Add flowchart for deciding how to deploy MR that fixes incident
graph TB;
id1{Is the MR for an S1 incident?}
id2(The EOC can choose to perform a hot-patch <br/>if we need to deploy it extremely fast, in less than 8 hours)
id1-- Yes -->id2
id3(Note that a deployment will remove the hot patch,<br/> so we cannot deploy after the hot patch until the MR has been merged)
id2-->id3
id3_2{Is the MR associated with a security issue?}
id3-->id3_2
id3_3{Does AppSec want a critical security release?}
id3_2-- Yes -->id3_3
id3_4(Coordinate with AppSec to <br/>start a critical security release)
id3_3-- Yes -->id3_4
id4{Is the MR associated with a security issue?}
id1-- No -->id4
id5{Does it need a speedy deployment?}
id4-- No -->id5
id6(Follow the docs to speed up the auto-deploy process)
id5-- Yes -->id6
id3_2-- No -->id6
id7(The MR will be automatically included <br/>in the next auto-deploy package once it is merged)
id5-- No -->id7
id10(Ask the MR author to follow the <br/>security developer workflow to include the MR in the next security release)
id4-- Yes -->id10
id3_3-- No -->id10
The chart as it will appear in the docs: https://gitlab.com/gitlab-org/release/docs/-/blob/73c1395c495e9614e3d50703bf3cbe33d9880eb9/release_manager/release-manager-incident-guide.md
https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/2419
Edited by Reuben Pereira