Modify the way release-tools processes security merge requests

After, we discovered security MR's targeting master can be merged as soon as they're ready. We need to modify our tooling to allow such change.

FYI: Most of the implementation details were taken care of on https://gitlab.com/gitlab-org/release-tools/-/issues/471, but they're under a feature flag.

Proposal

Enable Pipelines for merged results - #1107 (closed)
Merge requests targeting master are merged during the 23rd to the 28th
- They're only merged if they're ready to be processed
- They're merged by triggering a new pipeline
- Only MRs associated to GitLab and Omnibus are considered on this phase.
Backports, and MRs associated to other GitLab subcomponents ( Gitaly, Pages, etc) are merged during the Security Release
- They're merged immediately (without triggering a new pipeline)

Change ImplementationIssue. merge_requests_targeting_stable to backports - gitlab-org/release-tools!1182 (merged)
MergeRequestsBatchMerger should we rename? We only merge backports and MRs for the rest of the GitLab components in batches - https://gitlab.com/gitlab-org/release-tools/-/issues/486

Create a fake security release tracking issue - https://gitlab.com/gitlab-org/gitlab/-/issues/249580
Prepare 3 security implementation issues
- One belonging to GitLab Security - https://gitlab.com/gitlab-org/security/gitlab/-/issues/254
- One belonging to Omnibus GitLab - https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/10
- One belonging to Gitaly - https://gitlab.com/gitlab-org/security/gitaly/-/issues/3
Associate the security issues to the fake security release tracking issue
Ensure all the security issues are valid

Execute /chatops run release merge --dry-run --security --master command. #1122 (comment 418220733)
- Ensure that MRs associated to GitLab and Omnibus security issues are processed
- Ensure that MR associated with Gitaly is not processed

Create a new implementation issue - https://gitlab.com/gitlab-org/security/gitlab/-/issues/258
Associate any merged merge request targeting master
Associate the backports
Ensure new implementation issue is valid
Associate this implementation issue to the fake security release tracking issue
Execute /chatops run release merge --dry-run --security command. Ensure:
- Backports and Gitaly MR's are processed

During the 23rd to 28th window, should we only merge MR associated to GitLab project, what about MRs for the rest of the GitLab ecosystem components (Omnibus, Gitaly, Pages)?
- Only for GitLab and Omnibus project, rest of the MRs will be merged during the Security Release
Should we still pick MRs targeting master into the auto-deploy branch? Given these are created every 6h, they will be included in the next auto-deploy branch.
- Auto-deploy branches scheduled was modified from 6h to 8h. For the first iteration, let's not pick them into the auto-deploy branch.

DeliveryP1 Notify Release Managers if a security merge request was not merged - #1232 (closed)
DeliveryP2 Allow for patch releases to be created during the security early merge phase without leaking the security fixes https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/1208
DeliveryP2 Triggering pipelines for Omnibus security merge requests is failing - #1244 (closed)
DeliveryP3 - Update gitaly version on Security - #1236
DeliveryP3 Improve release merge --security command #1162 (closed)
DeliveryP3 Create a scheduled for merging MR'st targeting master from the 23rd to the 28th - #1237 (closed)
DeliveryP3 Security validation is preventing security merge requests to be merged - #1231 (closed)
DeliveryP3 Issues with MR master merged and unassigned to the bot are not considered valid - #1122 (closed)

Edited Oct 01, 2020 by Mayra Cabrera