Add class for copying security release blog MR from security to canonical mirror
What does this MR do and why?
Describe in detail what your merge request does and why.
This class will be used to copy the security release blog post MR from the security mirror to canonical.
This class uses ReleaseTools::RemoteRepository
to fetch the commits in the security mirror and push them to canonical.
We cannot currently create a cross project MR using the source branch from security mirror since the Danger job in canonical fails because it is not able to access the source branch in the security mirror. This fails the pipeline and prevents merging of the MR. Example of a cross project MR: gitlab-com/www-gitlab-com!130241 (closed).
gitlab-com/gl-infra/delivery#19706 (closed)
Testing
I applied the following diff in addition to this MR, and pushed the branch to https://ops.gitlab.net/gitlab-org/release/tools:
Testing diff
diff --git a/.gitlab/ci/automation.gitlab-ci.yml b/.gitlab/ci/automation.gitlab-ci.yml
index 15f414d9..526398d6 100644
--- a/.gitlab/ci/automation.gitlab-ci.yml
+++ b/.gitlab/ci/automation.gitlab-ci.yml
@@ -177,3 +177,15 @@ record-deployment-blockers:
- schedules
variables:
- $DEPLOYMENT_BLOCKERS_REPORT
+
+test-copy-mr:
+ extends: .with-bundle
+ timeout: 5m
+ stage: automation
+ script:
+ - source scripts/setup_ssh.sh
+ - source scripts/setup_git.sh
+ - bundle exec rake security:test_copy_mr
+ rules:
+ - if: '$TEST_COPY_MR'
+ when: always
diff --git a/.gitlab/ci/workflow.gitlab-ci.yml b/.gitlab/ci/workflow.gitlab-ci.yml
index c4db0a02..fbcdcf43 100644
--- a/.gitlab/ci/workflow.gitlab-ci.yml
+++ b/.gitlab/ci/workflow.gitlab-ci.yml
@@ -130,6 +130,8 @@ workflow:
variables:
PIPELINE_NAME: "Monthly release pipeline"
+ - if: $TEST_COPY_MR
+
# Always create pipelines for MRs, tags and for default branch
- if: $CI_MERGE_REQUEST_IID
- if: $CI_COMMIT_TAG
diff --git a/lib/tasks/security.rake b/lib/tasks/security.rake
index 7c13cef2..deee1dd5 100644
--- a/lib/tasks/security.rake
+++ b/lib/tasks/security.rake
@@ -203,4 +203,9 @@ namespace :security do
.new.execute
end
end
+
+ task test_copy_mr: :force_security do
+ mr = ReleaseTools::GitlabClient.merge_request('gitlab-org/security/www-gitlab-com', iid: 152)
+ ReleaseTools::Security::CopyMergeRequestToCanonical.new(mr, ReleaseTools::Project::WWWGitlabCom, ReleaseTools::Security::BlogMergeRequest).execute
+ end
end
Then I ran the following pipeline on the branch: https://ops.gitlab.net/gitlab-org/release/tools/-/pipelines/new?var%5BTEST_COPY_MR%5D=true.
Here is one of the test runs that succeeded in copying the MR from security to canonical: https://ops.gitlab.net/gitlab-org/release/tools/-/jobs/11532828.
Content
Author Check-list
-
Has documentation been updated?