Release Version v4.14.0-gitlab

What's New in this Version

4.14.0 (2024-11-27)

✨ Features ✨

• add option to configure TLS ciphers (38a3e89)
• bbm: add timing columns for bbm start and finish (6ed457d)
• change DB LB replica list update log entry fields (ff6af11)
• implement tag protection feature (e596e75)

🐛 Bug Fixes 🐛

• bbm: do not terminate run on transient failures (0fa69cf)
• bbm: record retrieval for ranges below batch size (ac86e54)
• consolidate log key for DB replica address (5edfe6c)
• gc/worker: ignore conn closed error (e2b1390)
• implement proper shutdown of container-registry healthchecks (1522302)
• make http check send a custom user agent (0ac5855)
• minor security issues/bugs pointed out by gosec linter (2636f56)

⚙️ Build ⚙️

• deps: update module cloud.google.com/go/storage to v1.47.0 (782eb9d)
• deps: update module github.com/schollz/progressbar/v3 to v3.17.1 (7a5ae49)
• deps: update module github.com/stretchr/testify to v1.10.0 (aa1ca72)
• deps: update module github.com/xanzy/go-gitlab to v0.113.0 (6e88fbe)
• deps: update module github.com/xanzy/go-gitlab to v0.114.0 (cc8343c)
• deps: update module golang.org/x/crypto to v0.29.0 (334149a)
• deps: update module golang.org/x/oauth2 to v0.24.0 (b3c6a75)
• deps: update module golang.org/x/time to v0.8.0 (4909774)
• deps: update module google.golang.org/api to v0.205.0 (a99cae0)
• deps: update module google.golang.org/api to v0.206.0 (3c02bc0)
• deps: update module google.golang.org/api to v0.207.0 (8873aa0)
• deps: update module google.golang.org/api to v0.209.0 (dd0af23)

Tasks

All tasks must be completed (in order) for the release to be considered workflowproduction.

1. Prepare

1. Set the milestone of this issue to the target GitLab release.
2. Set the due date of this issue to 10 days before the date of the target GitLab release

Documentation/resources

The due date is set to 10 days before the targeted GitLab release date to create a buffer of 5 days before the merge deadline. See Product Development Timeline for more information about the GitLab release timings.

2. Release

1. Run the make release-dry-run command.
2. Review each MR in the new release and check if the cannot-rollback or the high-risk-change label has been applied. If any MR contains the label:
   1. Ensure that no code changes that rely on the cannot-rollback MRg are included in this release. These should be separated into two consecutive releases.
3. Run the make release command. A new tag should have been created and pushed.

Documentation/resources

The release documentation can be found here.

3. Update

1. The version bump for CNG is automatically created by the renovate bot, which is triggered every 15-30 minutes.
   1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue.
      2. Either request a review from @gitlab-org/maintainers/container-registry to speed up the process, or just let the bot pick a Distribution reviewer. If reviewing the MR, make sure:
         • The MR is targeting the master branch.
         • The MR has a green pipeline on GitLab.com.
2. The version bump for GDK is automatically done using the internal release-cli.
   • Assign to the reviewer suggested by reviewer roulette
3. The version bump for Omnibus is automatically created by the renovate bot, which is triggered every 15-30 minutes.
   1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue;
      2. Let the bot pick a Distribution reviewer.
4. The version bump for Charts is automatically created by the renovate bot, which is triggered every 15-30 minutes.
   1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue;
      2. Let the bot pick a Distribution reviewer.
5. Version bumps in K8s Workloads need to be done manually for now as CI is broken. The MR title should be "Bump Container Registry to [version] ([environment(s)])".
   1. Wait for the CNG version bump to be merged.
   2. Check MRs included in the release for the labels high-risk-change, cannot-rollback.
      • If they exist, add the same label to each deployment stage.
      • Follow the potentially risky deployments instructions.
   3. Each environment needs to be deployed and confirmed working in the order listed below, before merging the next MR. To see the version deployed in each environment, look at the versions chart in Grafana
      1. Version bump for Pre-Production and Staging.
      2. Version bump for Production Canary.
      3. Version bump for Production Main Stage.

Potentially risky deployments

Instructions

1. Add the following instructions to each deployment MR.

   • Version bump for Pre-Production and Staging.
     • Check the #qa-staging Slack channel for staging end-to-end tests passed!. Make sure the corresponding pipeline started after the registry deployment completed. Otherwise, wait for the next one.
     • Check logs for errors.
     • Check metrics dashboard.
   • Version bump for Production Canary.
     • Check the #qa-production Slack channel for canary end-to-end tests passed!.
     • Check logs for errors (json.stage: cny).
     • Check metrics dashboard.
   • Version bump for Production Main Stage.
     • Check the #qa-production Slack channel for production end-to-end tests passed!. Make sure the corresponding pipeline started after the registry deployment completed. Otherwise, wait for the next one.
     • Check logs for errors.
     • Check metrics dashboard.

2. Let the assignee SRE know about these changes.

4. Complete

1. Assign label workflowverification once all changes have been merged.
2. Assign label workflowproduction once all changes have been deployed.
3. Close this issue.