Skip to content

Add service to update protected branches

Steve Abrams requested to merge delivery19546-protected-branches into master

🔎 What does this MR do and why?

We are automating the task of updating the stable protected branches after each monthly release for gitlab-org/gitlab and omnibus-gitlab.

This MR introduces a class that is capable of making the updates. A subsequent MR will call this from a new rake task and CI job.

Related to gitlab-com/gl-infra/delivery#19546 (closed)

💻 Testing

  1. I applied this diff to my local code to ensure I did not update real branches:
Click to expand 
diff --git a/lib/release_tools/monthly/finalize/update_protected_branches.rb b/lib/release_tools/monthly/finalize/update_protected_branches.rb
index 3d8981d2..3e4df6e4 100644
--- a/lib/release_tools/monthly/finalize/update_protected_branches.rb
+++ b/lib/release_tools/monthly/finalize/update_protected_branches.rb
@@ -8,7 +8,8 @@ module ReleaseTools
         GITLAB_BOT_ID = 1_786_152
         RELEASE_MANAGERS_GROUP_ID = 2_584_649

-        PROJECTS = [ReleaseTools::Project::GitlabEe, ReleaseTools::Project::OmnibusGitlab].freeze
+        PROJECTS = [ReleaseTools::Project::GitlabEe].freeze
+        # PROJECTS = [ReleaseTools::Project::GitlabEe, ReleaseTools::Project::OmnibusGitlab].freeze

         def execute
           PROJECTS.each do |project|
@@ -27,13 +28,15 @@ module ReleaseTools
         private

         def new_branch(ee:)
-          ReleaseTools::Versions.current_stable_branch(ee: ee)
+          'delivery19546-test-unprotected'
+          # ReleaseTools::Versions.current_stable_branch(ee: ee)
         end

         def old_branch(ee:)
-          ReleaseTools::Version.new(
-            ReleaseTools::Version.new(ReleaseTools::Versions.current.first)
-          ).stable_branch(ee: ee)
+          'delivery19546-test-protected'
+          # ReleaseTools::Version.new(
+          #   ReleaseTools::Version.new(ReleaseTools::Versions.current.first)
+          # ).stable_branch(ee: ee)
         end

         def allowed_to_merge
  1. I created two branches on gitlab-org/gitlab: delivery19546-test-unprotected and delivery19546-test-protected.
  2. I manually protected the delivery19546-test-protected branch in the UI:

Screenshot_2023-08-10_at_12.40.00_PM

  1. For this test, the delivery19546-test-protected branch represents the older branch that will be unprotected and inherit the other *-stable-ee protection rules. The delivery19546-test-unprotected branch represents the newly created stable branch.
  2. I ran the service through the rails console:
~/workspace/gitlab-org/release-tools (delivery19546-protected-branches ✗) RELEASE_BOT_VERSION_TOKEN=<TOKEN> RELEASE_BOT_PRODUCTION_TOKEN=<TOKEN> be pry --gem
[1] pry(main)> ReleaseTools::Monthly::Finalize::UpdateProtectedBranches.new.execute
2023-08-10 12:39:43.250505 D ReleaseTools::GitlabClient -- [HTTParty] [2023-08-10 12:39:43 -0600] 204 "DELETE https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/protected_branches/delivery19546-test-protected" -
2023-08-10 12:39:43.682062 D ReleaseTools::GitlabClient -- [HTTParty] [2023-08-10 12:39:43 -0600] 201 "POST https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/protected_branches" 947
=> [gitlab-org/gitlab]
  1. I reloaded the UI. The delivery19546-test-protected is no longer listed as a protected branch and delivery19546-test-unprotected is:

Screenshot_2023-08-10_at_12.40.20_PM

Author Check-list

  • [-] Has documentation been updated?
Edited by Steve Abrams

Merge request reports