Automate backport merging steps for stable branches security MRs (!3198) · Merge requests · GitLab.org / release-tools

Dat Tang requested to merge dattang/automate-merging-patches into master Jun 12, 2024

What does this MR do and why?

Describe in detail what your merge request does and why.

Content

Automate backport merging steps for stable branches security MRs

Add two new CI jobs and stages to the patch release pipeline to notify and perform backport merging.
Add a corresponding Slack notification message.
Add a corresponding rspec.

Ref: gitlab-com/gl-infra/delivery#20190 (closed)

Testing

Pipeline creation

This was tested in this repo (gitlab-org/release-tools), just to see that the pipeline gets created as we expect it.

With `SECURITY_RELEASE_PIPELINE=true`	With `SECURITY_RELEASE_PIPELINE='backport_merge'`
(note that the `backport_merge` jobs run after the `early_merge` jobs)
Pipeline	Pipeline

With SECURITY_RELEASE_PIPELINE=true

With SECURITY_RELEASE_PIPELINE='backport_merge'

(note that the backport_merge jobs run after the early_merge jobs)

Pipeline

Configuration testing

This was to test the configuration of the pipeline (the job order).

Step	Screenshot
Change notification channel for testing (Testing commit)
Initialized as manual pipeline (Pipeline)
After `security_release:early_merge:start` is manually triggered
Slack notification (Link)
After `security_release:early_merge:start` is completed successfully, it starts `security_release:early_merge` stage

Execution testing

This was to actually test the execution of the job calling the bundle exec rake 'security:merge[:merge_default:'true']'. I created a test issue to not actually merge the MRs associated with the actual security issue.

Step	Screenshot/link
Disabled `security-target issue processor` in https://ops.gitlab.net/gitlab-org/release/tools/-/pipeline_schedules
Created an empty test patch release issue with upcoming security release	https://gitlab.com/gitlab-org/gitlab/-/issues/467232
Tested locally that `ReleaseTools::GitlabClient.next_security_tracking_issue` is returning the test issue	[1] pry(main)> ReleaseTools::GitlabClient.next_security_tracking_issue 2024-06-12 17:47:27.886386 D ReleaseTools::GitlabClient -- [HTTParty] [2024-06-12 17:47:27 +0200] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" - => #<Gitlab::ObjectifiedHash:217760 {hash: {"id"=>147737190, "iid"=>467232, "project_id"=>278964, "title"=>"[TEST] Patch release for security_release:backport_merge pipeline testing", "description"=>"This is a test issue, created for https://gitlab.com/gitlab-org/release-tools/-/merge_requests/3198.\n\nPlease do not link any security issues to this issue!\n\nThe `security-target issue processor` scheduled pipeline to link issues will be disabled during the time this issue has ~13914336 label.", "state"=>"opened", "created_at"=>"2024-06-12T15:43:42.768Z", "updated_at"=>"2024-06-12T15:44:52.897Z", "closed_at"=>nil, "closed_by"=>nil, "labels"=>["Category:Delivery", "devops::platforms", "group::delivery", "section::platforms", "test", "upcoming security release"], "milestone"=>nil, "assignees"=>[{"id"=>15359194, "username"=>"dat.tang.gitlab", "name"=>"Dat Tang", "state"=>"active", "locked"=>false, "avatar_url"=>"https://secure.gravatar.com/avatar/1c9d3ea240e53e3afe2cc6dd655bdcd7a1128a266a07eaae44258b49b2a6c527?s=80&d=identicon", "web_url"=>"https://gitlab.com/dat.tang.gitlab"}], "author"=>{"id"=>15359194, "username"=>"dat.tang.gitlab", "name"=>"Dat Tang", "state"=>"active", "locked"=>false, "avatar_url"=>"https://secure.gravatar.com/avatar/1c9d3ea240e53e3afe2cc6dd655bdcd7a1128a266a07eaae44258b49b2a6c527?s=80&d=identicon", "web_url"=>"https://gitlab.com/dat.tang.gitlab"}, "type"=>"ISSUE", "assignee"=>{"id"=>15359194, "username"=>"dat.tang.gitlab", "name"=>"Dat Tang", "state"=>"active", "locked"=>false, "avatar_url"=>"https://secure.gravatar.com/avatar/1c9d3ea240e53e3afe2cc6dd655bdcd7a1128a266a07eaae44258b49b2a6c527?s=80&d=identicon", "web_url"=>"https://gitlab.com/dat.tang.gitlab"}, "user_notes_count"=>0, "merge_requests_count"=>0, "upvotes"=>0, "downvotes"=>0, "due_date"=>"2024-05-16", "confidential"=>true, "discussion_locked"=>nil, "issue_type"=>"issue", "web_url"=>"https://gitlab.com/gitlab-org/gitlab/-/issues/467232", "time_stats"=>{"time_estimate"=>0, "total_time_spent"=>0, "human_time_estimate"=>nil, "human_total_time_spent"=>nil}, "task_completion_status"=>{"count"=>0, "completed_count"=>0}, "weight"=>nil, "blocking_issues_count"=>0, "has_tasks"=>true, "task_status"=>"0 of 0 checklist items completed", "_links"=>{"self"=>"https://gitlab.com/api/v4/projects/278964/issues/467232", "notes"=>"https://gitlab.com/api/v4/projects/278964/issues/467232/notes", "award_emoji"=>"https://gitlab.com/api/v4/projects/278964/issues/467232/award_emoji", "project"=>"https://gitlab.com/api/v4/projects/278964", "closed_as_duplicate_of"=>nil}, "references"=>{"short"=>"#467232", "relative"=>"#467232", "full"=>"gitlab-org/gitlab#467232"}, "severity"=>"UNKNOWN", "moved_to_id"=>nil, "imported"=>false, "imported_from"=>"none", "service_desk_reply_to"=>nil, "epic_iid"=>nil, "epic"=>nil, "iteration"=>nil, "health_status"=>nil}}
Pipeline manually started	https://ops.gitlab.net/gitlab-org/release/tools/-/pipelines/3384714
Slack notification (link)
`security_release_early_merge:merge` job successfully called `bundle exec rake 'security:merge[:merge_default:'true']'`, picked up the test issue, and merged (0) MRs, left a comment on the issue	link
Pipeline successfully finished
Removed label and closed the issue, re-enabled the pipeline schedule

Edited Jun 12, 2024 by Dat Tang