Pin service dependencies

Overview

In gitlab-org/quality/engineering-productivity/master-broken-incidents#10277 (comment 2328342823), we encountered a master:broken because a Node.js update in gitlab-org/cells/http-router!465 (merged) triggered a dormant bug in the GDK code.

To prevent these problems in the future, we could pin the version of service dependencies like the HTTP Router. That would force us to run GDK pipelines before updating the router version.

This process could even be automated like the Gitaly/KAS updates in gitlab-org/gitlab> if we are confident that pipelines can catch most problems, perhaps with more integration tests for services as well.

Business impact

Right now, any update to e.g. the GitLab HTTP Router that is merged could cause GDK to break for users and in CI.

This can cause notable disruptions, primarily in the engineering workflow, as demonstrated in gitlab-org/quality/engineering-productivity/master-broken-incidents#10277 (closed), where 70 MR pipelines failed unnecessarily due to this incident.

Impacted categories

The following categories relate to this issue:

• gdk-reliability - e.g. When a GDK action fails to complete.
• gdk-usability - e.g. Improvements or suggestions around how the GDK functions.
• gdk-performance - e.g. When a GDK action is slow or times out.