Create blog MR in security mirror when release contains security data
What does this MR do and why?
Describe in detail what your merge request does and why.
Content
- Create blog MR in security mirror when release contains security data
When doing a patch release that also contains security fixes, the blog
MR should be created in the security mirror
(gitlab-org/security/www-gitlab-com
) so that the security fixes are
not publicized until the release is published.
This MR refactors the MergeRequest
class to use a method called
project_path
when calling the GitLab API. This method can be
overridden by classes that inherit from MergeRequest
in order to
change which mirror the API calls go to.
In PatchRelease::BlogMergeRequest
, which inherits from MergeRequest
, we override the project_path
method to return the security mirror path if the blog post contains security content.
gitlab-com/gl-infra/delivery#19719 (closed)
Testing
I applied the following diff:
Diff
diff --git a/lib/release_tools/patch_release/blog_merge_request.rb b/lib/release_tools/patch_release/blog_merge_request.rb
index bb3efc1f..cf6c4475 100644
--- a/lib/release_tools/patch_release/blog_merge_request.rb
+++ b/lib/release_tools/patch_release/blog_merge_request.rb
@@ -197,7 +197,8 @@ module ReleaseTools
end
def combined_blog_post?
- Feature.enabled?(:combined_blog_post)
+ true
+ # Feature.enabled?(:combined_blog_post)
end
def includes_security_content?
diff --git a/lib/release_tools/security/cves_finder.rb b/lib/release_tools/security/cves_finder.rb
index ff5c17f5..cf07d93f 100644
--- a/lib/release_tools/security/cves_finder.rb
+++ b/lib/release_tools/security/cves_finder.rb
@@ -51,7 +51,7 @@ module ReleaseTools
end
def cve_path
- ReleaseTools::Project::Cves.to_s
+ ReleaseTools::Project::Cves.path
end
def client
diff --git a/lib/tasks/release.rake b/lib/tasks/release.rake
index 293c18c2..fddaa737 100644
--- a/lib/tasks/release.rake
+++ b/lib/tasks/release.rake
@@ -245,7 +245,7 @@ namespace :release do
ReleaseTools.logger.info("Printing blog post for patch release", version: args[:version])
- $stdout.puts blog_post.generate_blog_content
+ $stdout.puts blog_post.create
end
desc 'Post a message on slack containing a list of backports merged into the stable branches'
Then I ran the following rake task locally: SECURITY=true RELEASE_BOT_PRODUCTION_TOKEN='token' RELEASE_BOT_VERSION_TOKEN='token' bundle exec rake 'release:patch_blog_post[]'
Which resulted in the creation of the following commit: https://gitlab.com/gitlab-org/security/www-gitlab-com/-/commit/9c593d08f05baef7faac3552e6a8fc92b09ccff0 (I'll delete this branch once this MR is merged, so that we don't interfere with a legitimate patch)
Author Check-list
-
Has documentation been updated?