Automatically create repository releases for Security analyzers
Problem to solve
Currently a release needs to be created manually each time we release a new version of a security analyzer project. As documented in versioning and release process, the tag needs to be created with a message and a description taken from the CHANGELOG. This manual action could and should be avoided, to reduce maintenance cost and the risk of introducing errors.
As long as this task is manual, developers might accidentally fill the tag Message with the Release notes. It results in a long release message where the Markdown markup is rendered. Also, this is difficult to undo, because the GitLab UI doesn't provide any way to update the Message.
Further details
See versioning and release process
Proposal
In the pipeline for the master branch, add a manual job that extracts the last changelog entry from CHANGELOG.md and creates a release using the Releases API. The tag name, ref, message and description follow the convention defined in the versioning and release process documentation.
By creating a Release, the git tag should be automatically generated.
Permissions and Security
N/A
Documentation
Update https://gitlab.com/gitlab-org/security-products/analyzers/common/#versioning-and-release-process
Availability & Testing
N/A
What does success look like, and how can we measure that?
It takes less time to release a new version of a Dependency Scanning, Container Scanning, or SAST analyzer.
What is the type of buyer?
For internal use.
Is this a cross-stage feature?
Yes. Relevant to both groupcomposition analysis and groupstatic analysis teams.
Links / references
/cc @twoodham @gonzoyumo @ssarka @theoretick @dsearles @adamcohen @ifrenkel