gitlab-org--gitlab-foss/.gitlab/merge_request_templates/Security Release.md

<!--
# README first!
This MR should be created on `gitlab.com/gitlab-org/security/gitlab`.

See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).

-->

## Related issues

<!-- Mention the GitLab Security issue this MR is related to -->

## Developer checklist

- [ ] **On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).**
- [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
- [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions].
- [ ] Title of this merge request is the same as for all backports.
- [ ] A [CHANGELOG entry] is added without a `merge_request` value, with `type` set to `security`
- [ ] For the MR targeting `master`:
  - [ ] Assign to a reviewer and maintainer, per our [Code Review process].
  - [ ] Ensure it's approved according to our [Approval Guidelines].
  - [ ] Ensure it's approved by an AppSec engineer.
    - Please see the security release [Code reviews and Approvals](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#code-reviews-and-approvals) documentation for details on which AppSec team member to ping for approval.
    - Trigger the [`package-and-qa` build]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
- [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`)
  - [ ] Ensure it's approved by a maintainer.

**Note:** Reviewer/maintainer should not be a Release Manager

## Maintainer checklist

- [ ] Correct milestone is applied and the title is matching across all backports
- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines and **when all backports including the MR targeting master are ready.**

/label ~security

[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab
[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics
[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html
[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html
[Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines
[Canonical repository]: https://gitlab.com/gitlab-org/gitlab
[`package-and-qa` build]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-qa-job
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00			`<!--`
			`# README first!`
Add latest changes from gitlab-org/gitlab@master 2019-12-18 13:08:04 -05:00			This MR should be created on `gitlab.com/gitlab-org/security/gitlab`.
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
Address docs review feedback 2019-01-29 05:57:21 -05:00			`See [the general developer security release guidelines](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md).`
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
			`-->`
Add latest changes from gitlab-org/gitlab@master 2019-12-18 13:08:04 -05:00
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00			`## Related issues`

Add latest changes from gitlab-org/gitlab@master 2020-02-26 10:08:56 -05:00			`<!-- Mention the GitLab Security issue this MR is related to -->`
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
Author is Developer in sec. release MR template 2019-02-05 08:57:44 -05:00			`## Developer checklist`
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-05 13:08:19 -05:00			- [ ] On "Related issues" section, write down the [GitLab Security] issue it belongs to (i.e. `Related to <issue_id>`).
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			- [ ] Merge request targets `master`, or a versioned stable branch (`X-Y-stable-ee`).
Add latest changes from gitlab-org/gitlab@master 2020-01-03 19:07:49 -05:00			`- [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions].`
Add latest changes from gitlab-org/gitlab@master 2019-12-18 13:08:04 -05:00			`- [ ] Title of this merge request is the same as for all backports.`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			- [ ] A [CHANGELOG entry] is added without a `merge_request` value, with `type` set to `security`
Add latest changes from gitlab-org/gitlab@master 2020-01-15 16:08:48 -05:00			- [ ] For the MR targeting `master`:
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			`- [ ] Assign to a reviewer and maintainer, per our [Code Review process].`
Add latest changes from gitlab-org/gitlab@master 2020-01-15 16:08:48 -05:00			`- [ ] Ensure it's approved according to our [Approval Guidelines].`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			`- [ ] Ensure it's approved by an AppSec engineer.`
Add latest changes from gitlab-org/gitlab@master 2020-10-02 14:08:56 -04:00			`- Please see the security release [Code reviews and Approvals](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#code-reviews-and-approvals) documentation for details on which AppSec team member to ping for approval.`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			- Trigger the [`package-and-qa` build]. The docker image generated will be used by the AppSec engineer to validate the security vulnerability has been remediated.
			- [ ] For a backport MR targeting a versioned stable branch (`X-Y-stable-ee`)
			`- [ ] Ensure it's approved by a maintainer.`
Add latest changes from gitlab-org/gitlab@master 2019-12-18 13:08:04 -05:00
			`Note: Reviewer/maintainer should not be a Release Manager`
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-01-15 16:08:48 -05:00			`## Maintainer checklist`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00			`- [ ] Correct milestone is applied and the title is matching across all backports`
Add latest changes from gitlab-org/gitlab@master 2020-03-30 20:08:09 -04:00			- [ ] Assigned to `@gitlab-release-tools-bot` with passing CI pipelines and when all backports including the MR targeting master are ready.
Create security release MR template Improve existing issue templates for security releases 2019-01-28 06:21:42 -05:00
Remove requirement to target security branches This removes the requirement and any mention of targeting security branches when working on security releases. The release process documentation changes for these CE changes can be found in merge request https://gitlab.com/gitlab-org/release/docs/merge_requests/97. The proposal to remove security branches was approved in https://gitlab.com/gitlab-org/release/framework/issues/165#note_138139016. 2019-02-06 08:14:55 -05:00			`/label ~security`
Add latest changes from gitlab-org/gitlab@master 2019-12-18 13:08:04 -05:00
			`[GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab`
Add latest changes from gitlab-org/gitlab@master 2020-01-03 19:07:49 -05:00			`[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics`
Add latest changes from gitlab-org/gitlab@master 2020-07-07 17:09:13 -04:00			`[CHANGELOG entry]: https://docs.gitlab.com/ee/development/changelog.html`
			`[Code Review process]: https://docs.gitlab.com/ee/development/code_review.html`
			`[Approval Guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines`
			`[Canonical repository]: https://gitlab.com/gitlab-org/gitlab`
			[`package-and-qa` build]: https://docs.gitlab.com/ee/development/testing_guide/end_to_end/#using-the-package-and-qa-job