Improve security release checklist
While going through the security release checklist in the issue after running bundle exec rake "security_patch_issue[version]"
there are a few things that I'm struggling with:
-
Picked into respective stable branches from the dev/security branch
-
Consider including a link to the stable branch or the stable branch name based on the
version
provided when we ran the command -
Add the cherry pick command example like we have in the regular release MR - it mind sound silly or repeated, but it feels less scary if it's there/if we are 100% sure we are following instructions (not sure if this makes any sense)
-
Often the security issue lists both CE/EE and
omnibus-gitlab
issues. Often the process is not the same for all the repos. -
Consider breaking into CE/EE and omnibus-gitlab into different sections of the issue
-
- Push
ce/10-5-stable
todev
only:git push dev 10-5-stable
-
Push ee/10-5-stable-ee
todev
only:git push dev 10-5-stable-ee
- Push
-
For someone that is doing this for the first time it's a little scary/confusing to see checkboxes even if there is no EE MR to be picked. We could add
If there are any EE MRs to be picked, push ee/10-5-stable-ee
-
Picked into respective stable branches from the dev/security branch. Merged MRs list:
- We need to fix the Merged MRs list gitlab-org/release-tools!345 (merged) -
In general we need to fix the list indentation, is not readable
😕 . It'll be great if it were separated per sections (preparation, packaging, staging, etc). Just like the one used for regular releases and patch releases. gitlab-org/release-tools!335 (merged) -
Merge ce/10-7-stable into ee/10-7-stable-ee following the security process
Link tosecurity process
is broken. gitlab-org/release-tools!335 (merged) -
We also need to mention that we are not supposed to promote any package or anything yet (that’ll be done once it’s in prod, and with coordination from security): gitlab-org/release-tools!335 (merged)
-
For:
Check that EE packages are built, CE packages are built and appears on
packages.gitlab.com
: EE / CE
The appears on packages.gitlab.com
: EE / CE does not apply in a security release. gitlab-org/release-tools!335 (merged)
-
We need to remove the
Create the blog post merge request
as RM's don't handle the blog post. gitlab-org/release-tools!338 (merged) -
On this step
Cherry-pick the merges from the security branch into master and push to all remotes. You can also create and apply a patch set.
We need to fix thecreate and apply a patch set.
link (it's broken) - gitlab-org/release-tools!339 (merged) -
With the new security process we need to add a new step into the security patch issue, something along the lines of: Check all the MR assigned to you and merge them. Done in !28 (merged)