Automatically create the security release pipeline and link to the task template
🌏 Overview
We are automating the first steps of the security release as part of reducing release manager workload during security releases.
Part of that automation includes introducing a new security-prepare
pipeline to run the majority of the "first steps" tasks in the security release task issue.
sequenceDiagram
Note over security-prepare pipeline: This issue
security-prepare pipeline-->>+security-prepare pipeline: Start (manual job)
security-prepare pipeline-->>+security-prepare pipeline: Other preparation jobs
🖋 Proposal
-
Change the
security_release_prepare:start
to bemanual
so that when the pipeline is created, no jobs are started. The release manager will then be able to start thesecurity_release_prepare
stage by manually starting that job. -
Update the security:prepare task so that when the
SECURITY_RELEASE_PIPELINE
feature flag is enabled, asecurity-release
pipeline is created. -
In the security_patch template replace the task that says
Run a pipeline with $SECURITY_RELEASE_PIPELINE set to 'prepare'
with a task that says:- [ ] Start the `security_release_prepare:start` job in the security release pipeline: <pipeline_url from step 2>.
Once all of the security-prepare
pipeline jobs are created, when the security_release_pipeline
feature flag is enabled, the "First Steps" section should look like:
## First steps
- [ ] Set the Due date on this issue with the planned Security publish date
- [ ] Modify the dates below to accurately reflect the plan of action.
- [ ] Verify if there are security fixes for projects under GitLab managed versioning model. If there are, adjust this issue [following the instructions](https://gitlab.com/gitlab-org/release/docs/-/blob/master/components/managed-versioning/security_release.md#release-manager-process).
- [ ] Start the `security_release_prepare:start` job in the security release pipeline: <pipeline_url from step 2>.
- [ ] Ensure the `security_release:prepare` stage completes before continuing to the next section.