Skip to content

Add the check mirror step under the FF check

Mayra Cabrera requested to merge add-check-mirror-step-under-ff into master

What does this MR do and why?

Add the check mirror step under the FF check on the security template.

Related to gitlab-com/gl-infra/delivery#19302 (closed)

Tests

Only showing the "First steps" of a security release

With the FF enabled

Click to expand

Security patch release: 16.0.5, 15.11.9, 15.10.9

First steps

  • Set the Due date on this issue with the planned Security publish date

  • Run the security release pipeline by a running a pipeline in OPS with $SECURITY_RELEASE_PIPELINE set to prepare

  • Post a message on the #quality Slack channel to notify the Quality team that a security release is in progress:

Hello team, the security release has started (<link_to_this_issue>) and Omnibus nightly builds are now disabled. The GitLab ChatOps bot will post a notification to this channel when the security release is complete.

  • Post a comment on https://gitlab.com/gitlab-jh/gitlab-jh-enablement/-/issues/112 to notify JiHU of the upcoming security release.
  • Post a message on the #g_engineering_productivity channel to let them know that the secuirty release preperation has started. EP will use this information to quickly respond to pipeline failures to keep us unblocked
  • Post a message on the #g_runner Slack channel to notify the Runner team that a security release is in progress and that it will be published on the due date.
  • Verify if there are security fixes for projects under GitLab managed versioning model. If there are, adjust this issue following the instructions.

With the FF disabled (by default)

Click to expand

Security patch release: 16.0.5, 15.11.9, 15.10.9

First steps

  • Set the Due date on this issue with the planned Security publish date

  • Disable Omnibus nightly builds by setting the schedules to inactive: https://dev.gitlab.org/gitlab/omnibus-gitlab/-/pipeline_schedules. This prevents us accidentally revealing vulnerabilities before the release.

  • Ensure that Canonical, Security and Build repositories are synced:

# In Slack
/chatops run mirror status
  • Post a message on the #quality Slack channel to notify the Quality team that a security release is in progress:

Hello team, the security release has started (<link_to_this_issue>) and Omnibus nightly builds are now disabled. The GitLab ChatOps bot will post a notification to this channel when the security release is complete.

  • Post a comment on https://gitlab.com/gitlab-jh/gitlab-jh-enablement/-/issues/112 to notify JiHU of the upcoming security release.
  • Post a message on the #g_engineering_productivity channel to let them know that the secuirty release preperation has started. EP will use this information to quickly respond to pipeline failures to keep us unblocked
  • Post a message on the #g_runner Slack channel to notify the Runner team that a security release is in progress and that it will be published on the due date.
  • Verify if there are security fixes for projects under GitLab managed versioning model. If there are, adjust this issue following the instructions.

Author Check-list

  • [-] Has documentation been updated?
Edited by Mayra Cabrera

Merge request reports