[Feature flag] Rollout of `non_public_artifacts`
:non_public_artifacts feature flag introduced by !49775 (merged)
- Most appropriate slack channel to reach out to:
- Best individual to reach out to:
What are we expecting to happen?
.gitlab-ci.yml and setting it to
public: false should deny access to download artifacts (only
archive.zip) to guests and anonymous users of public projects even if pipelines are public. This allows users to specify artifacts that are needed for the pipeline but are not fit for public consumption (for instance, intermediary build artifacts or artifacts containing sensitive information).
What might happen if this goes wrong?
We don't expect this to impact existing behavior, it is opt-in using
.gitlab-ci.yml, but does change some database queries by adding joins, related to listing pipelines and jobs:
What can we monitor to detect problems with this?
- PostgreSQL Overview
- Errors in Sentry
This is an instance wide feature flag out of necessity since it is protecting the existing behavior of two
has_many scopes that are modified to enable this feature.
Roll Out Steps
Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant stable counterpart in the Quality department)
Enable on staging (
/chatops run feature set non_public_artifacts true --staging)
Test on staging
Ensure that documentation has been updated
- [-] Enable on GitLab.com for individual groups/projects listed above and verify behaviour (
/chatops run feature set --project=gitlab-org/gitlab feature_name true)
Coordinate a time to enable the flag with the SRE oncall and release managers
@release-managers. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
Announce on the issue an estimated time this will be enabled on GitLab.com
Enable on GitLab.com by running chatops command in
/chatops run feature set non_public_artifacts true)
Cross post chatops Slack command to
#support_gitlab-com(more guidance when this is necessary in the dev docs) and in your team channel
Announce on the issue that the flag has been enabled
Remove feature flag and add changelog entry
After the flag removal is deployed, clean up the feature flag by running chatops command in
This feature can be disabled by running the following Chatops command:
/chatops run feature set non_public_artifacts false