Discourage migrations that modify data in sec MRs (!417) · Merge requests · GitLab.org / release / GitLab Release Docs

John Hope requested to merge jh-migrations-security-mrs into master Dec 17, 2021

See:

Incident issue: gitlab-com/gl-infra/production#6072 (closed)
FCL work plan: https://gitlab.com/gitlab-org/plan/-/issues/492#work-plan

Incident gitlab-com/gl-infra/production#6072 (closed) was the result of a data migration gone wrong. It deleted more data than it should have and the recovery process was arduous.

However, this migration was split out from a security MR which originally hid the data correctly. Had the Security MR included the data migration, data recovery would have been more difficult or impossible because of the nature of back-ports and a mid-milestone security release.

This change discourages the use of data migrations entirely Security MRs. Best practice would instead be to hide the offending data in the application layer and follow up with a migration using the regular development process.

The Security MR: https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/1626
The migration follow up: gitlab-org/gitlab!73007 (merged)

Edited Dec 17, 2021 by John Hope

Discourage migrations that modify data in sec MRs

Merge request reports