Document security release process

reference https://gitlab.com/gitlab-org/gitlab-runner/-/issues/21301
parent bac13a39
......@@ -18,6 +18,7 @@
- [Managing bugs](#managing-bugs)
- [Supported releases](#supported-releases)
- [Releasing GitLab Runner](#releasing-gitlab-runner)
- [Security release](#security-release)
- [Copy & paste responses](#copy--paste-responses)
- [Improperly formatted issue](#improperly-formatted-issue)
- [Issue report for old version](#issue-report-for-old-version)
......@@ -263,6 +264,40 @@ the [Release
Checklist](https://gitlab.com/gitlab-org/ci-cd/runner-release-helper/tree/master/templates/issues)
which is split into multiple templates.
### Security Release
The security process is not handled by just the Release Manager but has
multiple people/roles involved. We follow the normal GitLab Security
process with a few exceptions that are explicitly called out below.
- [Overview](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/process.md)
- To create the release task issue we use a different command listed
under release manager.
- [Developer](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md)
- When the document specify `gitlab-org/gitlab` and
`gitlab-org/security/gitlab` assume `gitlb-org/gitlab-runner` and
`gitlab-org/security/gitlab` respectively.
- We have our own [Security Implementation
Issue](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/developer.md#security-implementation-issue)
which can be found
[here](https://gitlab.com/gitlab-org/security/gitlab-runner/-/issues/new?issuable_template=Security+developer+workflow).
- [Release Manager](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/release-manager.md)
- To create the security release task run the command below:
<details>
<summary> new security release command </summary>
```bash
# Using rrhelper https://gitlab.com/gitlab-org/ci-cd/runner-release-helper
# $LINK_TO_MAIN_RELEASE_ISSUE can found in the #releases slack channel
rrhelper create-security-release-checklist --runner-tags 13.2.2,13.1.2,13.0.2 --helm-tags 0.19.2,0.18.2,0.17.2 --project-id 250833 --security-url $LINK_TO_MAIN_RELEASE_ISSUE`
```
</details>
- [Security Engineer](https://gitlab.com/gitlab-org/release/docs/-/blob/master/general/security/security-engineer.md)
- The Runners Application Security Engineer part is listed [here](https://about.gitlab.com/handbook/product/product-categories/#runner-group)
## Copy & paste responses
### Improperly formatted issue
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment