Discussion: Prerequisites to Container Registry executing their own post deployment migrations

Context

In #21611 (closed), we announced that Container Registry PDMs can now be executed via CI pipeline. However, the current process still requires an SRE to trigger the execution via a Change Request (CR).

The parent epic gitlab-org&17933 (closed) describes a goal of fully automating PDM execution. During the grand review, Marin expressed concerns about giving the Container Registry team access to execute their own post deployment migrations without having an on-call rotation.

Purpose

This issue is to discuss and document the prerequisites needed before the Container Registry team can execute their own PDMs without external SRE involvement.

Key Considerations

1. On-call rotation: The Container Registry team currently does not have an on-call rotation, which was identified as a blocker for self-service PDM execution
2. Tier 2 support: A potential path forward is establishing a tier 2 rotation with the Package stage, where coverage is provided during regular working hours
3. Risk mitigation: What safeguards need to be in place to ensure safe execution of PDMs without SRE involvement?
4. Training and documentation: What knowledge and procedures does the team need before taking ownership?

Expected Outcome

A clear list of requirements and action items that, once completed, would enable the Container Registry team to execute their own PDMs and achieve full automation.