diff options
-rw-r--r-- | .gitlab/issue_templates/Security developer workflow.md | 7 | ||||
-rw-r--r-- | .gitlab/merge_request_templates/Security Release.md | 7 | ||||
-rwxr-xr-x | bin/secpick | 16 |
3 files changed, 16 insertions, 14 deletions
diff --git a/.gitlab/issue_templates/Security developer workflow.md b/.gitlab/issue_templates/Security developer workflow.md index 4bc4215d21b..da2e2a7f87f 100644 --- a/.gitlab/issue_templates/Security developer workflow.md +++ b/.gitlab/issue_templates/Security developer workflow.md @@ -20,10 +20,9 @@ Set the title to: `Description of the original issue` - [ ] Once the MR is ready to be merged, create MRs targetting the last 3 releases, plus the current RC if between the 7th and 22nd of the month. - [ ] At this point, it might be easy to squash the commits from the MR into one - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation] - - [ ] Create the branch `security-X-Y` from `X-Y-stable` if it doesn't exist (and make sure it's up to date with stable) - - [ ] Create each MR targetting the security branch `security-X-Y` - - [ ] Add the ~security label and prefix with the version `WIP: [X.Y]` the title of the MR -- [ ] Add the ~"Merge into Security" label to all of the MRs. + - [ ] Create each MR targetting the stable branch `stable-X-Y`, using the "Security Release" merge request template. + - Every merge request will have its own set of TODOs, so make sure to + complete those. - [ ] Make sure all MRs have a link in the [links section](#links) [secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md index 9a0979f27a7..adf70053f8f 100644 --- a/.gitlab/merge_request_templates/Security Release.md +++ b/.gitlab/merge_request_templates/Security Release.md @@ -4,6 +4,9 @@ This MR should be created on `dev.gitlab.org`. See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md). +This merge request _must not_ close the corresponding security issue _unless_ it +targets master. + --> ## Related issues @@ -12,7 +15,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla ## Developer checklist - [ ] Link to the developer security workflow issue on `dev.gitlab.org` -- [ ] MR targets `master` or `security-X-Y` for backports +- [ ] MR targets `master`, or `stable-X-Y` for backports - [ ] Milestone is set for the version this MR applies to - [ ] Title of this MR is the same as for all backports - [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security` @@ -25,4 +28,4 @@ See [the general developer security release guidelines](https://gitlab.com/gitla - [ ] Correct milestone is applied and the title is matching across all backports - [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines -/label ~security ~"Merge into Security" +/label ~security diff --git a/bin/secpick b/bin/secpick index be120a304c9..ca9d901120d 100755 --- a/bin/secpick +++ b/bin/secpick @@ -10,6 +10,7 @@ using Rainbow module Secpick BRANCH_PREFIX = 'security'.freeze + STABLE_PREFIX = 'stable'.freeze DEFAULT_REMOTE = 'dev'.freeze NEW_MR_URL = 'https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/new'.freeze @@ -36,16 +37,16 @@ module Secpick branch.freeze end - def security_branch - "#{BRANCH_PREFIX}-#{@options[:version]}".tap do |name| + def stable_branch + "#{STABLE_PREFIX}-#{@options[:version]}".tap do |name| name << "-ee" if ee? end.freeze end def git_commands - ["git fetch #{@options[:remote]} #{security_branch}", - "git checkout #{security_branch}", - "git pull #{@options[:remote]} #{security_branch}", + ["git fetch #{@options[:remote]} #{stable_branch}", + "git checkout #{stable_branch}", + "git pull #{@options[:remote]} #{stable_branch}", "git checkout -B #{source_branch}", "git cherry-pick #{@options[:sha]}", "git push #{@options[:remote]} #{source_branch}", @@ -56,9 +57,8 @@ module Secpick { merge_request: { source_branch: source_branch, - target_branch: security_branch, - title: "[#{@options[:version].tr('-', '.')}] ", - description: '/label ~security ~"Merge into Security"' + target_branch: stable_branch, + description: '/label ~security' } } end |