Skip to content

x/build/cmd/relui: improve security release automation #59717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
heschi opened this issue Apr 19, 2023 · 5 comments
Open

x/build/cmd/relui: improve security release automation #59717

heschi opened this issue Apr 19, 2023 · 5 comments
Labels
Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Unreleased

Comments

@heschi
Copy link
Contributor

heschi commented Apr 19, 2023

Doing a security release involves quite a bit of manual work from the release coordinator. For an initial cut, let's see if we can automate assembling the internal commits into a branch, and exporting the changes from that branch on release day.
@gopherbot gopherbot added the Builders x/build issues (builders, bots, dashboards) label Apr 19, 2023
@gopherbot gopherbot added this to the Unreleased milestone Apr 19, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/486515 mentions this issue: internal/task: create a basic Git wrapper, use it for the fake Gerrit

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/486575 mentions this issue: cmd/relui,internal/task: add workflow for re-syncing go-private master

@cagedmantis cagedmantis moved this to Planned in Go Release May 2, 2023
@cagedmantis
Copy link
Contributor

We should consider automating the process where we replace the placeholder text for the GitHub issues with the actual security notice automatically.

gopherbot pushed a commit to golang/build that referenced this issue Jul 28, 2023
@heschi @gopherbot
internal/task: create a basic Git wrapper, use it for the fake Gerrit
1bc26f3 
For golang/go#59717

Change-Id: Ie0e01a82a5acebf279c1f770dee53f37fc4e7800
Reviewed-on: https://go-review.googlesource.com/c/build/+/486515
Run-TryBot: Heschi Kreinick <[email protected]>
Auto-Submit: Heschi Kreinick <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/515075 mentions this issue: internal/task: create a basic Git wrapper, use it for the fake Gerrit

@dmitshur dmitshur added the NeedsFix The path to resolution is known, but the work has not been done. label Aug 2, 2023
gopherbot pushed a commit to golang/build that referenced this issue Aug 2, 2023
@heschi @gopherbot
internal/task: create a basic Git wrapper, use it for the fake Gerrit
c449222 
This is a second attempt at CL 486515, which was rolled back in CL
514016. Now with configuration settings in tests!

For golang/go#59717

Change-Id: I71747e6395a260ba04292e04b1c18a209ff50b2e
Reviewed-on: https://go-review.googlesource.com/c/build/+/515075
Auto-Submit: Heschi Kreinick <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
Run-TryBot: Heschi Kreinick <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
gopherbot pushed a commit to golang/build that referenced this issue Sep 8, 2023
@rolandshoemaker
cmd/relui,internal/task: add workflow for re-syncing go-private master
b48717b 
This is currently a manual process that requires a high-priv grant, a
workflow significantly reduces the likelihood of getting this wrong. It
also lets us use a cron-like schedule to automate these updates.

Updates golang/go#59717

Change-Id: Iff7ce7c37f2ecd9dfee79ee8e80cfb98810011e6
Reviewed-on: https://go-review.googlesource.com/c/build/+/486575
Run-TryBot: Roland Shoemaker <[email protected]>
Reviewed-by: Heschi Kreinick <[email protected]>
TryBot-Result: Gopher Robot <[email protected]>
@heschi heschi removed their assignment Nov 22, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/612116 mentions this issue: internal/task: add workflow to build internal security release branches

gopherbot pushed a commit to golang/build that referenced this issue Jan 31, 2025
@rolandshoemaker @gopherbot
internal/task: add workflow to build internal security release branches
2a0314b 
Take security patches in the internal gerrit and from them build the
internal release branches that are used to build a security release.

Updates golang/go#59717

Change-Id: I2eb4e9fda773e49fbde1fe967678ab3cc813bac8
Reviewed-on: https://go-review.googlesource.com/c/build/+/612116
Reviewed-by: Dmitri Shuralyov <[email protected]>
Auto-Submit: Roland Shoemaker <[email protected]>
Reviewed-by: Dmitri Shuralyov <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Builders x/build issues (builders, bots, dashboards) NeedsFix The path to resolution is known, but the work has not been done.
Projects
Go Release
Status: Planned
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@cagedmantis @dmitshur @rolandshoemaker @gopherbot @heschi