Skip to content

Add class for copying security release blog MR from security to canonical mirror

Reuben Pereira requested to merge rp/copy-mr into master

What does this MR do and why?

Describe in detail what your merge request does and why.

This class will be used to copy the security release blog post MR from the security mirror to canonical.

This class uses ReleaseTools::RemoteRepository to fetch the commits in the security mirror and push them to canonical.

We cannot currently create a cross project MR using the source branch from security mirror since the Danger job in canonical fails because it is not able to access the source branch in the security mirror. This fails the pipeline and prevents merging of the MR. Example of a cross project MR: gitlab-com/www-gitlab-com!130241 (closed).

gitlab-com/gl-infra/delivery#19706 (closed)

Testing

I applied the following diff in addition to this MR, and pushed the branch to https://ops.gitlab.net/gitlab-org/release/tools:

Testing diff 
diff --git a/.gitlab/ci/automation.gitlab-ci.yml b/.gitlab/ci/automation.gitlab-ci.yml
index 15f414d9..526398d6 100644
--- a/.gitlab/ci/automation.gitlab-ci.yml
+++ b/.gitlab/ci/automation.gitlab-ci.yml
@@ -177,3 +177,15 @@ record-deployment-blockers:
       - schedules
     variables:
       - $DEPLOYMENT_BLOCKERS_REPORT
+
+test-copy-mr:
+  extends: .with-bundle
+  timeout: 5m
+  stage: automation
+  script:
+    - source scripts/setup_ssh.sh
+    - source scripts/setup_git.sh
+    - bundle exec rake security:test_copy_mr
+  rules:
+    - if: '$TEST_COPY_MR'
+      when: always
diff --git a/.gitlab/ci/workflow.gitlab-ci.yml b/.gitlab/ci/workflow.gitlab-ci.yml
index c4db0a02..fbcdcf43 100644
--- a/.gitlab/ci/workflow.gitlab-ci.yml
+++ b/.gitlab/ci/workflow.gitlab-ci.yml
@@ -130,6 +130,8 @@ workflow:
       variables:
         PIPELINE_NAME: "Monthly release pipeline"
 
+    - if: $TEST_COPY_MR
+
     # Always create pipelines for MRs, tags and for default branch
     - if: $CI_MERGE_REQUEST_IID
     - if: $CI_COMMIT_TAG
diff --git a/lib/tasks/security.rake b/lib/tasks/security.rake
index 7c13cef2..deee1dd5 100644
--- a/lib/tasks/security.rake
+++ b/lib/tasks/security.rake
@@ -203,4 +203,9 @@ namespace :security do
         .new.execute
     end
   end
+
+  task test_copy_mr: :force_security do
+    mr = ReleaseTools::GitlabClient.merge_request('gitlab-org/security/www-gitlab-com', iid: 152)
+    ReleaseTools::Security::CopyMergeRequestToCanonical.new(mr, ReleaseTools::Project::WWWGitlabCom, ReleaseTools::Security::BlogMergeRequest).execute
+  end
 end

Then I ran the following pipeline on the branch: https://ops.gitlab.net/gitlab-org/release/tools/-/pipelines/new?var%5BTEST_COPY_MR%5D=true.

Here is one of the test runs that succeeded in copying the MR from security to canonical: https://ops.gitlab.net/gitlab-org/release/tools/-/jobs/11532828.

Content

Author Check-list

  • Has documentation been updated?
Edited by Reuben Pereira

Merge request reports