Move Omnibus security release from dev.gitlab.org to GitLab Security
When we migrated the security development to private groups on &121 (closed), we only moved the GitLab repo itself but not the GitLab components. Omnibus security release is highly tied to the GitLab Security release, so to continue automating our security release processes, we need to move the Omnibus security release process from dev.gitlab.org
to the private fork on GitLab security.
This issue is to track what it's required to do this transition. Let's tentatively aim for the security release of 12.9.
Plan.
✅ Modify files on omnibus-gitlab
1. -
.gitlab/merge_request_templates/Security Release.md
- gitlab-org/omnibus-gitlab!3993 (merged) -
.gitlab/issue_templates/Security developer workflow.md
- gitlab-org/omnibus-gitlab!3993 (merged) -
scripts/security-harness
- After this migration,dev.gitlab.org
will no longer be used to prepare security MR's - gitlab-org/omnibus-gitlab!3998 (merged)- This was reverted as we're only mirroring protected branches from
Security
toDev
gitlab-org/omnibus-gitlab!4011 (merged)
- This was reverted as we're only mirroring protected branches from
✅ Modify release-tools
scripts
2. -
templates/security_patch.rb
- gitlab-org/release-tools!910 (merged) -
lib/release_tools/securit/merge_requests_validator.rb
- gitlab-org/release-tools!907 (merged)
✅ Modify files on gitlab
3. -
scripts/security-harness
- After this migration,dev.gitlab.org
will no longer be used to prepare security MR's - gitlab-org/gitlab!27121 (diffs) -
gitlab/issue_templates/Security%20Release.md
- gitlab-org/gitlab!27349 (merged)
✅ Ensure omnibus-gitlab
on Security is ready
4. -
Enable issues on security/omnibus-gitlab
- http://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues (Unsure why they are not enabled at the moment) -
Ensure master
,*-stable
andauto-deploy
branches are protected -
Ensure only release managers can merge and push to the protected branches. -
Ensure it's using similar issue and security templates to the ones on the GitLab project - gitlab-org/omnibus-gitlab!4012 (merged) -
Enable tracking of security releases - gitlab-org/release-tools!891 (diffs)
✅ Test Omnibus GitLab on Security
5. -
Create security MR's and validate them. - Security issue was included and the merge requests were validated and merged https://gitlab.com/gitlab-org/security/omnibus-gitlab/-/issues/1
✅ Communicate to engineers using multi-modal communication
6. -
Prepare an announcement - #743 (closed) -
Post the announcement on Slack: #g_distribution, #releases, #development, #backend, #security, #app-sec -
Post the announcement on Engineering Week-In-Review
Edited by Mayra Cabrera