Skip to content

[Feature flag] Enable `core_security_mr_widget_downloads` by default

What

This tracks the enablement of the :core_security_mr_widget_downloads feature flag, added in #249544 (closed).

Owners

  • Team: groupstatic analysis (frontend)
  • Most appropriate slack channel to reach out to: #s_secure-frontend
  • Best individual to reach out to: @markrian

Expectations

What are we expecting to happen?

A dropdown should appear on the security MR widget (see &4394), allowing users to download security report artifacts. Applies to non-Ultimate projects only.

What might happen if this goes wrong?

  • Users might see a Failed to get security report information, similar to #272983 (closed).

Beta groups/projects

If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.

  • markrian-test/secrets-detection-test project

Roll Out Steps

  • Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant stable counterpart in the Quality department)
  • Enable on staging (/chatops run feature set core_security_mr_widget_downloads true --staging)
  • Test on staging
  • Ensure that documentation has been updated
  • Enable on GitLab.com for individual groups/projects listed above and verify behaviour (/chatops run feature set --project=markrian-test/secrets-detection-test core_security_mr_widget_downloads true)
  • Coordinate a time to enable the flag with the SRE oncall and release managers
    • In #production mention @sre-oncall and @release-managers. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
  • Announce on the issue an estimated time this will be enabled on GitLab.com
  • Enable on GitLab.com by running chatops command in #production (/chatops run feature set core_security_mr_widget_downloads true)
  • [-] Cross post chatops Slack command to #support_gitlab-com (more guidance when this is necessary in the dev docs) and in your team channel - not doing this, since this should be low-impact
  • Announce on the issue that the flag has been enabled

Rollback Steps

  • This feature can be disabled by running the following Chatops command:
/chatops run feature set core_security_mr_widget_downloads false
Edited by Mark Florian