diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index e2bf3e02eea..6c1a135573b 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -532,7 +532,7 @@
   - "vendor/assets/javascripts/**/*"
 
 .feature-flag-development-config-patterns: &feature-flag-development-config-patterns
-  - "{,ee/}config/feature_flags/{development,ops}/*.yml"
+  - "{,ee/,jh/}config/feature_flags/{development,ops}/*.yml"
 
 ##################
 # Conditions set #
diff --git a/.rubocop_todo/layout/first_hash_element_indentation.yml b/.rubocop_todo/layout/first_hash_element_indentation.yml
index 94ad3fde252..e6525456ee5 100644
--- a/.rubocop_todo/layout/first_hash_element_indentation.yml
+++ b/.rubocop_todo/layout/first_hash_element_indentation.yml
@@ -308,7 +308,6 @@ Layout/FirstHashElementIndentation:
     - 'lib/gitlab/asciidoc/include_processor.rb'
     - 'lib/gitlab/auth/otp/strategies/forti_token_cloud.rb'
     - 'lib/gitlab/ci/config/entry/processable.rb'
-    - 'lib/gitlab/config_checker/external_database_checker.rb'
     - 'lib/gitlab/database/query_analyzers/gitlab_schemas_metrics.rb'
     - 'lib/gitlab/database/query_analyzers/prevent_cross_database_modification.rb'
     - 'lib/gitlab/github_import/importer/diff_note_importer.rb'
@@ -471,7 +470,6 @@ Layout/FirstHashElementIndentation:
     - 'spec/lib/gitlab/ci/reports/security/scanner_spec.rb'
     - 'spec/lib/gitlab/ci/reports/terraform_reports_spec.rb'
     - 'spec/lib/gitlab/ci/yaml_processor_spec.rb'
-    - 'spec/lib/gitlab/config_checker/external_database_checker_spec.rb'
     - 'spec/lib/gitlab/config_checker/puma_rugged_checker_spec.rb'
     - 'spec/lib/gitlab/data_builder/build_spec.rb'
     - 'spec/lib/gitlab/data_builder/issuable_spec.rb'
diff --git a/.rubocop_todo/layout/line_length.yml b/.rubocop_todo/layout/line_length.yml
index dd018402310..9748ac81070 100644
--- a/.rubocop_todo/layout/line_length.yml
+++ b/.rubocop_todo/layout/line_length.yml
@@ -3176,7 +3176,6 @@ Layout/LineLength:
     - 'lib/gitlab/composer/version_index.rb'
     - 'lib/gitlab/config/entry/configurable.rb'
     - 'lib/gitlab/config/entry/validators.rb'
-    - 'lib/gitlab/config_checker/external_database_checker.rb'
     - 'lib/gitlab/conflict/file.rb'
     - 'lib/gitlab/conflict/file_collection.rb'
     - 'lib/gitlab/content_security_policy/config_loader.rb'
@@ -4524,7 +4523,6 @@ Layout/LineLength:
     - 'spec/lib/gitlab/code_navigation_path_spec.rb'
     - 'spec/lib/gitlab/composer/cache_spec.rb'
     - 'spec/lib/gitlab/composer/version_index_spec.rb'
-    - 'spec/lib/gitlab/config_checker/external_database_checker_spec.rb'
     - 'spec/lib/gitlab/config_checker/puma_rugged_checker_spec.rb'
     - 'spec/lib/gitlab/conflict/file_spec.rb'
     - 'spec/lib/gitlab/consul/internal_spec.rb'
diff --git a/.rubocop_todo/style/word_array.yml b/.rubocop_todo/style/word_array.yml
deleted file mode 100644
index 7e8122bf9d9..00000000000
--- a/.rubocop_todo/style/word_array.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-# Cop supports --auto-correct.
-Style/WordArray:
-  Exclude:
-    - 'ee/spec/features/protected_branches_spec.rb'
-    - 'qa/qa/page/project/settings/mirroring_repositories.rb'
-    - 'qa/qa/specs/features/ee/browser_ui/13_secure/enable_scanning_from_configuration_spec.rb'
-    - 'spec/features/protected_branches_spec.rb'
diff --git a/app/assets/javascripts/api/projects_api.js b/app/assets/javascripts/api/projects_api.js
index 667aa878261..5b5abbdf50b 100644
--- a/app/assets/javascripts/api/projects_api.js
+++ b/app/assets/javascripts/api/projects_api.js
@@ -5,6 +5,7 @@ import { buildApiUrl } from './api_utils';
 const PROJECTS_PATH = '/api/:version/projects.json';
 const PROJECT_IMPORT_MEMBERS_PATH = '/api/:version/projects/:id/import_project_members/:project_id';
 const PROJECT_REPOSITORY_SIZE_PATH = '/api/:version/projects/:id/repository_size';
+const PROJECT_TRANSFER_LOCATIONS_PATH = 'api/:version/projects/:id/transfer_locations';
 
 export function getProjects(query, options, callback = () => {}) {
   const url = buildApiUrl(PROJECTS_PATH);
@@ -42,3 +43,10 @@ export function updateRepositorySize(projectPath) {
   );
   return axios.post(url);
 }
+
+export const getTransferLocations = (projectId, params = {}) => {
+  const url = buildApiUrl(PROJECT_TRANSFER_LOCATIONS_PATH).replace(':id', projectId);
+  const defaultParams = { per_page: DEFAULT_PER_PAGE };
+
+  return axios.get(url, { params: { ...defaultParams, ...params } });
+};
diff --git a/app/assets/javascripts/batch_comments/stores/modules/batch_comments/getters.js b/app/assets/javascripts/batch_comments/stores/modules/batch_comments/getters.js
index df5214ea7ab..75e4ae63c18 100644
--- a/app/assets/javascripts/batch_comments/stores/modules/batch_comments/getters.js
+++ b/app/assets/javascripts/batch_comments/stores/modules/batch_comments/getters.js
@@ -22,7 +22,11 @@ export const draftsPerFileHashAndLine = (state) =>
         acc[draft.file_hash] = {};
       }
 
-      acc[draft.file_hash][draft.line_code] = draft;
+      if (!acc[draft.file_hash][draft.line_code]) {
+        acc[draft.file_hash][draft.line_code] = [];
+      }
+
+      acc[draft.file_hash][draft.line_code].push(draft);
     }
 
     return acc;
@@ -61,18 +65,15 @@ export const shouldRenderDraftRowInDiscussion = (state, getters) => (discussionI
 export const draftForDiscussion = (state, getters) => (discussionId) =>
   getters.draftsPerDiscussionId[discussionId] || {};
 
-export const draftForLine = (state, getters) => (diffFileSha, line, side = null) => {
+export const draftsForLine = (state, getters) => (diffFileSha, line, side = null) => {
   const draftsForFile = getters.draftsPerFileHashAndLine[diffFileSha];
-
   const key = side !== null ? parallelLineKey(line, side) : line.line_code;
+  const showDraftsForThisSide = showDraftOnSide(line, side);
 
-  if (draftsForFile) {
-    const draft = draftsForFile[key];
-    if (draft && showDraftOnSide(line, side)) {
-      return draft;
-    }
+  if (showDraftsForThisSide && draftsForFile?.[key]) {
+    return draftsForFile[key];
   }
-  return {};
+  return [];
 };
 
 export const draftsForFile = (state) => (diffFileSha) =>
diff --git a/app/assets/javascripts/diffs/components/diff_row_utils.js b/app/assets/javascripts/diffs/components/diff_row_utils.js
index f610ac979ca..7732badde34 100644
--- a/app/assets/javascripts/diffs/components/diff_row_utils.js
+++ b/app/assets/javascripts/diffs/components/diff_row_utils.js
@@ -108,7 +108,7 @@ export const mapParallel = (content) => (line) => {
       ...left,
       renderDiscussion: hasExpandedDiscussionOnLeft,
       hasDraft: content.hasParallelDraftLeft(content.diffFile.file_hash, line),
-      lineDraft: content.draftForLine(content.diffFile.file_hash, line, 'left'),
+      lineDrafts: content.draftsForLine(content.diffFile.file_hash, line, 'left'),
       hasCommentForm: left.hasForm,
       isConflictMarker:
         line.left.type === CONFLICT_MARKER_OUR || line.left.type === CONFLICT_MARKER_THEIR,
@@ -123,7 +123,7 @@ export const mapParallel = (content) => (line) => {
         hasExpandedDiscussionOnRight && right.type && right.type !== EXPANDED_LINE_TYPE,
       ),
       hasDraft: content.hasParallelDraftRight(content.diffFile.file_hash, line),
-      lineDraft: content.draftForLine(content.diffFile.file_hash, line, 'right'),
+      lineDrafts: content.draftsForLine(content.diffFile.file_hash, line, 'right'),
       hasCommentForm: Boolean(right.hasForm && right.type && right.type !== EXPANDED_LINE_TYPE),
       emptyCellClassMap: { conflict_their: line.left?.type === CONFLICT_OUR },
       addCommentTooltip: addCommentTooltip(line.right),
@@ -145,7 +145,7 @@ export const mapParallel = (content) => (line) => {
     lineCode: lineCode(line),
     isMetaLineLeft: isMetaLine(left?.type),
     isMetaLineRight: isMetaLine(right?.type),
-    draftRowClasses: left?.lineDraft > 0 || right?.lineDraft > 0 ? '' : 'js-temp-notes-holder',
+    draftRowClasses: left?.hasDraft || right?.hasDraft ? '' : 'js-temp-notes-holder',
     renderCommentRow,
     commentRowClasses: hasDiscussions(left) || hasDiscussions(right) ? '' : 'js-temp-notes-holder',
   };
diff --git a/app/assets/javascripts/diffs/components/diff_view.vue b/app/assets/javascripts/diffs/components/diff_view.vue
index 91bf3283379..5ea118afe78 100644
--- a/app/assets/javascripts/diffs/components/diff_view.vue
+++ b/app/assets/javascripts/diffs/components/diff_view.vue
@@ -177,6 +177,12 @@ export default {
     getCodeQualityLine(line) {
       return (line.left ?? line.right)?.codequality?.[0]?.line;
     },
+    lineDrafts(line, side) {
+      return (line[side]?.lineDrafts || []).filter((entry) => entry.isDraft);
+    },
+    lineHasDrafts(line, side) {
+      return this.lineDrafts(line, side).length > 0;
+    },
   },
   userColorScheme: window.gon.user_color_scheme,
 };
@@ -297,19 +303,19 @@ export default {
         class="diff-grid-drafts diff-tr notes_holder"
       >
         <div
-          v-if="!inline || (line.left && line.left.lineDraft.isDraft)"
+          v-if="!inline || lineHasDrafts(line, 'left')"
           class="diff-td notes-content parallel old"
         >
-          <div v-if="line.left && line.left.lineDraft.isDraft" class="content">
-            <draft-note :draft="line.left.lineDraft" :line="line.left" />
+          <div v-for="draft in lineDrafts(line, 'left')" :key="draft.id" class="content">
+            <draft-note :draft="draft" :line="line.left" />
           </div>
         </div>
         <div
-          v-if="!inline || (line.right && line.right.lineDraft.isDraft)"
+          v-if="!inline || lineHasDrafts(line, 'right')"
           class="diff-td notes-content parallel new"
         >
-          <div v-if="line.right && line.right.lineDraft.isDraft" class="content">
-            <draft-note :draft="line.right.lineDraft" :line="line.right" />
+          <div v-for="draft in lineDrafts(line, 'right')" :key="draft.id" class="content">
+            <draft-note :draft="draft" :line="line.right" />
           </div>
         </div>
       </div>
diff --git a/app/assets/javascripts/diffs/mixins/draft_comments.js b/app/assets/javascripts/diffs/mixins/draft_comments.js
index 693b4a84694..d41bb160e96 100644
--- a/app/assets/javascripts/diffs/mixins/draft_comments.js
+++ b/app/assets/javascripts/diffs/mixins/draft_comments.js
@@ -5,7 +5,7 @@ export default {
     ...mapGetters('batchComments', [
       'shouldRenderDraftRow',
       'shouldRenderParallelDraftRow',
-      'draftForLine',
+      'draftsForLine',
       'draftsForFile',
       'hasParallelDraftLeft',
       'hasParallelDraftRight',
diff --git a/app/assets/javascripts/projects/settings/components/transfer_project_form.vue b/app/assets/javascripts/projects/settings/components/transfer_project_form.vue
index c13753da00b..8299efed0a4 100644
--- a/app/assets/javascripts/projects/settings/components/transfer_project_form.vue
+++ b/app/assets/javascripts/projects/settings/components/transfer_project_form.vue
@@ -1,13 +1,14 @@
 <script>
-import { GlFormGroup } from '@gitlab/ui';
-import produce from 'immer';
+import { GlFormGroup, GlAlert } from '@gitlab/ui';
+import { debounce } from 'lodash';
 import ConfirmDanger from '~/vue_shared/components/confirm_danger/confirm_danger.vue';
 import NamespaceSelect from '~/vue_shared/components/namespace_select/namespace_select.vue';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
+import { getTransferLocations } from '~/api/projects_api';
+import { parseIntPagination, normalizeHeaders } from '~/lib/utils/common_utils';
 import { DEBOUNCE_DELAY } from '~/vue_shared/components/filtered_search_bar/constants';
-import searchNamespacesWhereUserCanTransferProjects from '../graphql/queries/search_namespaces_where_user_can_transfer_projects.query.graphql';
-
-const GROUPS_PER_PAGE = 25;
+import { s__, __ } from '~/locale';
+import currentUserNamespace from '../graphql/queries/current_user_namespace.query.graphql';
 
 export default {
   name: 'TransferProjectForm',
@@ -15,7 +16,15 @@ export default {
     GlFormGroup,
     NamespaceSelect,
     ConfirmDanger,
+    GlAlert,
   },
+  i18n: {
+    errorMessage: s__(
+      'ProjectTransfer|An error occurred fetching the transfer locations, please refresh the page and try again.',
+    ),
+    alertDismissAlert: __('Dismiss'),
+  },
+  inject: ['projectId'],
   props: {
     confirmationPhrase: {
       type: String,
@@ -26,93 +35,131 @@ export default {
       required: true,
     },
   },
-  apollo: {
-    currentUser: {
-      query: searchNamespacesWhereUserCanTransferProjects,
-      debounce: DEBOUNCE_DELAY,
-      variables() {
-        return {
-          search: this.searchTerm,
-          after: null,
-          first: GROUPS_PER_PAGE,
-        };
-      },
-      result() {
-        this.isLoadingMoreGroups = false;
-        this.isSearchLoading = false;
-      },
-    },
-  },
   data() {
     return {
-      currentUser: {},
+      userNamespaces: [],
+      groupNamespaces: [],
+      initialNamespacesLoaded: false,
       selectedNamespace: null,
-      isLoadingMoreGroups: false,
+      hasError: false,
+      isLoading: false,
       isSearchLoading: false,
       searchTerm: '',
+      page: 1,
+      totalPages: 1,
     };
   },
   computed: {
     hasSelectedNamespace() {
       return Boolean(this.selectedNamespace?.id);
     },
-    groupNamespaces() {
-      return this.currentUser.groups?.nodes?.map(this.formatNamespace) || [];
-    },
-    userNamespaces() {
-      const { namespace } = this.currentUser;
-
-      return namespace ? [this.formatNamespace(namespace)] : [];
-    },
     hasNextPageOfGroups() {
-      return this.currentUser.groups?.pageInfo?.hasNextPage || false;
+      return this.page < this.totalPages;
     },
   },
   methods: {
+    async handleShow() {
+      if (this.initialNamespacesLoaded) {
+        return;
+      }
+
+      this.isLoading = true;
+
+      [this.groupNamespaces, this.userNamespaces] = await Promise.all([
+        this.getGroupNamespaces(),
+        this.getUserNamespaces(),
+      ]);
+
+      this.isLoading = false;
+      this.initialNamespacesLoaded = true;
+    },
     handleSelect(selectedNamespace) {
       this.selectedNamespace = selectedNamespace;
       this.$emit('selectNamespace', selectedNamespace.id);
     },
-    handleLoadMoreGroups() {
-      this.isLoadingMoreGroups = true;
+    async getGroupNamespaces() {
+      try {
+        const { data: groupNamespaces, headers } = await getTransferLocations(this.projectId, {
+          page: this.page,
+          search: this.searchTerm,
+        });
 
-      this.$apollo.queries.currentUser.fetchMore({
-        variables: {
-          after: this.currentUser.groups.pageInfo.endCursor,
-          first: GROUPS_PER_PAGE,
-        },
-        updateQuery(
-          previousResult,
-          {
-            fetchMoreResult: {
-              currentUser: { groups: newGroups },
-            },
+        const { totalPages } = parseIntPagination(normalizeHeaders(headers));
+        this.totalPages = totalPages;
+
+        return groupNamespaces.map(({ id, full_name: humanName }) => ({
+          id,
+          humanName,
+        }));
+      } catch (error) {
+        this.hasError = true;
+
+        return [];
+      }
+    },
+    async getUserNamespaces() {
+      try {
+        const {
+          data: {
+            currentUser: { namespace },
           },
-        ) {
-          const previousGroups = previousResult.currentUser.groups;
+        } = await this.$apollo.query({
+          query: currentUserNamespace,
+        });
 
-          return produce(previousResult, (draftData) => {
-            draftData.currentUser.groups.nodes = [...previousGroups.nodes, ...newGroups.nodes];
-            draftData.currentUser.groups.pageInfo = newGroups.pageInfo;
-          });
-        },
-      });
+        if (!namespace) {
+          return [];
+        }
+
+        return [
+          {
+            id: getIdFromGraphQLId(namespace.id),
+            humanName: namespace.fullName,
+          },
+        ];
+      } catch (error) {
+        this.hasError = true;
+
+        return [];
+      }
     },
-    handleSearch(searchTerm) {
+    async handleLoadMoreGroups() {
+      this.isLoading = true;
+      this.page += 1;
+
+      const groupNamespaces = await this.getGroupNamespaces();
+      this.groupNamespaces.push(...groupNamespaces);
+
+      this.isLoading = false;
+    },
+    debouncedSearch: debounce(async function debouncedSearch() {
       this.isSearchLoading = true;
+
+      this.groupNamespaces = await this.getGroupNamespaces();
+
+      this.isSearchLoading = false;
+    }, DEBOUNCE_DELAY),
+    handleSearch(searchTerm) {
       this.searchTerm = searchTerm;
+      this.page = 1;
+
+      this.debouncedSearch();
     },
-    formatNamespace({ id, fullName }) {
-      return {
-        id: getIdFromGraphQLId(id),
-        humanName: fullName,
-      };
+    handleAlertDismiss() {
+      this.hasError = false;
     },
   },
 };
 </script>
 <template>
   <div>
+    <gl-alert
+      v-if="hasError"
+      variant="danger"
+      :dismiss-label="$options.i18n.alertDismissLabel"
+      @dismiss="handleAlertDismiss"
+      >{{ $options.i18n.errorMessage }}</gl-alert
+    >
     <gl-form-group>
       <namespace-select
         data-testid="transfer-project-namespace"
@@ -121,12 +168,13 @@ export default {
         :user-namespaces="userNamespaces"
         :selected-namespace="selectedNamespace"
         :has-next-page-of-groups="hasNextPageOfGroups"
-        :is-loading-more-groups="isLoadingMoreGroups"
+        :is-loading="isLoading"
         :is-search-loading="isSearchLoading"
         :should-filter-namespaces="false"
         @select="handleSelect"
         @load-more-groups="handleLoadMoreGroups"
         @search="handleSearch"
+        @show="handleShow"
       />
     </gl-form-group>
     <confirm-danger
diff --git a/app/assets/javascripts/projects/settings/graphql/queries/current_user_namespace.query.graphql b/app/assets/javascripts/projects/settings/graphql/queries/current_user_namespace.query.graphql
new file mode 100644
index 00000000000..7ae6ee1428b
--- /dev/null
+++ b/app/assets/javascripts/projects/settings/graphql/queries/current_user_namespace.query.graphql
@@ -0,0 +1,9 @@
+query currentUserNamespace {
+  currentUser {
+    id
+    namespace {
+      id
+      fullName
+    }
+  }
+}
diff --git a/app/assets/javascripts/projects/settings/graphql/queries/search_namespaces_where_user_can_transfer_projects.query.graphql b/app/assets/javascripts/projects/settings/graphql/queries/search_namespaces_where_user_can_transfer_projects.query.graphql
deleted file mode 100644
index d4bcb8c869c..00000000000
--- a/app/assets/javascripts/projects/settings/graphql/queries/search_namespaces_where_user_can_transfer_projects.query.graphql
+++ /dev/null
@@ -1,24 +0,0 @@
-#import "~/graphql_shared/fragments/page_info.fragment.graphql"
-
-query searchNamespacesWhereUserCanTransferProjects(
-  $search: String = ""
-  $after: String = ""
-  $first: Int = null
-) {
-  currentUser {
-    id
-    groups(permissionScope: TRANSFER_PROJECTS, search: $search, after: $after, first: $first) {
-      nodes {
-        id
-        fullName
-      }
-      pageInfo {
-        ...PageInfo
-      }
-    }
-    namespace {
-      id
-      fullName
-    }
-  }
-}
diff --git a/app/assets/javascripts/projects/settings/init_transfer_project_form.js b/app/assets/javascripts/projects/settings/init_transfer_project_form.js
index bc1aff640d2..89c158a9ba8 100644
--- a/app/assets/javascripts/projects/settings/init_transfer_project_form.js
+++ b/app/assets/javascripts/projects/settings/init_transfer_project_form.js
@@ -12,6 +12,7 @@ export default () => {
   Vue.use(VueApollo);
 
   const {
+    projectId,
     targetFormId = null,
     targetHiddenInputId = null,
     buttonText: confirmButtonText = '',
@@ -26,6 +27,7 @@ export default () => {
     }),
     provide: {
       confirmDangerMessage,
+      projectId,
     },
     render(createElement) {
       return createElement(TransferProjectForm, {
diff --git a/app/assets/javascripts/protected_branches/protected_branch_create.js b/app/assets/javascripts/protected_branches/protected_branch_create.js
index f232cb2709a..120f75d4f0c 100644
--- a/app/assets/javascripts/protected_branches/protected_branch_create.js
+++ b/app/assets/javascripts/protected_branches/protected_branch_create.js
@@ -74,7 +74,7 @@ export default class ProtectedBranchCreate {
       $allowedToPush.length
     );
 
-    this.$form.find('input[type="submit"]').attr('disabled', toggle);
+    this.$form.find('button[type="submit"]').attr('disabled', toggle);
   }
 
   static getProtectedBranches(term, callback) {
diff --git a/app/assets/javascripts/set_status_modal/set_status_form.vue b/app/assets/javascripts/set_status_modal/set_status_form.vue
index e5f6ce07189..86049a2b781 100644
--- a/app/assets/javascripts/set_status_modal/set_status_form.vue
+++ b/app/assets/javascripts/set_status_modal/set_status_form.vue
@@ -131,9 +131,9 @@ export default {
   i18n: {
     statusMessagePlaceholder: s__(`SetStatusModal|What's your status?`),
     clearStatusButtonLabel: s__('SetStatusModal|Clear status'),
-    availabilityCheckboxLabel: s__('SetStatusModal|Busy'),
+    availabilityCheckboxLabel: s__('SetStatusModal|Set yourself as busy'),
     availabilityCheckboxHelpText: s__(
-      'SetStatusModal|An indicator appears next to your name and avatar',
+      'SetStatusModal|Displays that you are busy or not able to respond',
     ),
     clearStatusAfterDropdownLabel: s__('SetStatusModal|Clear status after'),
     clearStatusAfterMessage: s__('SetStatusModal|Your status resets on %{date}.'),
diff --git a/app/assets/javascripts/vue_shared/components/color_select_dropdown/color_select_root.vue b/app/assets/javascripts/vue_shared/components/color_select_dropdown/color_select_root.vue
index a88a4ca5cb8..75386a3cd01 100644
--- a/app/assets/javascripts/vue_shared/components/color_select_dropdown/color_select_root.vue
+++ b/app/assets/javascripts/vue_shared/components/color_select_dropdown/color_select_root.vue
@@ -1,6 +1,6 @@
 <script>
 import { isString } from 'lodash';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { s__ } from '~/locale';
 import SidebarEditableItem from '~/sidebar/components/sidebar_editable_item.vue';
 import { DEFAULT_COLOR, COLOR_WIDGET_COLOR, DROPDOWN_VARIANT, ISSUABLE_COLORS } from './constants';
@@ -97,7 +97,7 @@ export default {
         return DEFAULT_COLOR;
       },
       error() {
-        createFlash({
+        createAlert({
           message: this.$options.i18n.fetchingError,
           captureError: true,
         });
@@ -161,7 +161,7 @@ export default {
           });
         })
         .catch((error) =>
-          createFlash({
+          createAlert({
             message: this.$options.i18n.updatingError,
             captureError: true,
             error,
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue
index e311df6e66f..32d2e91903d 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/filtered_search_bar_root.vue
@@ -12,7 +12,7 @@ import {
 import RecentSearchesStorageKeys from 'ee_else_ce/filtered_search/recent_searches_storage_keys';
 import RecentSearchesService from '~/filtered_search/services/recent_searches_service';
 import RecentSearchesStore from '~/filtered_search/stores/recent_searches_store';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 
 import { SortDirection } from './constants';
@@ -197,7 +197,7 @@ export default {
         .catch((error) => {
           if (error.name === 'RecentSearchesServiceError') return undefined;
 
-          createFlash({
+          createAlert({
             message: __('An error occurred while parsing recent searches'),
           });
 
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/store/modules/filters/actions.js b/app/assets/javascripts/vue_shared/components/filtered_search_bar/store/modules/filters/actions.js
index 7c4e372dda1..8a6053b7001 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/store/modules/filters/actions.js
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/store/modules/filters/actions.js
@@ -1,5 +1,5 @@
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { __ } from '~/locale';
 import * as types from './mutation_types';
@@ -24,7 +24,7 @@ export function fetchBranches({ commit, state }, search = '') {
     .catch(({ response }) => {
       const { status } = response;
       commit(types.RECEIVE_BRANCHES_ERROR, status);
-      createFlash({
+      createAlert({
         message: __('Failed to load branches. Please try again.'),
       });
     });
@@ -43,7 +43,7 @@ export const fetchMilestones = ({ commit, state }, searchTitle = '') => {
     .catch(({ response }) => {
       const { status } = response;
       commit(types.RECEIVE_MILESTONES_ERROR, status);
-      createFlash({
+      createAlert({
         message: __('Failed to load milestones. Please try again.'),
       });
     });
@@ -61,7 +61,7 @@ export const fetchLabels = ({ commit, state }, search = '') => {
     .catch(({ response }) => {
       const { status } = response;
       commit(types.RECEIVE_LABELS_ERROR, status);
-      createFlash({
+      createAlert({
         message: __('Failed to load labels. Please try again.'),
       });
     });
@@ -86,7 +86,7 @@ function fetchUser(options = {}) {
     .catch(({ response }) => {
       const { status } = response;
       commit(`RECEIVE_${action}_ERROR`, status);
-      createFlash({
+      createAlert({
         message: errorMessage,
       });
     });
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue
index 848c49c48c7..7c184a3c391 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/author_token.vue
@@ -1,7 +1,7 @@
 <script>
 import { GlAvatar, GlFilteredSearchSuggestion } from '@gitlab/ui';
 import { compact } from 'lodash';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 
 import { DEFAULT_NONE_ANY } from '../constants';
@@ -65,7 +65,7 @@ export default {
           this.authors = Array.isArray(res) ? compact(res) : compact(res.data);
         })
         .catch(() =>
-          createFlash({
+          createAlert({
             message: __('There was a problem fetching users.'),
           }),
         )
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/branch_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/branch_token.vue
index aa5161ca93c..741395b3193 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/branch_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/branch_token.vue
@@ -1,6 +1,6 @@
 <script>
 import { GlFilteredSearchSuggestion } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
 
@@ -46,7 +46,7 @@ export default {
           this.branches = data;
         })
         .catch(() => {
-          createFlash({ message: __('There was a problem fetching branches.') });
+          createAlert({ message: __('There was a problem fetching branches.') });
         })
         .finally(() => {
           this.loading = false;
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_contact_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_contact_token.vue
index adfe0559b62..d34cfb922a9 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_contact_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_contact_token.vue
@@ -3,7 +3,7 @@ import { GlFilteredSearchSuggestion } from '@gitlab/ui';
 
 import { ITEM_TYPE } from '~/groups/constants';
 import { getIdFromGraphQLId, convertToGraphQLId } from '~/graphql_shared/utils';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { isPositiveInteger } from '~/lib/utils/number_utils';
 import { __ } from '~/locale';
 import searchCrmContactsQuery from '../queries/search_crm_contacts.query.graphql';
@@ -81,7 +81,7 @@ export default {
             : data[this.namespace]?.contacts.nodes;
         })
         .catch(() =>
-          createFlash({
+          createAlert({
             message: __('There was a problem fetching CRM contacts.'),
           }),
         )
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_organization_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_organization_token.vue
index e6ab944449e..c7c9350ee93 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_organization_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/crm_organization_token.vue
@@ -3,7 +3,7 @@ import { GlFilteredSearchSuggestion } from '@gitlab/ui';
 
 import { ITEM_TYPE } from '~/groups/constants';
 import { getIdFromGraphQLId, convertToGraphQLId } from '~/graphql_shared/utils';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { isPositiveInteger } from '~/lib/utils/number_utils';
 import { __ } from '~/locale';
 import searchCrmOrganizationsQuery from '../queries/search_crm_organizations.query.graphql';
@@ -78,7 +78,7 @@ export default {
             : data[this.namespace]?.organizations.nodes;
         })
         .catch(() =>
-          createFlash({
+          createAlert({
             message: __('There was a problem fetching CRM organizations.'),
           }),
         )
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/emoji_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/emoji_token.vue
index 210d814d22a..929823f7308 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/emoji_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/emoji_token.vue
@@ -1,6 +1,6 @@
 <script>
 import { GlFilteredSearchSuggestion } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
 import { DEFAULT_NONE_ANY } from '../constants';
@@ -48,7 +48,7 @@ export default {
           this.emojis = Array.isArray(response) ? response : response.data;
         })
         .catch(() => {
-          createFlash({ message: __('There was a problem fetching emojis.') });
+          createAlert({ message: __('There was a problem fetching emojis.') });
         })
         .finally(() => {
           this.loading = false;
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/label_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/label_token.vue
index 178c57a5666..bce0c11aafd 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/label_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/label_token.vue
@@ -1,7 +1,7 @@
 <script>
 import { GlToken, GlFilteredSearchSuggestion } from '@gitlab/ui';
 
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { convertObjectPropsToCamelCase } from '~/lib/utils/common_utils';
 import { __ } from '~/locale';
 
@@ -81,7 +81,7 @@ export default {
           this.labels = Array.isArray(res) ? res : res.data;
         })
         .catch(() =>
-          createFlash({
+          createAlert({
             message: __('There was a problem fetching labels.'),
           }),
         )
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/milestone_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/milestone_token.vue
index 69265d0fdc9..b9ee4d51db1 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/milestone_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/milestone_token.vue
@@ -1,6 +1,6 @@
 <script>
 import { GlFilteredSearchSuggestion } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 import { sortMilestonesByDueDate } from '~/milestones/utils';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
@@ -65,7 +65,7 @@ export default {
           }
         })
         .catch(() => {
-          createFlash({ message: __('There was a problem fetching milestones.') });
+          createAlert({ message: __('There was a problem fetching milestones.') });
         })
         .finally(() => {
           this.loading = false;
diff --git a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/release_token.vue b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/release_token.vue
index 9e68c92af5d..59701b4959e 100644
--- a/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/release_token.vue
+++ b/app/assets/javascripts/vue_shared/components/filtered_search_bar/tokens/release_token.vue
@@ -1,6 +1,6 @@
 <script>
 import { GlFilteredSearchSuggestion } from '@gitlab/ui';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { __ } from '~/locale';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
 import { DEFAULT_NONE_ANY } from '../constants';
@@ -47,7 +47,7 @@ export default {
           this.releases = response;
         })
         .catch(() => {
-          createFlash({ message: __('There was a problem fetching releases.') });
+          createAlert({ message: __('There was a problem fetching releases.') });
         })
         .finally(() => {
           this.loading = false;
diff --git a/app/assets/javascripts/vue_shared/components/namespace_select/namespace_select.vue b/app/assets/javascripts/vue_shared/components/namespace_select/namespace_select.vue
index e9f278a5db5..71e10acf7b2 100644
--- a/app/assets/javascripts/vue_shared/components/namespace_select/namespace_select.vue
+++ b/app/assets/javascripts/vue_shared/components/namespace_select/namespace_select.vue
@@ -78,7 +78,7 @@ export default {
       required: false,
       default: false,
     },
-    isLoadingMoreGroups: {
+    isLoading: {
       type: Boolean,
       required: false,
       default: false,
@@ -152,7 +152,12 @@ export default {
 };
 </script>
 <template>
-  <gl-dropdown :text="selectedNamespaceText" :block="fullWidth" data-qa-selector="namespaces_list">
+  <gl-dropdown
+    :text="selectedNamespaceText"
+    :block="fullWidth"
+    data-qa-selector="namespaces_list"
+    @show="$emit('show')"
+  >
     <template #header>
       <gl-search-box-by-type
         v-model.trim="searchTerm"
@@ -201,8 +206,7 @@ export default {
         >{{ item.humanName }}</gl-dropdown-item
       >
     </div>
-    <gl-intersection-observer v-if="hasNextPageOfGroups" @appear="$emit('load-more-groups')">
-      <gl-loading-icon v-if="isLoadingMoreGroups" class="gl-mb-3" size="sm" />
-    </gl-intersection-observer>
+    <gl-loading-icon v-if="isLoading" class="gl-mb-3" size="sm" />
+    <gl-intersection-observer v-if="hasNextPageOfGroups" @appear="$emit('load-more-groups')" />
   </gl-dropdown>
 </template>
diff --git a/app/assets/stylesheets/_page_specific_files.scss b/app/assets/stylesheets/_page_specific_files.scss
index 15d2828bdfb..8e3f00ee63c 100644
--- a/app/assets/stylesheets/_page_specific_files.scss
+++ b/app/assets/stylesheets/_page_specific_files.scss
@@ -3,7 +3,6 @@
 @import './pages/commits';
 @import './pages/deploy_keys';
 @import './pages/detail_page';
-@import './pages/environment_logs';
 @import './pages/events';
 @import './pages/groups';
 @import './pages/hierarchy';
diff --git a/app/assets/stylesheets/framework/diffs.scss b/app/assets/stylesheets/framework/diffs.scss
index b991096d925..7fff675b970 100644
--- a/app/assets/stylesheets/framework/diffs.scss
+++ b/app/assets/stylesheets/framework/diffs.scss
@@ -619,6 +619,10 @@ table.code {
   .diff-grid-drafts {
     display: grid;
     grid-template-columns: 1fr 1fr;
+
+    .content + .content {
+      @include gl-border-t;
+    }
   }
 
   &.inline-diff-view {
diff --git a/app/assets/stylesheets/framework/flash.scss b/app/assets/stylesheets/framework/flash.scss
index b51daf0e4dc..e9e5d6da1f5 100644
--- a/app/assets/stylesheets/framework/flash.scss
+++ b/app/assets/stylesheets/framework/flash.scss
@@ -79,6 +79,19 @@ $notification-box-shadow-color: rgba(0, 0, 0, 0.25);
   .gl-alert {
     @include gl-my-4;
   }
+
+  &.flash-container-no-margin {
+    .gl-alert {
+      @include gl-my-0;
+    }
+
+    .flash-alert,
+    .flash-notice,
+    .flash-success,
+    .flash-warning {
+      @include gl-mt-0;
+    }
+  }
 }
 
 @include media-breakpoint-down(sm) {
diff --git a/app/assets/stylesheets/pages/environment_logs.scss b/app/assets/stylesheets/pages/environment_logs.scss
deleted file mode 100644
index f8f40076142..00000000000
--- a/app/assets/stylesheets/pages/environment_logs.scss
+++ /dev/null
@@ -1,54 +0,0 @@
-.environment-logs-page {
-  .content-wrapper {
-    padding-bottom: 0;
-  }
-}
-
-.environment-logs-viewer {
-  height: calc(100vh - #{$environment-logs-difference-xs-up});
-  min-height: 700px;
-
-  @include media-breakpoint-up(md) {
-    height: calc(100vh - #{$environment-logs-difference-md-up});
-  }
-
-  .with-performance-bar & {
-    height: calc(100vh - #{$environment-logs-difference-xs-up} - #{$performance-bar-height});
-
-    @include media-breakpoint-up(md) {
-      height: calc(100vh - #{$environment-logs-difference-md-up} - #{$performance-bar-height});
-    }
-  }
-
-  .top-bar {
-    .date-time-picker-wrapper,
-    .dropdown-toggle {
-      @include media-breakpoint-up(md) {
-        width: 140px;
-      }
-
-      @include media-breakpoint-up(lg) {
-        width: 160px;
-      }
-    }
-  }
-
-  .log-lines,
-  .gl-infinite-scroll-container {
-    // makes scrollbar visible by creating contrast
-    background: $black;
-    height: 100%;
-  }
-
-  .build-log {
-    @include build-log($black);
-  }
-
-  .gl-infinite-scroll-legend {
-    margin: 0;
-  }
-
-  .build-loader-animation {
-    @include build-loader-animation;
-  }
-}
diff --git a/app/controllers/projects/pages_domains_controller.rb b/app/controllers/projects/pages_domains_controller.rb
index a6b22a28b17..896c88cf8c3 100644
--- a/app/controllers/projects/pages_domains_controller.rb
+++ b/app/controllers/projects/pages_domains_controller.rb
@@ -51,7 +51,9 @@ class Projects::PagesDomainsController < Projects::ApplicationController
   end
 
   def update
-    if @domain.update(update_params)
+    service = ::PagesDomains::UpdateService.new(@project, current_user, update_params)
+
+    if service.execute(@domain)
       redirect_to project_pages_path(@project),
         status: :found,
         notice: 'Domain was updated'
@@ -74,9 +76,10 @@ class Projects::PagesDomainsController < Projects::ApplicationController
   end
 
   def clean_certificate
-    unless @domain.update(user_provided_certificate: nil, user_provided_key: nil)
-      flash[:alert] = @domain.errors.full_messages.join(', ')
-    end
+    update_params = { user_provided_certificate: nil, user_provided_key: nil }
+    service = ::PagesDomains::UpdateService.new(@project, current_user, update_params)
+
+    flash[:alert] = @domain.errors.full_messages.join(', ') unless service.execute(@domain)
 
     redirect_to project_pages_domain_path(@project, @domain)
   end
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 3c1a3534912..2ee9832547c 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -35,7 +35,7 @@ class UsersController < ApplicationController
   feature_category :source_code_management, [:gpg_keys]
 
   # TODO: Set higher urgency after resolving https://gitlab.com/gitlab-org/gitlab/-/issues/357914
-  urgency :low, [:show, :calendar_activities, :contributed, :activity, :projects, :groups, :calendar]
+  urgency :low, [:show, :calendar_activities, :contributed, :activity, :projects, :groups, :calendar, :snippets]
   urgency :default, [:followers, :following, :starred]
   urgency :high, [:exists]
 
diff --git a/app/events/pages_domains/pages_domain_updated_event.rb b/app/events/pages_domains/pages_domain_updated_event.rb
new file mode 100644
index 00000000000..641fb2f6a53
--- /dev/null
+++ b/app/events/pages_domains/pages_domain_updated_event.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module PagesDomains
+  class PagesDomainUpdatedEvent < ::Gitlab::EventStore::Event
+    def schema
+      {
+        'type' => 'object',
+        'properties' => {
+          'project_id' => { 'type' => 'integer' },
+          'namespace_id' => { 'type' => 'integer' },
+          'root_namespace_id' => { 'type' => 'integer' },
+          'domain' => { 'type' => 'string' }
+        },
+        'required' => %w[project_id namespace_id root_namespace_id]
+      }
+    end
+  end
+end
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index a75c1b16145..2ae41f1bd32 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -313,7 +313,6 @@ module ApplicationHelper
     class_names = []
     class_names << 'issue-boards-page gl-overflow-auto' if current_controller?(:boards)
     class_names << 'epic-boards-page gl-overflow-auto' if current_controller?(:epic_boards)
-    class_names << 'environment-logs-page' if current_controller?(:logs)
     class_names << 'with-performance-bar' if performance_bar_enabled?
     class_names << system_message_class
     class_names << marketing_header_experiment_class
diff --git a/app/helpers/users/callouts_helper.rb b/app/helpers/users/callouts_helper.rb
index d8baa185370..a9fd219bbac 100644
--- a/app/helpers/users/callouts_helper.rb
+++ b/app/helpers/users/callouts_helper.rb
@@ -76,8 +76,8 @@ module Users
       user_dismissed?(WEB_HOOK_DISABLED, last_failure, project: project)
     end
 
-    def show_merge_request_settings_callout?
-      !user_dismissed?(MERGE_REQUEST_SETTINGS_MOVED_CALLOUT)
+    def show_merge_request_settings_callout?(project)
+      !user_dismissed?(MERGE_REQUEST_SETTINGS_MOVED_CALLOUT) && project.merge_requests_enabled?
     end
 
     def ultimate_feature_removal_banner_dismissed?(project)
diff --git a/app/models/concerns/counter_attribute.rb b/app/models/concerns/counter_attribute.rb
index 64d178b7507..058cb7752f6 100644
--- a/app/models/concerns/counter_attribute.rb
+++ b/app/models/concerns/counter_attribute.rb
@@ -95,7 +95,7 @@ module CounterAttribute
       next if increment_value == 0
 
       transaction do
-        unsafe_update_counters(id, attribute => increment_value)
+        update_counters_with_lease({ attribute => increment_value })
         redis_state { |redis| redis.del(flushed_key) }
         new_db_value = reset.read_attribute(attribute)
       end
@@ -130,9 +130,18 @@ module CounterAttribute
     end
   end
 
-  def clear_counter!(attribute)
+  def update_counters_with_lease(increments)
+    detect_race_on_record(log_fields: increments.merge({ caller: __method__ })) do
+      self.class.update_counters(id, increments)
+    end
+  end
+
+  def reset_counter!(attribute)
     if counter_attribute_enabled?(attribute)
-      redis_state { |redis| redis.del(counter_key(attribute)) }
+      detect_race_on_record(log_fields: { caller: __method__ }) do
+        update!(attribute => 0)
+        clear_counter!(attribute)
+      end
 
       log_clear_counter(attribute)
     end
@@ -164,14 +173,20 @@ module CounterAttribute
 
   private
 
+  def database_lock_key
+    "project:{#{project_id}}:#{self.class}:#{id}"
+  end
+
   def steal_increments(increment_key, flushed_key)
     redis_state do |redis|
       redis.eval(LUA_STEAL_INCREMENT_SCRIPT, keys: [increment_key, flushed_key])
     end
   end
 
-  def unsafe_update_counters(id, increments)
-    self.class.update_counters(id, increments)
+  def clear_counter!(attribute)
+    redis_state do |redis|
+      redis.del(counter_key(attribute))
+    end
   end
 
   def execute_after_flush_callbacks
@@ -192,6 +207,32 @@ module CounterAttribute
     # a worker is already updating the counters
   end
 
+  # detect_race_on_record uses a lease to monitor access
+  # to the project statistics row. This is needed to detect
+  # concurrent attempts to increment columns, which could result in a
+  # race condition.
+  #
+  # As the purpose is to detect and warn concurrent attempts,
+  # it falls back to direct update on the row if it fails to obtain the lease.
+  #
+  # It does not guarantee that there will not be any concurrent updates.
+  def detect_race_on_record(log_fields: {})
+    return yield unless Feature.enabled?(:counter_attribute_db_lease_for_update, project)
+
+    in_lock(database_lock_key, retries: 2) do
+      yield
+    end
+  rescue Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError
+    Gitlab::AppLogger.warn(
+      message: 'Concurrent update to project statistics detected',
+      project_statistics_id: id,
+      **log_fields,
+      **Gitlab::ApplicationContext.current
+    )
+
+    yield
+  end
+
   def log_increment_counter(attribute, increment, new_value)
     payload = Gitlab::ApplicationContext.current.merge(
       message: 'Increment counter attribute',
diff --git a/app/models/project_statistics.rb b/app/models/project_statistics.rb
index a91e0291438..40838fe8726 100644
--- a/app/models/project_statistics.rb
+++ b/app/models/project_statistics.rb
@@ -49,7 +49,9 @@ class ProjectStatistics < ApplicationRecord
       schedule_namespace_aggregation_worker
     end
 
-    save!
+    detect_race_on_record(log_fields: { caller: __method__ }) do
+      save!
+    end
   end
 
   def update_commit_count
@@ -110,8 +112,10 @@ class ProjectStatistics < ApplicationRecord
   end
 
   def refresh_storage_size!
-    update_storage_size
-    save!
+    detect_race_on_record(log_fields: { caller: __method__ }) do
+      update_storage_size
+      save!
+    end
   end
 
   # Since this incremental update method does not call update_storage_size above through before_save,
@@ -129,36 +133,34 @@ class ProjectStatistics < ApplicationRecord
       if counter_attribute_enabled?(key)
         project_statistics.delayed_increment_counter(key, amount)
       else
-        legacy_increment_statistic(project, key, amount)
+        project_statistics.legacy_increment_statistic(key, amount)
       end
     end
   end
 
-  def self.legacy_increment_statistic(project, key, amount)
-    where(project_id: project.id).columns_to_increment(key, amount)
-
-    Namespaces::ScheduleAggregationWorker.perform_async( # rubocop: disable CodeReuse/Worker
-      project.namespace_id)
-  end
-
-  def self.columns_to_increment(key, amount)
-    updates = ["#{key} = COALESCE(#{key}, 0) + (#{amount})"]
-
-    if (additional = INCREMENTABLE_COLUMNS[key])
-      additional.each do |column|
-        updates << "#{column} = COALESCE(#{column}, 0) + (#{amount})"
-      end
-    end
-
-    update_all(updates.join(', '))
-  end
-
   def self.incrementable_attribute?(key)
     INCREMENTABLE_COLUMNS.key?(key) || counter_attribute_enabled?(key)
   end
 
+  def legacy_increment_statistic(key, amount)
+    increment_columns!(key, amount)
+
+    Namespaces::ScheduleAggregationWorker.perform_async( # rubocop: disable CodeReuse/Worker
+      project.namespace_id)
+  end
+
   private
 
+  def increment_columns!(key, amount)
+    increments = { key => amount }
+    additional = INCREMENTABLE_COLUMNS.fetch(key, [])
+    additional.each do |column|
+      increments[column] = amount
+    end
+
+    update_counters_with_lease(increments)
+  end
+
   def schedule_namespace_aggregation_worker
     run_after_commit do
       Namespaces::ScheduleAggregationWorker.perform_async(project.namespace_id)
diff --git a/app/models/projects/build_artifacts_size_refresh.rb b/app/models/projects/build_artifacts_size_refresh.rb
index e66e1d5b42f..2ffc7478178 100644
--- a/app/models/projects/build_artifacts_size_refresh.rb
+++ b/app/models/projects/build_artifacts_size_refresh.rb
@@ -80,9 +80,7 @@ module Projects
     end
 
     def reset_project_statistics!
-      statistics = project.statistics
-      statistics.update!(build_artifacts_size: 0)
-      statistics.clear_counter!(:build_artifacts_size)
+      project.statistics.reset_counter!(:build_artifacts_size)
     end
 
     def next_batch(limit:)
diff --git a/app/services/pages_domains/update_service.rb b/app/services/pages_domains/update_service.rb
new file mode 100644
index 00000000000..b038aaa95b6
--- /dev/null
+++ b/app/services/pages_domains/update_service.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module PagesDomains
+  class UpdateService < BaseService
+    def execute(domain)
+      return unless authorized?
+
+      return false unless domain.update(params)
+
+      publish_event(domain)
+
+      true
+    end
+
+    private
+
+    def authorized?
+      current_user.can?(:update_pages, project)
+    end
+
+    def publish_event(domain)
+      event = PagesDomainUpdatedEvent.new(
+        data: {
+          project_id: project.id,
+          namespace_id: project.namespace_id,
+          root_namespace_id: project.root_namespace.id,
+          domain: domain.domain
+        }
+      )
+
+      Gitlab::EventStore.publish(event)
+    end
+  end
+end
diff --git a/app/views/admin/application_settings/_external_authorization_service_form.html.haml b/app/views/admin/application_settings/_external_authorization_service_form.html.haml
index 7919fde631f..a5e10846488 100644
--- a/app/views/admin/application_settings/_external_authorization_service_form.html.haml
+++ b/app/views/admin/application_settings/_external_authorization_service_form.html.haml
@@ -47,4 +47,4 @@
           = f.text_field :external_authorization_service_default_label, class: 'form-control gl-form-input'
           %span.form-text.text-muted
             = external_authorization_client_url_help_text
-      = f.submit _('Save changes'), class: "gl-button btn btn-confirm"
+      = f.submit _('Save changes'), pajamas_button: true
diff --git a/app/views/admin/application_settings/_import_export_limits.html.haml b/app/views/admin/application_settings/_import_export_limits.html.haml
index bc4a1577f90..8cb7915f847 100644
--- a/app/views/admin/application_settings/_import_export_limits.html.haml
+++ b/app/views/admin/application_settings/_import_export_limits.html.haml
@@ -1,4 +1,4 @@
-= form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-import-export-limits-settings'), html: { class: 'fieldset-form' } do |f|
+= gitlab_ui_form_for @application_setting, url: network_admin_application_settings_path(anchor: 'js-import-export-limits-settings'), html: { class: 'fieldset-form' } do |f|
   = form_errors(@application_setting)
 
   %fieldset
@@ -35,4 +35,4 @@
       = f.label :group_download_export_limit, _('Maximum group export download requests per minute'), class: 'label-bold'
       = f.number_field :group_download_export_limit, class: 'form-control gl-form-input'
 
-  = f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
+  = f.submit _('Save changes'), data: { qa_selector: 'save_changes_button' }, pajamas_button: true
diff --git a/app/views/admin/application_settings/_ip_limits.html.haml b/app/views/admin/application_settings/_ip_limits.html.haml
index 4362ae9cb9b..01d7bf0af67 100644
--- a/app/views/admin/application_settings/_ip_limits.html.haml
+++ b/app/views/admin/application_settings/_ip_limits.html.haml
@@ -66,4 +66,4 @@
       .form-text.text-muted
         = html_escape(_("If blank, defaults to %{code_open}Retry later%{code_close}.")) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
 
-  = f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
+  = f.submit _('Save changes'), data: { qa_selector: 'save_changes_button' }, pajamas_button: true
diff --git a/app/views/admin/application_settings/_pipeline_limits.html.haml b/app/views/admin/application_settings/_pipeline_limits.html.haml
index e93823172db..b7dffe63777 100644
--- a/app/views/admin/application_settings/_pipeline_limits.html.haml
+++ b/app/views/admin/application_settings/_pipeline_limits.html.haml
@@ -6,4 +6,4 @@
       = f.label :pipeline_limit_per_project_user_sha,  _('Maximum number of requests per minute')
       = f.number_field :pipeline_limit_per_project_user_sha, class: 'form-control gl-form-input'
 
-  = f.submit _('Save changes'), class: "gl-button btn btn-confirm", data: { qa_selector: 'save_changes_button' }
+  = f.submit _('Save changes'), data: { qa_selector: 'save_changes_button' }, pajamas_button: true
diff --git a/app/views/admin/application_settings/_registry.html.haml b/app/views/admin/application_settings/_registry.html.haml
index 856db32e088..6a8ef86a56e 100644
--- a/app/views/admin/application_settings/_registry.html.haml
+++ b/app/views/admin/application_settings/_registry.html.haml
@@ -34,4 +34,4 @@
         = f.gitlab_ui_checkbox_component :container_registry_expiration_policies_caching, _("Enable container expiration caching."),
           help_text: '%{help_text} %{help_link}'.html_safe % { help_text: help_text, help_link: help_link }
 
-  = f.submit _('Save changes'), class: "gl-button btn btn-confirm"
+  = f.submit _('Save changes'), pajamas_button: true
diff --git a/app/views/admin/background_jobs/show.html.haml b/app/views/admin/background_jobs/show.html.haml
index 6d2cab06010..15ce9b692f0 100644
--- a/app/views/admin/background_jobs/show.html.haml
+++ b/app/views/admin/background_jobs/show.html.haml
@@ -7,5 +7,4 @@
   = html_escape(_('GitLab uses %{linkStart}Sidekiq%{linkEnd} to process background jobs')) % { linkStart: sidekiq_link_start, linkEnd: '</a>'.html_safe }
 
 %hr
-.card.gl-rounded-0
-  %iframe{ src: sidekiq_path, width: '100%', height: 970, style: "border: 0" }
+%iframe{ src: sidekiq_path, width: '100%', height: 970, style: "border: 0" }
diff --git a/app/views/layouts/_flash.html.haml b/app/views/layouts/_flash.html.haml
index ab4b3cf6afd..a74076dfa46 100644
--- a/app/views/layouts/_flash.html.haml
+++ b/app/views/layouts/_flash.html.haml
@@ -1,8 +1,11 @@
+- flash_container_no_margin = local_assigns.fetch(:flash_container_no_margin, false)
+- flash_container_class = ('flash-container-no-margin' if flash_container_no_margin)
+
 -# We currently only support `alert`, `notice`, `success`, 'toast', and 'raw'
 - icons = {'alert' => 'error', 'notice' => 'information-o', 'success' => 'check-circle'}
 - type_to_variant = {'alert' => 'danger', 'notice' => 'info', 'success' => 'success'}
 - closable = %w[alert notice success]
-.flash-container.flash-container-page.sticky{ data: { qa_selector: 'flash_container' } }
+.flash-container.flash-container-page.sticky{ data: { qa_selector: 'flash_container' }, class: flash_container_class }
   - flash.each do |key, value|
     - if key == 'toast' && value
       .js-toast-message{ data: { message: value } }
diff --git a/app/views/layouts/fullscreen.html.haml b/app/views/layouts/fullscreen.html.haml
index 61a57240ed5..2f5b5b3d199 100644
--- a/app/views/layouts/fullscreen.html.haml
+++ b/app/views/layouts/fullscreen.html.haml
@@ -14,7 +14,7 @@
           = render 'shared/outdated_browser'
           = render "layouts/broadcast"
           = yield :flash_message
-          = render "layouts/flash"
+          = render "layouts/flash", flash_container_no_margin: true
         .content-wrapper{ id: "content-body", class: "d-flex flex-column align-items-stretch" }
           = yield
     = render "layouts/nav/top_nav_responsive", class: "gl-flex-grow-1 gl-overflow-y-auto"
diff --git a/app/views/projects/_transfer.html.haml b/app/views/projects/_transfer.html.haml
index 02aa1f7e93b..e3aa2d8afc9 100644
--- a/app/views/projects/_transfer.html.haml
+++ b/app/views/projects/_transfer.html.haml
@@ -1,7 +1,7 @@
 - return unless can?(current_user, :change_namespace, @project)
 - form_id = "transfer-project-form"
 - hidden_input_id = "new_namespace_id"
-- initial_data = { button_text: s_('ProjectSettings|Transfer project'), confirm_danger_message: transfer_project_message(@project), phrase: @project.name, target_form_id: form_id, target_hidden_input_id: hidden_input_id }
+- initial_data = { button_text: s_('ProjectSettings|Transfer project'), confirm_danger_message: transfer_project_message(@project), phrase: @project.name, target_form_id: form_id, target_hidden_input_id: hidden_input_id, project_id: @project.id }
 
 .sub-section
   %h4.danger-title= _('Transfer project')
diff --git a/app/views/projects/buttons/_star.html.haml b/app/views/projects/buttons/_star.html.haml
index f607a21ad21..eaf906ad89f 100644
--- a/app/views/projects/buttons/_star.html.haml
+++ b/app/views/projects/buttons/_star.html.haml
@@ -1,15 +1,13 @@
 - if current_user
+  - starred = current_user.starred?(@project)
+  - icon = starred ? 'star' : 'star-o'
+  - button_text =  starred ? s_('ProjectOverview|Unstar') : s_('ProjectOverview|Star')
+  - button_text_classes = starred ? 'starred' : ''
   .count-badge.d-inline-flex.align-item-stretch.gl-mr-3.btn-group
-    %button.gl-button.btn.btn-default.btn-sm.star-btn.toggle-star{ type: "button", data: { endpoint: toggle_star_project_path(@project, :json) } }
-      - if current_user.starred?(@project)
-        = sprite_icon('star', css_class: 'icon')
-        %span.starred= s_('ProjectOverview|Unstar')
-      - else
-        = sprite_icon('star-o', css_class: 'icon')
-        %span= s_('ProjectOverview|Star')
+    = render Pajamas::ButtonComponent.new(size: :small, icon: icon, button_text_classes: button_text_classes, button_options: { class: 'star-btn toggle-star', data: { endpoint: toggle_star_project_path(@project, :json) } }) do
+      - button_text
     = link_to project_starrers_path(@project), title: n_(s_('ProjectOverview|Starrer'), s_('ProjectOverview|Starrers'), @project.star_count), class: 'gl-button btn btn-default btn-sm has-tooltip star-count count' do
       = @project.star_count
-
 - else
   .count-badge.d-inline-flex.align-item-stretch.gl-mr-3.btn-group
     = link_to new_user_session_path, class: 'gl-button btn btn-default btn-sm has-tooltip star-btn', title: s_('ProjectOverview|You must sign in to star a project') do
diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml
index 70df995cdf3..f6e3c15c08b 100644
--- a/app/views/projects/edit.html.haml
+++ b/app/views/projects/edit.html.haml
@@ -28,7 +28,7 @@
       %template.js-project-permissions-form-data{ type: "application/json" }= project_permissions_panel_data(@project).to_json.html_safe
       .js-project-permissions-form{ data: visibility_confirm_modal_data(@project, reduce_visibility_form_id) }
 
-- if show_merge_request_settings_callout?
+- if show_merge_request_settings_callout?(@project)
   %section.settings.expanded
     = render Pajamas::AlertComponent.new(variant: :info,
         title: _('Merge requests and approvals settings have moved.'),
diff --git a/app/views/projects/hooks/edit.html.haml b/app/views/projects/hooks/edit.html.haml
index b350455807d..ca71990f5e3 100644
--- a/app/views/projects/hooks/edit.html.haml
+++ b/app/views/projects/hooks/edit.html.haml
@@ -12,7 +12,7 @@
     = gitlab_ui_form_for [@project, @hook], as: :hook, url: project_hook_path(@project, @hook) do |f|
       = render partial: 'shared/web_hooks/form', locals: { form: f, hook: @hook }
 
-      = f.submit _('Save changes'), class: 'btn gl-button btn-confirm gl-mr-3'
+      = f.submit _('Save changes'), pajamas_button: true
       = render 'shared/web_hooks/test_button', hook: @hook
       = link_to _('Delete'), project_hook_path(@project, @hook), method: :delete, class: 'btn gl-button btn-danger float-right', aria: { label: s_('Webhooks|Delete webhook') }, data: { confirm: s_('Webhooks|Are you sure you want to delete this project hook?'), confirm_btn_variant: 'danger' }
 
diff --git a/app/views/projects/protected_branches/shared/_create_protected_branch.html.haml b/app/views/projects/protected_branches/shared/_create_protected_branch.html.haml
index 277cbf00034..770d79943b3 100644
--- a/app/views/projects/protected_branches/shared/_create_protected_branch.html.haml
+++ b/app/views/projects/protected_branches/shared/_create_protected_branch.html.haml
@@ -1,4 +1,4 @@
-= form_for [@project, @protected_branch], html: { class: 'new-protected-branch js-new-protected-branch' } do |f|
+= gitlab_ui_form_for [@project, @protected_branch], html: { class: 'new-protected-branch js-new-protected-branch' } do |f|
   %input{ type: 'hidden', name: 'update_section', value: 'js-protected-branches-settings' }
   = render Pajamas::CardComponent.new(card_options: { class: "gl-mb-5" }) do |c|
     - c.header do
@@ -32,4 +32,4 @@
             = (s_("ProtectedBranch|Allow all users with push access to %{tag_start}force push%{tag_end}.") % { tag_start: force_push_link_start, tag_end: '</a>' }).html_safe
       = render_if_exists 'projects/protected_branches/ee/code_owner_approval_form', f: f
     - c.footer do
-      = f.submit s_('ProtectedBranch|Protect'), class: 'gl-button btn btn-confirm', disabled: true, data: { qa_selector: 'protect_button' }
+      = f.submit s_('ProtectedBranch|Protect'), disabled: true, data: { qa_selector: 'protect_button' }, pajamas_button: true
diff --git a/app/views/shared/access_tokens/_form.html.haml b/app/views/shared/access_tokens/_form.html.haml
index 0c88ac66b8b..7f7f8a96625 100644
--- a/app/views/shared/access_tokens/_form.html.haml
+++ b/app/views/shared/access_tokens/_form.html.haml
@@ -46,4 +46,4 @@
     = render 'shared/tokens/scopes_form', prefix: prefix, token: token, scopes: scopes, f: f
 
   .gl-mt-3
-    = f.submit _('Create %{type}') % { type: type }, class: 'gl-button btn btn-confirm', data: { qa_selector: 'create_token_button' }
+    = f.submit _('Create %{type}') % { type: type }, data: { qa_selector: 'create_token_button' }, pajamas_button: true
diff --git a/app/views/shared/deploy_keys/_project_group_form.html.haml b/app/views/shared/deploy_keys/_project_group_form.html.haml
index d76ef8feb62..11fa44fe282 100644
--- a/app/views/shared/deploy_keys/_project_group_form.html.haml
+++ b/app/views/shared/deploy_keys/_project_group_form.html.haml
@@ -17,4 +17,4 @@
         help_text: _('Allow this key to push to this repository')
 
   .form-group.row
-    = f.submit _("Add key"), class: "btn gl-button btn-confirm", data: { qa_selector: "add_deploy_key_button"}
+    = f.submit _("Add key"), data: { qa_selector: "add_deploy_key_button"}, pajamas_button: true
diff --git a/config/feature_flags/development/counter_attribute_db_lease_for_update.yml b/config/feature_flags/development/counter_attribute_db_lease_for_update.yml
new file mode 100644
index 00000000000..7c30bb3e913
--- /dev/null
+++ b/config/feature_flags/development/counter_attribute_db_lease_for_update.yml
@@ -0,0 +1,8 @@
+---
+name: counter_attribute_db_lease_for_update
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/97912
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/374596
+milestone: '15.5'
+type: development
+group: group::pipeline insights
+default_enabled: false
diff --git a/db/migrate/20220907115806_add_security_orchestration_policy_configuration_id.rb b/db/migrate/20220907115806_add_security_orchestration_policy_configuration_id.rb
new file mode 100644
index 00000000000..de83288a0ca
--- /dev/null
+++ b/db/migrate/20220907115806_add_security_orchestration_policy_configuration_id.rb
@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+class AddSecurityOrchestrationPolicyConfigurationId < Gitlab::Database::Migration[2.0]
+  disable_ddl_transaction!
+
+  PROJECT_INDEX_NAME = 'idx_approval_project_rules_on_sec_orchestration_config_id'
+  MERGE_REQUEST_INDEX_NAME = 'idx_approval_merge_request_rules_on_sec_orchestration_config_id'
+
+  def up
+    with_lock_retries do
+      unless column_exists?(:approval_project_rules, :security_orchestration_policy_configuration_id)
+        add_column :approval_project_rules, :security_orchestration_policy_configuration_id, :bigint
+      end
+    end
+
+    with_lock_retries do
+      unless column_exists?(:approval_merge_request_rules, :security_orchestration_policy_configuration_id)
+        add_column :approval_merge_request_rules, :security_orchestration_policy_configuration_id, :bigint
+      end
+    end
+
+    add_concurrent_index :approval_project_rules,
+      :security_orchestration_policy_configuration_id,
+      name: PROJECT_INDEX_NAME
+    add_concurrent_index :approval_merge_request_rules,
+      :security_orchestration_policy_configuration_id,
+      name: MERGE_REQUEST_INDEX_NAME
+
+    add_concurrent_foreign_key :approval_project_rules,
+      :security_orchestration_policy_configurations,
+      column: :security_orchestration_policy_configuration_id,
+      on_delete: :cascade
+    add_concurrent_foreign_key :approval_merge_request_rules,
+      :security_orchestration_policy_configurations,
+      column: :security_orchestration_policy_configuration_id,
+      on_delete: :cascade
+  end
+
+  def down
+    with_lock_retries do
+      if column_exists?(:approval_project_rules, :security_orchestration_policy_configuration_id)
+        remove_column :approval_project_rules, :security_orchestration_policy_configuration_id
+      end
+    end
+
+    with_lock_retries do
+      if column_exists?(:approval_merge_request_rules, :security_orchestration_policy_configuration_id)
+        remove_column :approval_merge_request_rules, :security_orchestration_policy_configuration_id
+      end
+    end
+
+    remove_foreign_key_if_exists :approval_project_rules, column: :security_orchestration_policy_configuration_id
+    remove_foreign_key_if_exists :approval_merge_request_rules, column: :security_orchestration_policy_configuration_id
+
+    remove_concurrent_index_by_name :approval_project_rules, name: PROJECT_INDEX_NAME
+    remove_concurrent_index_by_name :approval_merge_request_rules, name: MERGE_REQUEST_INDEX_NAME
+  end
+end
diff --git a/db/post_migrate/20220907122648_populate_security_orchestration_policy_configuration_id.rb b/db/post_migrate/20220907122648_populate_security_orchestration_policy_configuration_id.rb
new file mode 100644
index 00000000000..441113c0ba3
--- /dev/null
+++ b/db/post_migrate/20220907122648_populate_security_orchestration_policy_configuration_id.rb
@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class PopulateSecurityOrchestrationPolicyConfigurationId < Gitlab::Database::Migration[2.0]
+  restrict_gitlab_migration gitlab_schema: :gitlab_main
+
+  BATCH_SIZE = 1000
+  SUB_BATCH_SIZE = 500
+  MERGE_REQUEST_MIGRATION = 'PopulateApprovalMergeRequestRulesWithSecurityOrchestration'
+  PROJECT_MIGRATION = 'PopulateApprovalProjectRulesWithSecurityOrchestration'
+  INTERVAL = 2.minutes
+
+  def up
+    return unless Gitlab.ee?
+
+    queue_batched_background_migration(
+      PROJECT_MIGRATION,
+      :approval_project_rules,
+      :id,
+      job_interval: INTERVAL,
+      batch_size: BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+
+    queue_batched_background_migration(
+      MERGE_REQUEST_MIGRATION,
+      :approval_merge_request_rules,
+      :id,
+      job_interval: INTERVAL,
+      batch_size: BATCH_SIZE,
+      sub_batch_size: SUB_BATCH_SIZE
+    )
+  end
+
+  def down
+    delete_batched_background_migration(PROJECT_MIGRATION, :approval_project_rules, :id, [])
+    delete_batched_background_migration(MERGE_REQUEST_MIGRATION, :approval_merge_request_rules, :id, [])
+  end
+end
diff --git a/db/schema_migrations/20220907115806 b/db/schema_migrations/20220907115806
new file mode 100644
index 00000000000..878ac923880
--- /dev/null
+++ b/db/schema_migrations/20220907115806
@@ -0,0 +1 @@
+bfc9595c9e33afecd07721ab03548bdc5d9dda5be8fff180d84fc644f6c8c977
\ No newline at end of file
diff --git a/db/schema_migrations/20220907122648 b/db/schema_migrations/20220907122648
new file mode 100644
index 00000000000..1f743d593c2
--- /dev/null
+++ b/db/schema_migrations/20220907122648
@@ -0,0 +1 @@
+b576db8eb36b1d214788d301fd756d247c3fa33e13b7083e27c42735b48483e0
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index 88b767dab77..eb7e6fab790 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -11606,6 +11606,7 @@ CREATE TABLE approval_merge_request_rules (
     scanners text[] DEFAULT '{}'::text[] NOT NULL,
     severity_levels text[] DEFAULT '{}'::text[] NOT NULL,
     vulnerability_states text[] DEFAULT '{newly_detected}'::text[] NOT NULL,
+    security_orchestration_policy_configuration_id bigint,
     CONSTRAINT check_6fca5928b2 CHECK ((char_length(section) <= 255))
 );
 
@@ -11677,7 +11678,8 @@ CREATE TABLE approval_project_rules (
     report_type smallint,
     vulnerability_states text[] DEFAULT '{newly_detected}'::text[] NOT NULL,
     orchestration_policy_idx smallint,
-    applies_to_all_protected_branches boolean DEFAULT false NOT NULL
+    applies_to_all_protected_branches boolean DEFAULT false NOT NULL,
+    security_orchestration_policy_configuration_id bigint
 );
 
 CREATE TABLE approval_project_rules_groups (
@@ -27537,6 +27539,10 @@ CREATE INDEX idx_analytics_devops_adoption_segments_on_namespace_id ON analytics
 
 CREATE INDEX idx_analytics_devops_adoption_snapshots_finalized ON analytics_devops_adoption_snapshots USING btree (namespace_id, end_time) WHERE (recorded_at >= end_time);
 
+CREATE INDEX idx_approval_merge_request_rules_on_sec_orchestration_config_id ON approval_merge_request_rules USING btree (security_orchestration_policy_configuration_id);
+
+CREATE INDEX idx_approval_project_rules_on_sec_orchestration_config_id ON approval_project_rules USING btree (security_orchestration_policy_configuration_id);
+
 CREATE INDEX idx_audit_events_part_on_entity_id_desc_author_id_created_at ON ONLY audit_events USING btree (entity_id, entity_type, id DESC, author_id, created_at);
 
 CREATE INDEX idx_award_emoji_on_user_emoji_name_awardable_type_awardable_id ON award_emoji USING btree (user_id, name, awardable_type, awardable_id);
@@ -32555,6 +32561,9 @@ ALTER TABLE ONLY vulnerability_feedback
 ALTER TABLE ONLY ml_candidates
     ADD CONSTRAINT fk_56d6ed4d3d FOREIGN KEY (experiment_id) REFERENCES ml_experiments(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY approval_merge_request_rules
+    ADD CONSTRAINT fk_5822f009ea FOREIGN KEY (security_orchestration_policy_configuration_id) REFERENCES security_orchestration_policy_configurations(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY deploy_keys_projects
     ADD CONSTRAINT fk_58a901ca7e FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
@@ -33128,6 +33137,9 @@ ALTER TABLE ONLY events
 ALTER TABLE ONLY coverage_fuzzing_corpuses
     ADD CONSTRAINT fk_ef5ebf339f FOREIGN KEY (package_id) REFERENCES packages_packages(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY approval_project_rules
+    ADD CONSTRAINT fk_efa5a1e3fb FOREIGN KEY (security_orchestration_policy_configuration_id) REFERENCES security_orchestration_policy_configurations(id) ON DELETE CASCADE;
+
 ALTER TABLE ONLY vulnerabilities
     ADD CONSTRAINT fk_efb96ab1e2 FOREIGN KEY (project_id) REFERENCES projects(id) ON DELETE CASCADE;
 
diff --git a/doc/development/pipelines.md b/doc/development/pipelines.md
index f91219a46f9..df13d52058e 100644
--- a/doc/development/pipelines.md
+++ b/doc/development/pipelines.md
@@ -94,7 +94,7 @@ In addition, there are a few circumstances where we would always run the full Je
 
 ### Fork pipelines
 
-We only run the minimal RSpec & Jest jobs for fork pipelines unless the `pipeline:run-all-rspec`
+We run only the minimal RSpec & Jest jobs for fork pipelines, unless the `pipeline:run-all-rspec`
 label is set on the MR. The goal is to reduce the CI/CD minutes consumed by fork pipelines.
 
 See the [experiment issue](https://gitlab.com/gitlab-org/quality/team-tasks/-/issues/1170).
diff --git a/doc/integration/auth0.md b/doc/integration/auth0.md
index 71b29d8dc0a..448807e91fc 100644
--- a/doc/integration/auth0.md
+++ b/doc/integration/auth0.md
@@ -11,28 +11,22 @@ application.
 
 1. Sign in to the [Auth0 Console](https://auth0.com/auth/login). You can also
    create an account using the same link.
-
 1. Select **New App/API**.
-
-1. Provide the Application Name ('GitLab' works fine).
-
-1. After creating, you should see the **Quick Start** options. Disregard them and
-   select **Settings** above the **Quick Start** options.
-
+1. Enter the **Application Name**. For example, 'GitLab'.
+1. After creating the application, you should see the **Quick Start** options.
+   Disregard these options and select **Settings** instead.
 1. At the top of the Settings screen, you should see your **Domain**, **Client ID**, and
-   **Client Secret**. These values are needed in the configuration file. For example:
+   **Client Secret** in the Auth0 Console. Note these settings to complete the configuration
+   file later. For example:
    - Domain: `test1234.auth0.com`
    - Client ID: `t6X8L2465bNePWLOvt9yi41i`
    - Client Secret: `KbveM3nqfjwCbrhaUy_gDu2dss8TIlHIdzlyf33pB7dEK5u_NyQdp65O_o02hXs2`
-
 1. Fill in the **Allowed Callback URLs**:
-   - `http://YOUR_GITLAB_URL/users/auth/auth0/callback` (or)
-   - `https://YOUR_GITLAB_URL/users/auth/auth0/callback`
-
+   - `http://<your_gitlab_url>/users/auth/auth0/callback` (or)
+   - `https://<your_gitlab_url>/users/auth/auth0/callback`
 1. Fill in the **Allowed Origins (CORS)**:
-   - `http://YOUR_GITLAB_URL` (or)
-   - `https://YOUR_GITLAB_URL`
-
+   - `http://<your_gitlab_url>` (or)
+   - `https://<your_gitlab_url>`
 1. On your GitLab server, open the configuration file.
 
    For Omnibus GitLab:
@@ -61,9 +55,9 @@ application.
        name: "auth0",
        # label: "Provider name", # optional label for login button, defaults to "Auth0"
        args: {
-         client_id: "YOUR_AUTH0_CLIENT_ID",
-         client_secret: "YOUR_AUTH0_CLIENT_SECRET",
-         domain: "YOUR_AUTH0_DOMAIN",
+         client_id: "<your_auth0_client_id>",
+         client_secret: "<your_auth0_client_secret>",
+         domain: "<your_auth0_domain>",
          scope: "openid profile email"
        }
      }
@@ -76,21 +70,17 @@ application.
    - { name: 'auth0',
        # label: 'Provider name', # optional label for login button, defaults to "Auth0"
        args: {
-         client_id: 'YOUR_AUTH0_CLIENT_ID',
-         client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
-         domain: 'YOUR_AUTH0_DOMAIN',
+         client_id: '<your_auth0_client_id>',
+         client_secret: '<your_auth0_client_secret>',
+         domain: '<your_auth0_domain>',
          scope: 'openid profile email' }
      }
    ```
 
-1. Change `YOUR_AUTH0_CLIENT_ID` to the client ID from the Auth0 Console page
-   from step 5.
-
-1. Change `YOUR_AUTH0_CLIENT_SECRET` to the client secret from the Auth0 Console
-   page from step 5.
-
+1. Replace `<your_auth0_client_id>` with the client ID from the Auth0 Console page.
+1. Replace `<your_auth0_client_secret>` with the client secret from the Auth0 Console page.
+1. Replace `<your_auth0_client_secret>` with the domain from the Auth0 Console page.
 1. Reconfigure or restart GitLab, depending on your installation method:
-
    - *If you installed from Omnibus GitLab,*
      [Reconfigure](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab.
    - *If you installed from source,*
diff --git a/doc/user/application_security/dependency_scanning/index.md b/doc/user/application_security/dependency_scanning/index.md
index 67c138f5573..00bad5d4129 100644
--- a/doc/user/application_security/dependency_scanning/index.md
+++ b/doc/user/application_security/dependency_scanning/index.md
@@ -1108,6 +1108,13 @@ version number).
 
 ## Troubleshooting
 
+### Increase log verbosity
+
+When a [job log](../../../ci/jobs/index.md#expand-and-collapse-job-log-sections)
+doesn't contain enough information about a dependency-scanning failure,
+[set `SECURE_LOG_LEVEL` to `debug`](#configuring-dependency-scanning)
+and check the resulting, more verbose log.
+
 ### Working around missing support for certain languages or package managers
 
 As noted in the ["Supported languages" section](#supported-languages-and-package-managers)
diff --git a/doc/user/packages/rubygems_registry/index.md b/doc/user/packages/rubygems_registry/index.md
index a3ef96ea2cc..f21b210f4f5 100644
--- a/doc/user/packages/rubygems_registry/index.md
+++ b/doc/user/packages/rubygems_registry/index.md
@@ -76,7 +76,7 @@ https://gitlab.example.com/api/v4/projects/<project_id>/packages/rubygems: '<you
 ### Authenticate with a CI job token
 
 To work with RubyGems commands within [GitLab CI/CD](../../../ci/index.md),
-you can use `CI_JOB_TOKEN` instead of a personal access token or deploy token.
+you can use the [`CI_JOB_TOKEN`](../../../ci/jobs/ci_job_token.md) predefined environment variable instead of a personal access token or deploy token.
 
 For example:
 
diff --git a/lib/api/pages_domains.rb b/lib/api/pages_domains.rb
index 34d3a5150da..b417badb9c9 100644
--- a/lib/api/pages_domains.rb
+++ b/lib/api/pages_domains.rb
@@ -136,7 +136,9 @@ module API
           pages_domain_params.delete(:user_provided_key)
         end
 
-        if pages_domain.update(pages_domain_params)
+        service = ::PagesDomains::UpdateService.new(user_project, current_user, pages_domain_params)
+
+        if service.execute(pages_domain)
           present pages_domain, with: Entities::PagesDomain
         else
           render_validation_error!(pages_domain)
diff --git a/lib/gitlab/auth_logger.rb b/lib/gitlab/auth_logger.rb
index 6d3edba02b0..763430df335 100644
--- a/lib/gitlab/auth_logger.rb
+++ b/lib/gitlab/auth_logger.rb
@@ -7,3 +7,5 @@ module Gitlab
     end
   end
 end
+
+Gitlab::AuthLogger.prepend_mod
diff --git a/lib/gitlab/background_migration/populate_approval_merge_request_rules_with_security_orchestration.rb b/lib/gitlab/background_migration/populate_approval_merge_request_rules_with_security_orchestration.rb
new file mode 100644
index 00000000000..2257dc016be
--- /dev/null
+++ b/lib/gitlab/background_migration/populate_approval_merge_request_rules_with_security_orchestration.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # This class doesn't delete merge request level rules
+    # as this feature exists only in EE
+    class PopulateApprovalMergeRequestRulesWithSecurityOrchestration < BatchedMigrationJob
+      def perform; end
+    end
+  end
+end
+
+# rubocop:disable Layout/LineLength
+Gitlab::BackgroundMigration::PopulateApprovalMergeRequestRulesWithSecurityOrchestration.prepend_mod_with('Gitlab::BackgroundMigration::PopulateApprovalMergeRequestRulesWithSecurityOrchestration')
+# rubocop:enable Layout/LineLength
diff --git a/lib/gitlab/background_migration/populate_approval_project_rules_with_security_orchestration.rb b/lib/gitlab/background_migration/populate_approval_project_rules_with_security_orchestration.rb
new file mode 100644
index 00000000000..1d0c0010551
--- /dev/null
+++ b/lib/gitlab/background_migration/populate_approval_project_rules_with_security_orchestration.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Gitlab
+  module BackgroundMigration
+    # This class doesn't delete merge request level rules
+    # as this feature exists only in EE
+    class PopulateApprovalProjectRulesWithSecurityOrchestration < BatchedMigrationJob
+      def perform; end
+    end
+  end
+end
+
+# rubocop:disable Layout/LineLength
+Gitlab::BackgroundMigration::PopulateApprovalProjectRulesWithSecurityOrchestration.prepend_mod_with('Gitlab::BackgroundMigration::PopulateApprovalProjectRulesWithSecurityOrchestration')
+# rubocop:enable Layout/LineLength
diff --git a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
index 539e1a6385d..46aac3ee119 100644
--- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
@@ -1,5 +1,5 @@
 variables:
-  DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.37.0'
+  DAST_AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
 
 .dast-auto-deploy:
   image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${DAST_AUTO_DEPLOY_IMAGE_VERSION}"
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
index 78fe108e8b9..54d2a8b6b7b 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml
@@ -1,5 +1,5 @@
 variables:
-  AUTO_DEPLOY_IMAGE_VERSION: 'v2.37.0'
+  AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
 
 .auto-deploy:
   image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
diff --git a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
index bc2e1fed0d4..9802b667851 100644
--- a/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/Deploy.latest.gitlab-ci.yml
@@ -1,5 +1,5 @@
 variables:
-  AUTO_DEPLOY_IMAGE_VERSION: 'v2.37.0'
+  AUTO_DEPLOY_IMAGE_VERSION: 'v2.38.0'
 
 .auto-deploy:
   image: "${CI_TEMPLATE_REGISTRY_HOST}/gitlab-org/cluster-integration/auto-deploy-image:${AUTO_DEPLOY_IMAGE_VERSION}"
diff --git a/lib/gitlab/config_checker/external_database_checker.rb b/lib/gitlab/config_checker/external_database_checker.rb
index 54320b7ff9a..64950fb4eef 100644
--- a/lib/gitlab/config_checker/external_database_checker.rb
+++ b/lib/gitlab/config_checker/external_database_checker.rb
@@ -5,22 +5,29 @@ module Gitlab
     module ExternalDatabaseChecker
       extend self
 
-      def check
-        return [] if ApplicationRecord.database.postgresql_minimum_supported_version?
+      PG_REQUIREMENTS_LINK =
+        '<a href="https://docs.gitlab.com/ee/install/requirements.html#database">database requirements</a>'
 
-        [
+      def check
+        unsupported_database = Gitlab::Database
+          .database_base_models
+          .map { |_, model| Gitlab::Database::Reflection.new(model) }
+          .reject(&:postgresql_minimum_supported_version?)
+
+        unsupported_database.map do |database|
           {
             type: 'warning',
             message: _('You are using PostgreSQL %{pg_version_current}, but PostgreSQL ' \
                        '%{pg_version_minimum} is required for this version of GitLab. ' \
                        'Please upgrade your environment to a supported PostgreSQL version, ' \
-                       'see %{pg_requirements_url} for details.') % {
-                                                                      pg_version_current: ApplicationRecord.database.version,
-                                                                      pg_version_minimum: Gitlab::Database::MINIMUM_POSTGRES_VERSION,
-                                                                      pg_requirements_url: '<a href="https://docs.gitlab.com/ee/install/requirements.html#database">database requirements</a>'
-                                                                    }
+                       'see %{pg_requirements_url} for details.') % \
+              {
+                pg_version_current: database.version,
+                pg_version_minimum: Gitlab::Database::MINIMUM_POSTGRES_VERSION,
+                pg_requirements_url: PG_REQUIREMENTS_LINK
+              }
           }
-        ]
+        end
       end
     end
   end
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 41f409092f8..6b4bd89615d 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -31810,6 +31810,9 @@ msgstr ""
 msgid "ProjectTemplates|iOS (Swift)"
 msgstr ""
 
+msgid "ProjectTransfer|An error occurred fetching the transfer locations, please refresh the page and try again."
+msgstr ""
+
 msgid "ProjectView|Activity"
 msgstr ""
 
@@ -36817,18 +36820,15 @@ msgstr ""
 msgid "Set weight to %{weight}."
 msgstr ""
 
-msgid "SetStatusModal|An indicator appears next to your name and avatar"
-msgstr ""
-
-msgid "SetStatusModal|Busy"
-msgstr ""
-
 msgid "SetStatusModal|Clear status"
 msgstr ""
 
 msgid "SetStatusModal|Clear status after"
 msgstr ""
 
+msgid "SetStatusModal|Displays that you are busy or not able to respond"
+msgstr ""
+
 msgid "SetStatusModal|Edit status"
 msgstr ""
 
@@ -36841,6 +36841,9 @@ msgstr ""
 msgid "SetStatusModal|Set status"
 msgstr ""
 
+msgid "SetStatusModal|Set yourself as busy"
+msgstr ""
+
 msgid "SetStatusModal|Sorry, we weren't able to set your status. Please try again later."
 msgstr ""
 
diff --git a/qa/qa/page/project/settings/mirroring_repositories.rb b/qa/qa/page/project/settings/mirroring_repositories.rb
index 7eeeeefdae6..f55faff19e7 100644
--- a/qa/qa/page/project/settings/mirroring_repositories.rb
+++ b/qa/qa/page/project/settings/mirroring_repositories.rb
@@ -62,7 +62,7 @@ module QA
           end
 
           def authentication_method=(value)
-            unless %w[Password None SSH\ public\ key].include?(value)
+            unless ['Password', 'None', 'SSH public key'].include?(value)
               raise ArgumentError, "Authentication method must be 'SSH public key', 'Password', or 'None'"
             end
 
diff --git a/spec/controllers/projects/pages_domains_controller_spec.rb b/spec/controllers/projects/pages_domains_controller_spec.rb
index 691508d1e14..899aa259f8c 100644
--- a/spec/controllers/projects/pages_domains_controller_spec.rb
+++ b/spec/controllers/projects/pages_domains_controller_spec.rb
@@ -106,6 +106,17 @@ RSpec.describe Projects::PagesDomainsController do
         end.to change { pages_domain.reload.certificate }.to(pages_domain_params[:user_provided_certificate])
       end
 
+      it 'publishes PagesDomainUpdatedEvent event' do
+        expect { patch(:update, params: params) }
+          .to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+          .with(
+            project_id: project.id,
+            namespace_id: project.namespace.id,
+            root_namespace_id: project.root_namespace.id,
+            domain: pages_domain.domain
+          )
+      end
+
       it 'redirects to the project page' do
         patch(:update, params: params)
 
@@ -134,6 +145,11 @@ RSpec.describe Projects::PagesDomainsController do
 
         expect(response).to render_template('show')
       end
+
+      it 'does not publish PagesDomainUpdatedEvent event' do
+        expect { patch(:update, params: params) }
+          .to not_publish_event(PagesDomains::PagesDomainUpdatedEvent)
+      end
     end
 
     context 'when parameters include the domain' do
@@ -216,6 +232,17 @@ RSpec.describe Projects::PagesDomainsController do
       expect(response).to redirect_to(project_pages_domain_path(project, pages_domain))
     end
 
+    it 'publishes PagesDomainUpdatedEvent event' do
+      expect { subject }
+        .to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+        .with(
+          project_id: project.id,
+          namespace_id: project.namespace.id,
+          root_namespace_id: project.root_namespace.id,
+          domain: pages_domain.domain
+        )
+    end
+
     it 'removes certificate' do
       expect do
         subject
@@ -245,6 +272,11 @@ RSpec.describe Projects::PagesDomainsController do
         expect(pages_domain.key).to be_present
       end
 
+      it 'does not publish PagesDomainUpdatedEvent event' do
+        expect { subject }
+          .to not_publish_event(PagesDomains::PagesDomainUpdatedEvent)
+      end
+
       it 'redirects to show page with a flash message' do
         subject
 
diff --git a/spec/features/merge_request/batch_comments_spec.rb b/spec/features/merge_request/batch_comments_spec.rb
index bccdc3c4c62..f01217df8c5 100644
--- a/spec/features/merge_request/batch_comments_spec.rb
+++ b/spec/features/merge_request/batch_comments_spec.rb
@@ -74,6 +74,24 @@ RSpec.describe 'Merge request > Batch comments', :js do
     expect(page).to have_selector('.draft-note-component', text: 'Testing update')
   end
 
+  context 'multiple times on the same diff line' do
+    it 'shows both drafts at once' do
+      write_diff_comment
+
+      # All of the Diff helpers like click_diff_line (or write_diff_comment)
+      #     fail very badly when run a second time.
+      # This recreates the relevant logic.
+      line = find_by_scrolling("[id='#{sample_compare.changes[0][:line_code]}']")
+      line.hover
+      line.find('.js-add-diff-note-button').click
+
+      write_comment(text: 'A second draft!', button_text: 'Add to review')
+
+      expect(page).to have_text('Line is wrong')
+      expect(page).to have_text('A second draft!')
+    end
+  end
+
   context 'with image and file draft note' do
     let(:merge_request) { create(:merge_request_with_diffs, :with_image_diffs, source_project: project) }
     let!(:draft_on_text) { create(:draft_note_on_text_diff, merge_request: merge_request, author: user, path: 'README.md', note: 'Lorem ipsum on text...') }
diff --git a/spec/features/protected_branches_spec.rb b/spec/features/protected_branches_spec.rb
index 389a51a10e0..174716d646d 100644
--- a/spec/features/protected_branches_spec.rb
+++ b/spec/features/protected_branches_spec.rb
@@ -183,7 +183,7 @@ RSpec.describe 'Protected Branches', :js do
     end
 
     include_examples 'Deploy keys with protected branches' do
-      let(:all_dropdown_sections) { %w(Roles Deploy\ Keys) }
+      let(:all_dropdown_sections) { ['Roles', 'Deploy Keys'] }
     end
   end
 end
diff --git a/spec/frontend/api/projects_api_spec.js b/spec/frontend/api/projects_api_spec.js
index 8f40b557e1f..8459021421f 100644
--- a/spec/frontend/api/projects_api_spec.js
+++ b/spec/frontend/api/projects_api_spec.js
@@ -1,5 +1,7 @@
 import MockAdapter from 'axios-mock-adapter';
+import getTransferLocationsResponse from 'test_fixtures/api/projects/transfer_locations_page_1.json';
 import * as projectsApi from '~/api/projects_api';
+import { DEFAULT_PER_PAGE } from '~/api';
 import axios from '~/lib/utils/axios_utils';
 
 describe('~/api/projects_api.js', () => {
@@ -59,4 +61,25 @@ describe('~/api/projects_api.js', () => {
       });
     });
   });
+
+  describe('getTransferLocations', () => {
+    beforeEach(() => {
+      jest.spyOn(axios, 'get');
+    });
+
+    it('retrieves transfer locations from the correct URL and returns them in the response data', async () => {
+      const params = { page: 1 };
+      const expectedUrl = '/api/v7/projects/1/transfer_locations';
+
+      mock.onGet(expectedUrl).replyOnce(200, { data: getTransferLocationsResponse });
+
+      await expect(projectsApi.getTransferLocations(projectId, params)).resolves.toMatchObject({
+        data: { data: getTransferLocationsResponse },
+      });
+
+      expect(axios.get).toHaveBeenCalledWith(expectedUrl, {
+        params: { ...params, per_page: DEFAULT_PER_PAGE },
+      });
+    });
+  });
 });
diff --git a/spec/frontend/diffs/components/diff_content_spec.js b/spec/frontend/diffs/components/diff_content_spec.js
index 9f593ee0d49..0bce6451ce4 100644
--- a/spec/frontend/diffs/components/diff_content_spec.js
+++ b/spec/frontend/diffs/components/diff_content_spec.js
@@ -53,7 +53,7 @@ describe('DiffContent', () => {
           namespaced: true,
           getters: {
             draftsForFile: () => () => true,
-            draftForLine: () => () => true,
+            draftsForLine: () => () => true,
             shouldRenderDraftRow: () => () => true,
             hasParallelDraftLeft: () => () => true,
             hasParallelDraftRight: () => () => true,
diff --git a/spec/frontend/diffs/components/diff_row_spec.js b/spec/frontend/diffs/components/diff_row_spec.js
index a74013dc2d4..a7a95ed2f35 100644
--- a/spec/frontend/diffs/components/diff_row_spec.js
+++ b/spec/frontend/diffs/components/diff_row_spec.js
@@ -219,7 +219,7 @@ describe('DiffRow', () => {
       shouldRenderDraftRow: jest.fn(),
       hasParallelDraftLeft: jest.fn(),
       hasParallelDraftRight: jest.fn(),
-      draftForLine: jest.fn(),
+      draftsForLine: jest.fn().mockReturnValue([]),
     };
 
     const applyMap = mapParallel(mockDiffContent);
diff --git a/spec/frontend/diffs/components/diff_row_utils_spec.js b/spec/frontend/diffs/components/diff_row_utils_spec.js
index 930b8bcdb08..8b25691ce34 100644
--- a/spec/frontend/diffs/components/diff_row_utils_spec.js
+++ b/spec/frontend/diffs/components/diff_row_utils_spec.js
@@ -216,7 +216,7 @@ describe('mapParallel', () => {
       diffFile: {},
       hasParallelDraftLeft: () => false,
       hasParallelDraftRight: () => false,
-      draftForLine: () => ({}),
+      draftsForLine: () => [],
     };
     const line = { left: side, right: side };
     const expectation = {
@@ -234,13 +234,13 @@ describe('mapParallel', () => {
     const leftExpectation = {
       renderDiscussion: true,
       hasDraft: false,
-      lineDraft: {},
+      lineDrafts: [],
       hasCommentForm: true,
     };
     const rightExpectation = {
       renderDiscussion: false,
       hasDraft: false,
-      lineDraft: {},
+      lineDrafts: [],
       hasCommentForm: false,
     };
     const mapped = utils.mapParallel(content)(line);
diff --git a/spec/frontend/diffs/components/diff_view_spec.js b/spec/frontend/diffs/components/diff_view_spec.js
index 1dd4a2f6c23..9bff6bd14f1 100644
--- a/spec/frontend/diffs/components/diff_view_spec.js
+++ b/spec/frontend/diffs/components/diff_view_spec.js
@@ -21,7 +21,7 @@ describe('DiffView', () => {
       getters: {
         shouldRenderDraftRow: () => false,
         shouldRenderParallelDraftRow: () => () => true,
-        draftForLine: () => false,
+        draftsForLine: () => false,
         draftsForFile: () => false,
         hasParallelDraftLeft: () => false,
         hasParallelDraftRight: () => false,
@@ -75,12 +75,12 @@ describe('DiffView', () => {
   });
 
   it.each`
-    type          | side       | container | sides                                                                                                    | total
-    ${'parallel'} | ${'left'}  | ${'.old'} | ${{ left: { lineDraft: {}, renderDiscussion: true }, right: { lineDraft: {}, renderDiscussion: true } }} | ${2}
-    ${'parallel'} | ${'right'} | ${'.new'} | ${{ left: { lineDraft: {}, renderDiscussion: true }, right: { lineDraft: {}, renderDiscussion: true } }} | ${2}
-    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDraft: {}, renderDiscussion: true } }}                                                   | ${1}
-    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDraft: {}, renderDiscussion: true } }}                                                   | ${1}
-    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDraft: {}, renderDiscussion: true } }}                                                   | ${1}
+    type          | side       | container | sides                                                                                                      | total
+    ${'parallel'} | ${'left'}  | ${'.old'} | ${{ left: { lineDrafts: [], renderDiscussion: true }, right: { lineDrafts: [], renderDiscussion: true } }} | ${2}
+    ${'parallel'} | ${'right'} | ${'.new'} | ${{ left: { lineDrafts: [], renderDiscussion: true }, right: { lineDrafts: [], renderDiscussion: true } }} | ${2}
+    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDrafts: [], renderDiscussion: true } }}                                                    | ${1}
+    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDrafts: [], renderDiscussion: true } }}                                                    | ${1}
+    ${'inline'}   | ${'left'}  | ${'.old'} | ${{ left: { lineDrafts: [], renderDiscussion: true } }}                                                    | ${1}
   `(
     'renders a $type comment row with comment cell on $side',
     ({ type, container, sides, total }) => {
@@ -95,7 +95,7 @@ describe('DiffView', () => {
 
   it('renders a draft row', () => {
     const wrapper = createWrapper({
-      diffLines: [{ renderCommentRow: true, left: { lineDraft: { isDraft: true } } }],
+      diffLines: [{ renderCommentRow: true, left: { lineDrafts: [{ isDraft: true }] } }],
     });
     expect(wrapper.findComponent(DraftNote).exists()).toBe(true);
   });
diff --git a/spec/frontend/diffs/mock_data/diff_code_quality.js b/spec/frontend/diffs/mock_data/diff_code_quality.js
index 2ca421a20b4..befab3b676b 100644
--- a/spec/frontend/diffs/mock_data/diff_code_quality.js
+++ b/spec/frontend/diffs/mock_data/diff_code_quality.js
@@ -36,7 +36,7 @@ export const diffCodeQuality = {
         old_line: 1,
         new_line: null,
         codequality: [],
-        lineDraft: {},
+        lineDrafts: [],
       },
     },
     {
@@ -45,7 +45,7 @@ export const diffCodeQuality = {
         old_line: 2,
         new_line: 1,
         codequality: [],
-        lineDraft: {},
+        lineDrafts: [],
       },
     },
     {
@@ -55,7 +55,7 @@ export const diffCodeQuality = {
         new_line: 2,
 
         codequality: [multipleFindingsArr[0]],
-        lineDraft: {},
+        lineDrafts: [],
       },
     },
   ],
diff --git a/spec/frontend/fixtures/namespaces.rb b/spec/frontend/fixtures/namespaces.rb
index b11f661fe09..a3f295f4e66 100644
--- a/spec/frontend/fixtures/namespaces.rb
+++ b/spec/frontend/fixtures/namespaces.rb
@@ -7,38 +7,43 @@ RSpec.describe 'Jobs (JavaScript fixtures)' do
   include JavaScriptFixturesHelpers
   include GraphqlHelpers
 
+  describe API::Projects, type: :request do
+    let_it_be(:user) { create(:user) }
+
+    describe 'transfer_locations' do
+      let_it_be(:groups) { create_list(:group, 4) }
+      let_it_be(:project) { create(:project, namespace: user.namespace) }
+
+      before_all do
+        groups.each { |group| group.add_owner(user) }
+      end
+
+      it 'api/projects/transfer_locations_page_1.json' do
+        get api("/projects/#{project.id}/transfer_locations?per_page=2", user)
+
+        expect(response).to be_successful
+      end
+
+      it 'api/projects/transfer_locations_page_2.json' do
+        get api("/projects/#{project.id}/transfer_locations?per_page=2&page=2", user)
+
+        expect(response).to be_successful
+      end
+    end
+  end
+
   describe GraphQL::Query, type: :request do
     let_it_be(:user) { create(:user) }
-    let_it_be(:groups) { create_list(:group, 4) }
 
-    before_all do
-      groups.each { |group| group.add_owner(user) }
-    end
+    query_name = 'current_user_namespace.query.graphql'
 
-    query_name = 'search_namespaces_where_user_can_transfer_projects'
-    query_extension = '.query.graphql'
+    input_path = "projects/settings/graphql/queries/#{query_name}"
+    output_path = "graphql/projects/settings/#{query_name}.json"
 
-    full_input_path = "projects/settings/graphql/queries/#{query_name}#{query_extension}"
-    base_output_path = "graphql/projects/settings/#{query_name}"
+    it output_path do
+      query = get_graphql_query_as_string(input_path)
 
-    it "#{base_output_path}_page_1#{query_extension}.json" do
-      query = get_graphql_query_as_string(full_input_path)
-
-      post_graphql(query, current_user: user, variables: { first: 2 })
-
-      expect_graphql_errors_to_be_empty
-    end
-
-    it "#{base_output_path}_page_2#{query_extension}.json" do
-      query = get_graphql_query_as_string(full_input_path)
-
-      post_graphql(query, current_user: user, variables: { first: 2 })
-
-      post_graphql(
-        query,
-        current_user: user,
-        variables: { first: 2, after: graphql_data_at('currentUser', 'groups', 'pageInfo', 'endCursor') }
-      )
+      post_graphql(query, current_user: user)
 
       expect_graphql_errors_to_be_empty
     end
diff --git a/spec/frontend/projects/settings/components/transfer_project_form_spec.js b/spec/frontend/projects/settings/components/transfer_project_form_spec.js
index bde7148078d..e455bf529eb 100644
--- a/spec/frontend/projects/settings/components/transfer_project_form_spec.js
+++ b/spec/frontend/projects/settings/components/transfer_project_form_spec.js
@@ -1,41 +1,65 @@
 import Vue, { nextTick } from 'vue';
+import { GlAlert } from '@gitlab/ui';
 import VueApollo from 'vue-apollo';
-import searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1 from 'test_fixtures/graphql/projects/settings/search_namespaces_where_user_can_transfer_projects_page_1.query.graphql.json';
-import searchNamespacesWhereUserCanTransferProjectsQueryResponsePage2 from 'test_fixtures/graphql/projects/settings/search_namespaces_where_user_can_transfer_projects_page_2.query.graphql.json';
-import {
-  groupNamespaces,
-  userNamespaces,
-} from 'jest/vue_shared/components/namespace_select/mock_data';
+import currentUserNamespaceQueryResponse from 'test_fixtures/graphql/projects/settings/current_user_namespace.query.graphql.json';
+import transferLocationsResponsePage1 from 'test_fixtures/api/projects/transfer_locations_page_1.json';
+import transferLocationsResponsePage2 from 'test_fixtures/api/projects/transfer_locations_page_2.json';
 import { shallowMountExtended } from 'helpers/vue_test_utils_helper';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import TransferProjectForm from '~/projects/settings/components/transfer_project_form.vue';
 import NamespaceSelect from '~/vue_shared/components/namespace_select/namespace_select.vue';
 import ConfirmDanger from '~/vue_shared/components/confirm_danger/confirm_danger.vue';
-import searchNamespacesWhereUserCanTransferProjectsQuery from '~/projects/settings/graphql/queries/search_namespaces_where_user_can_transfer_projects.query.graphql';
+import currentUserNamespaceQuery from '~/projects/settings/graphql/queries/current_user_namespace.query.graphql';
+import { getTransferLocations } from '~/api/projects_api';
 import waitForPromises from 'helpers/wait_for_promises';
 
+jest.mock('~/api/projects_api', () => ({
+  getTransferLocations: jest.fn(),
+}));
+
 describe('Transfer project form', () => {
   let wrapper;
 
+  const projectId = '1';
   const confirmButtonText = 'Confirm';
   const confirmationPhrase = 'You must construct additional pylons!';
 
-  const runDebounce = () => jest.runAllTimers();
-
   Vue.use(VueApollo);
 
-  const defaultQueryHandler = jest
-    .fn()
-    .mockResolvedValue(searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1);
+  const defaultQueryHandler = jest.fn().mockResolvedValue(currentUserNamespaceQueryResponse);
+  const mockResolvedGetTransferLocations = ({
+    data = transferLocationsResponsePage1,
+    page = '1',
+    nextPage = '2',
+    prevPage = null,
+  } = {}) => {
+    getTransferLocations.mockResolvedValueOnce({
+      data,
+      headers: {
+        'x-per-page': '2',
+        'x-page': page,
+        'x-total': '4',
+        'x-total-pages': '2',
+        'x-next-page': nextPage,
+        'x-prev-page': prevPage,
+      },
+    });
+  };
+  const mockRejectedGetTransferLocations = () => {
+    const error = new Error();
+
+    getTransferLocations.mockRejectedValueOnce(error);
+  };
 
   const createComponent = ({
-    requestHandlers = [[searchNamespacesWhereUserCanTransferProjectsQuery, defaultQueryHandler]],
+    requestHandlers = [[currentUserNamespaceQuery, defaultQueryHandler]],
   } = {}) => {
     wrapper = shallowMountExtended(TransferProjectForm, {
+      provide: {
+        projectId,
+      },
       propsData: {
-        userNamespaces,
-        groupNamespaces,
         confirmButtonText,
         confirmationPhrase,
       },
@@ -44,7 +68,12 @@ describe('Transfer project form', () => {
   };
 
   const findNamespaceSelect = () => wrapper.findComponent(NamespaceSelect);
+  const showNamespaceSelect = async () => {
+    findNamespaceSelect().vm.$emit('show');
+    await waitForPromises();
+  };
   const findConfirmDanger = () => wrapper.findComponent(ConfirmDanger);
+  const findAlert = () => wrapper.findComponent(GlAlert);
 
   afterEach(() => {
     wrapper.destroy();
@@ -69,66 +98,113 @@ describe('Transfer project form', () => {
   });
 
   describe('with a selected namespace', () => {
-    const [selectedItem] = groupNamespaces;
+    const [selectedItem] = transferLocationsResponsePage1;
 
-    beforeEach(() => {
+    const arrange = async () => {
+      mockResolvedGetTransferLocations();
       createComponent();
-
+      await showNamespaceSelect();
       findNamespaceSelect().vm.$emit('select', selectedItem);
-    });
+    };
+
+    it('emits the `selectNamespace` event when a namespace is selected', async () => {
+      await arrange();
 
-    it('emits the `selectNamespace` event when a namespace is selected', () => {
       const args = [selectedItem.id];
 
       expect(wrapper.emitted('selectNamespace')).toEqual([args]);
     });
 
-    it('enables the confirm button', () => {
+    it('enables the confirm button', async () => {
+      await arrange();
+
       expect(findConfirmDanger().attributes('disabled')).toBeUndefined();
     });
 
-    it('clicking the confirm button emits the `confirm` event', () => {
+    it('clicking the confirm button emits the `confirm` event', async () => {
+      await arrange();
+
       findConfirmDanger().vm.$emit('confirm');
 
       expect(wrapper.emitted('confirm')).toBeDefined();
     });
   });
 
-  it('passes correct props to `NamespaceSelect` component', async () => {
-    createComponent();
+  describe('when `NamespaceSelect` is opened', () => {
+    it('fetches user and group namespaces and passes correct props to `NamespaceSelect` component', async () => {
+      mockResolvedGetTransferLocations();
+      createComponent();
+      await showNamespaceSelect();
 
-    runDebounce();
-    await waitForPromises();
+      const { namespace } = currentUserNamespaceQueryResponse.data.currentUser;
 
-    const {
-      namespace,
-      groups,
-    } = searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1.data.currentUser;
+      expect(findNamespaceSelect().props()).toMatchObject({
+        userNamespaces: [
+          {
+            id: getIdFromGraphQLId(namespace.id),
+            humanName: namespace.fullName,
+          },
+        ],
+        groupNamespaces: transferLocationsResponsePage1.map(({ id, full_name: humanName }) => ({
+          id,
+          humanName,
+        })),
+        hasNextPageOfGroups: true,
+        isLoading: false,
+        isSearchLoading: false,
+        shouldFilterNamespaces: false,
+      });
+    });
 
-    expect(findNamespaceSelect().props()).toMatchObject({
-      userNamespaces: [
-        {
-          id: getIdFromGraphQLId(namespace.id),
-          humanName: namespace.fullName,
-        },
-      ],
-      groupNamespaces: groups.nodes.map((node) => ({
-        id: getIdFromGraphQLId(node.id),
-        humanName: node.fullName,
-      })),
-      hasNextPageOfGroups: true,
-      isLoadingMoreGroups: false,
-      isSearchLoading: false,
-      shouldFilterNamespaces: false,
+    describe('when namespaces have already been fetched', () => {
+      beforeEach(async () => {
+        mockResolvedGetTransferLocations();
+        createComponent();
+        await showNamespaceSelect();
+      });
+
+      it('does not fetch namespaces', async () => {
+        getTransferLocations.mockClear();
+        defaultQueryHandler.mockClear();
+
+        await showNamespaceSelect();
+
+        expect(getTransferLocations).not.toHaveBeenCalled();
+        expect(defaultQueryHandler).not.toHaveBeenCalled();
+      });
+    });
+
+    describe('when `getTransferLocations` API call fails', () => {
+      it('displays error alert', async () => {
+        mockRejectedGetTransferLocations();
+        createComponent();
+        await showNamespaceSelect();
+
+        expect(findAlert().exists()).toBe(true);
+      });
+    });
+
+    describe('when `currentUser` GraphQL query fails', () => {
+      it('displays error alert', async () => {
+        mockResolvedGetTransferLocations();
+        const error = new Error();
+        createComponent({
+          requestHandlers: [[currentUserNamespaceQuery, jest.fn().mockRejectedValueOnce(error)]],
+        });
+        await showNamespaceSelect();
+
+        expect(findAlert().exists()).toBe(true);
+      });
     });
   });
 
   describe('when `search` event is fired', () => {
     const arrange = async () => {
+      mockResolvedGetTransferLocations();
       createComponent();
-
+      await showNamespaceSelect();
+      mockResolvedGetTransferLocations();
       findNamespaceSelect().vm.$emit('search', 'foo');
-
       await nextTick();
     };
 
@@ -138,87 +214,106 @@ describe('Transfer project form', () => {
       expect(findNamespaceSelect().props('isSearchLoading')).toBe(true);
     });
 
-    it('passes `search` variable to query', async () => {
+    it('passes `search` param to API call', async () => {
       await arrange();
 
-      runDebounce();
       await waitForPromises();
 
-      expect(defaultQueryHandler).toHaveBeenCalledWith(expect.objectContaining({ search: 'foo' }));
+      expect(getTransferLocations).toHaveBeenCalledWith(
+        projectId,
+        expect.objectContaining({ search: 'foo' }),
+      );
+    });
+
+    describe('when `getTransferLocations` API call fails', () => {
+      it('displays dismissible error alert', async () => {
+        mockResolvedGetTransferLocations();
+        createComponent();
+        await showNamespaceSelect();
+        mockRejectedGetTransferLocations();
+        findNamespaceSelect().vm.$emit('search', 'foo');
+        await waitForPromises();
+
+        const alert = findAlert();
+
+        expect(alert.exists()).toBe(true);
+
+        alert.vm.$emit('dismiss');
+        await nextTick();
+
+        expect(alert.exists()).toBe(false);
+      });
     });
   });
 
   describe('when `load-more-groups` event is fired', () => {
-    let queryHandler;
-
     const arrange = async () => {
-      queryHandler = jest.fn();
-      queryHandler.mockResolvedValueOnce(
-        searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1,
-      );
-      queryHandler.mockResolvedValueOnce(
-        searchNamespacesWhereUserCanTransferProjectsQueryResponsePage2,
-      );
+      mockResolvedGetTransferLocations();
+      createComponent();
+      await showNamespaceSelect();
 
-      createComponent({
-        requestHandlers: [[searchNamespacesWhereUserCanTransferProjectsQuery, queryHandler]],
+      mockResolvedGetTransferLocations({
+        data: transferLocationsResponsePage2,
+        page: '2',
+        nextPage: null,
+        prevPage: '1',
       });
 
-      runDebounce();
-      await waitForPromises();
-
       findNamespaceSelect().vm.$emit('load-more-groups');
       await nextTick();
     };
 
-    it('sets `isLoadingMoreGroups` prop to `true`', async () => {
+    it('sets `isLoading` prop to `true`', async () => {
       await arrange();
 
-      expect(findNamespaceSelect().props('isLoadingMoreGroups')).toBe(true);
+      expect(findNamespaceSelect().props('isLoading')).toBe(true);
     });
 
-    it('passes `after` and `first` variables to query', async () => {
+    it('passes `page` param to API call', async () => {
       await arrange();
 
-      runDebounce();
       await waitForPromises();
 
-      expect(queryHandler).toHaveBeenCalledWith(
-        expect.objectContaining({
-          first: 25,
-          after:
-            searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1.data.currentUser.groups
-              .pageInfo.endCursor,
-        }),
+      expect(getTransferLocations).toHaveBeenCalledWith(
+        projectId,
+        expect.objectContaining({ page: 2 }),
       );
     });
 
     it('updates `groupNamespaces` prop with new groups', async () => {
       await arrange();
 
-      runDebounce();
       await waitForPromises();
 
-      expect(findNamespaceSelect().props('groupNamespaces')).toEqual(
-        [
-          ...searchNamespacesWhereUserCanTransferProjectsQueryResponsePage1.data.currentUser.groups
-            .nodes,
-          ...searchNamespacesWhereUserCanTransferProjectsQueryResponsePage2.data.currentUser.groups
-            .nodes,
-        ].map((node) => ({
-          id: getIdFromGraphQLId(node.id),
-          humanName: node.fullName,
-        })),
+      expect(findNamespaceSelect().props('groupNamespaces')).toMatchObject(
+        [...transferLocationsResponsePage1, ...transferLocationsResponsePage2].map(
+          ({ id, full_name: humanName }) => ({
+            id,
+            humanName,
+          }),
+        ),
       );
     });
 
     it('updates `hasNextPageOfGroups` prop', async () => {
       await arrange();
 
-      runDebounce();
       await waitForPromises();
 
       expect(findNamespaceSelect().props('hasNextPageOfGroups')).toBe(false);
     });
+
+    describe('when `getTransferLocations` API call fails', () => {
+      it('displays error alert', async () => {
+        mockResolvedGetTransferLocations();
+        createComponent();
+        await showNamespaceSelect();
+        mockRejectedGetTransferLocations();
+        findNamespaceSelect().vm.$emit('load-more-groups');
+        await waitForPromises();
+
+        expect(findAlert().exists()).toBe(true);
+      });
+    });
   });
 });
diff --git a/spec/frontend/vue_shared/components/color_select_dropdown/color_select_root_spec.js b/spec/frontend/vue_shared/components/color_select_dropdown/color_select_root_spec.js
index 441e21ee905..5b0772f6e34 100644
--- a/spec/frontend/vue_shared/components/color_select_dropdown/color_select_root_spec.js
+++ b/spec/frontend/vue_shared/components/color_select_dropdown/color_select_root_spec.js
@@ -3,7 +3,7 @@ import Vue from 'vue';
 import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import SidebarEditableItem from '~/sidebar/components/sidebar_editable_item.vue';
 import DropdownContents from '~/vue_shared/components/color_select_dropdown/dropdown_contents.vue';
 import DropdownValue from '~/vue_shared/components/color_select_dropdown/dropdown_value.vue';
@@ -146,7 +146,7 @@ describe('LabelsSelectRoot', () => {
     });
 
     it('creates flash with error message', () => {
-      expect(createFlash).toHaveBeenCalledWith({
+      expect(createAlert).toHaveBeenCalledWith({
         captureError: true,
         message: 'Error fetching epic color.',
       });
@@ -186,7 +186,7 @@ describe('LabelsSelectRoot', () => {
       findDropdownContents().vm.$emit('setColor', color);
       await waitForPromises();
 
-      expect(createFlash).toHaveBeenCalledWith({
+      expect(createAlert).toHaveBeenCalledWith({
         captureError: true,
         error: expect.anything(),
         message: 'An error occurred while updating color.',
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/store/modules/filters/actions_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/store/modules/filters/actions_spec.js
index 4140ec09b4e..66ef473f368 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/store/modules/filters/actions_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/store/modules/filters/actions_spec.js
@@ -3,7 +3,7 @@ import MockAdapter from 'axios-mock-adapter';
 import testAction from 'helpers/vuex_action_helper';
 import { mockBranches } from 'jest/vue_shared/components/filtered_search_bar/mock_data';
 import Api from '~/api';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import httpStatusCodes from '~/lib/utils/http_status';
 import * as actions from '~/vue_shared/components/filtered_search_bar/store/modules/filters/actions';
 import * as types from '~/vue_shared/components/filtered_search_bar/store/modules/filters/mutation_types';
@@ -159,7 +159,7 @@ describe('Filters actions', () => {
             },
           ],
           [],
-        ).then(() => expect(createFlash).toHaveBeenCalled());
+        ).then(() => expect(createAlert).toHaveBeenCalled());
       });
     });
   });
@@ -233,7 +233,7 @@ describe('Filters actions', () => {
           [],
         ).then(() => {
           expect(mock.history.get[0].url).toBe('/api/v1/groups/fake_group_endpoint/members');
-          expect(createFlash).toHaveBeenCalled();
+          expect(createAlert).toHaveBeenCalled();
         });
       });
 
@@ -252,7 +252,7 @@ describe('Filters actions', () => {
           [],
         ).then(() => {
           expect(mock.history.get[0].url).toBe('/api/v1/projects/fake_project_endpoint/users');
-          expect(createFlash).toHaveBeenCalled();
+          expect(createAlert).toHaveBeenCalled();
         });
       });
     });
@@ -298,7 +298,7 @@ describe('Filters actions', () => {
             },
           ],
           [],
-        ).then(() => expect(createFlash).toHaveBeenCalled());
+        ).then(() => expect(createAlert).toHaveBeenCalled());
       });
     });
   });
@@ -376,7 +376,7 @@ describe('Filters actions', () => {
           [],
         ).then(() => {
           expect(mock.history.get[0].url).toBe('/api/v1/groups/fake_group_endpoint/members');
-          expect(createFlash).toHaveBeenCalled();
+          expect(createAlert).toHaveBeenCalled();
         });
       });
 
@@ -395,7 +395,7 @@ describe('Filters actions', () => {
           [],
         ).then(() => {
           expect(mock.history.get[0].url).toBe('/api/v1/projects/fake_project_endpoint/users');
-          expect(createFlash).toHaveBeenCalled();
+          expect(createAlert).toHaveBeenCalled();
         });
       });
     });
@@ -441,7 +441,7 @@ describe('Filters actions', () => {
             },
           ],
           [],
-        ).then(() => expect(createFlash).toHaveBeenCalled());
+        ).then(() => expect(createAlert).toHaveBeenCalled());
       });
     });
   });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/author_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/author_token_spec.js
index 302dfabffb2..5371b9af475 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/author_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/author_token_spec.js
@@ -8,7 +8,7 @@ import { mount } from '@vue/test-utils';
 import MockAdapter from 'axios-mock-adapter';
 import { nextTick } from 'vue';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 
 import { DEFAULT_NONE_ANY } from '~/vue_shared/components/filtered_search_bar/constants';
@@ -140,13 +140,13 @@ describe('AuthorToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', () => {
+      it('calls `createAlert` with flash error message when request fails', () => {
         jest.spyOn(wrapper.vm.config, 'fetchAuthors').mockRejectedValue({});
 
         getBaseToken().vm.$emit('fetch-suggestions', 'root');
 
         return waitForPromises().then(() => {
-          expect(createFlash).toHaveBeenCalledWith({
+          expect(createAlert).toHaveBeenCalledWith({
             message: 'There was a problem fetching users.',
           });
         });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/branch_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/branch_token_spec.js
index 1de35daa3a5..05b42011fe1 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/branch_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/branch_token_spec.js
@@ -9,7 +9,7 @@ import MockAdapter from 'axios-mock-adapter';
 import { nextTick } from 'vue';
 import waitForPromises from 'helpers/wait_for_promises';
 
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { DEFAULT_NONE_ANY } from '~/vue_shared/components/filtered_search_bar/constants';
 import BranchToken from '~/vue_shared/components/filtered_search_bar/tokens/branch_token.vue';
@@ -87,13 +87,13 @@ describe('BranchToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', () => {
+      it('calls `createAlert` with flash error message when request fails', () => {
         jest.spyOn(wrapper.vm.config, 'fetchBranches').mockRejectedValue({});
 
         wrapper.vm.fetchBranches('foo');
 
         return waitForPromises().then(() => {
-          expect(createFlash).toHaveBeenCalledWith({
+          expect(createAlert).toHaveBeenCalledWith({
             message: 'There was a problem fetching branches.',
           });
         });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_contact_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_contact_token_spec.js
index c9879987931..5b744521979 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_contact_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_contact_token_spec.js
@@ -8,7 +8,7 @@ import Vue, { nextTick } from 'vue';
 import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { DEFAULT_NONE_ANY } from '~/vue_shared/components/filtered_search_bar/constants';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
@@ -94,7 +94,7 @@ describe('CrmContactToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', 'foo');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchGroupCrmContactsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'group',
             isProject: false,
@@ -108,7 +108,7 @@ describe('CrmContactToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', '5');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchGroupCrmContactsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'group',
             isProject: false,
@@ -134,7 +134,7 @@ describe('CrmContactToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', 'foo');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchProjectCrmContactsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'project',
             isProject: true,
@@ -148,7 +148,7 @@ describe('CrmContactToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', '5');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchProjectCrmContactsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'project',
             isProject: true,
@@ -159,7 +159,7 @@ describe('CrmContactToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', async () => {
+      it('calls `createAlert` with flash error message when request fails', async () => {
         mountComponent();
 
         jest.spyOn(wrapper.vm.$apollo, 'query').mockRejectedValue({});
@@ -167,7 +167,7 @@ describe('CrmContactToken', () => {
         getBaseToken().vm.$emit('fetch-suggestions');
         await waitForPromises();
 
-        expect(createFlash).toHaveBeenCalledWith({
+        expect(createAlert).toHaveBeenCalledWith({
           message: 'There was a problem fetching CRM contacts.',
         });
       });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_organization_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_organization_token_spec.js
index 16333b052e6..3a3e96032e8 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_organization_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/crm_organization_token_spec.js
@@ -8,7 +8,7 @@ import Vue, { nextTick } from 'vue';
 import VueApollo from 'vue-apollo';
 import createMockApollo from 'helpers/mock_apollo_helper';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import { getIdFromGraphQLId } from '~/graphql_shared/utils';
 import { DEFAULT_NONE_ANY } from '~/vue_shared/components/filtered_search_bar/constants';
 import BaseToken from '~/vue_shared/components/filtered_search_bar/tokens/base_token.vue';
@@ -93,7 +93,7 @@ describe('CrmOrganizationToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', 'foo');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchGroupCrmOrganizationsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'group',
             isProject: false,
@@ -107,7 +107,7 @@ describe('CrmOrganizationToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', '5');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchGroupCrmOrganizationsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'group',
             isProject: false,
@@ -133,7 +133,7 @@ describe('CrmOrganizationToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', 'foo');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchProjectCrmOrganizationsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'project',
             isProject: true,
@@ -147,7 +147,7 @@ describe('CrmOrganizationToken', () => {
           getBaseToken().vm.$emit('fetch-suggestions', '5');
           await waitForPromises();
 
-          expect(createFlash).not.toHaveBeenCalled();
+          expect(createAlert).not.toHaveBeenCalled();
           expect(searchProjectCrmOrganizationsQueryHandler).toHaveBeenCalledWith({
             fullPath: 'project',
             isProject: true,
@@ -158,7 +158,7 @@ describe('CrmOrganizationToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', async () => {
+      it('calls `createAlert` with flash error message when request fails', async () => {
         mountComponent();
 
         jest.spyOn(wrapper.vm.$apollo, 'query').mockRejectedValue({});
@@ -166,7 +166,7 @@ describe('CrmOrganizationToken', () => {
         getBaseToken().vm.$emit('fetch-suggestions');
         await waitForPromises();
 
-        expect(createFlash).toHaveBeenCalledWith({
+        expect(createAlert).toHaveBeenCalledWith({
           message: 'There was a problem fetching CRM organizations.',
         });
       });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/emoji_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/emoji_token_spec.js
index bf4a6eb7635..e8436d2db17 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/emoji_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/emoji_token_spec.js
@@ -8,7 +8,7 @@ import { mount } from '@vue/test-utils';
 import MockAdapter from 'axios-mock-adapter';
 import { nextTick } from 'vue';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 
 import {
@@ -93,13 +93,13 @@ describe('EmojiToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', () => {
+      it('calls `createAlert` with flash error message when request fails', () => {
         jest.spyOn(wrapper.vm.config, 'fetchEmojis').mockRejectedValue({});
 
         wrapper.vm.fetchEmojis('foo');
 
         return waitForPromises().then(() => {
-          expect(createFlash).toHaveBeenCalledWith({
+          expect(createAlert).toHaveBeenCalledWith({
             message: 'There was a problem fetching emojis.',
           });
         });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/label_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/label_token_spec.js
index 01e281884ed..8ca12afacec 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/label_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/label_token_spec.js
@@ -11,7 +11,7 @@ import {
   mockRegularLabel,
   mockLabels,
 } from 'jest/vue_shared/components/sidebar/labels_select_vue/mock_data';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 
 import { DEFAULT_NONE_ANY } from '~/vue_shared/components/filtered_search_bar/constants';
@@ -116,13 +116,13 @@ describe('LabelToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', () => {
+      it('calls `createAlert` with flash error message when request fails', () => {
         jest.spyOn(wrapper.vm.config, 'fetchLabels').mockRejectedValue({});
 
         wrapper.vm.fetchLabels('foo');
 
         return waitForPromises().then(() => {
-          expect(createFlash).toHaveBeenCalledWith({
+          expect(createAlert).toHaveBeenCalledWith({
             message: 'There was a problem fetching labels.',
           });
         });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/milestone_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/milestone_token_spec.js
index f71ba51fc5b..589697fe542 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/milestone_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/milestone_token_spec.js
@@ -8,7 +8,7 @@ import { mount } from '@vue/test-utils';
 import MockAdapter from 'axios-mock-adapter';
 import { nextTick } from 'vue';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import axios from '~/lib/utils/axios_utils';
 import { sortMilestonesByDueDate } from '~/milestones/utils';
 
@@ -112,13 +112,13 @@ describe('MilestoneToken', () => {
         });
       });
 
-      it('calls `createFlash` with flash error message when request fails', () => {
+      it('calls `createAlert` with flash error message when request fails', () => {
         jest.spyOn(wrapper.vm.config, 'fetchMilestones').mockRejectedValue({});
 
         wrapper.vm.fetchMilestones('foo');
 
         return waitForPromises().then(() => {
-          expect(createFlash).toHaveBeenCalledWith({
+          expect(createAlert).toHaveBeenCalledWith({
             message: 'There was a problem fetching milestones.',
           });
         });
diff --git a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/release_token_spec.js b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/release_token_spec.js
index 4bbbaab9b7a..0e5fa0f66d4 100644
--- a/spec/frontend/vue_shared/components/filtered_search_bar/tokens/release_token_spec.js
+++ b/spec/frontend/vue_shared/components/filtered_search_bar/tokens/release_token_spec.js
@@ -2,7 +2,7 @@ import { GlFilteredSearchToken, GlFilteredSearchTokenSegment } from '@gitlab/ui'
 import { mount } from '@vue/test-utils';
 import { nextTick } from 'vue';
 import waitForPromises from 'helpers/wait_for_promises';
-import createFlash from '~/flash';
+import { createAlert } from '~/flash';
 import ReleaseToken from '~/vue_shared/components/filtered_search_bar/tokens/release_token.vue';
 import { mockReleaseToken } from '../mock_data';
 
@@ -73,7 +73,7 @@ describe('ReleaseToken', () => {
     });
     await waitForPromises();
 
-    expect(createFlash).toHaveBeenCalledWith({
+    expect(createAlert).toHaveBeenCalledWith({
       message: 'There was a problem fetching releases.',
     });
   });
diff --git a/spec/frontend/vue_shared/components/namespace_select/namespace_select_spec.js b/spec/frontend/vue_shared/components/namespace_select/namespace_select_spec.js
index 2c14d65186b..6003f2b4c48 100644
--- a/spec/frontend/vue_shared/components/namespace_select/namespace_select_spec.js
+++ b/spec/frontend/vue_shared/components/namespace_select/namespace_select_spec.js
@@ -207,9 +207,9 @@ describe('Namespace Select', () => {
       expect(wrapper.emitted('load-more-groups')).toEqual([[]]);
     });
 
-    describe('when `isLoadingMoreGroups` prop is `true`', () => {
+    describe('when `isLoading` prop is `true`', () => {
       it('renders a loading icon', () => {
-        wrapper = createComponent({ hasNextPageOfGroups: true, isLoadingMoreGroups: true });
+        wrapper = createComponent({ hasNextPageOfGroups: true, isLoading: true });
 
         expect(wrapper.findComponent(GlLoadingIcon).exists()).toBe(true);
       });
@@ -223,4 +223,14 @@ describe('Namespace Select', () => {
       expect(wrapper.findComponent(GlSearchBoxByType).props('isLoading')).toBe(true);
     });
   });
+
+  describe('when dropdown is opened', () => {
+    it('emits `show` event', () => {
+      wrapper = createComponent();
+
+      findDropdown().vm.$emit('show');
+
+      expect(wrapper.emitted('show')).toEqual([[]]);
+    });
+  });
 });
diff --git a/spec/lib/gitlab/config_checker/external_database_checker_spec.rb b/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
index 933b6d6be9e..bf9c738a3e1 100644
--- a/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
+++ b/spec/lib/gitlab/config_checker/external_database_checker_spec.rb
@@ -6,36 +6,97 @@ RSpec.describe Gitlab::ConfigChecker::ExternalDatabaseChecker do
   describe '#check' do
     subject { described_class.check }
 
-    context 'when database meets minimum supported version' do
-      before do
-        allow(ApplicationRecord.database).to receive(:postgresql_minimum_supported_version?).and_return(true)
-      end
+    let(:old_database_version) { 8 }
+    let(:old_database) { instance_double(Gitlab::Database::Reflection) }
+    let(:new_database) { instance_double(Gitlab::Database::Reflection) }
 
-      it { is_expected.to be_empty }
+    before do
+      allow(Gitlab::Database::Reflection).to receive(:new).and_call_original
+      allow(old_database).to receive(:postgresql_minimum_supported_version?).and_return(false)
+      allow(old_database).to receive(:version).and_return(old_database_version)
+      allow(new_database).to receive(:postgresql_minimum_supported_version?).and_return(true)
     end
 
-    context 'when database does not meet minimum supported version' do
+    context 'with a single database' do
       before do
-        allow(ApplicationRecord.database).to receive(:postgresql_minimum_supported_version?).and_return(false)
+        skip_if_multiple_databases_are_setup
       end
 
-      let(:notice_deprecated_database) do
-        {
-          type: 'warning',
-          message: _('You are using PostgreSQL %{pg_version_current}, but PostgreSQL ' \
-                     '%{pg_version_minimum} is required for this version of GitLab. ' \
-                     'Please upgrade your environment to a supported PostgreSQL version, ' \
-                     'see %{pg_requirements_url} for details.') % {
-                                                                    pg_version_current: ApplicationRecord.database.version,
-                                                                    pg_version_minimum: Gitlab::Database::MINIMUM_POSTGRES_VERSION,
-                                                                    pg_requirements_url: '<a href="https://docs.gitlab.com/ee/install/requirements.html#database">database requirements</a>'
-                                                                  }
-        }
+      context 'when database meets minimum supported version' do
+        before do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(new_database)
+        end
+
+        it { is_expected.to be_empty }
       end
 
-      it 'reports deprecated database notice' do
-        is_expected.to contain_exactly(notice_deprecated_database)
+      context 'when database does not meet minimum supported version' do
+        before do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(old_database)
+        end
+
+        it 'reports deprecated database notice' do
+          is_expected.to contain_exactly(notice_deprecated_database(old_database_version))
+        end
+      end
+    end
+
+    context 'with a multiple database' do
+      before do
+        skip_if_multiple_databases_not_setup
+      end
+
+      context 'when both databases meets minimum supported version' do
+        before do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(new_database)
+          allow(Gitlab::Database::Reflection).to receive(:new).with(Ci::ApplicationRecord).and_return(new_database)
+        end
+
+        it { is_expected.to be_empty }
+      end
+
+      context 'when the one of the databases does not meet minimum supported version' do
+        it 'reports deprecated database notice if the main database is using an old version' do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(old_database)
+          allow(Gitlab::Database::Reflection).to receive(:new).with(Ci::ApplicationRecord).and_return(new_database)
+          is_expected.to contain_exactly(notice_deprecated_database(old_database_version))
+        end
+
+        it 'reports deprecated database notice if the ci database is using an old version' do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(new_database)
+          allow(Gitlab::Database::Reflection).to receive(:new).with(Ci::ApplicationRecord).and_return(old_database)
+          is_expected.to contain_exactly(notice_deprecated_database(old_database_version))
+        end
+      end
+
+      context 'when both databases do not meet minimum supported version' do
+        before do
+          allow(Gitlab::Database::Reflection).to receive(:new).with(ActiveRecord::Base).and_return(old_database)
+          allow(Gitlab::Database::Reflection).to receive(:new).with(Ci::ApplicationRecord).and_return(old_database)
+        end
+
+        it 'reports deprecated database notice' do
+          is_expected.to match_array [
+            notice_deprecated_database(old_database_version),
+            notice_deprecated_database(old_database_version)
+          ]
+        end
       end
     end
   end
+
+  def notice_deprecated_database(database_version)
+    {
+      type: 'warning',
+      message: _('You are using PostgreSQL %{pg_version_current}, but PostgreSQL ' \
+                     '%{pg_version_minimum} is required for this version of GitLab. ' \
+                     'Please upgrade your environment to a supported PostgreSQL version, ' \
+                     'see %{pg_requirements_url} for details.') % \
+        {
+          pg_version_current: database_version,
+          pg_version_minimum: Gitlab::Database::MINIMUM_POSTGRES_VERSION,
+          pg_requirements_url: Gitlab::ConfigChecker::ExternalDatabaseChecker::PG_REQUIREMENTS_LINK
+        }
+    }
+  end
 end
diff --git a/spec/models/project_statistics_spec.rb b/spec/models/project_statistics_spec.rb
index b2158baa670..f3f1e43f6c5 100644
--- a/spec/models/project_statistics_spec.rb
+++ b/spec/models/project_statistics_spec.rb
@@ -98,6 +98,8 @@ RSpec.describe ProjectStatistics do
   end
 
   describe '#refresh!' do
+    subject { statistics.refresh! }
+
     before do
       allow(statistics).to receive(:update_commit_count)
       allow(statistics).to receive(:update_repository_size)
@@ -111,7 +113,7 @@ RSpec.describe ProjectStatistics do
 
     context "without arguments" do
       before do
-        statistics.refresh!
+        subject
       end
 
       it "sums all counters" do
@@ -146,7 +148,7 @@ RSpec.describe ProjectStatistics do
         expect(project.repository.exists?).to be_falsey
         expect(project.wiki.repository.exists?).to be_falsey
 
-        statistics.refresh!
+        subject
 
         expect(statistics).to have_received(:update_commit_count)
         expect(statistics).to have_received(:update_repository_size)
@@ -174,7 +176,7 @@ RSpec.describe ProjectStatistics do
       end
 
       it 'does not crash' do
-        statistics.refresh!
+        subject
 
         expect(statistics).to have_received(:update_commit_count)
         expect(statistics).to have_received(:update_repository_size)
@@ -209,7 +211,7 @@ RSpec.describe ProjectStatistics do
           expect(Namespaces::ScheduleAggregationWorker)
             .to receive(:perform_async)
 
-          statistics.refresh!
+          subject
         end
       end
     end
@@ -238,9 +240,13 @@ RSpec.describe ProjectStatistics do
         expect(Namespaces::ScheduleAggregationWorker)
           .not_to receive(:perform_async)
 
-        statistics.refresh!
+        subject
       end
     end
+
+    it_behaves_like 'obtaining lease to update database' do
+      let(:model) { statistics }
+    end
   end
 
   describe '#update_commit_count' do
@@ -408,6 +414,8 @@ RSpec.describe ProjectStatistics do
   end
 
   describe '#refresh_storage_size!' do
+    subject { statistics.refresh_storage_size! }
+
     it 'recalculates storage size from its components and save it' do
       statistics.update_columns(
         repository_size: 2,
@@ -422,7 +430,11 @@ RSpec.describe ProjectStatistics do
         storage_size: 0
       )
 
-      expect { statistics.refresh_storage_size! }.to change { statistics.storage_size }.from(0).to(28)
+      expect { subject }.to change { statistics.storage_size }.from(0).to(28)
+    end
+
+    it_behaves_like 'obtaining lease to update database' do
+      let(:model) { statistics }
     end
   end
 
diff --git a/spec/requests/api/pages_domains_spec.rb b/spec/requests/api/pages_domains_spec.rb
index cd4e8b30d8f..8b045a32e47 100644
--- a/spec/requests/api/pages_domains_spec.rb
+++ b/spec/requests/api/pages_domains_spec.rb
@@ -378,6 +378,17 @@ RSpec.describe API::PagesDomains do
         expect(pages_domain_secure.auto_ssl_enabled).to be false
       end
 
+      it 'publishes PagesDomainUpdatedEvent event' do
+        expect { put api(route_secure_domain, user), params: { certificate: nil, key: nil } }
+          .to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+          .with(
+            project_id: project.id,
+            namespace_id: project.namespace.id,
+            root_namespace_id: project.root_namespace.id,
+            domain: pages_domain_secure.domain
+          )
+      end
+
       it 'updates pages domain adding certificate' do
         put api(route_domain, user), params: params_secure
         pages_domain.reload
@@ -446,22 +457,29 @@ RSpec.describe API::PagesDomains do
         end.to change { pages_domain.reload.certificate_source }.from('gitlab_provided').to('user_provided')
       end
 
-      it 'fails to update pages domain adding certificate without key' do
-        put api(route_domain, user), params: params_secure_nokey
+      context 'with invalid params' do
+        it 'fails to update pages domain adding certificate without key' do
+          put api(route_domain, user), params: params_secure_nokey
 
-        expect(response).to have_gitlab_http_status(:bad_request)
-      end
+          expect(response).to have_gitlab_http_status(:bad_request)
+        end
 
-      it 'fails to update pages domain adding certificate with missing chain' do
-        put api(route_domain, user), params: pages_domain_secure_missing_chain_params.slice(:certificate)
+        it 'does not publish PagesDomainUpdatedEvent event' do
+          expect { put api(route_domain, user), params: params_secure_nokey }
+            .not_to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+        end
 
-        expect(response).to have_gitlab_http_status(:bad_request)
-      end
+        it 'fails to update pages domain adding certificate with missing chain' do
+          put api(route_domain, user), params: pages_domain_secure_missing_chain_params.slice(:certificate)
 
-      it 'fails to update pages domain with key missmatch' do
-        put api(route_secure_domain, user), params: pages_domain_secure_key_missmatch_params.slice(:certificate, :key)
+          expect(response).to have_gitlab_http_status(:bad_request)
+        end
 
-        expect(response).to have_gitlab_http_status(:bad_request)
+        it 'fails to update pages domain with key missmatch' do
+          put api(route_secure_domain, user), params: pages_domain_secure_key_missmatch_params.slice(:certificate, :key)
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+        end
       end
     end
 
diff --git a/spec/services/pages_domains/update_service_spec.rb b/spec/services/pages_domains/update_service_spec.rb
new file mode 100644
index 00000000000..f6558f56422
--- /dev/null
+++ b/spec/services/pages_domains/update_service_spec.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe PagesDomains::UpdateService do
+  let_it_be(:user) { create(:user) }
+  let_it_be(:pages_domain) { create(:pages_domain, :with_project) }
+
+  let(:params) do
+    attributes_for(:pages_domain, :with_trusted_chain).slice(:key, :certificate).tap do |params|
+      params[:user_provided_key] = params.delete(:key)
+      params[:user_provided_certificate] = params.delete(:certificate)
+    end
+  end
+
+  subject(:service) { described_class.new(pages_domain.project, user, params) }
+
+  context 'when the user does not have the required permissions' do
+    it 'does not update the pages domain and does not publish a PagesDomainUpdatedEvent' do
+      expect do
+        expect(service.execute(pages_domain)).to be_nil
+      end.to not_publish_event(PagesDomains::PagesDomainUpdatedEvent)
+    end
+  end
+
+  context 'when the user has the required permissions' do
+    before do
+      pages_domain.project.add_maintainer(user)
+    end
+
+    context 'when it updates the domain successfully' do
+      it 'updates the domain' do
+        expect(service.execute(pages_domain)).to eq(true)
+      end
+
+      it 'publishes a PagesDomainUpdatedEvent' do
+        expect { service.execute(pages_domain) }
+          .to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+          .with(
+            project_id: pages_domain.project.id,
+            namespace_id: pages_domain.project.namespace.id,
+            root_namespace_id: pages_domain.project.root_namespace.id,
+            domain: pages_domain.domain
+          )
+      end
+    end
+
+    context 'when it fails to update the domain' do
+      let(:params) { { user_provided_certificate: 'blabla' } }
+
+      it 'does not update a pages domain' do
+        expect(service.execute(pages_domain)).to be(false)
+      end
+
+      it 'does not publish a PagesDomainUpdatedEvent' do
+        expect { service.execute(pages_domain) }
+          .not_to publish_event(PagesDomains::PagesDomainUpdatedEvent)
+      end
+    end
+  end
+end
diff --git a/spec/support/helpers/exclusive_lease_helpers.rb b/spec/support/helpers/exclusive_lease_helpers.rb
index 95cfc56c273..06e5ae5427c 100644
--- a/spec/support/helpers/exclusive_lease_helpers.rb
+++ b/spec/support/helpers/exclusive_lease_helpers.rb
@@ -2,6 +2,8 @@
 
 module ExclusiveLeaseHelpers
   def stub_exclusive_lease(key = nil, uuid = 'uuid', renew: false, timeout: nil)
+    prepare_exclusive_lease_stub
+
     key     ||= instance_of(String)
     timeout ||= instance_of(Integer)
 
@@ -37,4 +39,21 @@ module ExclusiveLeaseHelpers
       .to receive(:cancel)
       .with(key, uuid)
   end
+
+  private
+
+  # This prepares the stub to be able to stub specific lease keys
+  # while allowing unstubbed lease keys to behave as original.
+  #
+  # allow(Gitlab::ExclusiveLease).to receive(:new).and_call_original
+  # can only be called once to prevent resetting stubs when
+  # `stub_exclusive_lease` is called multiple times.
+  def prepare_exclusive_lease_stub
+    return if @exclusive_lease_allowed_to_call_original
+
+    allow(Gitlab::ExclusiveLease)
+      .to receive(:new).and_call_original
+
+    @exclusive_lease_allowed_to_call_original = true
+  end
 end
diff --git a/spec/support/shared_examples/models/concerns/counter_attribute_shared_examples.rb b/spec/support/shared_examples/models/concerns/counter_attribute_shared_examples.rb
index 91e517270ff..ea4ba536403 100644
--- a/spec/support/shared_examples/models/concerns/counter_attribute_shared_examples.rb
+++ b/spec/support/shared_examples/models/concerns/counter_attribute_shared_examples.rb
@@ -92,8 +92,8 @@ RSpec.shared_examples_for CounterAttribute do |counter_attributes|
     it 'obtains an exclusive lease during processing' do
       expect(model)
         .to receive(:in_lock)
-        .with(model.counter_lock_key(incremented_attribute), ttl: described_class::WORKER_LOCK_TTL)
-        .and_call_original
+              .with(model.counter_lock_key(incremented_attribute), ttl: described_class::WORKER_LOCK_TTL)
+              .and_call_original
 
       subject
     end
@@ -186,31 +186,88 @@ RSpec.shared_examples_for CounterAttribute do |counter_attributes|
     end
   end
 
-  describe '#clear_counter!' do
+  describe '#reset_counter!' do
     let(:attribute) { counter_attributes.first }
 
     before do
+      model.update!(attribute => 123)
       model.increment_counter(attribute, 10)
     end
 
-    it 'deletes the counter key for the given attribute and logs it' do
-      expect(Gitlab::AppLogger).to receive(:info).with(
-        hash_including(
-          message: 'Clear counter attribute',
-          attribute: attribute,
-          project_id: model.project_id,
-          'correlation_id' => an_instance_of(String),
-          'meta.feature_category' => 'test',
-          'meta.caller_id' => 'caller'
-        )
-      )
+    subject { model.reset_counter!(attribute) }
 
-      model.clear_counter!(attribute)
+    it 'resets the attribute value to 0 and clears existing counter', :aggregate_failures do
+      expect { subject }.to change { model.reload.send(attribute) }.from(123).to(0)
 
       Gitlab::Redis::SharedState.with do |redis|
         key_exists = redis.exists?(model.counter_key(attribute))
         expect(key_exists).to be_falsey
       end
     end
+
+    it_behaves_like 'obtaining lease to update database' do
+      context 'when the execution raises error' do
+        before do
+          allow(model).to receive(:update!).and_raise(StandardError, 'Something went wrong')
+        end
+
+        it 'reraises error' do
+          expect { subject }.to raise_error(StandardError, 'Something went wrong')
+        end
+      end
+    end
+  end
+
+  describe '#update_counters_with_lease' do
+    let(:increments) { { build_artifacts_size: 1, packages_size: 2 } }
+
+    subject { model.update_counters_with_lease(increments) }
+
+    it 'updates counters of the record' do
+      expect { subject }
+        .to change { model.reload.build_artifacts_size }.by(1)
+        .and change { model.reload.packages_size }.by(2)
+    end
+
+    it_behaves_like 'obtaining lease to update database' do
+      context 'when the execution raises error' do
+        before do
+          allow(model.class).to receive(:update_counters).and_raise(StandardError, 'Something went wrong')
+        end
+
+        it 'reraises error' do
+          expect { subject }.to raise_error(StandardError, 'Something went wrong')
+        end
+      end
+    end
+  end
+end
+
+RSpec.shared_examples 'obtaining lease to update database' do
+  context 'when it is unable to obtain lock' do
+    before do
+      allow(model).to receive(:in_lock).and_raise(Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError)
+    end
+
+    it 'logs a warning' do
+      allow(model).to receive(:in_lock).and_raise(Gitlab::ExclusiveLeaseHelpers::FailedToObtainLockError)
+
+      expect(Gitlab::AppLogger).to receive(:warn).once
+
+      expect { subject }.not_to raise_error
+    end
+  end
+
+  context 'when feature flag counter_attribute_db_lease_for_update is disabled' do
+    before do
+      stub_feature_flags(counter_attribute_db_lease_for_update: false)
+      allow(model).to receive(:in_lock).and_call_original
+    end
+
+    it 'does not attempt to get a lock' do
+      expect(model).not_to receive(:in_lock)
+
+      subject
+    end
   end
 end
diff --git a/spec/views/layouts/_flash.html.haml_spec.rb b/spec/views/layouts/_flash.html.haml_spec.rb
index a4bed09368f..437cb940c9e 100644
--- a/spec/views/layouts/_flash.html.haml_spec.rb
+++ b/spec/views/layouts/_flash.html.haml_spec.rb
@@ -3,9 +3,20 @@
 require 'spec_helper'
 
 RSpec.describe 'layouts/_flash' do
+  let_it_be(:template) { 'layouts/_flash' }
+  let_it_be(:flash_container_no_margin_class) { 'flash-container-no-margin' }
+
+  let(:locals) { {} }
+
   before do
     allow(view).to receive(:flash).and_return(flash)
-    render
+    render(template: template, locals: locals)
+  end
+
+  describe 'default' do
+    it 'does not render flash container no margin class' do
+      expect(rendered).not_to have_selector(".#{flash_container_no_margin_class}")
+    end
   end
 
   describe 'closable flash messages' do
@@ -35,4 +46,12 @@ RSpec.describe 'layouts/_flash' do
       end
     end
   end
+
+  describe 'with flash_class in locals' do
+    let(:locals) { { flash_container_no_margin: true } }
+
+    it 'adds class to flash-container' do
+      expect(rendered).to have_selector(".flash-container.#{flash_container_no_margin_class}")
+    end
+  end
 end
diff --git a/spec/views/layouts/fullscreen.html.haml_spec.rb b/spec/views/layouts/fullscreen.html.haml_spec.rb
index 14b382bc238..c29099df1bd 100644
--- a/spec/views/layouts/fullscreen.html.haml_spec.rb
+++ b/spec/views/layouts/fullscreen.html.haml_spec.rb
@@ -16,6 +16,13 @@ RSpec.describe 'layouts/fullscreen' do
     expect(rendered).to have_selector(".gl--flex-full.gl-w-full")
   end
 
+  it 'renders flash container' do
+    render
+
+    expect(view).to render_template("layouts/_flash")
+    expect(rendered).to have_selector(".flash-container.flash-container-no-margin")
+  end
+
   it_behaves_like 'a layout which reflects the application theme setting'
 
   describe 'sidebar' do