BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
22e198da
Commit
22e198da
authored
Apr 17, 2018
by
James Lopez
Committed by
Marin Jankovski
Apr 17, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add initial dev task template for working on a security issue
parent
a6486f76
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
115 additions
and
0 deletions
+115
-0
Security Developer Workflow.md
.gitlab/issue_templates/Security Developer Workflow.md
+68
-0
secpick
bin/secpick
+47
-0
No files found.
.gitlab/issue_templates/Security Developer Workflow.md
0 → 100644
View file @
22e198da
<!--
# Read me first!
Create this issue under https://dev.gitlab.org/gitlab/gitlabhq
Set the title to:
`[Security] Description of the original issue`
-->
### Prior to the security release
-
[
]
Read the
[
security process for developers
]
if you are not familiar with it.
-
[
]
Link to the original issue adding it to the
[
links section
](
#links
)
-
[
]
Run
`scripts/security-harness`
in the CE, EE, and/or Omnibus to prevent pushing to any remote besides
`dev.gitlab.org`
-
[
]
Create an MR targetting
`org`
`master`
, prefixing your branch with
`security-`
-
[
]
Label your MR with the ~security label, prefix the title with
`WIP: [master]`
-
[
]
Add a link to the MR to the
[
links section
](
#links
)
-
[
]
Add a link to an EE MR if required
-
[
]
Make sure the MR remains in-progress and gets approved after the review cycle,
**but never merged**
.
-
[
]
Assign the MR to a RM once is reviewed and ready to be merged. Check the
[
RM list
]
to see who to ping.
#### Backports
-
[
]
Once the MR is ready to be merged, create MRs targetting the last 3 releases
-
[
]
At this point, it might be easy to squash the commits from the MR into one
-
You can use the script
`bin/secpick`
instead of the following steps, to help you cherry-picking. See the
[
seckpick documentation
]
-
[
]
Create the branch
`security-X-Y`
from
`X-Y-stable`
if it doesn't exist (and make sure it's up to date with stable)
-
[
]
Create each MR targetting the security branch
`security-X-Y`
-
[
]
Add the ~security label and prefix with the version
`WIP: [X.Y]`
the title of the MR
-
[
]
Make sure all MRs have a link in the
[
links section
](
#links
)
and are assigned to a Release Manager.
[
seckpick documentation
]:
https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/process.md#secpick-script
#### Documentation and final details
-
[
]
Check the topic on #security to see when the next release is going ot happen and add a link to the
[
links section
](
#links
)
-
[
]
Find out the versions affected (the Git history of the files affected may help you with this) and add them to the
[
details section
](
#details
)
-
[
]
Fill in any upgrade notes that users may need to take into account in the
[
details section
](
#details
)
-
[
]
Add Yes/No and further details if needed to the migration and settings columns in the
[
details section
](
#details
)
### Summary
#### Links
| Description | Link |
| -------- | -------- |
| Original issue | #TODO |
| Security release issue | #TODO |
|
`master`
MR | !TODO |
|
`master`
MR (EE) | !TODO |
|
`Backport X.Y`
MR | !TODO |
|
`Backport X.Y`
MR | !TODO |
|
`Backport X.Y`
MR | !TODO |
|
`Backport X.Y`
MR (EE) | !TODO |
|
`Backport X.Y`
MR (EE) | !TODO |
|
`Backport X.Y`
MR (EE) | !TODO |
#### Details
| Description | Details | Further details|
| -------- | -------- | -------- |
| Versions affected | X.Y | |
| Upgrade notes | | |
| GitLab Settings updated | Yes/No| |
| Migration required | Yes/No | |
[
security process for developers
]:
https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/process.md
[
RM list
]:
https://about.gitlab.com/release-managers/
/label ~security
bin/secpick
0 → 100755
View file @
22e198da
#!/usr/bin/env ruby
require
'optparse'
require
'open3'
require
'rainbow/refinement'
using
Rainbow
BRANCH_PREFIX
=
'security'
.
freeze
STABLE_BRANCH_SUFFIX
=
'stable'
.
freeze
REMOTE
=
'dev'
.
freeze
options
=
{
version:
nil
,
branch:
nil
,
sha:
nil
}
parser
=
OptionParser
.
new
do
|
opts
|
opts
.
banner
=
"Usage:
#{
$0
}
[options]"
opts
.
on
(
'-v'
,
'--version 10.0'
,
'Version'
)
do
|
version
|
options
[
:version
]
=
version
&
.
tr
(
'.'
,
'-'
)
end
opts
.
on
(
'-b'
,
'--branch security-fix-branch'
,
'Original branch name'
)
do
|
branch
|
options
[
:branch
]
=
branch
end
opts
.
on
(
'-s'
,
'--sha abcd'
,
'SHA to cherry pick'
)
do
|
sha
|
options
[
:sha
]
=
sha
end
opts
.
on
(
'-h'
,
'--help'
,
'Displays Help'
)
do
puts
opts
exit
end
end
parser
.
parse!
abort
(
"Missing options. Use
#{
$0
}
--help to see the list of options available"
.
red
)
if
options
.
values
.
include?
(
nil
)
abort
(
"Wrong version format
#{
options
[
:version
].
bold
}
"
.
red
)
unless
options
[
:version
]
=~
/\A\d*\-\d*\Z/
branch
=
[
BRANCH_PREFIX
,
options
[
:branch
],
options
[
:version
]].
join
(
'-'
).
freeze
stable_branch
=
"
#{
options
[
:version
]
}
-
#{
STABLE_BRANCH_SUFFIX
}
"
.
freeze
command
=
"git checkout
#{
stable_branch
}
&& git pull
#{
REMOTE
}
#{
stable_branch
}
&& git checkout -B
#{
branch
}
&& git cherry-pick
#{
options
[
:sha
]
}
&& git push
#{
REMOTE
}
#{
branch
}
"
_stdin
,
stdout
,
stderr
=
Open3
.
popen3
(
command
)
puts
stdout
.
read
&
.
green
puts
stderr
.
read
&
.
red
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment