gitlab-org--gitlab-foss/.gitlab/issue_templates/Security developer workflow.md

<!--
# Read me first!

Create this issue under https://dev.gitlab.org/gitlab/gitlabhq

Set the title to: `Description of the original issue`
-->

### Prior to starting the security release work

- [ ] Read the [security process for developers] if you are not familiar with it.
- [ ] Link to the original issue adding it to the [links section](#links)
- [ ] Run `scripts/security-harness` in the CE, EE, and/or Omnibus to prevent pushing to any remote besides `dev.gitlab.org`
- [ ] Create a new branch prefixing it with `security-`
- [ ] Create a MR targeting `dev.gitlab.org` `master`
- [ ] Add a link to this issue in the original security issue on `gitlab.com`.

#### Backports

- [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches
    - [ ] At this point, it might be easy to squash the commits from the MR into one
    - You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
    - [ ] Create each MR targeting the stable branch `X-Y-stable`, using the "Security Release" merge request template.
    - Every merge request will have its own set of TODOs, so make sure to
      complete those.
- [ ] Make sure all MRs have a link in the [links section](#links)

[secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script

#### Documentation and final details

- [ ] Check the topic on #releases to see when the next release is going to happen and add a link to the [links section](#links)
- [ ] Add links to this issue and your MRs in the description of the security release issue
- [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details)
- [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)
- [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)
- [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details)
- [ ] Once your `master` MR is merged, comment on the original security issue with a link to that MR indicating the issue is fixed.

### Summary

#### Links

| Description | Link |
| -------- | -------- |
| Original issue   | #TODO  |
| Security release issue   | #TODO  |
| `master` MR | !TODO   |
| `master` MR (EE) | !TODO   |
| `Backport X.Y` MR | !TODO   |
| `Backport X.Y` MR | !TODO   |
| `Backport X.Y` MR | !TODO   |
| `Backport X.Y` MR (EE) | !TODO   |
| `Backport X.Y` MR (EE) | !TODO   |
| `Backport X.Y` MR (EE) | !TODO   |

#### Details

| Description | Details | Further details|
| -------- | -------- | -------- |
| Versions affected | X.Y  | |
| Upgrade notes | | |
| GitLab Settings updated | Yes/No| |
| Migration required | Yes/No | |
| Thanks | | |

[security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md
[RM list]:  https://about.gitlab.com/release-managers/

/label ~security
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`<!--`
			`# Read me first!`

			`Create this issue under https://dev.gitlab.org/gitlab/gitlabhq`

Create security release MR template Improve existing issue templates for security releases 2019-01-28 11:21:42 +00:00			Set the title to: `Description of the original issue`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`-->`

Create security release MR template Improve existing issue templates for security releases 2019-01-28 11:21:42 +00:00			`### Prior to starting the security release work`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
			`- [ ] Read the [security process for developers] if you are not familiar with it.`
			`- [ ] Link to the original issue adding it to the [links section](#links)`
			- [ ] Run `scripts/security-harness` in the CE, EE, and/or Omnibus to prevent pushing to any remote besides `dev.gitlab.org`
Create security release MR template Improve existing issue templates for security releases 2019-01-28 11:21:42 +00:00			- [ ] Create a new branch prefixing it with `security-`
			- [ ] Create a MR targeting `dev.gitlab.org` `master`
			- [ ] Add a link to this issue in the original security issue on `gitlab.com`.
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
			`#### Backports`

Updates security templates 2019-08-05 16:59:49 +00:00			`- [ ] Once the MR is ready to be merged, create MRs targeting the latest 3 stable branches`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`- [ ] At this point, it might be easy to squash the commits from the MR into one`
Fix `bin/secpick` rainbow gem error, and security branch prefixing 2018-08-15 07:27:59 +00:00			- You can use the script `bin/secpick` instead of the following steps, to help you cherry-picking. See the [secpick documentation]
Fix typos in the whole gitlab-ce project 2019-05-20 14:11:44 +00:00			- [ ] Create each MR targeting the stable branch `X-Y-stable`, using the "Security Release" merge request template.
Remove requirement to target security branches This removes the requirement and any mention of targeting security branches when working on security releases. The release process documentation changes for these CE changes can be found in merge request https://gitlab.com/gitlab-org/release/docs/merge_requests/97. The proposal to remove security branches was approved in https://gitlab.com/gitlab-org/release/framework/issues/165#note_138139016. 2019-02-06 13:14:55 +00:00			`- Every merge request will have its own set of TODOs, so make sure to`
			`complete those.`
Update dev security workflow It now asks to assign the main dev issue to all RMs 2018-10-23 08:54:27 +00:00			`- [ ] Make sure all MRs have a link in the [links section](#links)`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
Fix `bin/secpick` rainbow gem error, and security branch prefixing 2018-08-15 07:27:59 +00:00			`[secpick documentation]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#secpick-script`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
			`#### Documentation and final details`

Add latest changes from gitlab-org/gitlab@master 2019-10-21 12:06:14 +00:00			`- [ ] Check the topic on #releases to see when the next release is going to happen and add a link to the [links section](#links)`
Add task for adding links to the sec release issue 2019-02-26 13:26:19 +00:00			`- [ ] Add links to this issue and your MRs in the description of the security release issue`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`- [ ] Find out the versions affected (the Git history of the files affected may help you with this) and add them to the [details section](#details)`
			`- [ ] Fill in any upgrade notes that users may need to take into account in the [details section](#details)`
			`- [ ] Add Yes/No and further details if needed to the migration and settings columns in the [details section](#details)`
Fix link in Security Developer Workflow.md 2018-04-18 09:37:55 +00:00			`- [ ] Add the nickname of the external user who found the issue (and/or HackerOne profile) to the Thanks row in the [details section](#details)`
Update Security developer workflow.md 2018-11-29 19:24:12 +00:00			- [ ] Once your `master` MR is merged, comment on the original security issue with a link to that MR indicating the issue is fixed.
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
			`### Summary`
Update template name via sentence case (security) 2018-06-01 19:39:38 +00:00
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`#### Links`

			`\| Description \| Link \|`
			`\| -------- \| -------- \|`
			`\| Original issue \| #TODO \|`
			`\| Security release issue \| #TODO \|`
			\| `master` MR \| !TODO \|
			\| `master` MR (EE) \| !TODO \|
			\| `Backport X.Y` MR \| !TODO \|
			\| `Backport X.Y` MR \| !TODO \|
			\| `Backport X.Y` MR \| !TODO \|
			\| `Backport X.Y` MR (EE) \| !TODO \|
			\| `Backport X.Y` MR (EE) \| !TODO \|
			\| `Backport X.Y` MR (EE) \| !TODO \|

			`#### Details`

			`\| Description \| Details \| Further details\|`
			`\| -------- \| -------- \| -------- \|`
			`\| Versions affected \| X.Y \| \|`
			`\| Upgrade notes \| \| \|`
			`\| GitLab Settings updated \| Yes/No\| \|`
			`\| Migration required \| Yes/No \| \|`
Fix link in Security Developer Workflow.md 2018-04-18 09:37:55 +00:00			`\| Thanks \| \| \|`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00
Fix link in Security Developer Workflow.md 2018-04-18 09:37:55 +00:00			`[security process for developers]: https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md`
add initial dev task template for working on a security issue 2018-04-17 16:50:16 +00:00			`[RM list]: https://about.gitlab.com/release-managers/`

Fix `bin/secpick` rainbow gem error, and security branch prefixing 2018-08-15 07:27:59 +00:00			`/label ~security`