[FF] `merge_train_enforcement` -- Enforce merge trains (block direct UI/API merges)

Summary

Roll out the feature currently behind the merge_train_enforcement feature flag.

• DRI: @daniel-prause
• Team Slack channel: #<slack-channel-of-dri-team>

Important

This flag is currently type wip and must not be enabled until the backend enforcement and UI changes have all shipped. Until then the project setting is settable but has no effect. Transition the flag to beta/gitlab_com_derisk only once the feature is complete, then begin the rollout below.

Note

Process and guidance live in the docs — this issue is just the commands and a place to track the rollout. "Rolling out" means incrementally enabling the flag on GitLab.com to validate stability — it is not the same as releasing the feature, which happens when the flag is removed. Feature flag controls · Feature flag lifecycle

What could go wrong?

• Blast radius: only projects that (a) have merge trains available and (b) explicitly select Enforce for all users / Enforce with Owner override. Default is allow_bypass (no behaviour change), so projects are unaffected unless an admin opts in.
• Main risk: a misconfigured enforcement blocks legitimate direct merges (UI Merge immediately hidden, REST /merge returns 405). Mitigated by the owner-override option and by being opt-in.
• Watch: merge-request merge success/error rates and 405 responses on the /merge endpoint on https://dashboards.gitlab.net.

Rollout

Run all production /chatops in #production and cross-post the results to #<slack-channel-of-dri-team>. Background: incremental rollout process, feature actors.

Non-production

/chatops gitlab run feature set merge_train_enforcement 50 --actors --dev --pre --staging --staging-ref
/chatops gitlab run feature set merge_train_enforcement true --dev --pre --staging --staging-ref

Production — percentage rollout (wait ≥15 min between steps, watch dashboards):

/chatops gitlab run feature set merge_train_enforcement <percentage> --actors

Or target specific actors instead:

/chatops gitlab run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss merge_train_enforcement true
/chatops gitlab run feature set --group=gitlab-org,gitlab-com merge_train_enforcement true
/chatops gitlab run feature set --user=daniel-prause merge_train_enforcement true

Before global rollout

Confirm the relevant gotchas before going to 100% — see enabling a feature for GitLab.com:

• Docs + version history updated
• Breaking changes announced, if any
• Change management issue opened, if required
• External API consumers handled with a fail-open mechanism, if applicable

Cleanup

Remove the flag once deemed stable — see cleaning up. Track it here, or open a follow-up Feature Flag Cleanup issue. Remove the flag and its YAML definition from the codebase, then:

/chatops gitlab run release check <merge-request-url> <milestone>
/chatops gitlab run feature delete merge_train_enforcement --dev --pre --staging --staging-ref --production

Rollback

/chatops gitlab run feature set merge_train_enforcement false                                         # production
/chatops gitlab run feature set merge_train_enforcement false --dev --pre --staging --staging-ref     # non-production
/chatops gitlab run feature delete merge_train_enforcement --dev --pre --staging --staging-ref --production  # remove entirely