Merge branch 'master' into 'template-improvements-for-documentation'

# Conflicts: # .gitlab/issue_templates/Feature proposal.md
author: Mike Lewis <mlewis@gitlab.com> 2019-02-11 21:20:33 +0000
committer: Mike Lewis <mlewis@gitlab.com> 2019-02-11 21:20:33 +0000
commit: 181db283856fdcce657b695676403c9a2a159579 (patch)
tree: c35383043cf82c37539979516a3817fd3547e777 /.gitlab
parent: 62f65a6d023509a33fbbcbe2f2682d03b838702c (diff)
parent: a1215556ec6c5ab84862519b82cee99645dad357 (diff)
download: gitlab-ce-181db283856fdcce657b695676403c9a2a159579.tar.gz
3 files changed, 51 insertions, 24 deletions
diff --git a/.gitlab/issue_templates/Security Release.md b/.gitlab/issue_templates/Security Release.md
index 1734e915ad2..ae469d3b125 100644
--- a/.gitlab/issue_templates/Security Release.md
+++ b/.gitlab/issue_templates/Security Release.md
@@ -32,12 +32,12 @@ Set the title to: `Security Release: 11.4.X, 11.3.X, and 11.2.X`
 
 - {https://dev.gitlab.org/gitlab/gitlabhq/issues link}
 
-| Version | MR | Status|
-|---------|----|-------|
-| 11.4 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |  |
-| 11.3 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |  |
-| 11.2 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |  |
-| master | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |  |
+| Version | MR |
+|---------|----|
+| 11.4 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
+| 11.3 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
+| 11.2 | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
+| master | {https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/ link} |
 
 
 
@@ -46,12 +46,12 @@ Set the title to: `Security Release: 11.4.X, 11.3.X, and 11.2.X`
 * {https://dev.gitlab.org/gitlab/gitlabhq/issues/ link}
 
 
-| Version | MR | Status|
-|---------|----|-------|
-| 11.4| {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |   |
-| 11.3 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |  |
-| 11.2 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |  |
-| master | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |  |
+| Version | MR |
+|---------|----|
+| 11.4| {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
+| 11.3 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
+| 11.2 | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
+| master | {https://dev.gitlab.org/gitlab/gitlab-ee/merge_requests/ link} |
 
 
 ## QA
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md
index f9bf700f809..aaa16145399 100644
--- a/.gitlab/issue_templates/Security developer workflow.md
+++ b/.gitlab/issue_templates/Security developer workflow.md
@@ -3,30 +3,26 @@
 
 Create this issue under https://dev.gitlab.org/gitlab/gitlabhq
 
-Set the title to: `[Security] Description of the original issue`
+Set the title to: `Description of the original issue`
 -->
 
-### Prior to the security release
+### Prior to starting the security release work
 
 - [ ] Read the [security process for developers] if you are not familiar with it.
 - [ ] Link to the original issue adding it to the [links section](#links)
 - [ ] Run `scripts/security-harness` in the CE, EE, and/or Omnibus to prevent pushing to any remote besides `dev.gitlab.org`
-- [ ] Create an MR targetting `org` `master`, prefixing your branch with `security-`
-- [ ] Label your MR with the ~security label, prefix the title with `WIP: [master]`
-- [ ] Add a link to the MR to the [links section](#links)
-- [ ] Add a link to an EE MR if required
-- [ ] Make sure the MR remains in-progress and gets approved after the review cycle, **but never merged**.
-- [ ] Add a link to this issue on the original security issue.
+- [ ] Create a new branch prefixing it with `security-`
+- [ ] Create a MR targeting `dev.gitlab.org` `master`
+- [ ] Add a link to this issue in the original security issue on `gitlab.com`.
 
 #### Backports
 
 - [ ] Once the MR is ready to be merged, create MRs targetting the last 3 releases, plus the current RC if between the 7th and 22nd of the month.
     - [ ] At this point, it might be easy to squash the commits from the MR into one
     - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
-    - [ ] Create the branch `security-X-Y` from `X-Y-stable` if it doesn't exist (and make sure it's up to date with stable)
-    - [ ] Create each MR targetting the security branch `security-X-Y`
-    - [ ] Add the ~security label and prefix with the version `WIP: [X.Y]` the title of the MR
-- [ ] Add the ~"Merge into Security" label to all of the MRs.
+    - [ ] Create each MR targetting the stable branch `X-Y-stable`, using the "Security Release" merge request template.
+    - Every merge request will have its own set of TODOs, so make sure to
+      complete those.
 - [ ] Make sure all MRs have a link in the [links section](#links)
 
 [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script
diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md
new file mode 100644
index 00000000000..246f2dae009
--- /dev/null
+++ b/.gitlab/merge_request_templates/Security Release.md
@@ -0,0 +1,31 @@
+<!--
+# README first!
+This MR should be created on `dev.gitlab.org`.
+
+See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).
+
+This merge request _must not_ close the corresponding security issue _unless_ it
+targets master.
+
+-->
+## Related issues
+
+<!-- Mention the issue(s) this MR is related to -->
+
+## Developer checklist
+
+- [ ] Link to the developer security workflow issue on `dev.gitlab.org`
+- [ ] MR targets `master`, or `X-Y-stable` for backports
+- [ ] Milestone is set for the version this MR applies to
+- [ ] Title of this MR is the same as for all backports
+- [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security`
+- [ ] Add a link to this MR in the `links` section of related issue
+- [ ] Add a link to an EE MR if required
+- [ ] Assign to a reviewer
+
+## Reviewer checklist
+
+- [ ] Correct milestone is applied and the title is matching across all backports
+- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines
+
+/label ~security
author	Mike Lewis <mlewis@gitlab.com>	2019-02-11 21:20:33 +0000
committer	Mike Lewis <mlewis@gitlab.com>	2019-02-11 21:20:33 +0000
commit	181db283856fdcce657b695676403c9a2a159579 (patch)
tree	c35383043cf82c37539979516a3817fd3547e777 /.gitlab
parent	62f65a6d023509a33fbbcbe2f2682d03b838702c (diff)
parent	a1215556ec6c5ab84862519b82cee99645dad357 (diff)
download	gitlab-ce-181db283856fdcce657b695676403c9a2a159579.tar.gz