Use ref instead of sha for CI config variables

See merge request gitlab-org/gitlab!67262

A SHA cannot be used as a ref for this purpose. The ref is meant to be
a branch name or a tag name, and it is used to decide if the branch
or tag is protected. Passing a sha results in the ref getting treated
as unprotected, unless the sha happens to match a protected branch or
tag (which is a security issue).

See https://gitlab.com/gitlab-org/gitlab/-/issues/337344

[RUN AS-IF-FOSS] Move read_only/read_write back to Gitlab::Database

See merge request gitlab-org/gitlab!67149

Replace Vulnerabilities::Feedback.only_valid_feedback without joining ci

See merge request gitlab-org/gitlab!67010

Add secret_detection to security_orchestration_policy JSON schema

See merge request gitlab-org/gitlab!67124

[VSA] Split Vuex actions into separate files

See merge request gitlab-org/gitlab!67113

Inject kubectl-compatible config file into the CI job

See merge request gitlab-org/gitlab!67089

Update Gitaly version

See merge request gitlab-org/gitlab!67307

Add specs for private container registry

See merge request gitlab-org/gitlab!65831

This change adds secret_detection to security_orchestration_policy
JSON schema and also discard other fields related to dast.

EE: true
Changelog: added

Label CPU bound monitor group workers as such

See merge request gitlab-org/gitlab!66895

Expose created_at to billable members API

See merge request gitlab-org/gitlab!67127

Remove old unused images from docs

See merge request gitlab-org/gitlab!67302

These images are no longer in use and should be removed
to save space

Replace image with smaller iteration

See merge request gitlab-org/gitlab!67200

Check for N+1 in CommitReferenceFilter

See merge request gitlab-org/gitlab!67079

Add Ci::Pipeline source for DAST site validation

See merge request gitlab-org/gitlab!66991

- Adds new source called ondemand_dast_validation
- Indicates new source is dangling
- Switches over to using new source for DAST validation
- Updates the specs accordingly

Fix fixtures for projects in the user namespace

See merge request gitlab-org/gitlab!67222

Separate CE from EE components on secure configuration form

See merge request gitlab-org/gitlab!67177

Fix remove runner failed error

See merge request gitlab-org/gitlab!67183

Update hash for vulnerability

See merge request gitlab-org/gitlab!67132

Merge branch 'change_the_place_we_set_latest_pipeline_id_and_mark_project_as_vulnerable' into 'master'

Set `latest_pipeline_id` and mark project as vulnerable first

See merge request gitlab-org/gitlab!67165

Fix more Database/MultipleDatabases offenses

See merge request gitlab-org/gitlab!67140

Gracefully exit from escalation workers on failure

See merge request gitlab-org/gitlab!66292

Merge branch '254268-replace-bootstrap-modal-in-app-views-projects-deployments-_rollback-haml' into 'master'

Replace bootstrap modal in app/views/projects/deployments/_rollback.haml

See merge request gitlab-org/gitlab!66808

Current `StoreReportService` can raise exception to prevent us from
updating the `latest_pipeline_id` and marking the project as vulnerable
therefore we need to update these even before running the store report
service logic.

Changelog: fixed
EE: true

Add vulnerabilities_allowed into the sync worker

See merge request gitlab-org/gitlab!66679

Fix broken master: Use clean_gitlab_redis_cache for test

See merge request gitlab-org/gitlab!67287

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67132

Migrate auto rollback checkbox to gitlab_ui_checkbox_component

See merge request gitlab-org/gitlab!66782

Update phase reference to reflect correct data flow stage

See merge request gitlab-org/gitlab!66862

Add missing . to jq log parsing example

See merge request gitlab-org/gitlab!67268