Generated Changelog.md might be empty for security releases; causing confusion
Problem to solve
The generated Changelog.md is empty for security releases when all issues/MRs are confidential for security reasons.
Example: 14.6.2 is a security release with an empty changelog.
- https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/
- https://gitlab.com/gitlab-org/gitlab/blob/master/CHANGELOG.md#1462-2022-01-10
When users upgrade their GitLab installation, one of the workflows is to navigate into the URL to the Changelog.md and verify changes.
Wider community question on the forum: https://forum.gitlab.com/t/14-6-2-ce-0-upgrade-available-but-changelog-shows-no-changes/64247
Proposal
- Document the problem for release managers that the Changelog may be empty for security releases
- Implement a post-release step: Update the Changelog.md with a URL to the release blog post
- Boring solution: Edit the release milestone and add
Release blog post: https://....into the description - Release post bot parses the milestone description and updates the Changelog again after release
- This idea could be rolled out for all releases later; for providing additional context
- Boring solution: Edit the release milestone and add