Update issue table when linking/unlinking (!2675) · Merge requests · GitLab.org / release-tools

Steve Abrams requested to merge delivery19696-update-table-on-linking into master Oct 05, 2023

🎼 What does this MR do and why?

When the TargetIssuesProcessor links or unlinks issues to the security release tracking issue, the security issue table in the security release tracking issue is updated.

When a project that has manual releases (GitLab-Pages, Gitaly, CNG) has an issue that is linked, a note is added to the table that it is a managed versioning issue and may require manual merging.

🎹 Testing

To test:

I used some test issues:
- Tracking issue: https://gitlab.com/gitlab-org/gitlab/-/issues/424529
- Implementation issue 1: https://gitlab.com/gitlab-org/security/gitlab/-/issues/969
- Implementation issue 2: https://gitlab.com/gitlab-org/security/gitlab/-/issues/967
I applied the following local changes to force the processor to use my test issues and guarantee they would be linked. I also updated the PROJECTS_NEEDING_MANUAL_RELEASES list to include GitlabEe so the managed versioning note would be included without having to open a test issue on a manually released project (i.e. Gitaly/GitLab-Pages):

git diff

diff --git a/lib/release_tools/gitlab_client.rb b/lib/release_tools/gitlab_client.rb
index 4d6a8d5e..e7c04c2e 100644
--- a/lib/release_tools/gitlab_client.rb
+++ b/lib/release_tools/gitlab_client.rb
@@ -633,7 +633,7 @@ module ReleaseTools

       # project.path is required because the security tracking issue only exists on canonical
       client
-        .issues(project.path, labels: label, state: 'opened')
+        .issues(project.path, labels: ['security-target', 'test'], state: 'opened')
         .first
     end

diff --git a/lib/release_tools/managed_versioning.rb b/lib/release_tools/managed_versioning.rb
index 3f24e98d..c0af92de 100644
--- a/lib/release_tools/managed_versioning.rb
+++ b/lib/release_tools/managed_versioning.rb
@@ -13,6 +13,6 @@ module ReleaseTools
       ReleaseTools::Project::OmnibusGitlab
     ].freeze

-    PROJECTS_NEEDING_MANUAL_RELEASES = (PROJECTS - [ReleaseTools::Project::GitlabEe, ReleaseTools::Project::OmnibusGitlab]).freeze
+    PROJECTS_NEEDING_MANUAL_RELEASES = (PROJECTS - [ReleaseTools::Project::OmnibusGitlab]).freeze
   end
 end
diff --git a/lib/release_tools/security/implementation_issue.rb b/lib/release_tools/security/implementation_issue.rb
index df93a3bb..bdd6fea8 100644
--- a/lib/release_tools/security/implementation_issue.rb
+++ b/lib/release_tools/security/implementation_issue.rb
@@ -137,6 +137,7 @@ module ReleaseTools
       private

       def validate
+        return true
         return if defined?(@reasons)

         @reasons = []
diff --git a/lib/release_tools/security/issue_crawler.rb b/lib/release_tools/security/issue_crawler.rb
index 6c189910..b8f43a22 100644
--- a/lib/release_tools/security/issue_crawler.rb
+++ b/lib/release_tools/security/issue_crawler.rb
@@ -39,7 +39,7 @@ module ReleaseTools
         return @security_release_issues if @security_release_issues

         issues = GitlabClient
-          .issues(PUBLIC_PROJECT, labels: ROOT_ISSUE_LABEL, state: OPENED)
+          .issues(PUBLIC_PROJECT, labels: ['security-target', 'test'], state: OPENED)
           .auto_paginate

         # Ignoring issues without a due date could lead to security releases
@@ -98,7 +98,7 @@ module ReleaseTools
       # Returns issues that are related to the security release tracking issue.
       def related_security_issues
         security_issues_and_merge_requests_for(
-          security_issues_for(release_issue.iid)
+          security_issues_for(424529)
         )
       end

diff --git a/lib/release_tools/security/issue_table/service.rb b/lib/release_tools/security/issue_table/service.rb
index 20a0bf2a..af05a818 100644
--- a/lib/release_tools/security/issue_table/service.rb
+++ b/lib/release_tools/security/issue_table/service.rb
@@ -100,7 +100,7 @@ module ReleaseTools
             Retriable.with_context(:api) do
               GitlabClient.issue_notes(release_issue.project_id, issue_iid: release_issue.iid).auto_paginate.detect do |note|
                 note.body.include?(NOTE_HEADER) &&
-                  note.author.username == Security::Client::RELEASE_TOOLS_BOT_USERNAME
+                  note.author.username == 'sabrams'
               end
             end
         end
diff --git a/lib/release_tools/security/security_release_tracking_issue_notifier.rb b/lib/release_tools/security/security_release_tracking_issue_notifier.rb
index 4417d9d9..77c2b5de 100644
--- a/lib/release_tools/security/security_release_tracking_issue_notifier.rb
+++ b/lib/release_tools/security/security_release_tracking_issue_notifier.rb
@@ -42,7 +42,7 @@ module ReleaseTools
         <<~MSG
           #{assignees_string}, a managed versioning project issue, #{issue.web_url}, has been linked to this security release. Please
           [follow the release manager instructions](https://gitlab.com/gitlab-org/release/docs/-/blob/master/components/managed-versioning/security_release.md#release-manager-process)
-          and adjust the [security release task issue](#{security_task_issue.web_url}) to include any additional steps needed.
+          and adjust the [security release task issue](foo.com) to include any additional steps needed.
         MSG
       end

diff --git a/lib/release_tools/security/target_issues_processor.rb b/lib/release_tools/security/target_issues_processor.rb
index d207b02a..1a8361c7 100644
--- a/lib/release_tools/security/target_issues_processor.rb
+++ b/lib/release_tools/security/target_issues_processor.rb
@@ -16,6 +16,8 @@ module ReleaseTools
         logger.info("#{security_target_issues.count} target issues found. They will be evaluated and considered for linking to the security release tracking issue: #{security_release_tracking_issue.web_url}.")

         security_target_issues.each do |target_issue|
+          next unless [967, 969].include?(target_issue.iid)
+
           case [target_issue.ready_to_be_processed?, linked_to_security_tracking_issue?(target_issue)]
           when [true, true]
             logger.info("#{target_issue.web_url} is already linked to the security release tracking issue and still ready to be processed.")

I then ran the processor from the pry console:

~/workspace/gitlab-org/release-tools (delivery19696-update-table-on-linking ✗) RELEASE_BOT_VERSION_TOKEN=REDACTED RELEASE_BOT_PRODUCTION_TOKEN=REDACTED be pry --gem
[2] pry(main)> ReleaseTools::Security::TargetIssuesProcessor.new.execute
2023-10-06 09:36:32.150718 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fcharts%2Fcomponents%2Fimages/issues" 2
2023-10-06 09:36:32.415784 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitaly/issues" 2
2023-10-06 09:36:32.769241 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab/issues" -
2023-10-06 09:36:33.195244 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab-pages/issues" 2
2023-10-06 09:36:33.467272 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fomnibus-gitlab/issues" 2
2023-10-06 09:36:34.156301 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:34 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/967/related_merge_requests" -
2023-10-06 09:36:34.245878 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:34 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/969/related_merge_requests" -
2023-10-06 09:36:34.694797 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:34 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-10-06 09:36:34.695598 W Ruby -- WARNING: Please convert ObjectifiedHash object to hash before calling Hash methods on it.
 -- {:source=>"ruby_warnings", :stacktrace=>"/Users/steveabrams/workspace/gitlab-org/release-tools/lib/release_tools/issuable.rb:6:in `initialize'"}
2023-10-06 09:36:34.696744 I ReleaseTools::Security::TargetIssuesProcessor -- 2 target issues found. They will be evaluated and considered for linking to the security release tracking issue: https://gitlab.com/gitlab-org/gitlab/-/issues/424529.
2023-10-06 09:36:35.060474 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" -
2023-10-06 09:36:35.654483 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/969/related_merge_requests" -
2023-10-06 09:36:35.654986 I ReleaseTools::Security::TargetIssuesProcessor -- https://gitlab.com/gitlab-org/security/gitlab/-/issues/969 is already linked to the security release tracking issue and still ready to be processed.
2023-10-06 09:36:35.654998 I ReleaseTools::Security::TargetIssuesProcessor -- https://gitlab.com/gitlab-org/security/gitlab/-/issues/967 is ready to be processed and will be linked to the security release tracking issue.
2023-10-06 09:36:36.431753 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-10-06 09:36:37.524791 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:37 -0600] 201 "POST https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" 3126
2023-10-06 09:36:37.928544 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:37 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-10-06 09:36:38.532133 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:38 -0600] 201 "POST https://gitlab.com/api/v4/projects/15642544/issues/967/notes" 804
2023-10-06 09:36:39.275740 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:39 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-10-06 09:36:39.277364 I ReleaseTools::Security::SecurityReleaseTrackingIssueNotifier -- Notifying RMs that issue was linked to security release tracking issue -- {:linked_issue=>"https://gitlab.com/gitlab-org/security/gitlab/-/issues/967", :security_tracking_issue=>"https://gitlab.com/gitlab-org/gitlab/-/issues/424529"}
2023-10-06 09:36:40.105905 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:40 -0600] 201 "POST https://gitlab.com/api/v4/projects/278964/issues/424529/notes" 973
2023-10-06 09:36:40.875877 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:40 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-10-06 09:36:41.541745 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:41 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes" -
2023-10-06 09:36:42.396247 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:42 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=2&per_page=20&sort=desc" -
2023-10-06 09:36:42.916421 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:42 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=3&per_page=20&sort=desc" -
2023-10-06 09:36:43.433339 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:43 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" -
2023-10-06 09:36:44.048908 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:44 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/969/related_merge_requests" -
2023-10-06 09:36:44.390523 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:44 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/967/related_merge_requests" -
## Security issues

| Issue | Master merged? | Deployed? | Backports merged? | Bot Comments | Release manager comments |
|-------|----------------|-----------|-------------------|--------------|--------------------------|
| https://gitlab.com/gitlab-org/security/gitlab/-/issues/967 |  |  |  | <br/>Managed versioning. May require manual merging. |  |
| https://gitlab.com/gitlab-org/security/gitlab/-/issues/969 |  |  |  | <br/>Managed versioning. May require manual merging. |  |

---

:robot: <sub>This table was generated by [release-tools](https://gitlab.com/gitlab-org/release-tools/).
Please open an issue in the [Delivery team issue tracker](https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues)
if you have any suggestions or bug reports.</sub>
2023-10-06 09:36:44.392612 I ReleaseTools::Security::IssueTable::Service -- Table of security issues -- {:comment_string=>"## Security issues\n\n| Issue | Master merged? | Deployed? | Backports merged? | Bot Comments | Release manager comments |\n|-------|----------------|-----------|-------------------|--------------|--------------------------|\n| https://gitlab.com/gitlab-org/security/gitlab/-/issues/967 |  |  |  | <br/>Managed versioning. May require manual merging. |  |\n| https://gitlab.com/gitlab-org/security/gitlab/-/issues/969 |  |  |  | <br/>Managed versioning. May require manual merging. |  |\n\n---\n\n:robot: <sub>This table was generated by [release-tools](https://gitlab.com/gitlab-org/release-tools/).\nPlease open an issue in the [Delivery team issue tracker](https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues)\nif you have any suggestions or bug reports.</sub>\n"}
2023-10-06 09:36:45.023056 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:45 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes" -
2023-10-06 09:36:45.689226 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:45 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=2&per_page=20&sort=desc" -
2023-10-06 09:36:46.761609 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:46 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=3&per_page=20&sort=desc" -
2023-10-06 09:36:46.764438 I ReleaseTools::Security::IssueTable::Service -- Creating security release table issue comment -- {:issue=>"https://gitlab.com/gitlab-org/gitlab/-/issues/424529"}
2023-10-06 09:36:47.739937 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:47 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes" -
2023-10-06 09:36:48.872607 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:48 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=2&per_page=20&sort=desc" -
2023-10-06 09:36:49.373089 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:49 -0600] 200 "GET https://gitlab.com/api/v4/projects/278964/issues/424529/notes?activity_filter=all_notes&id=278964&noteable_id=424529&order_by=created_at&page=3&per_page=20&sort=desc" -
2023-10-06 09:36:50.258753 D ReleaseTools::GitlabClient -- [HTTParty] [2023-10-06 09:36:50 -0600] 201 "POST https://gitlab.com/api/v4/projects/278964/issues/424529/notes" 1357
=> [#<ReleaseTools::Security::ImplementationIss....]

This comment was generated and includes the managed versioning note: https://gitlab.com/gitlab-org/gitlab/-/issues/424529#note_1593354270

I then:

Unlinked one of the issues so that it would relink
Manually deleted one line in the table so it is more obvious that it is updated
Added a release manager note to the remaining line to ensure it is preserved on the update.
Ran the processor again

The comment was edited as expected:

Author Check-list

[-] Has documentation been updated?

Edited Oct 09, 2023 by Steve Abrams

Update issue table when linking/unlinking

🎼 What does this MR do and why?

🎹 Testing

Author Check-list

Merge request reports