Skip to content

Tag patch releases pipeline

Mawreen Dela Cruz requested to merge madelacruz/tag-patch-release-pipeline into master

What does this MR do and why?

To tag a patch release, we are currently running a chatops command via Slack /chatops run release tag <version> --security for each version. This MR translates that manual process of tagging the patch release to just running a part of the security release pipeline, similar to what we have for stages release_preparation and publish.

When the security_release_tag:start is triggered, the pipeline will send a Slack notification to the #f_upcoming_release channel that the tagging steps are started. It will then dynamically create a child job for each patch release version. These jobs once completed, will send another notification to the same Slack channel whether the job is successful or failed.

Related issue: gitlab-com/gl-infra/delivery#20191 (closed)

Testing

Pipeline creation

With SECURITY_RELEASE_PIPELINE=true With SECURITY_RELEASE_PIPELINE='tag'
image image
Pipeline Pipeline

Configuration testing

This was to test the configuration of the pipeline (the job order).

Step Screenshot
Initialized as manual pipeline image
After security_release:tag:start is manually triggered image
Slack notification (Link image
After security_release:tag:start is completed successfully, it starts security_release:tag stage which creates and triggers the dynamic child jobs to tag the three patch versions image

Pipeline, Testing commit

Execution testing

This was to test the execution of the job calling the bundle exec rake 'security:tag[version]' without actually calling the release:tag[version] that will do the tagging.

Step Screenshot/link
Update the Ruby class called by the [security:tag]](https://ops.gitlab.net/gitlab-org/release/tools/-/blob/madelacruz/test-tagging-patch-release-pipeline/lib/tasks/security.rake?ref_type=heads#L68) rake task to just print out a message instead of running the tagging of the patch releases. Updated Ruby class
Pipeline manually started Pipeline
After security_release:tag:start is manually started image, job logs
Slack notifications for security_release:tag:start image
After the creation of the YAML file for the dynamic child pipeline was completed, it started running the child jobs for each version one by one image
During testing, instead of running the release:tag rake task, it prints out a message with the version to make sure that we are passing the right argument to it. Child job for version 12.7.4
Slack notifications for the job completion image, sample child job logs:
Edited by Mawreen Dela Cruz

Merge request reports