Cancel Secure CI/CD template MR pipeline support in 16.0
Note
This MR cancels one part of a potentially-breaking change previously announced in Breaking change notice: Secure CI/CD template u... (!111736 - merged).
For background on why, see the discussion in the deprecation issue: #388988 (comment 1382274965). Short version:
- Splitting different security testing types between MR and branch pipelines causes the MR security widget and security policy evaluation to malfunction. Fixes are in progress or scheduled for each but not already done.
- Some jobs depend on others; Container Scanning needs a container image to be built already, and DAST needs a web app to be deployed, for instance. Splitting across pipeline types breaks this in certain conditions, and breaks the default behavior in Auto DevOps.
This is not a new breaking change.
Be sure to link this MR to the relevant deprecation issue(s).
- Deprecation Issue: Breaking change notice: Secure CI/CD template u... (#391822 - closed)
- Implementation issues:
If there is no relevant deprecation issue, hit pause and:
- Review the process for deprecating and removing features.
- Connect with the Product Manager DRI.
Deprecation announcements can and should be created and merged into Docs at any time, to optimize user awareness and planning. We encourage confirmed deprecations to be merged as soon as the required reviews are complete, even if weeks ahead of the target milestone's release post. For the announcement to be included in a specific release post and that release's documentation packages, this MR must be reviewed/merged per the due dates below:
By the 10th: Assign this MR to these team members as Reviewer and for Approval (optional unless noted as required):
- Product Marketing: @BrianMason
- Product Designer(s): @mfangman
- Product Group Manager or Director: @hbenson - Required
- Engineering Manager: @amarpatel @gonzoyumo @twoodham - Required
- Technical writer: @rdickenson - Required
Custom at-mentions for this issue:
- Additional PM mentions for this stage-wide change: @derekferguson @sam.white @smeadzinger
- Implementer: @rossfuhrman
By 11:59 AM PDT 15th: EM/PM assigns this MR to the TW reviewer for final review and merge: @EM/PM
By 11:59 PM PDT 17th: TW Reviewer updates Docs by merging this MR to master
: @TW
Please review:
- The definitions of "Deprecation", "End of Support", and "Removal".
- The guidelines for deprecations.
- The process for creating a deprecation entry.
They are frequently updated, and everyone should make sure they are aware of the current standards (PM, PMM, EM, and TW).
EM/PM release post item checklist
-
Set yourself as the Assignee, meaning you are the DRI. -
If the deprecation is a breaking change, add label breaking change
.- Note that this is cancelling a potentially-breaking change. I've labeled it for visibility in any automation that keys off of the label.
-
Confirm this MR is labeled release post itemdeprecation -
Follow the process to create a deprecation YAML file. -
Add reviewers by the 10th. -
Add scoped devops::
andgroup::
labels as necessary. -
Add the appropriate milestone to this MR. -
When ready to be merged (and no later than the 15th) @mention
the TW for final review and merge.
Reviewers
When the content is ready for review, it must be reviewed by a Technical Writer and Engineering Manager, but can also be reviewed by
Product Marketing, Product Design, and the Product Leaders for this area. Please use the
reviewers
feature for all reviews. Reviewers will then approve
the MR and remove themselves from Reviewers when their review is complete.
-
(Recommended) PMM -
(Optional) Product Designer -
(Optional) Group Manager or Director -
Required review and approval: Technical Writer designated to the corresponding DevOps stage/group.
Tech writer review
After being added as a Reviewer to this merge request, the TW performs their review according to the criteria described below.
Review deprecation MRs with a similar process as regular docs MRs. Add suggestions as needed, @ message the PM to inform them the first review is complete, and remove yourself as a reviewer if it's not ready for merge yet.
Expand for Details
-
Title: - Length limit: 7 words (not including articles or prepositions).
- Capitalization: ensure the title is sentence cased.
-
Dates: - Make sure that the milestone dates are based on the dates in Product milestone creation.
-
Consistency: - Ensure that all resources (docs, deprecation, etc.) refer to the feature with the same term / feature name.
-
Content: - Make sure the deprecation is accurate based on your understanding. Look for typos or grammar mistakes. Work with PM and PMM to ensure a consistent GitLab style and tone for messaging, based on other features and deprecations.
- Review use of whitespace and bullet lists. Will the deprecation item be easily scannable when published? Consider adding line breaks or breaking content into bullets if you have more than a few sentences.
- Make sure there aren't acronyms readers may not understand per https://about.gitlab.com/handbook/communication/#writing-style-guidelines.
-
Links: - All links must be full URLs, as the deprecation YAML files are used in two different projects. Do not use relative links. The generated doc is an exception to the relative link rule and currently uses absolute links only.
- Make sure all links and anchors are correct. Do not link to the H1 (top) anchor on a docs page.
-
Code. Make sure any included code is wrapped in code blocks. -
Capitalization. Make sure to capitalize feature names. Stay consistent with the Documentation Style Guidance on Capitalization. -
Blank spaces. Remove unnecessary spaces (end of line spaces, double spaces, extra blank lines, and lines with only spaces).
When the PM indicates it is ready for merge and all issues have been addressed, start the merge process.
Technical writer merge process
The deprecations doc's .md
file
must be updated before this MR is merged:
- Check out the MR's branch (in the
gitlab-org/gitlab
project). - From the command line (in the branch), run
bin/rake gitlab:docs:compile_deprecations
. If you want to double check that it worked, you can runbin/rake gitlab:docs:check_deprecations
to verify that the doc is up to date. - Commit the updated file and push the changes.
- Set the MR to merge when the pipeline succeeds (or merge if the pipeline is already complete).
If you have trouble running the Rake task, check the troubleshooting steps.
Merge request reports
Activity
changed milestone to %16.0
added Category:SAST devopssecure groupstatic analysis sectionsec labels
added documentation maintenancerefactor typemaintenance labels
1 Message 📖 This merge request adds or changes documentation files. A review from the Technical Writing team before you merge is recommended. Reviews can happen after you merge. Documentation review
The following files require a review from a technical writer:
-
doc/update/deprecations.md
(Link to current live version)
The review does not need to block merging this merge request. See the:
-
Metadata for the
*.md
files that you've changed. The first few lines of each*.md
file identify the stage and group most closely associated with your docs change. - The Technical Writer assigned for that stage and group.
- Documentation workflows for information on when to assign a merge request for review.
If needed, you can retry the
🔁 danger-review
job that generated this comment.Generated by
🚫 Danger-
assigned to @connorgilbert
changed milestone to %15.9
- Resolved by Russell Dickenson
@connorgilbert thanks for adding the breaking change label!
This merge request introduces breaking changes. Learn more about breaking changes.
It's important to identify how the breaking change was introduced. To estimate the impact, try to assess the following:
- Are there existing users depending on this feature?
- Are self-managed customers affected?
- To verify and quantify usage, use Grafana or Kibana.
- If you're not sure about how to query the data, contact the infrastructure team on their Slack channel, #infrastructure-lounge
- Was sufficient time given to communicate the change?
- Changes in the permissions, the API schema, and the API response might affect existing 3rd party integrations.
- Reach out to the Support team or Technical Account Managers and ask about the possible impact of this change.
This message was generated automatically. You're welcome to improve it.
- Are there existing users depending on this feature?
removed releasedpublished label
removed workflowpost-deploy-db-production label
removed pipeline:mr-approved label
added 307 commits
-
04a64761...b3511546 - 306 commits from branch
master
- fdee3e97 - Cancel Secure CI/CD template MR pipeline support in 16.0
-
04a64761...b3511546 - 306 commits from branch
requested review from @rdickenson, @rossfuhrman, @amarpatel, @gonzoyumo, @twoodham, @derekferguson, and @smeadzinger
mentioned in issue #388988 (closed)
changed milestone to %16.0
I've requested reviews from a number of people on this MR, but most are nonblocking/for visibility. The decision itself has been finalized in a number of places and recorded here: #388988 (comment 1382274965). I don't have reservations about the technical correctness of the diff.
@rdickenson I would be comfortable with you merging it without additional approvals if it passes your review.
I've marked @hbenson as having reviewed this decision, though she hasn't reviewed this MR specifically; we discussed in Sec PM team meeting on 2023-05-04.
👋 @derekferguson
, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline will be started shortly.
For more info, please refer to the following links:
added pipeline:mr-approved label
mentioned in commit 813e659c
@connorgilbert I've reviewed, approved, and merged this MR.
👍 added workflowstaging-canary label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
mentioned in merge request gitlab-org/cloud-native/charts/gitlab-zoekt!13 (merged)
added releasedcandidate label