Remove requirement to target security branches

This removes the requirement and any mention of targeting security
branches when working on security releases. The release process
documentation changes for these CE changes can be found in merge request
https://gitlab.com/gitlab-org/release/docs/merge_requests/97.

The proposal to remove security branches was approved in
https://gitlab.com/gitlab-org/release/framework/issues/165#note_138139016.
parent 5bfa8e2f
...@@ -20,10 +20,9 @@ Set the title to: `Description of the original issue` ...@@ -20,10 +20,9 @@ Set the title to: `Description of the original issue`
- [ ] Once the MR is ready to be merged, create MRs targetting the last 3 releases, plus the current RC if between the 7th and 22nd of the month. - [ ] Once the MR is ready to be merged, create MRs targetting the last 3 releases, plus the current RC if between the 7th and 22nd of the month.
- [ ] At this point, it might be easy to squash the commits from the MR into one - [ ] At this point, it might be easy to squash the commits from the MR into one
- You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation] - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
- [ ] Create the branch `security-X-Y` from `X-Y-stable` if it doesn't exist (and make sure it's up to date with stable) - [ ] Create each MR targetting the stable branch `stable-X-Y`, using the "Security Release" merge request template.
- [ ] Create each MR targetting the security branch `security-X-Y` - Every merge request will have its own set of TODOs, so make sure to
- [ ] Add the ~security label and prefix with the version `WIP: [X.Y]` the title of the MR complete those.
- [ ] Add the ~"Merge into Security" label to all of the MRs.
- [ ] Make sure all MRs have a link in the [links section](#links) - [ ] Make sure all MRs have a link in the [links section](#links)
[secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script
......
...@@ -4,6 +4,9 @@ This MR should be created on `dev.gitlab.org`. ...@@ -4,6 +4,9 @@ This MR should be created on `dev.gitlab.org`.
See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md). See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).
This merge request _must not_ close the corresponding security issue _unless_ it
targets master.
--> -->
## Related issues ## Related issues
...@@ -12,7 +15,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla ...@@ -12,7 +15,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
## Developer checklist ## Developer checklist
- [ ] Link to the developer security workflow issue on `dev.gitlab.org` - [ ] Link to the developer security workflow issue on `dev.gitlab.org`
- [ ] MR targets `master` or `security-X-Y` for backports - [ ] MR targets `master`, or `stable-X-Y` for backports
- [ ] Milestone is set for the version this MR applies to - [ ] Milestone is set for the version this MR applies to
- [ ] Title of this MR is the same as for all backports - [ ] Title of this MR is the same as for all backports
- [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security` - [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security`
...@@ -25,4 +28,4 @@ See [the general developer security release guidelines](https://gitlab.com/gitla ...@@ -25,4 +28,4 @@ See [the general developer security release guidelines](https://gitlab.com/gitla
- [ ] Correct milestone is applied and the title is matching across all backports - [ ] Correct milestone is applied and the title is matching across all backports
- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines - [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines
/label ~security ~"Merge into Security" /label ~security
...@@ -10,6 +10,7 @@ using Rainbow ...@@ -10,6 +10,7 @@ using Rainbow
module Secpick module Secpick
BRANCH_PREFIX = 'security'.freeze BRANCH_PREFIX = 'security'.freeze
STABLE_PREFIX = 'stable'.freeze
DEFAULT_REMOTE = 'dev'.freeze DEFAULT_REMOTE = 'dev'.freeze
NEW_MR_URL = 'https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/new'.freeze NEW_MR_URL = 'https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/new'.freeze
...@@ -36,16 +37,16 @@ module Secpick ...@@ -36,16 +37,16 @@ module Secpick
branch.freeze branch.freeze
end end
def security_branch def stable_branch
"#{BRANCH_PREFIX}-#{@options[:version]}".tap do |name| "#{STABLE_PREFIX}-#{@options[:version]}".tap do |name|
name << "-ee" if ee? name << "-ee" if ee?
end.freeze end.freeze
end end
def git_commands def git_commands
["git fetch #{@options[:remote]} #{security_branch}", ["git fetch #{@options[:remote]} #{stable_branch}",
"git checkout #{security_branch}", "git checkout #{stable_branch}",
"git pull #{@options[:remote]} #{security_branch}", "git pull #{@options[:remote]} #{stable_branch}",
"git checkout -B #{source_branch}", "git checkout -B #{source_branch}",
"git cherry-pick #{@options[:sha]}", "git cherry-pick #{@options[:sha]}",
"git push #{@options[:remote]} #{source_branch}", "git push #{@options[:remote]} #{source_branch}",
...@@ -56,9 +57,8 @@ module Secpick ...@@ -56,9 +57,8 @@ module Secpick
{ {
merge_request: { merge_request: {
source_branch: source_branch, source_branch: source_branch,
target_branch: security_branch, target_branch: stable_branch,
title: "[#{@options[:version].tr('-', '.')}] ", description: '/label ~security'
description: '/label ~security ~"Merge into Security"'
} }
} }
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment