Automate assigning issues for refinement in Secret Detection group
Overview
We had recently experimented with a new refinement process when refining the issues of the Pre-receive SD beta/.com epic.
This updated process had drawn a lot of inspiration from other sections/stages but also aligned with the current Secure Engineering Refinement process. Following internal discussions and feedback of said process, we decided to formalize the process in the handbook.
An OKR was tracking this effort. The remaining metric is automating the process such that each engineer is assigned a number of issues randomly each milestone to refine.
Proposal
We decided to use triage-ops to automate the process. The tool provides two strategies (i.e. scheduled
or reactive
) for running similar operations as per the documentation, but since our planning issues (see example from %17.0) are often created after a milestone is kicked off, we think the We're exploring the idea of doing this with a reactive
approach would likely make more sense. See below for details.scheduled
approach, see this comment.
Process
- Planning issue is created, and a number of issues are selected for the next milestone (marked with labels below).
When the planning issue is finalized*, a reactive policy is triggered.- A scheduled policy is triggered monthly before the upcoming milestone begins.
- The scheduled operation will do the following:
- Picks up an issue with the following criteria:
- State:
- Open
-
Milestone:The milestone that had already started*.
- Labels:
- groupsecret detection.
- workflowplanning breakdown.
-
.secret-detection-awaiting-refinement
(label will only be used for issues included in a planning issue)
- Weight:
- No weight.
- State:
- Assign and leave a comment:
- Determine engineer to assign to:
- Member of secret detection group.
Not the most recently assigned engineer.-
Does not have more than two issues assigned to them with.secret-detection-awaiting-refinement
label -
If an issue doesn't get assigned due to the condition above not being met (more issues than engineers):Ping PM or EM to manually assign/comment in the issue?
- Comment (see below).
- Determine engineer to assign to:
- Picks up an issue with the following criteria:
Comment
Hi #{secret_detection_engineer}
As a preparation for the upcoming milestone #{milestone.succ}, you have been assigned this issue to refine.
The goal of the process is to:
- Clarify any outstanding questions or concerns.
- Add a proposal or an implementation plan.
- Determine if the issue is the smallest iteration possible, and break it down if not.
- Determine if the issue requires support from other teams.
- Assign a weight to the issue.
- Ensure the issue is labeled correctly.
- Ensure issue is marked as ready to be worked on.
Please check the [steps to follow](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/secret-detection/#steps) and the [checklist](https://handbook.gitlab.com/handbook/engineering/development/sec/secure/secret-detection/#checklist) to use for keeping refinement progress transparent.
If you have any questions, don't hesitate to ask in `#g_secure_secret-detection` channel.
[Bot policy](https://gitlab.com/gitlab-org/quality/triage-ops/-/blob/master/policies/groups/gitlab-org/secret-detection/assign-refinement.yml).
/assign #{secret_detection_engineer}
Footnotes
-
finalized: Need to define what that means, could be all issues are labeled with.secret-detection-awaiting-refinement
label started: We could also useupcoming
milestone if the planning issue is ready before a milestone starts. (please clarify)
Implementation Plan
-
Create a reactive operationscheduled operation as described in the process, seeexampleexample. -
Update handbook to document the process above.