Add security_release_finalize:mirror_status job
What does this MR do and why?
We are automating the Final Steps of the security release. This MR adds a job to check the mirror status after syncing has completed.
Related to gitlab-com/gl-infra/delivery#19437
Template with :security_release_pipeline feature flag enabled
-
Sync the GitLab default branch by using the merge-train project: -
Disable the gitlab-org/gitlab@master -> gitlab-org/security/gitlab@master
pipeline schedule on the merge-train. -
Trigger the gitlab-org/security/gitlab@master -> gitlab-org/gitlab@master
pipeline schedule on the merge-train and wait until it finishes. This pipeline will attempt to sync the GitLab default branch. -
If the sync fails, repeat the above step.
-
-
If after 5 times the sync by the merge train continues to fail, use the previous strategy to sync the GitLab project: -
Disable the merge_train_to_canonical
feature flag on ops. -
Enable the gitlab-org/gitlab@master -> gitlab-org/security/gitlab@master
pipeline schedule on the merge-train. -
Execute the sync_remotes
task on Slack:/chatops run release sync_remotes --security
. In this case, if the sync fails, a merge request will be created and release manager intervention will be required.
-
-
Start the security_release_finalize:start
job in the security release pipeline: https://example.gitlab.com/pipeline/1234
Template with :security_release_pipeline feature flag disabled
Final steps
-
Sync the GitLab default branch by using the merge-train project: -
Disable the gitlab-org/gitlab@master -> gitlab-org/security/gitlab@master
pipeline schedule on the merge-train. -
Trigger the gitlab-org/security/gitlab@master -> gitlab-org/gitlab@master
pipeline schedule on the merge-train and wait until it finishes. This pipeline will attempt to sync the GitLab default branch. -
If the sync fails, repeat the above step.
-
-
If after 5 times the sync by the merge train continues to fail, use the previous strategy to sync the GitLab project: -
Disable the merge_train_to_canonical
feature flag on ops. -
Enable the gitlab-org/gitlab@master -> gitlab-org/security/gitlab@master
pipeline schedule on the merge-train. -
Execute the sync_remotes
task on Slack:/chatops run release sync_remotes --security
. In this case, if the sync fails, a merge request will be created and release manager intervention will be required.
-
-
Sync default branches for GitLab Foss, Omnibus GitLab and Gitaly, via ChatOps: # In Slack /chatops run release sync_remotes --security
-
Verify all remotes are synced: # In Slack /chatops run mirror status
If conflicts are found, manual intervention will be needed to sync the repositories.
...
Local testing
Pipeline showing the mirror job is waiting for the sync job to complete:
Author Check-list
- [-] Has documentation been updated?