Notify when linked
🥙 What does this MR do and why?
We are automating the process of linking security implementation issues to security release tracking issues. When an issue is linked, we want to notify the assignees of the security implementation issue.
This MR adds that notification.
🔧 Testing
I had two fake issues:
- Security release tracking issue: https://gitlab.com/gitlab-org/gitlab/-/issues/424529
- Security implementation issue: https://gitlab.com/gitlab-org/security/gitlab/-/issues/970
I made sure they were not linked before starting the test.
I modified my local code to force the security implementation issue to be chosen for linking and also to use the fake tracking issue:
git diff
diff --git a/lib/release_tools/security/implementation_issue.rb b/lib/release_tools/security/implementation_issue.rb
index 1947cc7a..33358908 100644
--- a/lib/release_tools/security/implementation_issue.rb
+++ b/lib/release_tools/security/implementation_issue.rb
@@ -54,17 +54,20 @@ module ReleaseTools
end
def ready_to_be_processed?
- if missing_backports?
- reject('missing merge requests')
- elsif !merge_requests_with_allowed_status?
- reject('invalid merge requests status')
- elsif !merge_requests_assigned_to_the_bot?
- reject('unassigned merge requests')
- elsif !valid_merge_requests?
- reject('invalid merge requests')
- else
- true
- end
+ return true if iid == 970
+
+ false
+ # if missing_backports?
+ # reject('missing merge requests')
+ # elsif !merge_requests_with_allowed_status?
+ # reject('invalid merge requests status')
+ # elsif !merge_requests_assigned_to_the_bot?
+ # reject('unassigned merge requests')
+ # elsif !valid_merge_requests?
+ # reject('invalid merge requests')
+ # else
+ # true
+ # end
end
def reject(reason)
diff --git a/lib/release_tools/security/issue_crawler.rb b/lib/release_tools/security/issue_crawler.rb
index 520d2fda..5245f676 100644
--- a/lib/release_tools/security/issue_crawler.rb
+++ b/lib/release_tools/security/issue_crawler.rb
@@ -12,7 +12,7 @@ module ReleaseTools
SECURITY_NAMESPACE = 'gitlab-org/security'
# The label required by security root/meta issues.
- ROOT_ISSUE_LABEL = 'upcoming security release'
+ ROOT_ISSUE_LABEL = 'security-target'
# The label required for a related issue or merge request to be considered
# by the crawler.
@@ -96,7 +96,7 @@ module ReleaseTools
# Returns issues that are related to the security release tracking issue.
def related_security_issues
security_issues_and_merge_requests_for(
- security_issues_for(release_issue.iid)
+ security_issues_for(424529)
)
endAfter verifying the issue was going to be linked with a dry run, I then ran a real run to post a comment in the ruby console:
/workspace/gitlab-org/release-tools (delivery19569-linked-notification ✗) RELEASE_BOT_PRODUCTION_TOKEN=REDACTED be pry --gem
[1] pry(main)> ReleaseTools::Security::TargetIssuesProcessor.new.execute
2023-09-13 09:58:48.647894 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:48 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fcharts%2Fcomponents%2Fimages/issues" 2
2023-09-13 09:58:48.947702 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:48 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitaly/issues" 2
2023-09-13 09:58:49.362763 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:49 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab/issues" -
2023-09-13 09:58:49.740220 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:49 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab-pages/issues" 2
2023-09-13 09:58:50.136123 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:50 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fomnibus-gitlab/issues" 2
2023-09-13 09:58:50.889391 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:50 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/970/related_merge_requests" -
2023-09-13 09:58:51.208868 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:51 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-13 09:58:51.210079 W Ruby -- WARNING: Please convert ObjectifiedHash object to hash before calling Hash methods on it.
-- {:source=>"ruby_warnings", :stacktrace=>"/Users/steveabrams/workspace/gitlab-org/release-tools/lib/release_tools/issuable.rb:6:in `initialize'"}
2023-09-13 09:58:51.211040 I ReleaseTools::Security::TargetIssuesProcessor -- 1 target issues found. They will be evaluated and considered for linking to the security release tracking issue: https://gitlab.com/gitlab-org/gitlab/-/issues/424529.
2023-09-13 09:58:51.606432 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:51 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" -
2023-09-13 09:58:51.607128 I ReleaseTools::Security::TargetIssuesProcessor -- https://gitlab.com/gitlab-org/security/gitlab/-/issues/970 is ready to be processed and will be linked to the security release tracking issue.
2023-09-13 09:58:52.221215 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:52 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-13 09:58:52.905480 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:52 -0600] 201 "POST https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" 3083
2023-09-13 09:58:53.451500 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-13 09:58:53 -0600] 201 "POST https://gitlab.com/api/v4/projects/15642544/issues/970/notes" 804
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010c01a240
@iid=970,
@issue= ...removed to make more readable...
@merge_requests=[],
@pending_reason=nil,
@project_id=15642544,
@reference="gitlab-org/security/gitlab#970",
@web_url="https://gitlab.com/gitlab-org/security/gitlab/-/issues/970">]We can see the comment successfully posted https://gitlab.com/gitlab-org/security/gitlab/-/issues/970#note_1557341910
Related to gitlab-com/gl-infra/delivery#19569 (closed)
Author Check-list
- [-] Has documentation been updated?
Edited by Steve Abrams