Skip to content

Require EE backports for all CE only MRs

When setting up MRs for the security release, if an MR is a CE only change there is no backport for EE. This results in Release Managers having to manually cherry pick or merge the changes into the EE branch. Due to EE being a different project we can't use the API, which means you have to follow these steps:

  1. Update your local copy of CE from dev
  2. Make sure your local EE copy is up to date
  3. Merge the CE stable branch into the EE stable branch
  4. Push to dev

The last step is easy to do wrong. We have the security harness, but it's too easy to not use it and push something to GitLab.com by accident.

A simple way around this is to require developers to always provide EE merge requests for their security changes, even when there are no conflicts. Once we have a single codebase this is no longer necessary.