[Feature flag] Rollout of `project_approval_rule_all_protected_branches`
Summary
This issue is to rollout the feature on production,
that is currently behind the project_approval_rule_all_protected_branches
feature flag.
Owners
- Team: groupcompliance
- Most appropriate slack channel to reach out to:
#g_manage_compliance
- Best individual to reach out to: @mwoolf or @rob.hunt
- PM: @stkerr
Stakeholders
Expectations
What are we expecting to happen?
- It should be possible to set "All protected branches" as the target for a project approval rule.
When is the feature viable?
As soon as the feature flag rolls out
What might happen if this goes wrong?
This is a new feature. If the new option goes wrong then users will not be able to save new approval rules or changes to existing approval rules.
In the event that happens, while the feature flag exists, turn it off. With the feature flag removed, rollback.
What can we monitor to detect problems with this?
Consider mentioning checks for 5xx errors or other anomalies like an increase in redirects (302 HTTP response status)
What can we check for monitoring production after rollouts?
Consider adding links to check for Sentry errors, Production logs for 5xx, 302s, etc.
Rollout Steps
Rollout on non-production environments
- Ensure that the feature MRs have been deployed to non-production environments.
-
/chatops run auto_deploy status <merge-commit-of-your-feature>
-
-
Enable the feature globally on non-production environments. -
/chatops run feature set project_approval_rule_all_protected_branches true --dev
-
/chatops run feature set project_approval_rule_all_protected_branches true --staging
-
-
Verify that the feature works as expected. Posting the QA result in this issue is preferable. The best environment to validate the feature in is staging-canary as this is the first environment deployed to. Note you will need to make sure you are configured to use canary as outlined here when accessing the staging environment in order to make sure you are testing appropriately.
Specific rollout on production
- Ensure that the feature MRs have been deployed to both production and canary.
-
/chatops run auto_deploy status <merge-commit-of-your-feature>
-
- If you're using group-actor, you must enable the feature on these entries:
-
/chatops run feature set --group=gitlab-org,gitlab-com project_approval_rule_all_protected_branches true
-
-
Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable.
Preparation before global rollout
-
Check if the feature flag change needs to be accompanied with a change management issue. Cross link the issue here if it does. -
Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production. If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the @sre-oncall
Slack alias. -
Ensure that documentation has been updated (More info). -
Announce on the feature issue an estimated time this will be enabled on GitLab.com. -
Ensure that any breaking changes have been announced following the release post process to ensure GitLab customers are aware. -
Notify #support_gitlab-com
and your team channel (more guidance when this is necessary in the dev docs).
Global rollout on production
For visibility, all /chatops
commands that target production should be executed in the #production
slack channel and cross-posted (with the command results) to the responsible team's slack channel (#g_TEAM_NAME
).
-
Incrementally roll out the feature. - If the feature flag in code has an actor, perform actor-based rollout.
-
/chatops run feature set project_approval_rule_all_protected_branches <rollout-percentage> --actors
-
- Enable the feature globally on production environment.
-
/chatops run feature set project_approval_rule_all_protected_branches true
-
- If the feature flag in code has an actor, perform actor-based rollout.
-
Announce on the feature issue that the feature has been globally enabled. -
Wait for at least one day for the verification term.
Release the feature
After the feature has been deemed stable, the clean up should be done as soon as possible to permanently enable the feature and reduce complexity in the codebase.
You can either create a follow-up issue for Feature Flag Cleanup or use the checklist below in this same issue.
-
Create a merge request to remove project_approval_rule_all_protected_branches
feature flag. Ask for review and merge it.-
Remove all references to the feature flag from the codebase. -
Remove the YAML definitions for the feature from the repository. -
Create a changelog entry.
-
-
Ensure that the cleanup MR has been included in the release package. If the merge request was deployed before the monthly release was tagged, the feature can be officially announced in a release blog post. -
/chatops run release check <merge-request-url> <milestone>
-
-
Close the feature issue to indicate the feature will be released in the current milestone. -
If not already done, clean up the feature flag from all environments by running these chatops command in #production
channel:-
/chatops run feature delete project_approval_rule_all_protected_branches --dev
-
/chatops run feature delete project_approval_rule_all_protected_branches --staging
-
/chatops run feature delete project_approval_rule_all_protected_branches
-
-
Close this rollout issue.
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set project_approval_rule_all_protected_branches false