sourcegraph

mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 14:31:56 +00:00

Author	SHA1	Message	Date
Will Dollman	9dd901f3c9	Integrate security release approval into release pipeline (#63990 ) As part of the [Vuln Scanning Improvements](https://linear.app/sourcegraph/project/[p0]-vulnerability-scanning-improvements-75299c4312dd/issues) project, I've been working on tooling to automate the security approval step of the release process. This PR integrates these improvements into the release pipeline: * Internal releases will run a vulnerability scan * Promote-to-public releases will check for security approval If a public release does not have security approval, it will block the promotion process. The step happens at the start of the pipeline so should be a fast-fail. You can also check for release approval before running promotion by running `@secbot cve approve-release <version>` in the #secbot-commands channel. In an ideal world we (security) will have already gone through and approved ahead of release. I've tested this PR as much as I can without running an actual release! We have a 5.5.x release tomorrow so it'll be a good test. If it does cause problems that can't be easily solved, it can always be temporarily disabled. I've tagged this PR to be backported to `5.5.x`. <!-- PR description tips: https://www.notion.so/sourcegraph/Write-a-good-pull-request-description-610a7fd3e613496eb76f450db5a49b6e --> ## Pre-merge checklist - [x] Revert commit that disables release promotion ## Test plan Manual testing of the release process: - [x] [Successful test run](https://buildkite.com/sourcegraph/sourcegraph/builds/283774#0190dfd6-fa70-4cea-9711-f5b8493c7714) that shows the security scan being triggered - [x] [Promote to public test run](https://buildkite.com/sourcegraph/sourcegraph/builds/283826) that shows the security approval approving a release - [x] [Promote to public test run](https://buildkite.com/sourcegraph/sourcegraph/builds/283817#0190e0ec-0641-4451-b7c7-171e664a3127) that shows the security approval rejecting a release with un-accepted CVEs <!-- REQUIRED; info at https://docs-legacy.sourcegraph.com/dev/background-information/testing_principles --> ## Changelog <!-- OPTIONAL; info at https://www.notion.so/sourcegraph/Writing-a-changelog-entry-dd997f411d524caabf0d8d38a24a878c -->	2024-07-24 09:19:49 +01:00
Anish Lakhwara	c47e587dc5	fix(release): misc fixes to private promote images script (#63957 ) <!-- PR description tips: https://www.notion.so/sourcegraph/Write-a-good-pull-request-description-610a7fd3e613496eb76f450db5a49b6e --> Misc fixes to the `promote_images.sh` script that are known. Notably, create the annotations directory if it doesn't exist ## Test plan Tested manually <!-- REQUIRED; info at https://docs-legacy.sourcegraph.com/dev/background-information/testing_principles --> ## Changelog <!-- OPTIONAL; info at https://www.notion.so/sourcegraph/Writing-a-changelog-entry-dd997f411d524caabf0d8d38a24a878c -->	2024-07-19 19:25:35 +00:00
Anish Lakhwara	4754325492	Chore(release): Calendar Updates (#63583 ) <!-- PR description tips: https://www.notion.so/sourcegraph/Write-a-good-pull-request-description-610a7fd3e613496eb76f450db5a49b6e --> Updated events to match [Release Calendar](https://www.notion.so/sourcegraph/Sourcegraph-Releases-eee2a5384b0a4555adb51b439ddde35f?pvs=4) for September and August. Manually updated July events (and updated the `jsonc` file). Also removed branch cut events and associated automation, since we don't do that anymore. ## Test plan <!-- REQUIRED; info at https://docs-legacy.sourcegraph.com/dev/background-information/testing_principles --> Manually tested ## Changelog <!-- OPTIONAL; info at https://www.notion.so/sourcegraph/Writing-a-changelog-entry-dd997f411d524caabf0d8d38a24a878c --> - chore(release): Update calendar events until September - chore(release): Remove branch cut automation from `calendar.go`	2024-07-02 10:42:12 -04:00
Bolaji Olajide	9e2b56119f	feat(release): allow creation of multiple patch release events (#63034 ) * allow creation of multiple patch release events * skip old month releases * update config	2024-06-03 11:14:24 -04:00
Bolaji Olajide	bab01ccaac	feat(release): rename code freeze event to `branch cut` event (#63033 ) rename code freeze event to branch cut	2024-06-03 05:13:32 -05:00
Anish Lakhwara	42c15aa449	Update release calendar (#62887 ) misc(chore): update release calendar	2024-05-23 14:46:39 -07:00
Noah S-C	9b6ba7741e	bazel: transcribe test ownership to bazel tags (#62664 )	2024-05-16 15:51:16 +01:00
William Bezuidenhout	b07c81bfc9	release: handle more registries for promotion (#62269 ) * release: handle more registries for promotion * shellcheck * review comments	2024-05-02 10:16:58 +02:00
Jean-Hadrien Chabran	cd077e5dba	chore(rel): also push promoted images on GAR (#62004 )	2024-04-18 15:34:42 +02:00
Bolaji Olajide	e86a61caeb	release: move release caalendar config (#61739 )	2024-04-09 14:20:39 -05:00
Jean-Hadrien Chabran	69cba9cf41	feat/ci: when detecting changes affecting the generated docs, push them to docs repo as a PR (#61255 )	2024-03-21 09:20:47 +00:00
Jean-Hadrien Chabran	9f10c1cb3d	rfc795: new release process foundations (#60962 ) --------- Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>	2024-03-12 17:12:22 +01:00
Mohammad Alam	6fcbbdf914	release: sourcegraph@5.2.3 (#58362 ) * release: sourcegraph@5.2.3 * configure * fix migrator genrule * update schemas --------- Co-authored-by: Robert Lin <robert@bobheadxi.dev> Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>	2023-11-16 16:35:19 -05:00
Jean-Hadrien Chabran	0794f2c773	bzl: bump db schemas to 5.2.2 (#58287 )	2023-11-14 18:39:30 +00:00
Jean-Hadrien Chabran	e8919ada26	bzl: rework how we populate the database schemas for migrator (#57591 ) Co-authored-by: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>	2023-10-23 15:40:09 +02:00

15 Commits