab 16.9.
+> - **Last Scanned** column [renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/439545) to **Date since last status change** in GitLab 16.10.
+
+The compliance standards adherence dashboard lists the adherence status of projects complying to the _GitLab standard_.
+
+When a project is added, or an associated project or group setting is changed, an adherence scan is run on that project to update the standards adherence for that project.
+The field in the **Date since last status change** column reflects the date of the initial status and any subsequent changes to the status.
+
+## View the compliance standards adherence dashboard
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To view the compliance standards adherence dashboard for a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+
+You can filter the compliance standards adherence dashboard on:
+
+- The project that the check was performed on.
+- The type of check that was performed on a project.
+- The standard that the check belongs to.
+
+You can group the compliance standards adherence dashboard on:
+
+- The type of check that was performed on a project.
+
+## GitLab standard
+
+The GitLab standard consists of three rules:
+
+- Prevent authors as approvers.
+- Prevent committers as approvers.
+- At least two approvals.
+
+### Prevent authors as approvers
+
+To comply with the GitLab standard, you must prevent users from approving their own merge requests. For more information,
+see [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
+
+On self-managed GitLab, when instance-level setting for [prevent approval by author](../../../administration/merge_requests_approvals.md)
+is updated, the adherence status for all the projects on the instance is not updated automatically.
+To update the adherence status for these projects, the group-level or the project-level setting must be updated.
+
+### Prevent committers as approvers
+
+To comply with the GitLab standard, you must prevent users from approving merge requests where they've added commits. For
+more information, see [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
+
+On self-managed GitLab, when instance-level setting for [prevent approvals by users who add commits](../../../administration/merge_requests_approvals.md)
+is updated, the adherence status for all the projects on the instance is not updated automatically.
+To update the adherence status for these projects, the group-level or the project-level setting must be updated.
+
+### At least two approvals
+
+To comply with the GitLab standard, you must have at least two users approve a merge request to get it merged. For more
+information, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).
+
+## SOC 2 standard
+
+The SOC 2 standard consists of one rule:
+
+- At least one non-author approval.
+
+### At least one non-author approval
+
+To comply with the SOC 2 standard, you must:
+
+- Prevent users from approving their own merge requests. For more information, see
+  [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
+- Prevent users from approving merge requests where they've added commits, see
+  [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
+- At least one approval is required, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).
+
+These settings are available for an entire self-managed GitLab instance. However, when these settings are updated at the instance level,
+the adherence status for all the projects on the instance is not updated automatically. To update the adherence status
+for these projects, you must update the group-level or project-level setting. For more information on the instance-level settings, see:
+
+- [Prevent approval by author](../../../administration/merge_requests_approvals.md).
+- [Prevent approvals by users who add commits](../../../administration/merge_requests_approvals.md).
+
+## Export compliance standards adherence report for projects in a group
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413736) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `compliance_standards_adherence_csv_export`. Disabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142568) in GitLab 16.9. Feature flag `compliance_standards_adherence_csv_export` removed.
+
+Exports the contents of a standards adherence report for projects in a group. Reports are truncated at 15 MB to avoid a large email attachment.
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To export the compliance standards adherence report for projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. In the top-right corner, select **Export**.
+1. Select **Export standards adherence report**.
+
+A report is compiled and delivered to your email inbox as an attachment.
--- a/doc/user/compliance/compliance_center/compliance_violations_report.md
+++ b/doc/user/compliance/compliance_center/compliance_violations_report.md
@ -0,0 +1,187 @@
+---
+stage: Govern
+group: Compliance
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Compliance violations report
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** GitLab.com, Self-managed, GitLab Dedicated
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36524) in GitLab 12.8 as Compliance Dashboard.
+> - Compliance violation drawer [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/299357) in GitLab 14.1.
+> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/299360) to compliance report in GitLab 14.2.
+> - [Replaced](https://gitlab.com/groups/gitlab-org/-/epics/5237) by merge request violations in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `compliance_violations_report`. Disabled by default.
+> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9.
+> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/5237) in GitLab 14.10. [Feature flag `compliance_violations_report`](https://gitlab.com/gitlab-org/gitlab/-/issues/346266) removed.
+> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112111) to compliance violations report in GitLab 15.9.
+> - Ability to create and edit compliance frameworks [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394950) in GitLab 16.0.
+
+With the compliance violations report, you can see a high-level view of merge request activity for all projects in the group.
+
+When you select a row in the compliance violations report, a drawer appears that provides:
+
+- The project name and [compliance framework label](../../project/working_with_projects.md#add-a-compliance-framework-to-a-project),
+  if the project has one assigned.
+- A link to the merge request that introduced the violation.
+- The merge request's branch path in the format `[source] into [target]`.
+- A list of users that committed changes to the merge request.
+- A list of users that commented on the merge request.
+- A list of users that approved the merge request.
+- The user that merged the merge request.
+
+## View the compliance violations report for a group
+
+> - Target branch search [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358414) in GitLab 16.0.
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To view the compliance violations report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+
+You can sort the compliance report on:
+
+- Severity level.
+- Type of violation.
+- Merge request title.
+
+You can filter the compliance violations report on:
+
+- The project that the violation was found on.
+- The date range of violation.
+- The target branch of the violation.
+
+Select a row to see details of the compliance violation.
+
+### Severity levels
+
+Each compliance violation has one of the following severities.
+
+<!-- vale gitlab.SubstitutionWarning = NO -->
+
+| Icon                                          | Severity level |
+|:----------------------------------------------|:---------------|
+| **{severity-critical, 18, gl-fill-red-800}**  | Critical       |
+| **{severity-high, 18, gl-fill-red-600}**      | High           |
+| **{severity-medium, 18, gl-fill-orange-400}** | Medium         |
+| **{severity-low, 18, gl-fill-orange-300}**    | Low            |
+| **{severity-info, 18, gl-fill-blue-400}**     | Info           |
+
+<!-- vale gitlab.SubstitutionWarning = YES -->
+
+### Violation types
+
+From [GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870), these are the available compliance violations.
+
+| Violation                         | Severity level | Category                                      | Description                                                                                                                                                                                                                                            |
+|:----------------------------------|:---------------|:----------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| Author approved merge request     | High           | [Separation of duties](#separation-of-duties) | Author of the merge request approved their own merge request. For more information, see [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).                                                   |
+| Committers approved merge request | High           | [Separation of duties](#separation-of-duties) | Committers of the merge request approved the merge request they contributed to. For more information, see [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). |
+| Fewer than two approvals          | High           | [Separation of duties](#separation-of-duties) | Merge request was merged with fewer than two approvals. For more information, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).                                                                                     |
+
+#### Separation of duties
+
+GitLab supports a separation of duties policy between users who create and approve merge requests. Our criteria for the
+separation of duties is:
+
+- [A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
+- [A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
+- [The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md).
+
+## Export a report of merge request compliance violations on projects in a group
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356791) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `compliance_violation_csv_export`. Disabled by default.
+> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/424447) in GitLab 16.5.
+> - [Feature flag `compliance_violation_csv_export`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142568) removed in GitLab 16.9.
+
+Export a report of merge request compliance violations on merge requests belonging to projects in a group. Reports:
+
+- Do not use filters on the violations report.
+- Are truncated at 15 MB so the email attachment is not too large.
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To export a report of merge request compliance violations for projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. In the top-right corner, select **Export**.
+1. Select **Export violations report**.
+
+A report is compiled and delivered to your email inbox as an attachment.
+
+## Chain of Custody report
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213364) in GitLab 13.3.
+> - Chain of Custody reports sent using email [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/342594) in GitLab 15.3 with a flag named `async_chain_of_custody_report`. Disabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/370100) in GitLab 15.5. Feature flag `async_chain_of_custody_report` removed.
+> - Chain of Custody report includes all commits (instead of just merge commits) [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267601) in GitLab 15.9 with a flag named `all_commits_compliance_report`. Disabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112092) in GitLab 15.9. Feature flag `all_commits_compliance_report` removed.
+
+The Chain of Custody report provides a 1 month trailing window of all commits to a project under the group.
+
+To generate the report for all commits, GitLab:
+
+1. Fetches all projects under the group.
+1. For each project, fetches the last 1 month of commits. Each project is capped at 1024 commits. If there are more than
+   1024 commits in the 1-month window, they are truncated.
+1. Writes the commits to a CSV file. The file is truncated at 15 MB because the report is emailed as an attachment
+   (GitLab 15.5 and later).
+
+The report includes:
+
+- Commit SHA.
+- Commit author.
+- Committer.
+- Date committed.
+- Group.
+- Project.
+
+If the commit has a related merge commit, then the following are also included:
+
+- Merge commit SHA.
+- Merge request ID.
+- User who merged the merge request.
+- Merge date.
+- Pipeline ID.
+- Merge request approvers.
+
+### Generate Chain of Custody report
+
+To generate the Chain of Custody report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. In the top-right corner, select **Export**.
+1. Select **Export chain of custody report**.
+
+Depending on your version of GitLab, the Chain of Custody report is either sent through email or available for download.
+
+### Generate commit-specific Chain of Custody report
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267629) in GitLab 13.6.
+> - Support for including all commits instead of only merge commits [added](https://gitlab.com/gitlab-org/gitlab/-/issues/393446) in GitLab 15.10.
+
+You can generate a commit-specific Chain of Custody report for a given commit SHA. This report provides only the
+details for the provided commit SHA.
+
+To generate a commit-specific Chain of Custody report:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. Select **Secure > Compliance center**.
+1. In the top-right corner, select **Export**.
+1. Select **Export custody report of a specific commit**.
+1. Enter the commit SHA, and then select **Export custody report**.
+
+Depending on your version of GitLab, the Chain of Custody report is either sent through email or available for download.
+
+Alternatively, use a direct link: `https://gitlab.com/groups/<group-name>/-/security/merge_commit_reports.csv?commit_sha={optional_commit_sha}`,
+passing in an optional value to the `commit_sha` query parameter.
--- a/doc/user/compliance/compliance_center/index.md
+++ b/doc/user/compliance/compliance_center/index.md
@ -14,524 +14,12 @@ DETAILS:

 The compliance center is the central location for compliance teams to manage their compliance standards adherence reporting, violations reporting, and compliance frameworks for their group.

-## Compliance standards adherence dashboard
+The compliance center comprises the:

-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125875) GraphQL APIs in GitLab 16.2 [with a flag](../../../administration/feature_flags.md) named `compliance_adherence_report`. Disabled by default.
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/125444) compliance standards adherence dashboard in GitLab 16.3 [with a flag](../../../administration/feature_flags.md) named `adherence_report_ui`. Disabled by default.
-> - [Enabled](https://gitlab.com/gitlab-org/gitlab/-/issues/414495) in GitLab 16.5.
-> - [Feature flag `compliance_adherence_report` and `adherence_report_ui`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/137398) removed in GitLab 16.7.
-> - Standards adherence filtering [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413734) in GitLab 16.7.
-> - Standards adherence grouping [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413735) in GitLab 16.9.
-> - **Last Scanned** column [renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/439545) to **Date since last status change** in GitLab 16.10.
+- [Compliance standards adherence dashboard](compliance_standards_adherence_dashboard.md).
+- [Compliance violations report](compliance_violations_report.md).
+- [Compliance frameworks report](compliance_frameworks_report.md).
+- [Compliance projects report](compliance_projects_report.md).

-The compliance standards adherence dashboard lists the adherence status of projects complying to the _GitLab standard_.
-
-When a project is added, or an associated project or group setting is changed, an adherence scan is run on that project to update the standards adherence for that project.
-The field in the **Date since last status change** column reflects the date of the initial status and any subsequent changes to the status.
-
-### View the compliance standards adherence dashboard
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To view the compliance standards adherence dashboard for a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-
-You can filter the compliance standards adherence dashboard on:
-
- The project that the check was performed on.
- The type of check that was performed on a project.
- The standard that the check belongs to.
-
-You can group the compliance standards adherence dashboard on:
-
- The type of check that was performed on a project.
-
-### GitLab standard
-
-The GitLab standard consists of three rules:
-
- Prevent authors as approvers.
- Prevent committers as approvers.
- At least two approvals.
-
-#### Prevent authors as approvers
-
-To comply with the GitLab standard, you must prevent users from approving their own merge requests. For more information,
-see [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
-
-On self-managed GitLab, when instance-level setting for [prevent approval by author](../../../administration/merge_requests_approvals.md)
-is updated, the adherence status for all the projects on the instance is not updated automatically.
-To update the adherence status for these projects, the group-level or the project-level setting must be updated.
-
-#### Prevent committers as approvers
-
-To comply with the GitLab standard, you must prevent users from approving merge requests where they've added commits. For
-more information, see [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
-
-On self-managed GitLab, when instance-level setting for [prevent approvals by users who add commits](../../../administration/merge_requests_approvals.md)
-is updated, the adherence status for all the projects on the instance is not updated automatically.
-To update the adherence status for these projects, the group-level or the project-level setting must be updated.
-
-#### At least two approvals
-
-To comply with the GitLab standard, you must have at least two users approve a merge request to get it merged. For more
-information, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).
-
-### SOC 2 standard
-
-The SOC 2 standard consists of one rule:
-
- At least one non-author approval.
-
-#### At least one non-author approval
-
-To comply with the SOC 2 standard, you must:
-
- Prevent users from approving their own merge requests. For more information, see
-  [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
- Prevent users from approving merge requests where they've added commits, see
-  [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
- At least one approval is required, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).
-
-These settings are available for an entire self-managed GitLab instance. However, when these settings are updated at the instance level,
-the adherence status for all the projects on the instance is not updated automatically. To update the adherence status
-for these projects, you must update the group-level or project-level setting. For more information on the instance-level settings, see:
-
- [Prevent approval by author](../../../administration/merge_requests_approvals.md).
- [Prevent approvals by users who add commits](../../../administration/merge_requests_approvals.md).
-
-### Export compliance standards adherence report for projects in a group
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/413736) in GitLab 16.8 [with a flag](../../../administration/feature_flags.md) named `compliance_standards_adherence_csv_export`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142568) in GitLab 16.9. Feature flag `compliance_standards_adherence_csv_export` removed.
-
-Exports the contents of a standards adherence report for projects in a group. Reports are truncated at 15 MB to avoid a large email attachment.
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To export the compliance standards adherence report for projects in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. In the top-right corner, select **Export**.
-1. Select **Export standards adherence report**.
-
-A report is compiled and delivered to your email inbox as an attachment.
-
-## Compliance violations report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/36524) in GitLab 12.8 as Compliance Dashboard.
-> - Compliance violation drawer [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/299357) in GitLab 14.1.
-> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/issues/299360) to compliance report in GitLab 14.2.
-> - [Replaced](https://gitlab.com/groups/gitlab-org/-/epics/5237) by merge request violations in GitLab 14.6 [with a flag](../../../administration/feature_flags.md) named `compliance_violations_report`. Disabled by default.
-> - GraphQL API [introduced](https://gitlab.com/groups/gitlab-org/-/epics/7222) in GitLab 14.9.
-> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/5237) in GitLab 14.10. [Feature flag `compliance_violations_report`](https://gitlab.com/gitlab-org/gitlab/-/issues/346266) removed.
-> - [Renamed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112111) to compliance violations report in GitLab 15.9.
-> - Ability to create and edit compliance frameworks [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394950) in GitLab 16.0.
-
-With the compliance violations report, you can see a high-level view of merge request activity for all projects in the group.
-
-When you select a row in the compliance violations report, a drawer appears that provides:
-
- The project name and [compliance framework label](../../project/working_with_projects.md#add-a-compliance-framework-to-a-project),
-  if the project has one assigned.
- A link to the merge request that introduced the violation.
- The merge request's branch path in the format `[source] into [target]`.
- A list of users that committed changes to the merge request.
- A list of users that commented on the merge request.
- A list of users that approved the merge request.
- The user that merged the merge request.
-
-### View the compliance violations report for a group
-
-> - Target branch search [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/358414) in GitLab 16.0.
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To view the compliance violations report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-
-You can sort the compliance report on:
-
- Severity level.
- Type of violation.
- Merge request title.
-
-You can filter the compliance violations report on:
-
- The project that the violation was found on.
- The date range of violation.
- The target branch of the violation.
-
-Select a row to see details of the compliance violation.
-
-#### Severity levels
-
-Each compliance violation has one of the following severities.
-
-<!-- vale gitlab.SubstitutionWarning = NO -->
-
-| Icon                                          | Severity level |
-|:----------------------------------------------|:---------------|
-| **{severity-critical, 18, gl-fill-red-800}**  | Critical       |
-| **{severity-high, 18, gl-fill-red-600}**      | High           |
-| **{severity-medium, 18, gl-fill-orange-400}** | Medium         |
-| **{severity-low, 18, gl-fill-orange-300}**    | Low            |
-| **{severity-info, 18, gl-fill-blue-400}**     | Info           |
-
-<!-- vale gitlab.SubstitutionWarning = YES -->
-
-#### Violation types
-
-From [GitLab 14.10](https://gitlab.com/groups/gitlab-org/-/epics/6870), these are the available compliance violations.
-
-| Violation                         | Severity level | Category                                      | Description                                                                                                                                                                                                                                            |
-|:----------------------------------|:---------------|:----------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Author approved merge request     | High           | [Separation of duties](#separation-of-duties) | Author of the merge request approved their own merge request. For more information, see [Prevent approval by author](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).                                                   |
-| Committers approved merge request | High           | [Separation of duties](#separation-of-duties) | Committers of the merge request approved the merge request they contributed to. For more information, see [Prevent approvals by users who add commits](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits). |
-| Fewer than two approvals          | High           | [Separation of duties](#separation-of-duties) | Merge request was merged with fewer than two approvals. For more information, see [Merge request approval rules](../../project/merge_requests/approvals/rules.md).                                                                                     |
-
-##### Separation of duties
-
-GitLab supports a separation of duties policy between users who create and approve merge requests. Our criteria for the
-separation of duties is:
-
- [A merge request author is **not** allowed to approve their merge request](../../project/merge_requests/approvals/settings.md#prevent-approval-by-author).
- [A merge request committer is **not** allowed to approve a merge request they have added commits to](../../project/merge_requests/approvals/settings.md#prevent-approvals-by-users-who-add-commits).
- [The minimum number of approvals required to merge a merge request is **at least** two](../../project/merge_requests/approvals/rules.md).
-
-### Export a report of merge request compliance violations on projects in a group
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356791) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `compliance_violation_csv_export`. Disabled by default.
-> - [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/424447) in GitLab 16.5.
-> - [Feature flag `compliance_violation_csv_export`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142568) removed in GitLab 16.9.
-
-Export a report of merge request compliance violations on merge requests belonging to projects in a group. Reports:
-
- Do not use filters on the violations report.
- Are truncated at 15 MB so the email attachment is not too large.
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To export a report of merge request compliance violations for projects in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. In the top-right corner, select **Export**.
-1. Select **Export violations report**.
-
-A report is compiled and delivered to your email inbox as an attachment.
-
-### Chain of Custody report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213364) in GitLab 13.3.
-> - Chain of Custody reports sent using email [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/342594) in GitLab 15.3 with a flag named `async_chain_of_custody_report`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/370100) in GitLab 15.5. Feature flag `async_chain_of_custody_report` removed.
-> - Chain of Custody report includes all commits (instead of just merge commits) [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267601) in GitLab 15.9 with a flag named `all_commits_compliance_report`. Disabled by default.
-> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112092) in GitLab 15.9. Feature flag `all_commits_compliance_report` removed.
-
-The Chain of Custody report provides a 1 month trailing window of all commits to a project under the group.
-
-To generate the report for all commits, GitLab:
-
-1. Fetches all projects under the group.
-1. For each project, fetches the last 1 month of commits. Each project is capped at 1024 commits. If there are more than
-   1024 commits in the 1-month window, they are truncated.
-1. Writes the commits to a CSV file. The file is truncated at 15 MB because the report is emailed as an attachment
-   (GitLab 15.5 and later).
-
-The report includes:
-
- Commit SHA.
- Commit author.
- Committer.
- Date committed.
- Group.
- Project.
-
-If the commit has a related merge commit, then the following are also included:
-
- Merge commit SHA.
- Merge request ID.
- User who merged the merge request.
- Merge date.
- Pipeline ID.
- Merge request approvers.
-
-#### Generate Chain of Custody report
-
-To generate the Chain of Custody report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. In the top-right corner, select **Export**.
-1. Select **Export chain of custody report**.
-
-Depending on your version of GitLab, the Chain of Custody report is either sent through email or available for download.
-
-#### Generate commit-specific Chain of Custody report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/267629) in GitLab 13.6.
-> - Support for including all commits instead of only merge commits [added](https://gitlab.com/gitlab-org/gitlab/-/issues/393446) in GitLab 15.10.
-
-You can generate a commit-specific Chain of Custody report for a given commit SHA. This report provides only the
-details for the provided commit SHA.
-
-To generate a commit-specific Chain of Custody report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. In the top-right corner, select **Export**.
-1. Select **Export custody report of a specific commit**.
-1. Enter the commit SHA, and then select **Export custody report**.
-
-Depending on your version of GitLab, the Chain of Custody report is either sent through email or available for download.
-
-Alternatively, use a direct link: `https://gitlab.com/groups/<group-name>/-/security/merge_commit_reports.csv?commit_sha={optional_commit_sha}`,
-passing in an optional value to the `commit_sha` query parameter.
-
-## Compliance projects report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387910) in GitLab 15.10.
-> - [Renamed from **compliance frameworks report**](https://gitlab.com/gitlab-org/gitlab/-/issues/422963) in GitLab 16.5.
-
-With compliance projects report, you can see the compliance frameworks that are applied to projects in a group. Each row of the report shows:
-
- Project name.
- Project path.
- Compliance framework label if the project has one assigned.
-
-The default framework for the group has a **default** badge.
-
-### View the compliance projects report for a group
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To view the compliance projects report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-
-### Apply a compliance framework to projects in a group
-
-> - Adding compliance frameworks using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/383209) in GitLab 15.11.
-> - Adding compliance frameworks without using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394795) in GitLab 16.0.
-
-You can apply a compliance framework to projects in a group.
-
-Prerequisites:
-
- You must have the Owner role for the group.
-
-To apply a compliance framework to one project in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Next to the project you want to add the compliance framework to, select **{plus}** **Add framework**.
-1. Select an existing compliance framework or create a new one.
-
-To apply a compliance framework to multiple projects in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Select multiple projects.
-1. From the **Choose one bulk action** dropdown list, select **Apply framework to selected projects**.
-1. Select framework to apply.
-1. Select **Apply**.
-
-### Remove a compliance framework from projects in a group
-
-> - Removing compliance frameworks using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/383209) in GitLab 15.11.
-> - Removing compliance frameworks without using bulk actions [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/394795) in GitLab 16.0.
-
-You can remove a compliance framework from projects in a group.
-
-Prerequisites:
-
- You must have the Owner role for the group.
-
-To remove a compliance framework from one project in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Next to the compliance framework to remove from the project, select **{close}** on the framework label.
-
-To remove a compliance framework from multiple projects in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Select multiple projects.
-1. From the **Choose one bulk action** dropdown list, select **Remove framework from selected projects**.
-1. Select **Remove**.
-
-### Export a report of compliance frameworks on projects in a group
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387912) in GitLab 16.0.
-
-Export a report of compliance frameworks that are applied to projects in a group. Reports:
-
- Do not use filters on the framework report.
- Are truncated at 15 MB so the email attachment too large.
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To export a report of compliance frameworks on projects in a group:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. In the top-right corner, select **Export**.
-1. Select **Export list of project frameworks**.
-
-A report is compiled and delivered to your email inbox as an attachment.
-
-### Filter the compliance projects report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387911) in GitLab 15.11.
-
-To filter the list of compliance frameworks:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. In the search field:
-   1. Select the attribute you want to filter by.
-   1. Select an operator.
-   1. Select from the list of options or enter text for the search.
-1. Select **Search**.
-
-Repeat this process to filter by multiple attributes.
-
-### Create a new compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To create a new compliance framework from the compliance projects report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Select the **+ Add framework**.
-1. Select the **Create a new framework**.
-1. Select the **Add framework** to create compliance framework.
-
-### Edit a compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To edit a compliance framework from the compliance projects report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Hover over framework and select **Edit the framework**.
-1. Select the **Save changes** to edit compliance framework.
-
-### Delete a compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To delete a compliance framework from the compliance projects report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Projects** tab.
-1. Hover over framework and select **Edit the framework**.
-1. Select the **Delete framework** to delete compliance framework.
-
-## Compliance frameworks report
-
-> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/422973) in GitLab 16.5 [with a flag](../../../administration/feature_flags.md) named `compliance_framework_report_ui`. Disabled by default.
-> - In GitLab 16.4 and earlier, **Compliance frameworks report** referred to what is now called **Compliance projects report**. The formally-named **Compliance frameworks report** was [renamed to **Compliance projects report**](https://gitlab.com/gitlab-org/gitlab/-/issues/422963) in GitLab 16.5.
-> - [Enabled by default](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/140825) in GitLab 16.8.
-
-FLAG:
-On self-managed GitLab, by default this feature is available. To hide the feature an administrator to [disable the feature flag](../../../administration/feature_flags.md) named
-`compliance_framework_report_ui`. On GitLab.com and GitLab Dedicated, this feature is available.
-
-With compliance frameworks report, you can see all the compliance frameworks in a group. Each row of the report shows:
-
- Framework name.
- Associated projects.
-
-The default framework for the group has a **default** badge.
-
-### View the compliance frameworks report for a group
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To view the compliance frameworks report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Frameworks** tab.
-
-### Create a new compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To create a new compliance framework from the compliance frameworks report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Frameworks** tab.
-1. Select the **New framework**.
-1. Select the **Add framework** to create compliance framework.
-
-### Edit a compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To edit a compliance framework from the compliance frameworks report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Frameworks** tab.
-1. Hover over framework and select **Edit the framework**.
-1. Select the **Save changes** to edit compliance framework.
-
-### Delete a compliance framework
-
-Prerequisites:
-
- You must be an administrator or have the Owner role for the group.
-
-To delete a compliance framework from the compliance frameworks report:
-
-1. On the left sidebar, select **Search or go to** and find your group.
-1. Select **Secure > Compliance center**.
-1. On the page, select the **Frameworks** tab.
-1. Hover over framework and select **Edit the framework**.
-1. Select the **Delete framework** to delete compliance framework.
+For more information on other GitLab compliance features for projects, groups, and instances, see
+[Compliance features](../../../administration/compliance.md).
--- a/doc/user/group/compliance_frameworks.md
+++ b/doc/user/group/compliance_frameworks.md
@ -25,17 +25,17 @@ Compliance frameworks are created on top-level groups. Group owners can create,

 You can create, edit, or delete a compliance framework from a compliance framework report. For more information, see:

- [Create a new compliance framework](../../user/compliance/compliance_center/index.md#create-a-new-compliance-framework-1).
- [Edit a compliance framework](../../user/compliance/compliance_center/index.md#edit-a-compliance-framework-1).
- [Delete a compliance framework](../../user/compliance/compliance_center/index.md#delete-a-compliance-framework-1).
+- [Create a new compliance framework](../../user/compliance/compliance_center/compliance_frameworks_report.md#create-a-new-compliance-framework).
+- [Edit a compliance framework](../../user/compliance/compliance_center/compliance_frameworks_report.md#edit-a-compliance-framework).
+- [Delete a compliance framework](../../user/compliance/compliance_center/compliance_frameworks_report.md#delete-a-compliance-framework).

 ### From compliance projects report

 You can create, edit, or delete a compliance framework from a compliance projects report. For more information, see:

- [Create a new compliance framework](../../user/compliance/compliance_center/index.md#create-a-new-compliance-framework).
- [Edit a compliance framework](../../user/compliance/compliance_center/index.md#edit-a-compliance-framework).
- [Delete a compliance framework](../../user/compliance/compliance_center/index.md#delete-a-compliance-framework).
+- [Create a new compliance framework](../../user/compliance/compliance_center/compliance_projects_report.md#create-a-new-compliance-framework).
+- [Edit a compliance framework](../../user/compliance/compliance_center/compliance_projects_report.md#edit-a-compliance-framework).
+- [Delete a compliance framework](../../user/compliance/compliance_center/compliance_projects_report.md#delete-a-compliance-framework).

 ### From group settings

@ -59,7 +59,7 @@ Frameworks cannot be added to projects in personal namespaces.
 ### From compliance projects report

 To assign a compliance framework to a project, apply the compliance framework through the
-[Compliance projects report](../../user/compliance/compliance_center/index.md#apply-a-compliance-framework-to-projects-in-a-group).
+[Compliance projects report](../../user/compliance/compliance_center/compliance_projects_report.md#apply-a-compliance-framework-to-projects-in-a-group).

 ### From group settings

@ -99,7 +99,7 @@ Prerequisites:

 #### From compliance center

-To set as default (or remove the default) from [compliance projects report](../../user/compliance/compliance_center/index.md#compliance-projects-report):
+To set as default (or remove the default) from [compliance projects report](../../user/compliance/compliance_center/compliance_projects_report.md#compliance-projects-report):

 1. On the left sidebar, select **Search or go to** and find your group.
 1. Select **Secure > Compliance center**.
@ -108,7 +108,7 @@ To set as default (or remove the default) from [compliance projects report](../.
 1. Select **Set as default**.
 1. Select **Save changes**.

-To set as default (or remove the default) from [compliance framework report](../../user/compliance/compliance_center/index.md#compliance-frameworks-report):
+To set as default (or remove the default) from [compliance framework report](../../user/compliance/compliance_center/compliance_frameworks_report.md#compliance-frameworks-report):

 1. On the left sidebar, select **Search or go to** and find your group.
 1. Select **Secure > Compliance center**.
@ -179,7 +179,7 @@ Prerequisites:
 ### From compliance projects report

 To remove a compliance framework from one or multiple project in a group, remove the compliance framework through the
-[Compliance projects report](../../user/compliance/compliance_center/index.md#remove-a-compliance-framework-from-projects-in-a-group).
+[Compliance projects report](../../user/compliance/compliance_center/compliance_projects_report.md#remove-a-compliance-framework-from-projects-in-a-group).

 ### From group settings

--- a/doc/user/okrs.md
+++ b/doc/user/okrs.md
@ -532,7 +532,7 @@ or assignees, on the right.

 FLAG:
 On self-managed GitLab, by default this feature is available. To hide the feature, an administrator can [disable the feature flag](../administration/feature_flags.md) named `linked_work_items`.
-On GitLab.com and GitLab dedicated, this feature is available.
+On GitLab.com and GitLab Dedicated, this feature is available.

 Linked items are a bi-directional relationship and appear in a block below
 the Child objectives and key results. You can link an objective, key result, or a task in the same project with each other.
--- a/doc/user/product_analytics/index.md
+++ b/doc/user/product_analytics/index.md
@ -101,6 +101,12 @@ Prerequisites:
 1. Expand **Configure** and enter the configuration values.
 1. Select **Save changes**.

+### Data retention
+
+If GitLab manages your product analytics instance, then your analytics data will be retained for 1 year.
+
+You can request to delete your data at any time by [contacting support](https://about.gitlab.com/support/#contact-support).
+
 ## Onboard a GitLab project

 Onboarding a GitLab project means preparing it to receive events that are used for product analytics.
--- a/lib/gitlab/background_migration/backfill_onboarding_status_step_url.rb
+++ b/lib/gitlab/background_migration/backfill_onboarding_status_step_url.rb
@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    class BackfillOnboardingStatusStepUrl < BatchedMigrationJob
+      operation_name :backfill_onboarding_status_step_url # This is used as the key on collecting metrics
+      feature_category :onboarding
+
+      class UserDetail < ApplicationRecord
+        self.table_name = :user_details
+
+        belongs_to :user
+      end
+
+      def perform
+        each_sub_batch do |sub_batch|
+          UserDetail
+            .where(user: sub_batch.where(onboarding_in_progress: true))
+            .where("(onboarding_status->'step_url') is null")
+            .update_all("onboarding_status = jsonb_build_object('step_url', \"onboarding_step_url\")")
+        end
+      end
+    end
+  end
+end
--- a/lib/gitlab/gon_helper.rb
+++ b/lib/gitlab/gon_helper.rb
@ -36,6 +36,7 @@ module Gitlab
      gon.recaptcha_api_server_url = ::Recaptcha.configuration.api_server_url
      gon.recaptcha_sitekey      = Gitlab::CurrentSettings.recaptcha_site_key
      gon.gitlab_url             = Gitlab.config.gitlab.url
+      gon.organization_http_header_name = ::Organizations::ORGANIZATION_HTTP_HEADER
      gon.revision               = Gitlab.revision
      gon.feature_category       = Gitlab::ApplicationContext.current_context_attribute(:feature_category).presence
      gon.gitlab_logo            = ActionController::Base.helpers.asset_path('gitlab_logo.png')
--- a/lib/gitlab/middleware/organizations/current.rb
+++ b/lib/gitlab/middleware/organizations/current.rb
@ -3,26 +3,40 @@
 module Gitlab
  module Middleware
    module Organizations
+      # Logic of setting the Current.organization:
+      #   - Request header value from injection on frontend
+      #   - TODO: Request header from injection from routing layer
+      #     see ideas in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/144811#note_1784126192
      class Current
        def initialize(app)
          @app = app
        end

        def call(env)
-          # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/437541 to enhance the finder:
-          #   - Separate logged in vs not logged in user(perhaps using session)
-          #   - Authenticated:
-          #     - Request header
-          #     - Rails session value to drive the finder
-          #     - First organization current user is a user of
-          #   - Unauthenticated:
-          #     - default organization
+          @request = Rack::Request.new(env)
+
          if Feature.enabled?(:current_organization_middleware, type: :gitlab_com_derisk)
-            ::Current.organization = ::Organizations::Organization.default_organization
+            ::Current.organization = calculated_organization
          end

          @app.call(env)
        end
+
+        private
+
+        POSITIVE_INTEGER_REGEX = %r{\A[1-9]\d*\z}
+
+        def calculated_organization
+          find_from_header
+        end
+
+        def find_from_header
+          header_organization_id = @request.get_header(::Organizations::ORGANIZATION_HTTP_HEADER)
+
+          return unless header_organization_id.to_s.match?(POSITIVE_INTEGER_REGEX) # don't do unnecessary query
+
+          ::Organizations::Organization.find_by_id(header_organization_id)
+        end
      end
    end
  end
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@ -3574,6 +3574,9 @@ msgstr ""
 msgid "AdminSettings|I have read and agree to the Let's Encrypt %{link_start}Terms of Service%{link_end} (PDF)."
 msgstr ""

+msgid "AdminSettings|If GitLab manages your cluster, then GitLab retains your analytics data for 1 year. %{link_start}Learn more about data retention policy%{link_end}."
+msgstr ""
+
 msgid "AdminSettings|If no unit is written, it defaults to seconds. For example, these are all equivalent: %{oneDayInSeconds}, %{oneDayInHoursHumanReadable}, or %{oneDayHumanReadable}. Minimum value is two hours. %{linkStart}Learn more.%{linkEnd}"
 msgstr ""

@ -23467,6 +23470,18 @@ msgstr ""
 msgid "GoogleCloudPlatformService|Google Cloud project ID"
 msgstr ""

+msgid "GoogleCloudPlatformService|Google Cloud project ID for the Workload Identity Federation."
+msgstr ""
+
+msgid "GoogleCloudPlatformService|Google Cloud project number for the Workload Identity Federation."
+msgstr ""
+
+msgid "GoogleCloudPlatformService|ID of the Workload Identity Pool provider."
+msgstr ""
+
+msgid "GoogleCloudPlatformService|ID of the Workload Identity Pool."
+msgstr ""
+
 msgid "GoogleCloudPlatformService|Manage permissions for Google Cloud resources with Identity and Access Management (IAM)."
 msgstr ""

@ -37949,7 +37964,7 @@ msgstr ""
 msgid "ProductAnalytics|Product analytics onboarding"
 msgstr ""

-msgid "ProductAnalytics|Product analytics usage is calculated based on the total number of events received from projects within the group. Contact your account manager if you need additional event quota. %{linkStart}Learn more%{linkEnd}."
+msgid "ProductAnalytics|Product analytics usage is calculated based on the total number of events received from projects within the group. Contact your account manager if you need additional event quota. %{usageQuotaLinkStart}Learn more%{usageQuotaLinkEnd}. If GitLab manages your cluster, then GitLab retains your analytics data for 1 year. %{dataRetentionLinkStart}Learn more about data retention policy%{dataRetentionLinkEnd}."
 msgstr ""

 msgid "ProductAnalytics|Projects"
@ -37997,7 +38012,7 @@ msgstr ""
 msgid "ProductAnalytics|The connection string for your Snowplow configurator instance."
 msgstr ""

-msgid "ProductAnalytics|The host to send all tracking events to"
+msgid "ProductAnalytics|The receiver of tracking events"
 msgstr ""

 msgid "ProductAnalytics|The sender of tracking events"
@ -39074,9 +39089,6 @@ msgstr ""
 msgid "ProjectSettings|All merge requests and commits are made against this branch unless you specify a different one."
 msgstr ""

-msgid "ProjectSettings|All your dashboard data sources."
-msgstr ""
-
 msgid "ProjectSettings|Allow"
 msgstr ""

@ -39134,6 +39146,9 @@ msgstr ""
 msgid "ProjectSettings|Combine git tags with release notes, release evidence, and assets to create a release."
 msgstr ""

+msgid "ProjectSettings|Configure %{link_start}data sources%{link_end} to be used for your dashboards."
+msgstr ""
+
 msgid "ProjectSettings|Configure your infrastructure."
 msgstr ""

@ -39242,6 +39257,9 @@ msgstr ""
 msgid "ProjectSettings|How do they differ?"
 msgstr ""

+msgid "ProjectSettings|If GitLab manages your cluster, then GitLab retains your analytics data for 1 year. %{link_start}Learn more about data retention policy%{link_end}."
+msgstr ""
+
 msgid "ProjectSettings|If merge trains are enabled, merging is only possible if the branch can be rebased without conflicts."
 msgstr ""

@ -39416,6 +39434,9 @@ msgstr ""
 msgid "ProjectSettings|Set the default behavior of this option in merge requests. Changes to this are also applied to existing merge requests."
 msgstr ""

+msgid "ProjectSettings|Set up your project to receive events that are used for %{link_start}product analytics%{link_end}."
+msgstr ""
+
 msgid "ProjectSettings|Share code with others outside the project."
 msgstr ""

@ -48132,15 +48153,9 @@ msgstr ""
 msgid "Stack trace"
 msgstr ""

-msgid "Stacktrace snippet"
-msgstr ""
-
 msgid "Stage"
 msgstr ""

-msgid "Stage:"
-msgstr ""
-
 msgid "Standard"
 msgstr ""

@ -55518,9 +55533,6 @@ msgstr ""
 msgid "Vulnerability|Activity"
 msgstr ""

-msgid "Vulnerability|Actual Response"
-msgstr ""
-
 msgid "Vulnerability|Actual received response is the one received when this fault was detected"
 msgstr ""

@ -55542,9 +55554,6 @@ msgstr ""
 msgid "Vulnerability|CVSS v3"
 msgstr ""

-msgid "Vulnerability|Class"
-msgstr ""
-
 msgid "Vulnerability|Cluster"
 msgstr ""

@ -55557,18 +55566,9 @@ msgstr ""
 msgid "Vulnerability|Could not load prompt."
 msgstr ""

-msgid "Vulnerability|Crash address"
-msgstr ""
-
 msgid "Vulnerability|Crash address:"
 msgstr ""

-msgid "Vulnerability|Crash state"
-msgstr ""
-
-msgid "Vulnerability|Crash type"
-msgstr ""
-
 msgid "Vulnerability|Crash type:"
 msgstr ""

@ -55587,9 +55587,6 @@ msgstr ""
 msgid "Vulnerability|Detection method"
 msgstr ""

-msgid "Vulnerability|Download"
-msgstr ""
-
 msgid "Vulnerability|Enter the associated CVE or CWE entries for this vulnerability."
 msgstr ""

@ -55614,9 +55611,6 @@ msgstr ""
 msgid "Vulnerability|False positive detected"
 msgstr ""

-msgid "Vulnerability|File"
-msgstr ""
-
 msgid "Vulnerability|File:"
 msgstr ""

@ -55641,9 +55635,6 @@ msgstr ""
 msgid "Vulnerability|Identifiers"
 msgstr ""

-msgid "Vulnerability|Image"
-msgstr ""
-
 msgid "Vulnerability|Image:"
 msgstr ""

@ -55656,18 +55647,9 @@ msgstr ""
 msgid "Vulnerability|Location"
 msgstr ""

-msgid "Vulnerability|Method"
-msgstr ""
-
-msgid "Vulnerability|Namespace"
-msgstr ""
-
 msgid "Vulnerability|Namespace:"
 msgstr ""

-msgid "Vulnerability|Project"
-msgstr ""
-
 msgid "Vulnerability|Project:"
 msgstr ""

@ -55680,18 +55662,12 @@ msgstr ""
 msgid "Vulnerability|Reproduction Assets"
 msgstr ""

-msgid "Vulnerability|Request"
-msgstr ""
-
 msgid "Vulnerability|Request/Response"
 msgstr ""

 msgid "Vulnerability|Response generated by AI"
 msgstr ""

-msgid "Vulnerability|Scanner Provider"
-msgstr ""
-
 msgid "Vulnerability|Scanner:"
 msgstr ""

@ -55746,9 +55722,6 @@ msgstr ""
 msgid "Vulnerability|This is a beta feature that uses AI to explain the vulnerability and provide recommendations. Use this feature with caution as we continue to iterate. Please provide your feedback and ideas in %{linkStart}this issue%{linkEnd}."
 msgstr ""

-msgid "Vulnerability|Tool"
-msgstr ""
-
 msgid "Vulnerability|Tool:"
 msgstr ""

@ -55761,9 +55734,6 @@ msgstr ""
 msgid "Vulnerability|URL:"
 msgstr ""

-msgid "Vulnerability|Unmodified Response"
-msgstr ""
-
 msgid "Vulnerability|Unmodified response:"
 msgstr ""

--- a/package.json
+++ b/package.json
@ -60,7 +60,7 @@
    "@gitlab/favicon-overlay": "2.0.0",
    "@gitlab/fonts": "^1.3.0",
    "@gitlab/svgs": "3.84.0",
-    "@gitlab/ui": "^76.0.0",
+    "@gitlab/ui": "77.0.0",
    "@gitlab/visual-review-tools": "1.7.3",
    "@gitlab/web-ide": "^0.0.1-dev-20240226152102",
    "@mattiasbuelens/web-streams-adapter": "^0.1.0",
--- a/scripts/generate-e2e-pipeline
+++ b/scripts/generate-e2e-pipeline
@ -17,6 +17,7 @@ qa_pipelines["package-and-test-pipeline.yml"]="package-and-test/main.gitlab-ci.y
 qa_pipelines["package-and-test-nightly-pipeline.yml"]="package-and-test-nightly/main.gitlab-ci.yml"
 qa_pipelines["review-app-pipeline.yml"]="review-apps/main.gitlab-ci.yml"
 qa_pipelines["test-on-gdk-pipeline.yml"]="test-on-gdk/main.gitlab-ci.yml"
+qa_pipelines["test-on-cng-pipeline.yml"]="test-on-cng/main.gitlab-ci.yml"

 if [ "$QA_SKIP_ALL_TESTS" == "true" ]; then
  skip_pipeline=".gitlab/ci/_skip.yml"
--- a/scripts/qa/cng_deploy/cng-kind.sh
+++ b/scripts/qa/cng_deploy/cng-kind.sh
@ -0,0 +1,234 @@
+#!/bin/bash
+
+#
+# General utils
+#
+
+function log() {
+  echo -e "\033[1;32m$1\033[0m"
+}
+
+function warn() {
+  echo -e "\033[1;33m$1\033[0m"
+}
+
+function log_info() {
+  echo -e "\033[1;35m$1\033[0m"
+}
+
+function log_with_header() {
+  length=$(echo "$1" | awk '{print length}')
+  delimiter=$(printf -- "${2:-=}%.0s" $(seq $length))
+
+  log_info "$delimiter"
+  log_info "$1"
+  log_info "$delimiter"
+}
+
+#
+# Deploy functions
+#
+function get_redis_version() {
+  # version number is fetched from constant definition in redis_version_check.rb
+  local version_type=${1:-RECOMMENDED_REDIS_VERSION}
+
+  awk -F "=" "/${version_type} =/ {print \$2}" $CI_PROJECT_DIR/lib/system_check/app/redis_version_check.rb | sed "s/['\" ]//g"
+}
+
+function chart_values() {
+  local domain=$1
+  local values_file="cng-deploy-values.yml"
+
+  local gitlab_image_repository="registry.gitlab.com/gitlab-org/build/cng-mirror"
+  local gitlab_toolbox_image_repository="${gitlab_image_repository}/gitlab-toolbox-ee"
+  local gitlab_sidekiq_image_repository="${gitlab_image_repository}/gitlab-sidekiq-ee"
+  local gitlab_webservice_image_repository="${gitlab_image_repository}/gitlab-webservice-ee"
+  local gitlab_workhorse_image_repository="${gitlab_image_repository}/gitlab-workhorse-ee"
+  local gitlab_shell_image_repository="${gitlab_image_repository}/gitlab-shell"
+  local gitlab_shell_image_tag="$(cat $CI_PROJECT_DIR/GITLAB_SHELL_VERSION)"
+  local gitlab_gitaly_image_repository="${gitlab_image_repository}/gitaly"
+  local gitaly_image_tag="$(cat $CI_PROJECT_DIR/GITALY_SERVER_VERSION)"
+  local redis_version="$(get_redis_version $REDIS_VERSION_TYPE)"
+
+  cat > $values_file <<EOF
+global:
+  hosts:
+    domain: $domain
+    https: false
+  ingress:
+    configureCertmanager: false
+    tls:
+      enabled: false
+  shell:
+    port: 32022
+  extraEnv:
+    GITLAB_LICENSE_MODE: test
+    CUSTOMER_PORTAL_URL: https://customers.staging.gitlab.com
+  initialRootPassword:
+    secret: gitlab-initial-root-password
+  gitlab:
+    license:
+      secret: gitlab-license
+
+gitlab:
+  gitaly:
+    image:
+      repository: "${gitlab_gitaly_image_repository}"
+      tag: "${gitaly_image_tag}"
+  gitlab-shell:
+    image:
+      repository: "${gitlab_shell_image_repository}"
+      tag: "v${gitlab_shell_image_tag}"
+  migrations:
+    image:
+      repository: "${gitlab_toolbox_image_repository}"
+      tag: "${CI_COMMIT_SHA}"
+  sidekiq:
+    annotations:
+      commit: "${CI_COMMIT_SHORT_SHA}"
+    image:
+      repository: "${gitlab_sidekiq_image_repository}"
+      tag: "${CI_COMMIT_SHA}"
+  toolbox:
+    image:
+      repository: "${gitlab_toolbox_image_repository}"
+      tag: "${CI_COMMIT_SHA}"
+  webservice:
+    annotations:
+      commit: "${CI_COMMIT_SHORT_SHA}"
+    image:
+      repository: "${gitlab_webservice_image_repository}"
+      tag: "${CI_COMMIT_SHA}"
+    workhorse:
+      image: "${gitlab_workhorse_image_repository}"
+      tag: "${CI_COMMIT_SHA}"
+  gitlab-exporter:
+    enabled: false
+
+# Provision specific version of redis (either recommended or minimum supported)
+redis:
+  metrics:
+    enabled: false
+  image:
+    tag: "${redis_version%.*}"
+
+# Don't use certmanager, we'll self-sign or use http
+certmanager:
+  install: false
+
+# Specify NodePorts for NGINX and reduce replicas to 1
+nginx-ingress:
+  controller:
+    replicaCount: 1
+    minAavailable: 1
+    service:
+      type: NodePort
+      nodePorts:
+        # gitlab-shell port value below must match the KinD config file:
+        #   nodes[0].extraPortMappings[1].containerPort
+        gitlab-shell: 32022
+        # http port value below must match the KinD config file:
+        #   nodes[0].extraPortMappings[0].containerPort
+        http: 32080
+
+# Each test creates it's own runner, skip preinstalling runners
+gitlab-runner:
+  install: false
+
+# Disable metrics
+prometheus:
+  install: false
+EOF
+
+echo $values_file
+}
+
+function create_admin_password_secret() {
+  log_with_header "Create the 'gitlab-initial-root-password' secret"
+  kubectl create secret generic --namespace "${NAMESPACE}" \
+    "gitlab-initial-root-password" \
+    --from-literal="password=${GITLAB_ADMIN_PASSWORD}" \
+    --dry-run=client -o json | kubectl apply -f -
+}
+
+function create_license_secret() {
+  log_with_header "Create the 'gitlab-license' secret"
+  kubectl create secret generic --namespace "${NAMESPACE}" \
+    "gitlab-license" \
+    --from-literal=license="${QA_EE_LICENSE}" \
+    --dry-run=client -o json | kubectl apply -f -
+}
+
+function add_root_token() {
+  cmd=$(
+    cat <<EOF
+user = User.find_by_username('root');
+abort 'Error: Could not find root user. Check that the database was properly seeded' unless user;
+token = user.personal_access_tokens.create(scopes: [:api], name: 'Token to disable sign-ups', expires_at: 30.days.from_now);
+token.set_token('${GITLAB_QA_ADMIN_ACCESS_TOKEN}');
+token.save!;
+EOF
+  )
+
+  log_with_header "Add root user PAT"
+  local toolbox_pod=$(kubectl get pods --namespace ${NAMESPACE} -lapp=toolbox --no-headers -o=custom-columns=NAME:.metadata.name | tail -n 1)
+  kubectl exec --namespace "${NAMESPACE}" --container toolbox "${toolbox_pod}" -- gitlab-rails runner "${cmd}"
+  log "success!"
+}
+
+function setup_cluster() {
+  local kind_config=$1
+
+  log_with_header "Create kind kubernetes cluster"
+  kind create cluster --config "$kind_config"
+  sed -i -E -e "s/localhost|0\.0\.0\.0/docker/g" "$KUBECONFIG"
+
+  log_with_header "Print cluster info"
+  kubectl cluster-info
+}
+
+function deploy() {
+  local domain=$1
+  local values=$(chart_values $domain)
+
+  log_with_header "Add gitlab chart repo"
+  helm repo add gitlab https://charts.gitlab.io/
+  helm repo update
+
+  log_with_header "Create '${NAMESPACE} namespace'"
+  kubectl create namespace "$NAMESPACE"
+
+  create_license_secret
+  create_admin_password_secret
+
+  log_with_header "Install GitLab"
+  log_info "Using following values.yml"
+  cat $values
+
+  log_info "Running helm install"
+  helm install gitlab gitlab/gitlab \
+    --namespace "$NAMESPACE" \
+    --values $values \
+    --timeout 5m \
+    --wait
+
+  add_root_token
+}
+
+function save_install_logs() {
+  log_with_header "Events of namespace ${NAMESPACE}"
+  kubectl get events --output wide --namespace ${NAMESPACE}
+
+  for pod in $(kubectl get pods --no-headers --namespace ${NAMESPACE} --output jsonpath={.items[*].metadata.name}); do
+    log_with_header "Description of pod ${pod}"
+    kubectl describe pod ${pod} --namespace ${NAMESPACE}
+
+    for container in $(kubectl get pods ${pod} --no-headers --namespace ${NAMESPACE} --output jsonpath={.spec.initContainers[*].name}); do
+      kubectl logs ${pod} --namespace ${NAMESPACE} --container ${container} >"${container}.log"
+    done
+
+    for container in $(kubectl get pods ${pod} --no-headers --namespace ${NAMESPACE} --output jsonpath={.spec.containers[*].name}); do
+      kubectl logs ${pod} --namespace ${NAMESPACE} --container ${container} >"${container}.log"
+    done
+  done
+}
--- a/scripts/qa/cng_deploy/config/kind-config.yml
+++ b/scripts/qa/cng_deploy/config/kind-config.yml
@ -0,0 +1,31 @@
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+networking:
+  apiServerAddress: "0.0.0.0"
+nodes:
+  - role: control-plane
+    kubeadmConfigPatches:
+      - |
+        kind: InitConfiguration
+        nodeRegistration:
+          kubeletExtraArgs:
+            node-labels: "ingress-ready=true"
+      - |
+        kind: ClusterConfiguration
+        apiServer:
+          certSANs:
+            - "docker"
+    extraPortMappings:
+        # containerPort below must match the values file:
+        #   nginx-ingress.controller.service.nodePorts.http
+        # Change hostPort if port 80 is already in use.
+      - containerPort: 32080
+        hostPort: 80
+        listenAddress: "0.0.0.0"
+        # containerPort below must match the values file:
+        #   nginx-ingress.controller.service.nodePorts.ssh
+        # Using high-numbered hostPort assuming port 22 is
+        #   already in use.
+      - containerPort: 32022
+        hostPort: 32022
+        listenAddress: "0.0.0.0"
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@ -88,6 +88,13 @@ RSpec.describe ApplicationController, feature_category: :shared do
      let(:format) { :html }

      it_behaves_like 'setting gon variables'
+
+      it 'provides the organization_http_header_name' do
+        get :index, format: format
+
+        expect(json_response.to_h)
+          .to include('organization_http_header_name' => ::Organizations::ORGANIZATION_HTTP_HEADER)
+      end
    end

    context 'with json format' do
--- a/spec/db/schema_spec.rb
+++ b/spec/db/schema_spec.rb
@ -59,7 +59,7 @@ RSpec.describe 'Database schema', feature_category: :database do
    ci_pipelines: %w[partition_id],
    ci_runner_projects: %w[runner_id],
    ci_sources_pipelines: %w[partition_id source_partition_id source_job_id],
-    ci_stages: %w[partition_id],
+    ci_stages: %w[partition_id project_id pipeline_id],
    ci_trigger_requests: %w[commit_id],
    ci_job_artifact_states: %w[partition_id],
    cluster_providers_aws: %w[security_group_id vpc_id access_key_id],
--- a/spec/features/groups_spec.rb
+++ b/spec/features/groups_spec.rb
@ -37,16 +37,27 @@ RSpec.describe 'Group', feature_category: :groups_and_projects do
      end

      context 'with current organization setting in middleware' do
-        it 'sets the organization to the default organization' do
-          default_organization = create(:organization, :default)
+        let_it_be(:another_organization) { create(:organization) }

-          fill_in 'Group name', with: 'test-group'
-          click_button 'Create group'
+        before_all do
+          create(:organization, :default)
+        end

-          group = Group.find_by(name: 'test-group')
+        context 'for setting from the header' do
+          it 'sets the organization to another organization', :feature do
+            fill_in 'Group name', with: 'test-group'

-          expect(group.organization).to eq(default_organization)
-          expect(page).to have_current_path(group_path(group), ignore_query: true)
+            inspect_requests(
+              inject_headers: { ::Organizations::ORGANIZATION_HTTP_HEADER.sub(/^HTTP_/, '') => another_organization.id }
+            ) do
+              click_button 'Create group'
+            end
+
+            group = Group.find_by(name: 'test-group')
+
+            expect(group.organization).to eq(another_organization)
+            expect(page).to have_current_path(group_path(group), ignore_query: true)
+          end
        end
      end
    end
--- a/spec/frontend/ci/catalog/components/list/ci_resources_list_item_spec.js
+++ b/spec/frontend/ci/catalog/components/list/ci_resources_list_item_spec.js
@ -33,7 +33,7 @@ describe('CiResourcesListItem', () => {
    },
  };
  const release = {
-    author: { name: 'author', webUrl: '/user/1' },
+    author: { id: 'author-id', name: 'author', username: 'author-username', webUrl: '/user/1' },
    createdAt: Date.now(),
    name: '1.0.0',
  };
@ -152,6 +152,20 @@ describe('CiResourcesListItem', () => {
        expect(findUserLink().attributes('href')).toBe(release.author.webUrl);
      });

+      it('the user link has the correct attributes', () => {
+        expect(findUserLink().attributes()).toEqual({
+          'data-name': release.author.name,
+          'data-username': release.author.username,
+          'data-testid': 'user-link',
+          href: release.author.webUrl,
+          class: 'js-user-link',
+        });
+      });
+
+      it('the user link renders the author name', () => {
+        expect(findUserLink().text()).toBe(release.author.name);
+      });
+
      it('renders the time since the resource was released', () => {
        expect(findTimeAgoMessage().exists()).toBe(true);
      });
--- a/spec/frontend/ci/catalog/mock.js
+++ b/spec/frontend/ci/catalog/mock.js
@ -366,7 +366,7 @@ export const catalogSharedDataMock = {
        name: '1.0.0',
        path: 'path/to/release',
        createdAt: Date.now(),
-        author: { id: 1, webUrl: 'profile/1', name: 'username' },
+        author: { id: 1, webUrl: 'profile/1', name: 'name', username: 'username' },
      },
      webPath: '/path/to/project',
    },
--- a/spec/frontend/sidebar/components/assignees/sidebar_participant_spec.js
+++ b/spec/frontend/sidebar/components/assignees/sidebar_participant_spec.js
@ -65,16 +65,16 @@ describe('Sidebar participant component', () => {
        expect(findIcon().exists()).toBe(true);
      });

-      it('does not apply `gl-left-6!` class to an icon if participant is not selected', () => {
+      it('does not apply `!gl-left-6` class to an icon if participant is not selected', () => {
        createComponent({ issuableType: TYPE_MERGE_REQUEST, canMerge: false });

-        expect(findIcon().classes('gl-left-6!')).toBe(false);
+        expect(findIcon().classes('!gl-left-6')).toBe(false);
      });

-      it('applies `gl-left-6!` class to an icon if participant is selected', () => {
+      it('applies `!gl-left-6` class to an icon if participant is selected', () => {
        createComponent({ issuableType: TYPE_MERGE_REQUEST, canMerge: false, selected: true });

-        expect(findIcon().classes('gl-left-6!')).toBe(true);
+        expect(findIcon().classes('!gl-left-6')).toBe(true);
      });
    });

--- a/spec/frontend/vue_shared/security_reports/mock_data.js
+++ b/spec/frontend/vue_shared/security_reports/mock_data.js
@ -1,515 +0,0 @@
-import {
-  REPORT_TYPE_SAST,
-  REPORT_TYPE_SECRET_DETECTION,
-} from '~/vue_shared/security_reports/constants';
-
-export const mockFindings = [
-  {
-    id: null,
-    report_type: 'dependency_scanning',
-    name: 'Cross-site Scripting in serialize-javascript',
-    severity: 'critical',
-    scanner: {
-      external_id: 'gemnasium',
-      name: 'Gemnasium',
-      version: '1.1.1',
-      url: 'https://gitlab.com/gitlab-org/security-products/gemnasium',
-    },
-    identifiers: [
-      {
-        external_type: 'gemnasium',
-        external_id: '58caa017-9a9a-46d6-bab2-ec930f46833c',
-        name: 'Gemnasium-58caa017-9a9a-46d6-bab2-ec930f46833c',
-        url:
-          'https://deps.sec.gitlab.com/packages/npm/serialize-javascript/versions/1.7.0/advisories',
-      },
-      {
-        external_type: 'cve',
-        external_id: 'CVE-2019-16769',
-        name: 'CVE-2019-16769',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769',
-      },
-    ],
-    project_fingerprint: '09df9f4d11c8deb93d81bdcc39f7667b44143298',
-    create_vulnerability_feedback_issue_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_merge_request_path:
-      '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_dismissal_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    project: {
-      id: 7071551,
-      name: 'gitlab-ui',
-      full_path: '/gitlab-org/gitlab-ui',
-      full_name: 'GitLab.org / gitlab-ui',
-    },
-    dismissal_feedback: null,
-    issue_feedback: null,
-    merge_request_feedback: null,
-    description:
-      'The serialize-javascript npm package is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.',
-    links: [{ url: 'https://nvd.nist.gov/vuln/detail/CVE-2019-16769' }],
-    location: {
-      file: 'yarn.lock',
-      dependency: { package: { name: 'serialize-javascript' }, version: '1.7.0' },
-    },
-    remediations: [null],
-    solution: 'Upgrade to version 2.1.1 or above.',
-    state: 'detected',
-    blob_path: '/gitlab-org/gitlab-ui/blob/ad137f0a8ac59af961afe47d04e5cc062c6864a9/yarn.lock',
-    evidence: 'Credit Card Detected: Diners Card',
-  },
-  {
-    id: null,
-    report_type: 'dependency_scanning',
-    name: '3rd party CORS request may execute in jquery',
-    severity: 'high',
-    scanner: { external_id: 'gemnasium', name: 'gemnasium' },
-    identifiers: [
-      {
-        external_type: 'cve',
-        external_id: 'CVE-2015-9251',
-        name: 'CVE-2015-9251',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9251',
-      },
-    ],
-    project_fingerprint: '1ecd3b214cf39c0b9ad23a0a9679778d7cf55876',
-    create_vulnerability_feedback_issue_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_merge_request_path:
-      '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_dismissal_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    project: {
-      id: 7071551,
-      name: 'gitlab-ui',
-      full_path: '/gitlab-org/gitlab-ui',
-      full_name: 'GitLab.org / gitlab-ui',
-    },
-    dismissal_feedback: {
-      id: 2528,
-      created_at: '2019-08-26T12:30:32.349Z',
-      project_id: 7071551,
-      author: {
-        id: 181229,
-        name: "Lukas 'Eipi' Eipert",
-        username: 'leipert',
-        state: 'active',
-        avatar_url:
-          'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-        web_url: 'https://gitlab.com/leipert',
-        status_tooltip_html: null,
-        path: '/leipert',
-      },
-      comment_details: {
-        comment: 'This particular jQuery version appears in a test path of tinycolor2.\n',
-        comment_timestamp: '2019-08-26T12:30:37.610Z',
-        comment_author: {
-          id: 181229,
-          name: "Lukas 'Eipi' Eipert",
-          username: 'leipert',
-          state: 'active',
-          avatar_url:
-            'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-          web_url: 'https://gitlab.com/leipert',
-          status_tooltip_html: null,
-          path: '/leipert',
-        },
-      },
-      pipeline: { id: 78375355, path: '/gitlab-org/gitlab-ui/pipelines/78375355' },
-      category: 'dependency_scanning',
-      feedback_type: 'dismissal',
-      branch: 'leipert-dogfood-secure',
-      project_fingerprint: '1ecd3b214cf39c0b9ad23a0a9679778d7cf55876',
-    },
-    issue_feedback: null,
-    merge_request_feedback: null,
-    description: null,
-    links: [
-      { url: 'https://github.com/jquery/jquery/issues/2432' },
-      { url: 'http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/' },
-      { url: 'https://nvd.nist.gov/vuln/detail/CVE-2015-9251' },
-      { url: 'http://research.insecurelabs.org/jquery/test/' },
-    ],
-    location: {
-      file: 'node_modules/tinycolor2/demo/jquery-1.9.1.js',
-      dependency: { package: { name: 'jquery' }, version: '1.9.1' },
-    },
-    remediations: [null],
-    solution: null,
-    state: 'dismissed',
-    blob_path:
-      '/gitlab-org/gitlab-ui/blob/ad137f0a8ac59af961afe47d04e5cc062c6864a9/node_modules/tinycolor2/demo/jquery-1.9.1.js',
-  },
-  {
-    id: null,
-    report_type: 'dependency_scanning',
-    name:
-      'jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery',
-    severity: 'low',
-    scanner: { external_id: 'gemnasium', name: 'gemnasium' },
-    identifiers: [
-      {
-        external_type: 'cve',
-        external_id: 'CVE-2019-11358',
-        name: 'CVE-2019-11358',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358',
-      },
-    ],
-    project_fingerprint: 'aeb4b2442d92d0ccf7023f0c220bda8b4ba910e3',
-    create_vulnerability_feedback_issue_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_merge_request_path:
-      '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_dismissal_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    project: {
-      id: 7071551,
-      name: 'gitlab-ui',
-      full_path: '/gitlab-org/gitlab-ui',
-      full_name: 'GitLab.org / gitlab-ui',
-    },
-    dismissal_feedback: {
-      id: 4197,
-      created_at: '2019-11-14T11:03:18.472Z',
-      project_id: 7071551,
-      author: {
-        id: 181229,
-        name: "Lukas 'Eipi' Eipert",
-        username: 'leipert',
-        state: 'active',
-        avatar_url:
-          'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-        web_url: 'https://gitlab.com/leipert',
-        status_tooltip_html: null,
-        path: '/leipert',
-      },
-      comment_details: {
-        comment:
-          'This is a false positive, as it just part of some documentation assets of sass-true.',
-        comment_timestamp: '2019-11-14T11:03:18.464Z',
-        comment_author: {
-          id: 181229,
-          name: "Lukas 'Eipi' Eipert",
-          username: 'leipert',
-          state: 'active',
-          avatar_url:
-            'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-          web_url: 'https://gitlab.com/leipert',
-          status_tooltip_html: null,
-          path: '/leipert',
-        },
-      },
-      category: 'dependency_scanning',
-      feedback_type: 'dismissal',
-      branch: null,
-      project_fingerprint: 'aeb4b2442d92d0ccf7023f0c220bda8b4ba910e3',
-    },
-    issue_feedback: null,
-    merge_request_feedback: null,
-    description: null,
-    links: [
-      { url: 'https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/' },
-      { url: 'https://nvd.nist.gov/vuln/detail/CVE-2019-11358' },
-      { url: 'https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b' },
-    ],
-    location: {
-      file: 'node_modules/sass-true/docs/assets/webpack/common.min.js',
-      dependency: { package: { name: 'jquery' }, version: '3.3.1' },
-    },
-    remediations: [null],
-    solution: null,
-    state: 'dismissed',
-    blob_path:
-      '/gitlab-org/gitlab-ui/blob/ad137f0a8ac59af961afe47d04e5cc062c6864a9/node_modules/sass-true/docs/assets/webpack/common.min.js',
-  },
-  {
-    id: null,
-    report_type: 'dependency_scanning',
-    name:
-      'jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution in jquery',
-    severity: 'low',
-    scanner: { external_id: 'gemnasium', name: 'gemnasium' },
-    identifiers: [
-      {
-        external_type: 'cve',
-        external_id: 'CVE-2019-11358',
-        name: 'CVE-2019-11358',
-        url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358',
-      },
-    ],
-    project_fingerprint: 'eb86aa13eb9d897a083ead6e134aa78aa9cadd52',
-    create_vulnerability_feedback_issue_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_merge_request_path:
-      '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    create_vulnerability_feedback_dismissal_path: '/gitlab-org/gitlab-ui/vulnerability_feedback',
-    project: {
-      id: 7071551,
-      name: 'gitlab-ui',
-      full_path: '/gitlab-org/gitlab-ui',
-      full_name: 'GitLab.org / gitlab-ui',
-    },
-    dismissal_feedback: {
-      id: 2527,
-      created_at: '2019-08-26T12:29:43.624Z',
-      project_id: 7071551,
-      author: {
-        id: 181229,
-        name: "Lukas 'Eipi' Eipert",
-        username: 'leipert',
-        state: 'active',
-        avatar_url:
-          'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-        web_url: 'https://gitlab.com/leipert',
-        status_tooltip_html: null,
-        path: '/leipert',
-      },
-      comment_details: {
-        comment: 'This particular jQuery version appears in a test path of tinycolor2.',
-        comment_timestamp: '2019-08-26T12:30:14.840Z',
-        comment_author: {
-          id: 181229,
-          name: "Lukas 'Eipi' Eipert",
-          username: 'leipert',
-          state: 'active',
-          avatar_url:
-            'https://secure.gravatar.com/avatar/19a1f1260fa70323f35bc508927921a2?s=80\u0026d=identicon',
-          web_url: 'https://gitlab.com/leipert',
-          status_tooltip_html: null,
-          path: '/leipert',
-        },
-      },
-      pipeline: { id: 78375355, path: '/gitlab-org/gitlab-ui/pipelines/78375355' },
-      category: 'dependency_scanning',
-      feedback_type: 'dismissal',
-      branch: 'leipert-dogfood-secure',
-      project_fingerprint: 'eb86aa13eb9d897a083ead6e134aa78aa9cadd52',
-    },
-    issue_feedback: null,
-    merge_request_feedback: null,
-    description: null,
-    links: [
-      { url: 'https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/' },
-      { url: 'https://nvd.nist.gov/vuln/detail/CVE-2019-11358' },
-      { url: 'https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b' },
-    ],
-    location: {
-      file: 'node_modules/tinycolor2/demo/jquery-1.9.1.js',
-      dependency: { package: { name: 'jquery' }, version: '1.9.1' },
-    },
-    remediations: [null],
-    solution: null,
-    state: 'dismissed',
-    blob_path:
-      '/gitlab-org/gitlab-ui/blob/ad137f0a8ac59af961afe47d04e5cc062c6864a9/node_modules/tinycolor2/demo/jquery-1.9.1.js',
-  },
-];
-
-export const sastDiffSuccessMock = {
-  added: [mockFindings[0]],
-  fixed: [mockFindings[1], mockFindings[2]],
-  existing: [mockFindings[3]],
-  base_report_created_at: '2020-01-01T10:00:00.000Z',
-  base_report_out_of_date: false,
-  head_report_created_at: '2020-01-10T10:00:00.000Z',
-};
-
-export const secretDetectionDiffSuccessMock = {
-  added: [mockFindings[0], mockFindings[1]],
-  fixed: [mockFindings[2]],
-  base_report_created_at: '2020-01-01T10:00:00.000Z',
-  base_report_out_of_date: false,
-  head_report_created_at: '2020-01-10T10:00:00.000Z',
-};
-
-export const securityReportMergeRequestDownloadPathsQueryNoArtifactsResponse = {
-  project: {
-    id: 'project-1',
-    mergeRequest: {
-      id: 'mr-1',
-      headPipeline: {
-        id: 'gid://gitlab/Ci::Pipeline/176',
-        jobs: {
-          nodes: [],
-          __typename: 'CiJobConnection',
-        },
-        __typename: 'Pipeline',
-      },
-      __typename: 'MergeRequest',
-    },
-    __typename: 'Project',
-  },
-};
-
-export const securityReportPipelineDownloadPathsQueryResponse = {
-  project: {
-    id: 'project-1',
-    pipeline: {
-      id: 'gid://gitlab/Ci::Pipeline/176',
-      jobs: {
-        nodes: [
-          {
-            id: 'job-1',
-            name: 'secret_detection',
-            artifacts: {
-              nodes: [
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1399/artifacts/download?file_type=trace',
-                  fileType: 'TRACE',
-                  __typename: 'CiJobArtifact',
-                },
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1399/artifacts/download?file_type=secret_detection',
-                  fileType: 'SECRET_DETECTION',
-                  __typename: 'CiJobArtifact',
-                },
-              ],
-              __typename: 'CiJobArtifactConnection',
-            },
-            __typename: 'CiJob',
-          },
-          {
-            id: 'job-2',
-            name: 'bandit-sast',
-            artifacts: {
-              nodes: [
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1400/artifacts/download?file_type=trace',
-                  fileType: 'TRACE',
-                  __typename: 'CiJobArtifact',
-                },
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1400/artifacts/download?file_type=sast',
-                  fileType: 'SAST',
-                  __typename: 'CiJobArtifact',
-                },
-              ],
-              __typename: 'CiJobArtifactConnection',
-            },
-            __typename: 'CiJob',
-          },
-          {
-            id: 'job-3',
-            name: 'eslint-sast',
-            artifacts: {
-              nodes: [
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1401/artifacts/download?file_type=trace',
-                  fileType: 'TRACE',
-                  __typename: 'CiJobArtifact',
-                },
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1401/artifacts/download?file_type=sast',
-                  fileType: 'SAST',
-                  __typename: 'CiJobArtifact',
-                },
-              ],
-              __typename: 'CiJobArtifactConnection',
-            },
-            __typename: 'CiJob',
-          },
-          {
-            id: 'job-4',
-            name: 'all_artifacts',
-            artifacts: {
-              nodes: [
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=archive',
-                  fileType: 'ARCHIVE',
-                  __typename: 'CiJobArtifact',
-                },
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=trace',
-                  fileType: 'TRACE',
-                  __typename: 'CiJobArtifact',
-                },
-                {
-                  downloadPath:
-                    '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=metadata',
-                  fileType: 'METADATA',
-                  __typename: 'CiJobArtifact',
-                },
-              ],
-              __typename: 'CiJobArtifactConnection',
-            },
-            __typename: 'CiJob',
-          },
-        ],
-        __typename: 'CiJobConnection',
-      },
-      __typename: 'Pipeline',
-    },
-    __typename: 'MergeRequest',
-  },
-  __typename: 'Project',
-};
-
-export const sastArtifacts = [
-  {
-    name: 'bandit-sast',
-    reportType: REPORT_TYPE_SAST,
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1400/artifacts/download?file_type=sast',
-  },
-  {
-    name: 'eslint-sast',
-    reportType: REPORT_TYPE_SAST,
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1401/artifacts/download?file_type=sast',
-  },
-];
-
-export const secretDetectionArtifacts = [
-  {
-    name: 'secret_detection',
-    reportType: REPORT_TYPE_SECRET_DETECTION,
-    path:
-      '/gitlab-org/secrets-detection-test/-/jobs/1399/artifacts/download?file_type=secret_detection',
-  },
-];
-
-export const expectedDownloadDropdownPropsWithText = {
-  loading: false,
-  artifacts: [...secretDetectionArtifacts, ...sastArtifacts],
-  title: '',
-  text: 'Download results',
-};
-
-export const archiveArtifacts = [
-  {
-    name: 'all_artifacts Archive',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=archive',
-    reportType: 'ARCHIVE',
-  },
-];
-
-export const traceArtifacts = [
-  {
-    name: 'secret_detection Trace',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1399/artifacts/download?file_type=trace',
-    reportType: 'TRACE',
-  },
-  {
-    name: 'bandit-sast Trace',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1400/artifacts/download?file_type=trace',
-    reportType: 'TRACE',
-  },
-  {
-    name: 'eslint-sast Trace',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1401/artifacts/download?file_type=trace',
-    reportType: 'TRACE',
-  },
-  {
-    name: 'all_artifacts Trace',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=trace',
-    reportType: 'TRACE',
-  },
-];
-
-export const metadataArtifacts = [
-  {
-    name: 'all_artifacts Metadata',
-    path: '/gitlab-org/secrets-detection-test/-/jobs/1402/artifacts/download?file_type=metadata',
-    reportType: 'METADATA',
-  },
-];
--- a/spec/lib/gitlab/background_migration/backfill_onboarding_status_step_url_spec.rb
+++ b/spec/lib/gitlab/background_migration/backfill_onboarding_status_step_url_spec.rb
@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Gitlab::BackgroundMigration::BackfillOnboardingStatusStepUrl, feature_category: :onboarding do
+  let(:users) { table(:users) }
+  let(:user_details) { table(:user_details) }
+
+  let(:first_user) { users.create!(email: 'user1@example.com', projects_limit: 0, onboarding_in_progress: true) }
+
+  let!(:user_detail) do
+    user_details.create!(
+      user_id: first_user.id,
+      onboarding_step_url: '_foo_',
+      onboarding_status: { step_url: '_bar_', email_opt_in: false }
+    )
+  end
+
+  let!(:user_detail_to_change) do
+    user_details.create!(
+      user_id: users.create!(email: 'user2@example.com', projects_limit: 0, onboarding_in_progress: true).id,
+      onboarding_step_url: '_foo_',
+      onboarding_status: {}
+    )
+  end
+
+  let(:last_user) { users.create!(email: 'user3@example.com', projects_limit: 0, onboarding_in_progress: false) }
+
+  let!(:user_detail_not_in_onboarding) do
+    user_details.create!(
+      user_id: last_user.id,
+      onboarding_step_url: '_foo_',
+      onboarding_status: {}
+    )
+  end
+
+  subject(:migration) do
+    described_class.new(
+      start_id: first_user.id,
+      end_id: last_user.id,
+      batch_table: :users,
+      batch_column: :id,
+      sub_batch_size: 100,
+      pause_ms: 0,
+      connection: ApplicationRecord.connection
+    )
+  end
+
+  describe '#perform' do
+    it 'updates the correct data' do
+      migration.perform
+
+      expect(user_detail_to_change.reload.onboarding_status).to eq({ 'step_url' => '_foo_' })
+      expect(user_detail.reload.onboarding_status).to eq({ 'step_url' => '_bar_', 'email_opt_in' => false })
+      expect(user_detail_not_in_onboarding.reload.onboarding_status).to eq({})
+    end
+  end
+end
--- a/spec/lib/gitlab/middleware/organizations/current_spec.rb
+++ b/spec/lib/gitlab/middleware/organizations/current_spec.rb
@ -3,30 +3,59 @@
 require 'spec_helper'

 RSpec.describe Gitlab::Middleware::Organizations::Current, feature_category: :cell do
+  let(:headers) { {} }
+  let_it_be(:organization) { create(:organization) }
+
  subject(:perform_request) do
    path = '/'
    app = ->(env) { [200, env, 'app'] }
    middleware = described_class.new(app)
-    Rack::MockRequest.new(middleware).get(path)
+    Rack::MockRequest.new(middleware).get(path, headers)
  end

-  context 'with an existing default organization' do
-    let_it_be(:organization) { create(:organization, :default) }
+  before_all do
+    create(:organization) # prove we are really being selective for the organization finder
+  end

-    before_all do
-      create(:organization) # prove we are really being selective for the default org
-    end
+  after do
+    Current.reset
+  end

-    after do
-      Current.reset
-    end
+  it 'does not set the organization' do
+    perform_request

-    it 'loads the current organization' do
+    expect(Current.organization).to be_nil
+  end
+
+  context 'when the organization header is set' do
+    let(:headers) { { ::Organizations::ORGANIZATION_HTTP_HEADER => organization.id } }
+
+    it 'sets the organization' do
      perform_request

      expect(Current.organization).to eq(organization)
    end

+    context 'when organization does not exist' do
+      let(:headers) { { ::Organizations::ORGANIZATION_HTTP_HEADER => non_existing_record_id } }
+
+      it 'does not set the organization' do
+        perform_request
+
+        expect(Current.organization).to be_nil
+      end
+    end
+
+    context 'when organization has non-integer value' do
+      let(:headers) { { ::Organizations::ORGANIZATION_HTTP_HEADER => "#{organization.id}_some_words" } }
+
+      it 'does not set the organization' do
+        perform_request
+
+        expect(Current.organization).to be_nil
+      end
+    end
+
    context 'when current_organization_middleware feature flag is disabled' do
      before do
        stub_feature_flags(current_organization_middleware: false)
@ -35,16 +64,8 @@ RSpec.describe Gitlab::Middleware::Organizations::Current, feature_category: :ce
      it 'does not set the organization' do
        perform_request

-        expect(Current.organization).to eq(nil)
+        expect(Current.organization).to be_nil
      end
    end
  end
-
-  context 'without an existing default organization' do
-    it 'sets the current organization to nil' do
-      perform_request
-
-      expect(Current.organization).to eq(nil)
-    end
-  end
 end
--- a/spec/migrations/20240226174509_queue_backfill_onboarding_status_step_url_spec.rb
+++ b/spec/migrations/20240226174509_queue_backfill_onboarding_status_step_url_spec.rb
@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require_migration!
+
+RSpec.describe QueueBackfillOnboardingStatusStepUrl, feature_category: :onboarding do
+  let!(:batched_migration) { described_class::MIGRATION }
+
+  it 'schedules a new batched migration' do
+    reversible_migration do |migration|
+      migration.before -> {
+        expect(batched_migration).not_to have_scheduled_batched_migration
+      }
+
+      migration.after -> {
+        expect(batched_migration).to have_scheduled_batched_migration(
+          table_name: :users,
+          column_name: :id,
+          interval: described_class::DELAY_INTERVAL,
+          batch_size: described_class::BATCH_SIZE,
+          sub_batch_size: described_class::SUB_BATCH_SIZE,
+          max_batch_size: described_class::MAX_BATCH_SIZE
+        )
+      }
+    end
+  end
+end
--- a/spec/models/ci/stage_spec.rb
+++ b/spec/models/ci/stage_spec.rb
@ -440,4 +440,26 @@ RSpec.describe Ci::Stage, :models, feature_category: :continuous_integration do
      end
    end
  end
+
+  describe 'routing table switch' do
+    context 'with ff disabled' do
+      before do
+        stub_feature_flags(ci_partitioning_use_ci_stages_routing_table: false)
+      end
+
+      it 'uses the legacy table' do
+        expect(described_class.table_name).to eq('ci_stages')
+      end
+    end
+
+    context 'with ff enabled' do
+      before do
+        stub_feature_flags(ci_partitioning_use_ci_stages_routing_table: true)
+      end
+
+      it 'uses the routing table' do
+        expect(described_class.table_name).to eq('p_ci_stages')
+      end
+    end
+  end
 end
--- a/spec/models/organizations_spec.rb
+++ b/spec/models/organizations_spec.rb
@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Organizations, feature_category: :cell do
+  describe 'constants' do
+    it { expect(described_class::ORGANIZATION_HTTP_HEADER).to eq('HTTP_GITLAB_ORGANIZATION_ID') }
+  end
+end
--- a/spec/services/ci/queue/pending_builds_strategy_spec.rb
+++ b/spec/services/ci/queue/pending_builds_strategy_spec.rb
@ -22,11 +22,11 @@ RSpec.describe Ci::Queue::PendingBuildsStrategy, feature_category: :continuous_i
    end
  end

-  describe 'build_ids' do
+  describe 'build_and_partition_ids' do
    it 'returns build id with partition id' do
      strategy = described_class.new(group_runner)
      relation = strategy.builds_for_group_runner
-      expect(strategy.build_ids(relation)).to match_array(
+      expect(strategy.build_and_partition_ids(relation)).to match_array(
        [
          [pending_build_3.build_id, pending_build_3.partition_id],
          [pending_build_1.build_id, pending_build_1.partition_id],
@ -34,23 +34,5 @@ RSpec.describe Ci::Queue::PendingBuildsStrategy, feature_category: :continuous_i
        ]
      )
    end
-
-    context 'with FF use_partition_id_for_register_job_service disabled' do
-      before do
-        stub_feature_flags(use_partition_id_for_register_job_service: false)
-      end
-
-      it 'returns just build id' do
-        strategy = described_class.new(group_runner)
-        relation = strategy.builds_for_group_runner
-        expect(strategy.build_ids(relation)).to match_array(
-          [
-            pending_build_3.build_id,
-            pending_build_1.build_id,
-            pending_build_2.build_id
-          ]
-        )
-      end
-    end
  end
 end
--- a/yarn.lock
+++ b/yarn.lock
@ -1326,10 +1326,10 @@
  resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.84.0.tgz#4c251a528c825875b3062be236ae2a06569c9f45"
  integrity sha512-v6Sh3VRVTelWY+yPJ/kWm1A4y0Ox1xgecXljVd7BpB0S9OboK2J5AXbwzqit6s4TSab/B8G3Vf5g4fHsVQCXqg==

-"@gitlab/ui@^76.0.0":
-  version "76.0.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-76.0.0.tgz#cbd8bcd2ddda80b1414882eee49e6324de283b49"
-  integrity sha512-KSeIOL1vMGclD19vcUF84+VrCjbbUOsxYPKFoVXm6qk9KaaYMTsr8ZXlIldDj/OkfdmOR7U0mEjteNZoOlmUgg==
+"@gitlab/ui@77.0.0":
+  version "77.0.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/ui/-/ui-77.0.0.tgz#0835243af28d2fcc5a6870b8f39aa6055022547b"
+  integrity sha512-3nPx8kakR7j9tvDTu5z6O5jnq0IkVQhlZO2e6Xx240BNaAiudaTtXUbFdnzVZjDcNn4NxRb0iiMOTAi1BNVpAw==
  dependencies:
    "@floating-ui/dom" "1.4.3"
    bootstrap-vue "2.23.1"
				`@ -0,0 +1 @@`
				`4cc51a39d3a9be5c86b9fdba0b6b9a03580a6941802cbf0773882917b999af40`