Sync build information to Jira with JiraConnect
What does this MR do?
This MR adds the ability to synchronize information about GitLab pipelines to Jira with our JiraConnect application.
It is currently guarded behind a new feature flag: jira_sync_builds
.
Addresses: #14178 (closed)
How to QA this MR?
- In rails console, run
Feature.enable(:jira_sync_builds)
. - Install the GitLab JiraConnect application (see
doc/development/integrations/jira_connect.md
) - Create a Merge Request in a linked project either:
- on a branch with a Jira issue reference in its name (such as
feature/ABCD-123
), or: - with a title with a Jira issue reference in it (such as
[ABCD-123]: Fix the thing
)
- on a branch with a Jira issue reference in its name (such as
- Trigger a pipeline on that MR (don't worry about passing - failure is fine) - you will want to read instructions for setting up runners for GDK: https://gitlab.com/gitlab-org/gitlab-development-kit/blob/master/doc/howto/runner.md
- Notice that the information is available in Jira (see Screenshots)
Since this feature is behind a feature flag, no changelog is added at this time.
Can I script this?
Yes - the following Ruby snippet should work:
pipeline = Ci::Pipeline.first
JiraConnect::SyncService.new(pipeline.project).execute(pipelines: [pipeline])
You will still need to have installed the application and linked it to the namespace of
pipeline.project
first though!
Screenshots (strongly suggested)
Following synchronization of a build, the Jira issue should look like this:
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
It would be worth discussing if there needs to be any new access controls here.
This MR does not change processing of credentials, but it does publish data about pipelines to an external service (Jira). This exposes branch names, which may be sensitive. It would be worth getting a @gitlab-com/gl-security/appsec view on this.
To do so, requires installation of the GitLab app, and nomination of one or more namespaces. This is done in app/services/jira_connect_subscriptions/create_service.rb, which requires the nominating user to have the :create_jira_connect_subscription ability. This requires the user to be a maintainer.
It is thus very likely that this is sufficient, but getting some eyes on this would be sensible.
/cc @gitlab-com/gl-security/appsec
-
Security reports checked/validated by a reviewer from the AppSec team