Add publish step to the patch release pipeline
What does this MR do and why?
Describe in detail what your merge request does and why.
Currently, during the patch release process, we run these chatops
commands to publish the release, one patch version at a time. We do this after the tagging process.
/chatops run publish --security <patch version>
This MR changes from using ChatOps to the GitLab CI pipeline for the publish step.
Ref: gitlab-com/gl-infra/delivery#20201 (closed)
Content
- Add a base class
ReleaseTools::Security::Jobs
- Add a class
ReleaseTools::Security::Publish::Jobs
for generating a publish downstream pipeline, with corresponding CI jobs. The downstream pipeline includes three job, for three patch release versions. - Add a class
ReleaseTools::Security::Publish::PatchRelease
to perform the publish and send notification. - Add rspec for new classes.
Workflow of the publish step
- The
security_release_publish:start
is manually triggered and send a Slack notification. - A dynamic pipeline is created, which includes three jobs for the three versions.
- The downstream pipeline runs, which publish versions one by one.
- A notification is sent for each version, successful or failed.
Testing
Pipeline creation
This was tested in this repo (gitlab-org/release-tools
), just to see that the pipeline gets created as we expect it.
Configuration testing
This was to test the configuration of the pipeline (the job order).
Step | Screenshot |
---|---|
For testing - Echo a log line instead of actually doing sth (Testing commit) |
|
Initialized as manual pipeline (Pipeline)
|
|
After |
|
Slack notification (Link) |
|
After
|
|
|
|
The blog post jobs still need another manual triger. |
Execution testing
This was to actually test the execution of the job calling the bundle exec rake 'security:verify_images:verify'
.
Step | Screenshot/link |
---|---|
Check if the list of versions is get correctly |
[1] pry(main)> ReleaseTools::PatchRelease::Coordinator.new.versions => ["17.1.2", "17.0.4", "16.11.6"] |
Test commit to skip the rake task, to test the notification only (Testing commit) |
|
Initialized as manual pipeline (Pipeline)
|
|
Slack notification when the job starts (link) |
|
Triggered pipeline is created with three jobs for three release versions | |
Each |
|
If the publish task fails, a slack notification like this is posted |