Add PCL blocker for k8s-workloads/gitlab-com repo
Problem Description
We do not have a PCL blocker to prevent changes to production coming from the k8s-workloads/gitlab-com
repo when a PCL is active!
Solution
Multiple projects already have a PCL check job. Let's copy cat that into our repository.
Additional Details
- PCL Definition: https://about.gitlab.com/handbook/engineering/infrastructure/change-management/#production-change-lock-pcl
- PCL Checker: https://gitlab.com/gitlab-com/gl-infra/change-lock
- Example Project that leverages this already: https://ops.gitlab.net/gitlab-com/gl-infra/config-mgmt
Implemented
- Added a
change-lock
job that runs on https://ops.gitlab.net/gitlab-com/gl-infra/k8s-workloads/gitlab-com/ pipelines. It checks if there is an active PCL and fails if there is. - Added a
notify-mr-on-failure
job that adds a comment on the MR in https://gitlab.com/gitlab-com/gl-infra/k8s-workloads/gitlab-com/ if the corresponding ops pipeline fails.
I've labeled this as a - #19466 (comment 1472456624)corrective action
to get ahead of the fact that this would end up being one in the face of an incident
Edited by Reuben Pereira