Release manager security notifier
🔍 What does this MR do and why?
When managed versioning security issues are linked to the security release tracking issue, release managers are pinged in a comment in the tracking issue notifying them they may need to adjust the security release tasks.
Related to gitlab-com/gl-infra/delivery#19675 (closed)
💻 Testing
I changed the local code to force it to use my testing issues:
git diff
diff --git a/lib/release_tools/gitlab_client.rb b/lib/release_tools/gitlab_client.rb
index 4d6a8d5e..c7e14987 100644
--- a/lib/release_tools/gitlab_client.rb
+++ b/lib/release_tools/gitlab_client.rb
@@ -629,11 +629,11 @@ module ReleaseTools
def self.next_security_tracking_issue
project = ReleaseTools::Project::GitlabEe
- label = 'upcoming security release'
+ # label = 'upcoming security release'
# project.path is required because the security tracking issue only exists on canonical
client
- .issues(project.path, labels: label, state: 'opened')
+ .issues(project.path, labels: ['security-target', 'test'], state: 'opened')
.first
end
diff --git a/lib/release_tools/security/implementation_issue.rb b/lib/release_tools/security/implementation_issue.rb
index 81a0be86..cb02eb3a 100644
--- a/lib/release_tools/security/implementation_issue.rb
+++ b/lib/release_tools/security/implementation_issue.rb
@@ -54,6 +54,7 @@ module ReleaseTools
end
def ready_to_be_processed?
+ return true if iid == 967
validate
pending_reasons.empty?
diff --git a/lib/release_tools/security/issue_crawler.rb b/lib/release_tools/security/issue_crawler.rb
index 520d2fda..9f652dfb 100644
--- a/lib/release_tools/security/issue_crawler.rb
+++ b/lib/release_tools/security/issue_crawler.rb
@@ -37,7 +37,7 @@ module ReleaseTools
return @security_release_issues if @security_release_issues
issues = GitlabClient
- .issues(PUBLIC_PROJECT, labels: ROOT_ISSUE_LABEL, state: OPENED)
+ .issues(PUBLIC_PROJECT, labels: ['test', 'security-target'], state: OPENED)
.auto_paginate
# Ignoring issues without a due date could lead to security releases
diff --git a/lib/release_tools/security/security_release_tracking_issue_notifier.rb b/lib/release_tools/security/security_release_tracking_issue_notifier.rb
index 60cbfcdb..bcaa3d0b 100644
--- a/lib/release_tools/security/security_release_tracking_issue_notifier.rb
+++ b/lib/release_tools/security/security_release_tracking_issue_notifier.rb
@@ -5,7 +5,7 @@ module ReleaseTools
class SecurityReleaseTrackingIssueNotifier
include ReleaseTools::Security::IssueHelper
- PROJECTS_TO_NOTIFY = (ManagedVersioning::PROJECTS - [ReleaseTools::Project::GitlabEe, ReleaseTools::Project::OmnibusGitlab]).freeze
+ PROJECTS_TO_NOTIFY = (ManagedVersioning::PROJECTS - [ReleaseTools::Project::OmnibusGitlab]).freeze
def initialize(issue)
@issue = issue
@@ -38,7 +38,7 @@ module ReleaseTools
def notification_message
<<~MSG
- @gitlab-org/release/managers, a managed versioning project issue, #{issue.web_url}, has been linked to this security release. Please
+ @sabrams, a managed versioning project issue, #{issue.web_url}, has been linked to this security release. Please
[follow the release manager instructions](https://gitlab.com/gitlab-org/release/docs/-/blob/master/components/managed-versioning/security_release.md#release-manager-process)
and adjust the [security release task issue](#{security_task_issue.web_url}) to include any additional steps needed."
MSG
diff --git a/lib/release_tools/security/target_issues_processor.rb b/lib/release_tools/security/target_issues_processor.rb
index 6fae4ec1..cd16ee73 100644
--- a/lib/release_tools/security/target_issues_processor.rb
+++ b/lib/release_tools/security/target_issues_processor.rb
@@ -16,6 +16,8 @@ module ReleaseTools
logger.info("#{security_target_issues.count} target issues found. They will be evaluated and considered for linking to the security release tracking issue: #{security_release_tracking_issue.web_url}.")
security_target_issues.each do |target_issue|
+ next unless target_issue.iid == 967
+
case [target_issue.ready_to_be_processed?, linked_to_security_tracking_issue?(target_issue)]
when [true, true]
logger.info("#{target_issue.web_url} is already linked to the security release tracking issue and still ready to be processed.")
Then I was able to run the processor and see a comment posted when the issue was linked:
~/workspace/gitlab-org/release-tools (delivery19675-notify-rms-managed-versioning-link ✗) RELEASE_BOT_PRODUCTION_TOKEN=REDACTED be pry --gem
16.5
[1] pry(main)> ReleaseTools::Security::TargetIssuesProcessor.new.execute
2023-09-28 08:52:00.877928 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:00 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fcharts%2Fcomponents%2Fimages/issues" 2
2023-09-28 08:52:01.121435 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:01 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitaly/issues" 2
2023-09-28 08:52:01.467185 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:01 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab/issues" -
2023-09-28 08:52:01.706146 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:01 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab-pages/issues" 2
2023-09-28 08:52:01.982898 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:01 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fomnibus-gitlab/issues" 2
2023-09-28 08:52:02.979967 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:02 -0600] 200 "GET https://gitlab.com/api/v4/projects/15642544/issues/967/related_merge_requests" -
2023-09-28 08:52:04.472116 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:04 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-28 08:52:04.472961 W Ruby -- WARNING: Please convert ObjectifiedHash object to hash before calling Hash methods on it.
-- {:source=>"ruby_warnings", :stacktrace=>"/Users/steveabrams/workspace/gitlab-org/release-tools/lib/release_tools/issuable.rb:6:in `initialize'"}
2023-09-28 08:52:04.473606 I ReleaseTools::Security::TargetIssuesProcessor -- 1 target issues found. They will be evaluated and considered for linking to the security release tracking issue: https://gitlab.com/gitlab-org/gitlab/-/issues/424529.
2023-09-28 08:52:04.879697 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:04 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" 2
2023-09-28 08:52:04.880106 I ReleaseTools::Security::TargetIssuesProcessor -- https://gitlab.com/gitlab-org/security/gitlab/-/issues/967 is ready to be processed and will be linked to the security release tracking issue.
2023-09-28 08:52:05.643818 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:05 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-28 08:52:06.534784 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:06 -0600] 201 "POST https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/424529/links" 3126
2023-09-28 08:52:06.958917 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:06 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-28 08:52:07.492007 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:07 -0600] 201 "POST https://gitlab.com/api/v4/projects/15642544/issues/967/notes" 804
2023-09-28 08:52:08.017150 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:08 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-28 08:52:08.569654 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:08 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Frelease%2Ftasks/issues" -
2023-09-28 08:52:09.116753 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-28 08:52:09 -0600] 201 "POST https://gitlab.com/api/v4/projects/278964/issues/424529/notes" 1025
The posted comment: https://gitlab.com/gitlab-org/gitlab/-/issues/424529#note_1582452715
🛃 Author Check-list
- [-] Has documentation been updated?
Edited by Steve Abrams