[Feature flag] Cleanup security_policies_branch_exceptions
Summary
This issue is to cleanup the security_policies_branch_exceptions
feature flag, after the feature flag has been enabled by default for an appropriate amount of time in production.
Release notes
Security policies enforce scanners to run in GitLab projects, as well as enforce MR checks/approvals to ensure security and compliance. With branch exceptions, you can more granularly enforce policies and exclude enforcement for any given branch that is out of scope. Should a developer create a development or test branch that is unintentionally affected by heavy-handed enforcement, they can work with security teams to exempt the branch within the security policy.
Owners
- Team: groupsecurity policies
- Most appropriate slack channel to reach out to:
#g_govern_security_policies
- Best individual to reach out to:
@Andysoiron
- PM:
@g.hickman
Expectations
What might happen if this goes wrong?
Cleaning up the feature flag
-
Create a merge request to remove <feature-flag-name>
feature flag. Ask for review and merge it.-
Remove all references to the feature flag from the codebase. -
Remove the YAML definitions for the feature from the repository. -
Create a changelog entry.
-
-
Ensure that the cleanup MR has been deployed to both production and canary. If the merge request was deployed before the code cutoff, the feature can be officially announced in a release blog post. -
/chatops run auto_deploy status <merge-commit-of-cleanup-mr>
-
-
Close the feature issue to indicate the feature will be released in the current milestone. -
If not already done, clean up the feature flag from all environments by running these chatops command in #production
channel:-
/chatops run feature delete <feature-flag-name> --dev
-
/chatops run feature delete <feature-flag-name> --staging
-
/chatops run feature delete <feature-flag-name>
-
-
Close this rollout issue.
Edited by Alexander Turinske