Extend bin/secpick to create all required MRs at CE and EE dev.gitlab.org
Problem to solve
Currently when working in a security issue, a developer needs to create a MR to master
and once it's reviewed one should backport it to the latest 3 versions at CE and EE repositories. It's a total of 7 additional merge requests (counting the EE port to master
).
It's possible to use bin/secpick
to facilitate the creation of the 3 extra CE ones given a commit SHA, though the rest still needs to be done "manually".
Intended users
GitLab developers in general.
Proposal
Would be interesting to have a script to sequentially create all required MRs given a commit SHA and a release version. If version 11.6
is given, the script should be smart enough to know we need backport MRs for CE and EE 11.5
, 11.4
and 11.3
. Or, the script could be able to take multiple versions instead of one.
If any failure happens during the process (i.e. conflict), it should be fixed manually.
What does success look like, and how can we measure that?
It should increase developer productivity even with conflicting MRs.