Adjust security process to use the new changelog process
The new changelog workflow has been rolled out #1564 (closed), no new files can be pushed to changelogs/unreleased
, instead we need to use git trailers as specified here https://docs.gitlab.com/ee/development/changelog.html#overview. We need to adjust our security process to reflect this
To do
-
Adjust security developer template for GitLab project https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/merge_request_templates/Security%20Release.md#L19 - gitlab-org/gitlab!62324 (merged) -
Adjust the security developer template for the satellite projects -
Omnibus - gitlab-org/omnibus-gitlab!5288 (merged) -
Gitaly - gitlab-org/gitaly!3535 (merged) -
Pages - gitlab-org/gitlab-pages!490 (merged)
-
-
There's a push rule that prevents new entries into changelogs/unreleased
to be added on GitLab Security. This is going to prevent the automatic merging of security releases. We might to communicate this to the security issues associated with the upcoming security release https://gitlab.com/gitlab-org/gitlab/-/issues/329327-
Use notify
command to communicate this broadly - Slack link - Internal only -
Communicate this to security issues associated to the security release. https://gitlab.com/gitlab-org/gitlab/-/issues/329327#note_583745690
-
Repository setting |
---|
-
Remove db changelog requirement from stable branches -
13-12-stable-ee
- gitlab-org/gitlab!62493 (merged) -
13-11-stable-ee
- gitlab-org/gitlab!62509 (merged) -
13-10-stable-ee
- gitlab-org/gitlab!62519 (merged)
-
Edited by Mayra Cabrera