From 8aa06491c740b560a24e5033d9eaf0b309daa8ba Mon Sep 17 00:00:00 2001 From: gdk Date: Thu, 17 Jul 2025 23:34:12 +0000 Subject: [PATCH] Finalize BBM EncryptMissedCiRunnerTokens This migration was finished at `2025-07-10 07:07:02 UTC`, you can confirm the status using our [batched background migration chatops commands](https://docs.gitlab.com/ee/development/database/batched_background_migrations.html#monitor-the-progress-and-status-of-a-batched-background-migration). To confirm it is finished you can run: ``` /chatops run batched_background_migrations status 2000443 --database ci ``` The last time this background migration was triggered was in [db/post_migrate/20250630163722_queue_encrypt_missed_ci_runner_tokens.rb](https://gitlab.com/gitlab-org/gitlab/-/blob/master/db/post_migrate/20250630163722_queue_encrypt_missed_ci_runner_tokens.rb) You can read more about the process for finalizing batched background migrations in https://docs.gitlab.com/ee/development/database/batched_background_migrations.html . As part of our process we want to ensure all batched background migrations have had at least one [required stop](https://docs.gitlab.com/ee/development/database/required_stops.html) to process the migration. Therefore we can finalize any batched background migration that was added before the last required stop. This change was generated by [gitlab-housekeeper](https://gitlab.com/gitlab-org/gitlab/-/tree/master/gems/gitlab-housekeeper) in [CI](https://ops.gitlab.net/gitlab-com/database-team/gitlab-com-database-testing/-/jobs/19363183) using the `Keeps::OverdueFinalizeBackgroundMigration` keep. To provide feedback on your experience with `gitlab-housekeeper` please create an issue with the label ~"GitLab Housekeeper" and consider pinging the author of this keep. Changelog: other --- .../encrypt_missed_ci_runner_tokens.yml | 13 +++++++----- ...lize_hk_encrypt_missed_ci_runner_tokens.rb | 21 +++++++++++++++++++ db/schema_migrations/20250717233346 | 1 + 3 files changed, 30 insertions(+), 5 deletions(-) create mode 100644 db/post_migrate/20250717233346_finalize_hk_encrypt_missed_ci_runner_tokens.rb create mode 100644 db/schema_migrations/20250717233346 diff --git a/db/docs/batched_background_migrations/encrypt_missed_ci_runner_tokens.yml b/db/docs/batched_background_migrations/encrypt_missed_ci_runner_tokens.yml index 60fe79f09a4895..670f7088a9a280 100644 --- a/db/docs/batched_background_migrations/encrypt_missed_ci_runner_tokens.yml +++ b/db/docs/batched_background_migrations/encrypt_missed_ci_runner_tokens.yml @@ -1,11 +1,14 @@ --- migration_job_name: EncryptMissedCiRunnerTokens -description: > - We've encrypted plain tokens and migrated to token_encrypted (in milestone 11.6), so we need to remove the runner token column - and make encryption required (currently optional). However, plain tokens remain unencrypted in gitlab_com and likely in self-managed instances. - We must encrypt these remaining tokens and nullify them before removing the column completely. +description: 'We''ve encrypted plain tokens and migrated to token_encrypted (in milestone + 11.6), so we need to remove the runner token column and make encryption required + (currently optional). However, plain tokens remain unencrypted in gitlab_com and + likely in self-managed instances. We must encrypt these remaining tokens and nullify + them before removing the column completely. + + ' feature_category: fleet_visibility introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/196265 milestone: '18.2' queued_migration_version: 20250630163722 -finalized_by: # to be updated +finalized_by: '20250717233346' diff --git a/db/post_migrate/20250717233346_finalize_hk_encrypt_missed_ci_runner_tokens.rb b/db/post_migrate/20250717233346_finalize_hk_encrypt_missed_ci_runner_tokens.rb new file mode 100644 index 00000000000000..18c80b595def13 --- /dev/null +++ b/db/post_migrate/20250717233346_finalize_hk_encrypt_missed_ci_runner_tokens.rb @@ -0,0 +1,21 @@ +# frozen_string_literal: true + +class FinalizeHkEncryptMissedCiRunnerTokens < Gitlab::Database::Migration[2.3] + milestone '18.3' + + disable_ddl_transaction! + + restrict_gitlab_migration gitlab_schema: :gitlab_ci + + def up + ensure_batched_background_migration_is_finished( + job_class_name: 'EncryptMissedCiRunnerTokens', + table_name: :ci_runners, + column_name: :id, + job_arguments: [], + finalize: true + ) + end + + def down; end +end diff --git a/db/schema_migrations/20250717233346 b/db/schema_migrations/20250717233346 new file mode 100644 index 00000000000000..1bc603fd12c307 --- /dev/null +++ b/db/schema_migrations/20250717233346 @@ -0,0 +1 @@ +fde3ea0eee6af69f6c2738a6a92e806d65cb7ae733e18ce23cab219298b518ee \ No newline at end of file -- GitLab