Tag patch releases pipeline
What does this MR do and why?
To tag a patch release, we are currently running a chatops command via Slack /chatops run release tag <version> --security
for each version. This MR translates that manual process of tagging the patch release to just running a part of the security release pipeline, similar to what we have for stages release_preparation
and publish
.
When the security_release_tag:start
is triggered, the pipeline will send a Slack notification to the #f_upcoming_release
channel that the tagging steps are started. It will then dynamically create a child job for each patch release version. These jobs once completed, will send another notification to the same Slack channel whether the job is successful or failed.
Related issue: gitlab-com/gl-infra/delivery#20191 (closed)
Testing
Pipeline creation
With SECURITY_RELEASE_PIPELINE=true
|
With SECURITY_RELEASE_PIPELINE='tag'
|
---|---|
Pipeline | Pipeline |
Configuration testing
This was to test the configuration of the pipeline (the job order).
Step | Screenshot |
---|---|
Initialized as manual pipeline | |
After security_release:tag:start is manually triggered |
|
Slack notification (Link | |
After security_release:tag:start is completed successfully, it starts security_release:tag stage which creates and triggers the dynamic child jobs to tag the three patch versions |
Execution testing
This was to test the execution of the job calling the bundle exec rake 'security:tag[version]'
without actually calling the release:tag[version]
that will do the tagging.
Step | Screenshot/link |
---|---|
Update the Ruby class called by the [security:tag]](https://ops.gitlab.net/gitlab-org/release/tools/-/blob/madelacruz/test-tagging-patch-release-pipeline/lib/tasks/security.rake?ref_type=heads#L68) rake task to just print out a message instead of running the tagging of the patch releases. | Updated Ruby class |
Pipeline manually started | Pipeline |
After security_release:tag:start is manually started |
, job logs |
Slack notifications for security_release:tag:start
|
|
After the creation of the YAML file for the dynamic child pipeline was completed, it started running the child jobs for each version one by one | |
During testing, instead of running the release:tag rake task, it prints out a message with the version to make sure that we are passing the right argument to it. |
Child job for version 12.7.4 |
Slack notifications for the job completion | , sample child job logs: |