Dogfood Pre-receive SD on Key GitLab projects
Overview
In Phase 3, we will aim to enable the feature for some key GitLab projects.
The goals of this dogfooding are to:
- Increase our confidence in the general performance of the feature as it relates to the entire GitLab system
- Increase our confidence in the general behavior of the feature, i.e. does it work as expected
- Get any general feedback, as well as feedback about the Beta features as they are available
The rough plan for Phase 3 dogfooding:
- Work through the list of identified projects, monitoring as we go
- We may also add additional projects to dogfood
After each step in the plan, we will monitor the performance, primarily through Pre-receive Secret Detection – Overview. The Gitaly Latency dashboard for PreReceiveHook can also be used as a suppliment.
Feature Flag status for select projects
Project (linked to Security Config) | FF Status | Setting Status | Namespace path (for enabling/disabling) |
---|---|---|---|
gitlab-org/gitlab | enabled | enabled | gitlab-org/gitlab |
gitlab-org/gitaly | enabled | enabled | gitlab-org/gitaly |
gitlab-org/gitlab-runner | enabled | disabled | gitlab-org/gitlab-runner |
Statuses should be:
- NULL if it hasn't been enabled yet
- enabled
- disabled
To keep things organized, we'll initially try limiting to having @rossfuhrman enable
the feature flag for given projects. Ross will then coordinate with the appropriate channels to find someone (Owner/Maintainer) to then enable the pre-receive setting for the project through Security Configuration (linked in the table above).
Detailed enablement instructions:
/chatops run feature set --project=the-namespace/of-the-project pre_receive_secret_detection_push_check true
But, if there are problems, anyone should feel free to disable at their discretion. That would be done with a very similar command, like:
/chatops run feature set --project=the-namespace/of-the-project pre_receive_secret_detection_push_check false
Further instructions can be found in the pre-receive secret detection troubleshooting runbook.
Implementation Plan
-
dogfood gitlab-org/gitlab -
dogfood gitlab-org/gitaly -
dogfood gitlab-org/gitlab-runner
Exit Criteria
-
No show stoppers have been reported -
Performance of git pushes is not impacted significantly
Refinement Progress
If a checkbox is not relevant for the issue, please remove it.
-
This issue describes a problem to solve, or a task to complete, and it's confirmed. -
This issue describes a proposal or an implementation plan that outlines a way to solve the problem or complete the task. -
This issue is the smallest iteration possible and doesn't require further break down. -
This issue has weight set - based on how many tasks or merge requests are required - and needs weight label is removed. -
This issue is labeled correctly. -
This issue is reviewed by another team member to confirm strategy and estimate. -
Finally, add workflowready for development label to this issue.