Skip to content

Determine stable branch status with release environments

Jenny Kimrequested to merge
jk/check-only-release-environment into master

What does this MR do and why?

Addresses gitlab-com/gl-infra/delivery#21167 (closed)

For patch and internal releases, we suspect that the pre-merge pipeline checks (on the backport MR pipeline) and the post-merge checks (on the MR merge commit pipeline on the stable branches) are the same. (To be corroborated by DexEx on gitlab-com/gl-infra/delivery#21002 (closed))

This means that during the post-merge stages of the releases, we could simplify the checks (e.g. security_release_tag:check_component_branch_pipeline_status) to check the status of the release environments pipeline trigger job, and not the entire pipeline's status.

When we check for the stable branch status in gitlab-ee (security/gitlab), we should be checking for the downstream pipeline status for start-release-environments-security-pipeline instead of the whole commit pipeline.

Currently, this shouldn't really change anything, since start-release-environments-security-pipeline is at the end of a pipeline, e.g. https://gitlab.com/gitlab-org/security/gitlab/-/pipelines/1843337817/

After we refactor the pipeline to parallelize the release environment downstream pipeline creation with the rest of the commit pipeline in gitlab-com/gl-infra/delivery#20964 (closed), this means that we don't need to wait until the commit pipeline succeeds, as long as the release environment downstream pipeline succeeded.

Feature Flag

stable_branch_check_release_environments_only

If we put the changes under a feature flag, we can continue without being blocked by gitlab-com/gl-infra/delivery#21002 (closed)

The FF can be removed once DevEx confirms that the pre-merge and post-merge pipelines should behave the same.

Local testing

Tested with https://gitlab.com/gitlab-org/security/gitlab/-/pipelines/1843337817/

bundle exec pry --gem
[1] pry(main)> pipeline = ReleaseTools::GitlabClient.commit(ReleaseTools::Project::GitlabEe.security_path, ref: 'febdad73').last_pipeline
=> #<Gitlab::ObjectifiedHash:95416 {hash: {"id" => 1843337817, "project_id" => 15642544, "ref" => "18-0-stable-ee", "status" => "success", ..., "web_url" => "https://gitlab.com/gitlab-org/security/gitlab/-/pipelines/1843337817"}}
[2] pry(main)> bridge = ReleaseTools::GitlabClient.pipeline_bridges(ReleaseTools::Project::GitlabEe.security_path, pipeline.id).auto_paginate.detect { |job| job.name == 'start-release-environments-security-pipeline' }
=> #<Gitlab::ObjectifiedHash:95424 {hash: {"id" => 10192134192, "status" => "success", "stage" => "release-environments", "name" => "start-release-environments-security-pipeline", "ref" => "18-0-stable-ee", "tag" => false, "coverage" => nil, "allow_failure" => false, ...}}}
[3] pry(main)> bridge.downstream_pipeline.status
=> "success"

Content

  • Determine stable branch status with release environments
Edited by Jenny Kim

Merge request reports