## Summary This issue is to roll out [the feature](https://gitlab.com/gitlab-org/gitlab/-/issues/526865) on production, that is currently behind the `resolve_vulnerability_send_finding_description` feature flag. ## Owners - Most appropriate Slack channel to reach out to: `#g_srm_security_insights` - Best individual to reach out to: @wandering_person ## Expectations ### What are we expecting to happen? 1. With the FF enabled in staging, we expect to see better quality scores in our QA run for duo vulnerability resolution 2. With the FF enabled in production, we expect to see no increase in LLM-related errors ### What can go wrong and how would we detect it? - sending the description in the LLM request could result in token exhaustion errors <!-- Which dashboards from https://dashboards.gitlab.net are most relevant? --> ## Rollout Steps Note: Please make sure to run the chatops commands in the Slack channel that gets impacted by the command. ### Rollout on non-production environments - [x] Verify the MR with the feature flag is merged to `master` and has been deployed to non-production environments with ```sh /chatops run auto_deploy status e6bd1e07f3d8ce9f91766c330e2e746697176a38 ``` - [x] Enable the feature globally on non-production environments with ```sh /chatops run feature set resolve_vulnerability_send_finding_description true --dev --pre --staging --staging-ref ``` - [x] Verify that the feature works as expected. The best environment to validate the feature in is [`staging-canary`](https://about.gitlab.com/handbook/engineering/infrastructure/environments/#staging-canary) as this is the first environment deployed to. Make sure you are [configured to use canary](https://next.gitlab.com/). If you encounter end-to-end test failures and are unable to diagnose them, you may reach out to the [`#s_developer_experience` Slack channel](https://gitlab.enterprise.slack.com/archives/C07TWBRER7H) for assistance. Note that end-to-end test failures on `staging-ref` [don't block deployments](https://about.gitlab.com/handbook/engineering/infrastructure/environments/staging-ref/#how-to-use-staging-ref). ### Specific rollout on production For visibility, all `/chatops` commands that target production must be executed in the [`#production` Slack channel](https://gitlab.slack.com/archives/C101F3796) and cross-posted (with the command results) to the responsible team's Slack channel. - Ensure that the feature MRs have been deployed to both production and canary with ```sh /chatops run auto_deploy status e6bd1e07f3d8ce9f91766c330e2e746697176a38 ``` - [x] Depending on the [type of actor](https://docs.gitlab.com/ee/development/feature_flags/#feature-actors) you are using, pick one of these options: - [x] For **all internal users**: `/chatops run feature set --feature-group=gitlab_team_members resolve_vulnerability_send_finding_description true` - [x] Verify that the feature works for the specific actors. ### Preparation before global rollout - [x] Set a milestone to this rollout issue to signal for enabling and removing the feature flag when it is stable. - [x] Check if the feature flag change needs to be accompanied with a [change management issue](https://about.gitlab.com/handbook/engineering/infrastructure/change-management/#feature-flags-and-the-change-management-process). Cross link the issue here if it does. - [x] Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production. If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the `@sre-oncall` Slack alias. - [x] Ensure that documentation exists for the feature, and the [version history text](https://docs.gitlab.com/development/documentation/feature_flags/#add-history-text) has been updated. - [x] Ensure that any breaking changes have been announced following the [release post process](https://about.gitlab.com/handbook/marketing/blog/release-posts/#deprecations-removals-and-breaking-changes) to ensure GitLab customers are aware. - [x] Notify the [`#support_gitlab-com` Slack channel](https://gitlab.slack.com/archives/C4XFU81LG) and your team channel ([more guidance when this is necessary in the dev docs](https://docs.gitlab.com/development/feature_flags/controls/#communicate-the-change)). ### Global rollout on production For visibility, all `/chatops` commands that target production must be executed in the [`#production` Slack channel](https://gitlab.slack.com/archives/C101F3796) and cross-posted (with the command results) to the responsible team's Slack channel. - [x] [Incrementally roll out](https://docs.gitlab.com/development/feature_flags/controls/#process) the feature on production. - Example: `/chatops run feature set resolve_vulnerability_send_finding_description <rollout-percentage> --actors`. - Between every step wait for at least 15 minutes and monitor the appropriate graphs on https://dashboards.gitlab.net. - [x] After the feature has been 100% enabled, wait for [at least one day before releasing the feature](#release-the-feature). ### Release the feature After the feature has been [deemed stable](https://about.gitlab.com/handbook/product-development-flow/feature-flag-lifecycle/#including-a-feature-behind-feature-flag-in-the-final-release), the [clean up](https://docs.gitlab.com/development/feature_flags/controls/#cleaning-up) should be done as soon as possible to permanently enable the feature and reduce complexity in the codebase. You can either [create a follow-up issue for Feature Flag Cleanup](https://gitlab.com/gitlab-org/gitlab/-/issues/new?issuable_template=Feature%20Flag%20Cleanup) or use the checklist below in this same issue. <!-- The checklist here is to help stakeholders keep track of the feature flag status --> - [x] Create a merge request to remove the `_` feature flag. Ask for review/approval/merge as usual. The MR should include the following changes: - Remove all references to the feature flag from the codebase. - Remove the YAML definitions for the feature from the repository. - [x] Ensure that the cleanup MR has been included in the release package. If the merge request was deployed before [the monthly release was tagged](https://about.gitlab.com/handbook/engineering/releases/#self-managed-releases-1), the feature can be officially announced in a release blog post: `/chatops run release check https://gitlab.com/gitlab-org/gitlab/-/merge_requests/189263 18.0` - [x] Close [the feature issue](https://gitlab.com/gitlab-org/gitlab/-/issues/526865) to indicate the feature will be released in the current milestone. - [x] Once the cleanup MR has been deployed to production, clean up the feature flag from all environments by running these chatops command in `#production` channel: ```sh /chatops run feature delete resolve_vulnerability_send_finding_description --dev --pre --staging --staging-ref --production ``` - [x] Close this rollout issue. ## Rollback Steps ``` n/a ``` <!-- Uncomment the appropriate type label /label ~"type::feature" ~"feature::addition" /label ~"type::maintenance" /label ~"type::bug" -->