Package promotion with release tool
Work to be done in release-tools. Issue is in this repo because @gitlab-build-team will work on it.
This is the current procedure:
- We create a private repository on packages.gitlab.com
- We add to our variables in the dev repo the name of the repository to PACKAGECLOUD_REPO (this acts as a override switch)
- We inform the Release manager that he can cut the release
- When everything is ready, we run a script to fetch all packages from the private repository and push them to related public repos
We can split this into 2 tasks.
Release preparation
When the release task is ran with SECURITY=true:
- create a new
security-SHArepository at packages.gitlab.com - Add to CI variables at dev.gitlab.org/omnibus-gitlab,
PACKAGECLOUD_REPO=security-SHA - proceed with regular tagging and build
Public release
Add a new task, eg. SECURITY=true rake security_release:
- Fetch the security repo name. It is ok to also supply it as an argument as first iteration of this feature.
- Collect all packages and start moving them to the correct repositories https://packagecloud.io/docs#promote_pkg
Challenges
We could use gem package_cloud to do the packages.gitlab.com tasks but we should avoid doing that. Some of the design decisions of the gem would make our task much more difficult than what the problem is. => EDIT: After discussion with Packagecloud, we could help improve packagecloud-ruby gem and also get the things we need.
Another thing is that package promote is synchronous so we need to be able to recover from failure and be able to continue where we left off.
Additional improvements
Right now we are not really flexible with the override of setting PACKAGECLOUD_REPO env variable. We should either only send the packages to an override repo tags or create a different variable that would only be used when tagging a release. Or some other solution.
@gitlab-build-team Anyone interested in tackling this?