Security pipeline finalize stage - enable omnibus builds

🔭 Overview

We are automating the final steps of the security release as part of reducing release manager workload during security releases. Each section of tasks in the security release task issue will in turn become its own stage in the security release pipeline. The goal is to remove those tasks entirely, allowing the release manager to start a stage of a pipeline on the appropriate date and only pay attention if something fails, which they will be notified of in slack.

This issue covers the enable_omnibus_nightly job in the security_release:finalize stage, which closes the security implementation issues on the security project.

Click to expand pipeline diagram

sequenceDiagram
    security_release start-->>+security_release prepare: Start job
    security_release prepare-->>+security_release prepare: Other jobs
    security_release finalize start-->>+security_release finalize: Start job
    security_release finalize-->>+security_release finalize: sync_remotes
    security_release finalize-->>+security_release finalize: mirror_status
    security_release finalize-->>+security_release finalize: close_security_implementation_issues
    security_release finalize-->>+security_release finalize: notify_release
    Note over security_release finalize: This issue
    security_release finalize-->>+security_release finalize: enable_omnibus_nightly
    security_release finalize-->>+security_release finalize: enable_gitaly_update_task
    security_release finalize-->>+security_release finalize: close_security_tracking_issue
    security_release finalize-->>+security_release finalize: notify_upcoming_release_managers
    security_release finalize-->>+security_release finalize: verify_tags_synced
    security_release finalize-->>+security_release finalize: link_tracking_issue_in_slack

📣 Proposal

Add a job, security_release_finalize:enable_omnibus_nightly that runs a rake task to enable omnibus nightly builds. A new method for enabling this can be added to ReleaseTools::Security::Prepare::OmnibusNightly#enable.
Move the step Enable Omnibus nightly builds by setting the schedules to active... in security_patch.rb behind the :security_release_pipeline feature flag.
If any failure occurs, the job should output the manual instructions for completing this task.

Implementation details

Adjust code gitlab-org/release-tools!2502 (diffs)
Testing gitlab-org/release-tools!2502 (merged)
Unprotect and remove branch from release/tools ops
Delete branch from release/tools in ops

Edited Jul 19, 2023 by Mayra Cabrera