Automatically cherry-pick security fixes into the current auto-deploy branch
Problem
Security fixes targeting the default branch are merged using Merge When Pipeline Succeeds strategy, once they're merged we need to wait for them to be included in the next auto-deploy branch, this imposes some inconveniences:
- Next auto-deploy branch can be created hours later, which can delay the production deployment of security fixes
- Security fixes are deployed along with regular fixes. This is normally not a problem, but there might be a case in which we can to deploy security fixes independently
Proposal
Once the security fixes targeting the default branch are merged our tooling should cherry-pick them automatically into the auto-deploy branch
Edited by Mayra Cabrera