How should we manage CI variables on the security mirrors
Copied from slack:
Can Maintainers of omnibus-gitlab be made Maintainers of the security mirror at https://gitlab.com/gitlab-org/security/omnibus-gitlab/, instead of just developers only ? Can someone with access please copy the GITLAB_BOT_MULTI_PROJECT_PIPELINE_POLLING_TOKEN variable from omnibus-gitlab to the security mirror?
gitlab-org/omnibus-gitlab!4595 (merged) requires it, to enable building packages against omnibus-gitlab security MRs. I need to check if there are any new token models that will avoid usage of a specific PAT like this, but for now, this is what we use in omnibus-gitlab so it might be easier just to copy it.
It's a bit strange for us to have select CI vars on the security mirrors without a way to manage them, maybe we should sync them automatically using the API? Otherwise this will end up being a mess for us to keep track of what CI vars need to be copied and which ones only need to remain on gitlab.com.
Note that dev has a large set of CI vars, and I assume some of these are specific to package building on dev so sync'ing everything from canonical -> security -> dev may not work for us.
@gitlab-org/delivery what do you think?