Google Git
Sign in
go/build/177d1e91b1c5109b44165e98c7d8a032e07bb6ed^!/.
commit
177d1e91b1c5109b44165e98c7d8a032e07bb6ed
[log]
author
Neal Patel <nealpatel@google.com>
Tue Apr 28 16:59:04 2026 -0400
committer
Neal Patel <nealpatel@google.com>
Tue Apr 28 14:19:38 2026 -0700
tree
53aa9bbb198b990ccd247b8112430d53c874dca2
parent
9892d4772554a5745e0f28bef070abc53ea245f4 [diff]
internal/task: make workflow explicitly pick up non-PUBLIC changes

Updates golang/go#76157

Change-Id: I96270199318897810dcd1a6f174a0a2e09c53be4
Reviewed-on: https://go-review.googlesource.com/c/build/+/771721
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

diff --git a/internal/task/security_release_coalesce.go b/internal/task/security_release_coalesce.go
index f5fe034..8281a2b 100644
--- a/internal/task/security_release_coalesce.go
+++ b/internal/task/security_release_coalesce.go

@@ -64,7 +64,7 @@
 				return nil
 			},
 		})
-		clNums = wf.Task1(wd, "Get CL numbers from metadata", x.GetCLsFromMetadata, milestoneNum)
+		clNums = wf.Task1(wd, "Get CL numbers from metadata", x.GetPrivateChangelists, milestoneNum)
 	} else {
 		clNums = wf.Param(wd, wf.ParamDef[[]string]{
 			Name:      "Security Patch CL Numbers",
@@ -149,6 +149,8 @@
 // ReleaseMilestone contains all
 // patches and their respective
 // metadata for a given release.
+//
+// TODO(nealpatel): Replace with relmeta package
 type ReleaseMilestone struct {
 	BuganizerID int              `yaml:"buganizer_id"`
 	Patches     []*SecurityPatch `yaml:"security_patches"`
@@ -157,12 +159,15 @@
 // SecurityPatch is a subset of the
 // required metadata to release all
 // patches contained by a milestone.
+//
+// TODO(nealpatel): Replace with relmeta package
 type SecurityPatch struct {
 	Changelists      []string `yaml:"changelists"`
 	TargetedReleases []string `yaml:"target_releases"`
+	Track            string   `yaml:"track"`
 }
 
-func (x *SecurityReleaseCoalesceTask) GetCLsFromMetadata(ctx *wf.TaskContext, milestoneNum string) ([]string, error) {
+func (x *SecurityReleaseCoalesceTask) GetPrivateChangelists(ctx *wf.TaskContext, milestoneNum string) ([]string, error) {
 	const project = "security-metadata"
 
 	head, err := x.PrivateGerrit.ReadBranchHead(ctx, project, "main")
@@ -182,6 +187,9 @@
 
 	var clNums []string
 	for _, patch := range rm.Patches {
+		if patch.Track == "PUBLIC" {
+			continue
+		}
 		for _, url := range patch.Changelists {
 			_, num, _ := strings.Cut(url, "/+/")
 			clNums = append(clNums, num)

diff --git a/internal/task/security_release_coalesce_test.go b/internal/task/security_release_coalesce_test.go
index 68cb66a..b24ba83 100644
--- a/internal/task/security_release_coalesce_test.go
+++ b/internal/task/security_release_coalesce_test.go

@@ -139,6 +139,15 @@
 security_patches:
     - is_toolchain: false
       package: runtime
+      track: PUBLIC
+      changelists:
+        - https://go.dev/cl/123456
+      target_releases:
+        - go1.3.1
+        - go1.4.1
+    - is_toolchain: false
+      package: runtime
+      track: PRIVATE
       changelists:
         - https://go-internal-review.git.corp.google.com/c/security-metadata/+/1234
         - https://go-internal-review.git.corp.google.com/c/security-metadata/+/5678