Add latest changes from gitlab-org/gitlab@master

2 files changed, 45 insertions, 2 deletions

diff --git a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
index 5fca3513ff7..389429f3f0f 100644
--- a/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
+++ b/doc/ci/examples/authenticating-with-hashicorp-vault/index.md
@@ -277,3 +277,19 @@ read_secrets:
 ```
 
 ![read_secrets production](img/vault-read-secrets-production.png)
+
+### Limit token access to Vault secrets
+
+You can control `CI_JOB_JWT` access to Vault secrets by using Vault protections
+and GitLab features. For example, restrict the token by:
+
+- Using Vault [bound_claims](https://www.vaultproject.io/docs/auth/jwt#bound-claims)
+  for specific groups using `group_claim`.
+- Hard coding values for Vault bound claims based on the `user_login` and `user_email`
+  of specific users.
+- Setting Vault time limits for TTL of the token as specified in [`token_explicit_max_ttl`](https://www.vaultproject.io/api/auth/jwt#token_explicit_max_ttl),
+  where the token expires after authentication.
+- Scoping the JWT to [GitLab projected branches](../../../user/project/protected_branches.md)
+  that are restricted to a subset of project users.
+- Scoping the JWT to [GitLab projected tags](../../../user/project/protected_tags.md),
+  that are restricted to a subset of project users.
diff --git a/doc/ci/yaml/artifacts_reports.md b/doc/ci/yaml/artifacts_reports.md
index e010dd21b9e..bd28d917cd7 100644
--- a/doc/ci/yaml/artifacts_reports.md
+++ b/doc/ci/yaml/artifacts_reports.md
@@ -80,9 +80,14 @@ GitLab can display the results of one or more reports in:
 - The [security dashboard](../../user/application_security/security_dashboard/index.md).
 - The [Project Vulnerability report](../../user/application_security/vulnerability_report/index.md).
 
-## `artifacts:reports:cobertura`
+## `artifacts:reports:cobertura` (DEPRECATED)
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3708) in GitLab 12.9.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/3708) in GitLab 12.9.
+> - [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78132) in GitLab 14.9.
+
+WARNING:
+This feature is in its end-of-life process. It is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78132) for use in GitLab
+14.8 and replaced with `artifacts:reports:coverage_report`.
 
 The `cobertura` report collects [Cobertura coverage XML files](../../user/project/merge_requests/test_coverage_visualization.md).
 The collected Cobertura coverage reports upload to GitLab as an artifact.
@@ -93,6 +98,28 @@ GitLab can display the results of one or more reports in the merge request
 Cobertura was originally developed for Java, but there are many third-party ports for other languages such as
 JavaScript, Python, and Ruby.
 
+## `artifacts:reports:coverage_report`
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/344533) in GitLab 14.9.
+
+Use `coverage_report` to collect coverage report in Cobertura format, similar to `artifacts:reports:cobertura`.
+
+NOTE:
+`artifacts:reports:coverage_report` cannot be used at the same time with `artifacts:reports:cobertura`.
+
+```yaml
+artifacts:
+  reports:
+    coverage_report:
+      coverage_format: cobertura
+      path: coverage/cobertura-coverage.xml
+```
+
+The collected coverage report is uploaded to GitLab as an artifact.
+
+GitLab can display the results of coverage report in the merge request
+[diff annotations](../../user/project/merge_requests/test_coverage_visualization.md).
+
 ## `artifacts:reports:codequality`
 
 > [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/212499) to GitLab Free in 13.2.