Drop the nightly build jobs from the security pipeline
Context
Because of project mirroring, nightly builds had to be disabled during patch releases, this was done to avoid security fixes from being leaked to the public before they were published. The nightly builds were disabled when the disable_omnibus_nightly
job (example), and enabled at the end of the patch release by the enable_omnibus_nightly
job (example). Both jobs are present on a security pipeline https://ops.gitlab.net/gitlab-org/release/tools/-/pipelines/3087102
https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8357 switched the nightly builds from dev to canonical, meaning they no longer contain security fixes. gitlab-org/release-tools!2915 (merged) introduced a feature flag to skip the omnibus build jobs during the patch release.
Proposal
Because nightly builds are no longer a risk, the code that disables and enables them can be removed from release-tools:
-
Remove the nightly build configuration from the security ci pipeline -
Remove the ruby class that enables and disables the code -
Drop the feature flag from ops https://ops.gitlab.net/gitlab-org/release/tools/-/feature_flags (this should be done as the last step, once all the code is merged)