When a security release built an abandoned version, our publish task is unaware
Problem Statement
During the creation of a set of Security packages: https://gitlab.com/gitlab-org/release/tasks/-/issues/4764#note_1234679323
We abandoned the old versions and needed to publish a differing set of tags. This worked until we hit the publish stage, which was unaware that we had abandoned a set of tags. Thus when attempting to publish, it started the appropriate calls to publish packages that we did not deem safe to release. release-tools
currently determines which versions should be published by applying basic logic to grab the current versions released.
Reference:
- Source: https://gitlab.com/gitlab-org/release-tools/-/blob/3b4f2ad2b3c44e48e1022f8e654268684ec7a2b9/lib/tasks/security.rake#L47
- Offending publish rake task CI job: https://ops.gitlab.net/gitlab-org/release/tools/-/jobs/9009399
This created multiple issues:
- The need to resolve the issue - we did this by manually creating the abandoned versions and rerunning the publish task again
- Cancelling a wide array of pipelines/jobs that are triggered
- Reaching out to Distribution to remove the erroneous packages
Milestones
-
Investigate how we can account for releases that are abandoned to ensure that we do not accidentally publish incorrect versions -
Implement
Edited by John Skarbek