Rollout ci_restrict_cookie_auth_linting feature flag

Summary

This issue is to roll out the feature on production, that is currently behind the ci_restrict_cookie_auth_linting feature flag.

Owners

  • Most appropriate Slack channel to reach out to: #g_pipeline-authoring
  • Best individual to reach out to: @avielle

Expectations

What are we expecting to happen?

The CI cookie authentication linting restriction will be enabled. Pipeline Editor should continue working normally as it was already converted to use the GraphQL mutation.

What can go wrong and how would we detect it?

  • Any remaining usage of the deprecated CI lint query with cookie auth may fail
  • Monitor for increased error rates on CI-related functionality
  • Watch for support tickets related to CI lint functionality

Rollout Steps

Rollout on non-production environments

  • Enable the feature globally on non-production environments with /chatops run feature set ci_restrict_cookie_auth_linting true --dev --pre --staging --staging-ref
  • Verify functionality works as expected in staging-canary

Specific rollout on production

For visibility, all /chatops commands that target production must be executed in the #production Slack channel and cross-posted to #g_pipeline-authoring.

  • Enable for GitLab repos: /chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com ci_restrict_cookie_auth_linting true
  • Verify functionality works for the specific projects

Global rollout on production

  • 25% rollout: /chatops run feature set ci_restrict_cookie_auth_linting 25 --actors
  • Wait 15+ minutes and monitor dashboards, then 50%: /chatops run feature set ci_restrict_cookie_auth_linting 50 --actors
  • Wait 15+ minutes and monitor dashboards, then 75%: /chatops run feature set ci_restrict_cookie_auth_linting 75 --actors
  • Wait 15+ minutes and monitor dashboards, then 100%: /chatops run feature set ci_restrict_cookie_auth_linting 100 --actors
  • After 100% enabled, wait at least one day before cleanup

Release the feature

  • Create a merge request to remove the ci_restrict_cookie_auth_linting feature flag
  • Once cleanup MR is deployed, run: /chatops run feature delete ci_restrict_cookie_auth_linting --dev --pre --staging --staging-ref --production
  • Close this rollout issue

Rollback Steps

  • Disable the feature flag on production: /chatops run feature set ci_restrict_cookie_auth_linting false
  • Disable on non-production: /chatops run feature set ci_restrict_cookie_auth_linting false --dev --pre --staging --staging-ref
Edited by Avielle Wolfe