Skip to content

WIP: Add high priority merge request process (to primarily give us a process to meet a critical customer need)

Wayne Haber requested to merge high-priority-merge-request-process into master

What does this MR do?

Add a high priority merge request process so that we can have a process to rely on in order to decide and act on high priority merge requests (such as meeting a critical customer need). Without having such a process, this is handled ad-hoc and can create significant stress for all involved.

This should be combined with the ongoing effort to increase the number of maintainers as they have a very high workload (especially frontend and database maintainers).

This (directly or indirectly) impacts OKRs including for 2020-Q2 increasing IACV which is about retaining/expanding use by existing customers and gaining new customers.

High priority merge requests must not lower security, introduce data-loss risk, reduce availability, nor break existing functionality per the process for prioritizing technical decisions. They must also not impinge on our values including famaily and friends first, work second.

Since this is potentially a big change in workflow, the development senior director, their direct reports, and other interested stakeholders should review before this:

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Wayne Haber

Merge request reports