GitLab 12.4 with improved merge request and Audit API dependencies

GitLab 12.4 introduced several management improvements, including the Audit API, owner approval for secure branches, and access control for Pages. Marge request dependencies help manage teamwork, and other great features allow you to work more efficiently and quickly deliver better quality software.

Marge Request Dependencies

GitLab improves transparency, collaboration and productivity. When developers work together on a large project, small changes often need to be applied in a specific sequence. To simplify this task, the dependency function of the merge requests allows you to determine the dependencies in the merge requests so that the changes do not arrive in a chaotic manner and you can see all the dependencies during the code review. This feature was introduced as a merge request dependency between projects in release 12.2 , but now it is renamed as a merge request dependency and supports more types of dependencies. This includes the dependencies of the merge requests both between projects and in one project.

We understand how important it is to manage everything. Here are a few improvements in release 12.4 that make management easier.

Audit Events API

GitLab helps ensure complete transparency of the entire processing life cycle while optimizing processes. Therefore, GitLab blends well with other solutions , and in version 12.4 we introduce the API for instance-level audit events. Audit Events is an effective policy enforcement tool. Using the Audit Events API , administrators can use the code to receive events and configure effective alerts and monitoring based on specific needs.

Pages Access Control at GitLab.com

Access control for Pages was available for self-managed instances and is now available on GitLab.com . It allows authorized administrators to restrict access to the Pages site or make it publicly available. All this is thanks to the work of the community, and we are very pleased to have enabled this feature on GitLab.com!

Approval from the owner of the code for secure branches

Another feature to manage is claims from code owners for secure branches . The approval of merge requests restricts the sending of code to secure branches, and this allows you to improve the quality of the code and implement compliance control measures. But not all merge requests are designed for stable branches, and not all stable branches require the same control. In GitLab 12.4, you can prevent changes from being sent to files directly or merging changes without the approval of the code owner for specific branches.

And that's not all!

GitLab 12.4 has so many cool features that it’s simply impossible to talk about all of them. Here are the best ones: notifications for releases , the ability to view hearth logs from any environment, and support for private projects for online viewing of HTML artifacts . Keep reading and learn more about each feature.

Be sure to read how our first European User Conference took place on October 9th. The next GitLab user conference will be held in January in San Francisco. Registration is already open.

This month's most valuable employee ( MVP ) is Tuomo Ala-Vannesluoma.



Thanks to Tuomo, in GitLab 12.4 there is support for private projects for viewing HTML artifacts , which everyone has long dreamed of and which gained almost 300 votes! For the second time, Tuomo becomes the most valuable employee of the month - in GitLab 11.5 he implemented access control for Pages . Thank you for your contribution and active work this year. We really appreciate it!

Main features of GitLab 12.4

Marge Request Dependencies

PREMIUM, ULTIMATE, SILVER, GOLD

Developers often work together on a large project, making small changes. These changes must be applied in a certain sequence so that everything works as it should, but in these dependencies you can get confused and make mistakes.

The dependency function of the merge requests allows you to determine the dependencies in the merge requests so that the changes are not applied in the wrong order. It’s also convenient to look at these dependencies in the code review, so that it is easier for reviewers to understand all the proposed changes. This feature was introduced in version 12.2, and in 12.4 it was improved and now supports dependencies of merge requests in one project.

Audit Events API

PREMIUM, ULTIMATE

Audit Events is an effective tool for understanding what is happening on GitLab. Through audit events, organizations can monitor the compliance of user actions with policies, and this is very important for enterprises under strict supervision.

To simplify the automation of these tasks, we present an API for instance-level audit events. Using the Audit Events API, administrators can use the code to receive events and configure effective alerts and monitoring depending on the specific needs of the organization.

Approval from the owner of the code for secure branches

PREMIUM, ULTIMATE, SILVER, GOLD

The approval of merge requests restricts the sending of code to secure branches, and this allows you to improve the quality of the code and implement compliance control measures. But not all merge requests are designed for stable branches, and not all stable branches require the same control.

In GitLab 12.4, you can require approval from the code owner for some branches to prevent changes from being sent to files directly or merging changes without approval from the code owner.

If the code owner had to approve the changes in the previous project settings, these settings apply to the existing secure branches.

Access control for Pages is now enabled on GitLab.com

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Access control for Pages allows authorized administrators to restrict access to the Pages site or make it public. Now, access to content published by private projects may require a username and password to protect the contents of a published site, so it has become easier to publish service documentation and control access to it.

Watch a short video on access control for Pages .

Release Notices

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Now you can subscribe to news about new releases in the project to find out about new versions even for projects in which you are not involved. With this feature, you can follow new releases of projects that you depend on without manually checking them.

Watch a short video about release notifications .

View hearth logs from any environment

ULTIMATE, GOLD

Previously, GitLab logs were mainly viewed on the Environments page. Therefore, it was difficult to switch between logs from different environments to troubleshoot. In addition, you had to first enter a certain environment.

In GitLab 12.4, you can view any logs from any environment or pod. The media page now has two buttons for viewing any log logs from Kubernetes clusters. We will continue to improve access to logs, for example, include a link to Logging logs directly in the Operations menu.

Other improvements in GitLab 12.4

Using Jaeger in the GitLab Interface

ULTIMATE, GOLD

The traceback provides information about the performance and health of the deployed application, tracking each function or microservice that processes a specific request.

Jaeger is an open, integrated distributed tracing system that is used to monitor and troubleshoot distributed systems based on microservices.

With GitLab 12.4, users who use Jaeger can view the performance and health information of deployed applications directly in the GitLab interface.

Support for expanding variables for multi-project pipelines

PREMIUM, ULTIMATE, SILVER, GOLD

If you have pipelines with several projects, and one pipeline runs another, it can be useful to store the dynamic value in the variable above in order to refer to it in lower pipelines. For example, if a pipeline is running in a branch, and you want to grant access to $CI_COMMIT_REF_NAME



in this branch for all downline pipelines.

Previously, the variable did not expand, therefore, calling the variable in subordinate pipelines via the trigger



keyword led to the error no ref name



. To carry out such a workflow, it was necessary to create a separate task for the sole purpose of executing the command c URL to transfer the state of the variable. Such a workaround required additional configuration and resources, and also made it difficult to view the relationships between pipelines in the user interface.

Now GitLab will expand the variables inside the branch



property of the trigger



keyword, and it will be easier for you to organize the pipelines and make them run sequentially when using multiple projects.

DAST for the main branch

ULTIMATE, GOLD

We are pleased to announce that DAST scans can now be performed for the default project branch inside a special review application. Previously, DAST was only available to feature branches. This improvement allows you to create DAST control results for the default branch with which merge requests will be compared. Now you can identify the very branch in which new security problems have appeared.

Checking the existence of files in pipelines

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

We supplement the rules:



syntax, first introduced in GitLab 12.3 , with a new rules:exists



rule that accepts an array of paths and checks to see if these paths exist as files in the repository. This is useful when you need to run a CI job only if certain files exist. For example, you run the tests



tests.yml



only if there is a tests.yml



file. This rule speeds up pipelines because it skips extra steps.

Native Geo Support for Object Replication Replication

PREMIUM, ULTIMATE

In GitLab 12.4, Geo natively supports data replication to an object store, such as LFS objects, job and load artifacts. Previously, Geo could be configured to work with an object store, but content replication always remained with the object store provider. This imposed certain limitations when users had to rely on local storage equipment that did not support replication logic.

Native support for Geo allows you to replicate data on different suppliers of object storage in different regions (for example, Amazon in Europe and Microsoft in the USA). Geo users can use local storage, for example through MinIO, and use Geo to replicate data to secondary nodes.

Native Geo support for replicating object storage is currently in beta and is not yet ready for production.

Improved handling of large files through Git Partial Clone (alpha)

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Usually we do not recommend storing large binary files in Git, otherwise the repository grows, and cloning and receiving changes takes a very long time. We proposed Git LFS to store large files outside the Git repository and download them on demand.

In GitLab 12.4, we are adding experimental support for partial cloning of Partial Clone, with which large files can be excluded when cloning a repository and receiving changes. Now you don’t have to choose which files to store in Git and which ones outside the repository using Git LFS. Partial Clone support is disabled by default, but it can be enabled in individual projects. A version of Git of at least 2.22.0 is required.

Compared to Git LFS, when large files needed special attention when creating a commit, Partial Clone allows developers, CI runners, or other Git clients to specify which files to download. Now you don’t have to tell people what files to send to Git LFS, there will be no problems trying to rewrite history and transfer large files to Git LFS, and you can avoid the trouble of accidentally sending a large file to the Git repository when it has its place in Git LFS. Large files will simply work like that.

Date Picker for Productivity Analytics

PREMIUM, ULTIMATE, SILVER, GOLD

Previously, it was not possible to select a specific date range for metrics in cycle analytics and performance. That is, it was impossible to study or include performance in a report during a specific sprint or period, because you could only select a specified interval: 7, 30, 60, or 90 days. In this release, users can view data for any length of time.

Default virtual private cloud when creating a GKE cluster on GitLab

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

The Google Kubernetes Engine allows you to create virtual private cloud clusters that use IP aliases and provide integrated virtual private cloud support for container networks, resulting in a more scalable, secure, and simple system suitable for complex deployments and scenarios.

Starting with GitLab 12.4 in the integration of GitLab with GKE, this will be the default option when creating a GKE cluster.

Limit Permissions for Manual CI Jobs

PREMIUM, ULTIMATE, SILVER, GOLD

Developers often have to create tasks that are performed manually, for example, for deployments, lax approval, and other operations, but in GitLab it is not obvious how to restrict these permissions so that anyone cannot perform these actions.

Actually, it was already possible, but without clear documentation. In this release, we have greatly improved the documentation to protect manual tasks so that you can understand how to configure them.

Removing designs in Design Management

PREMIUM, ULTIMATE, SILVER, GOLD

Sometimes errors occur or design goals change and you need the ability to remove the design from the version. Using the delete function in Design Management, you can select one or more designs and remove them from the latest version. Now the latest version of the design will present the current state of affairs.

API add-on for environments and deployments

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

We have added an API function that will return the attributes of state



and last deployment



environments. This information can be used, for example, when writing a script to remove unused environments.

Improved Geo Upgrade Documentation

PREMIUM, ULTIMATE

As part of our effort to simplify the Geo upgrade process, we reworked large parts of the relevant documentation. GitLab Geo can be deployed in different configurations, and the upgrade procedure depends on these configurations. Now Geo upgrade is largely manual and consists of many stages. To simplify this process as a whole, we first set about improving the documentation for upgrading Geo . The documentation is now up-to-date and covers all scenarios.

We rewrote the general upgrade instructions , archived the old instructions , updated the upgrade instructions without downtime for simple deployments, and reviewed many other sections of the documentation .

We are working on non-downtime update instructions for a highly accessible multi-node Geo cluster ; but still testing them.

Then we will improve automation and testing and make some upgrade procedures more efficient.

Links to merge requests are now displayed in the pipeline view

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

When viewing a pipeline, sometimes I want to go to the merge requests associated with it. We have added direct links to them to simplify the work and increase productivity.

Insert jobs at the beginning or end of a pipeline using include

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Most often, include is used to add a job to the beginning or end of a pipeline. But if you have a common include, you may not know what the first or last stage is called, so there may be problems with the task at the beginning or at the end of the pipeline.

In GitLab 12.4, the .pre



and .post



stages ensure that they start at the beginning or end of the pipeline.

Kubernetes NGINX Ingress application update during installation through integration with Kubernetes

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

When your Kubernetes applications are running in the latest version, you take advantage of the latest features and current security features. GitLab 12.4 allows you to use the latest version of NGINX Ingress when installing through GitLab Managed Apps. To upgrade an existing version, uninstall the Ingress application and reinstall it through GitLab.

API Endpoint for Static Status Check Names in GitHub Integration

PREMIUM, ULTIMATE, SILVER, GOLD

Now you can configure static status check names in GitHub integration through the API, so that it is easier to change this parameter in a large number of projects.

GitLab Runner 12.4

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Today we released GitLab Runner 12.4! GitLab Runner is an open source project that is used to run CI / CD jobs and send results back to GitLab.

Changes:

• The configuration of the user executor is supplemented .
• certutil
  
  
  
  to create a certificate chain for Git .
• The used version of Go has been increased to 1.10.8 .
• Kubernetes Client Library has been updated to 11.0 .
• Added a timeout to complete the assembly .

A complete list of changes can be found in the GitLab Runner change log: CHANGELOG .

Performance enhancements

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

We continue to improve GitLab performance with each release for GitLab instances of any size.

Some improvements in GitLab 12.4:

• The number of comments for commented items is limited to 5000 .
• Cache headers for avatars are set correctly when using the object store and downloads through proxies .
• Faster Jira DVCS API for Jira Server .
• Email answering machines are now prohibited from adding comments to tasks .
• The scope of snippet search is limited .
• The number of search results for snippets is limited .
• Added trigram index to snippet content .
• Significantly reduced boot time for the markdown renderer .

Admins can override artifact size limits in projects or groups

CORE, STARTER, PREMIUM, ULTIMATE

Now, by default, the maximum artifact size is 100 MB, but in some projects you need to go beyond this limit (at the discretion of the administrator). To do this, we added the ability to redefine the artifact size limit at the group or project level, as for the repository size limit.

Private project support for online viewing of HTML artifacts

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

The ability to view HTML artifacts improves work efficiency. This task is often performed, so you need a way to quickly open and view artifacts. Without an online presentation, you have to download the artifact and use the web server locally to view the report. If you do this for each HTML artifact for all assemblies, you will need a whole bunch of time and constant switching between contexts.

Previously, it was possible to view HTML artifacts in a browser window through GitLab Pages, so as not to download them locally, but this feature was only available for open projects. This was inconvenient for many organizations that use GitLab, mainly for private projects. They didn’t have such an online presentation. And now, thanks to the efforts of Tuomo Ala-Vannesluoma, a member of the community, we have added support for the online presentation of HTML artifacts for private projects. To do this, enable access control for GitLab Pages .

Enabling Cloud Run on GKE when creating a cluster through integration with GKE

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

When creating a Kubernetes cluster through the integration of GitLab and GKE, users can now optionally enable “Cloud Run on GKE” with one click. GKE automatically initializes the cluster with Knative, Istio and load balancing over HTTP. After installation, users can continue to enjoy the benefits of GitLab Serverless to deploy Knative services with minimal configuration.

Note. Cloud Run for GKE has recently been renamed Cloud Run for Anthos. We plan to change the name to a new one next month.

Common endpoints for alerts

ULTIMATE, GOLD

People use different tools to monitor application environments. These tools send critical and urgent alerts if an incident occurs and action needs to be taken. GitLab's incident management capabilities now include a common REST endpoint where you can send alerts from any tool. When GitLab receives a POST request to this endpoint, it automatically creates a task for the incident. The task description includes incident data, and common fields are analyzed automatically. Therefore, you can now use GitLab tasks as a central place to respond to incidents based on data from other tools.

Watch a short video on adding a common endpoint for alerts .

Geo support through a single Git location-specific URL

PREMIUM, ULTIMATE, SILVER, GOLD

Geo now supports providing users with a single remote URL that automatically uses the nearest Geo site. This means that users do not need to update the Git configuration to use the nearest Geo nodes when moving. End users do not even need to know that they are using the local Geo site during the initial cloning of the project. And system administrators will not have to support various Git configurations for users in different places. All this is due to the fact that Git push requests can be automatically redirected (HTTP) or proxied (SSH) from secondary nodes to primary.

Geo can be configured to use different services, such as AWS Route53 or Cloudflare .

Git actions added to group IP limit

ULTIMATE, GOLD

GitLab 12.0 introduces a restriction on group actions by IP address . In GitLab 12.3, we have included API actions in access restriction. In GitLab 12.4, we add Git actions through SSH.

The advanced feature now rejects actions in the user interface, API, and Git if they do not comply with the group IP address restriction. For organizations that strictly comply with regulatory requirements, especially at GitLab.com, this provides a comprehensive level of protection.

Scatter chart for Productivity Analytics

PREMIUM, ULTIMATE, SILVER, GOLD

Previously, there was no simple way to visualize and measure speed over time. To provide this capability, we add scatter charts to Productivity Analytics, where you can select “Time to Merge” or other merge request metrics to notice trends or deviations. You can also examine in detail a specific date range to analyze specific data sets.

API for creating manual deployments

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

We have added APIs for creating deployments. This functionality changes deployments, and building the appropriate CI is now optional. This is necessary to lay the foundation for supporting external environments and deployments on GitLab.

One-click installation of a group runner in Kubernetes

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Now it’s now quite easy to create a common runner at the group level if you use GitLab with Kubernetes. In projects, you can already install the runner with one click, but group runners had to be installed manually. Now you can simply click on the button, and GitLab will set up a common group runner automatically.

System Notes for Design Management

PREMIUM, ULTIMATE, SILVER, GOLD

In GitLab 12.2, we introduced the first version of Design Management, which allows you to load designs directly into tasks. They were uploaded to a separate tab, and actions on them were not recorded in the journal, so it was difficult to determine whether designs were added to the task. Starting with GitLab 12.4, when loading designs in the task thread, system notes are created to notify participants. In the future, we will include statuses and the number of comments in the designs so that users better understand what is happening.

Static default status checking names in integration with GitHub

PREMIUM, ULTIMATE, SILVER, GOLD

We changed the default setting for integration with GitHub to set static status check names by default in new projects. When this option is enabled on the integration page, the host name of your GitLab instance will be added to the status check name (if dynamic names are selected, the branch name is added). This is a more reasonable initial parameter, which guarantees mandatory status checks without additional configuration for those who use the GitLab CI / CD in the GitHub repository.

Select and move multiple task cards

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

Sometimes the little things are very important. If you are starting a new sprint or just like to drag tasks on the board, you will like the new opportunity to select several task cards using Cmd



+



on Mac or Ctrl



+



on Windows and move them all to another list at once.

Sort packages in the Registry interface

PREMIUM, ULTIMATE, SILVER, GOLD

In the GitLab Package Registry, you can collect, publish, and send npm , Maven, and (soon) Conan packages. GitLab provides a user interface where package metadata is displayed and you can easily find packages for a group or your project. But until recently, you had to scroll through the list of packages manually to find the ones you need.

GitLab 12.4 Package Registry, . created date



( ), name



(), version



() type



(). , .

PREMIUM, ULTIMATE, SILVER, GOLD

Environments GitLab 12.3 . Environments () , Kubernetes, . 12.4 Environments . Kubernetes Environments . Environments .

Environments () , Kubernetes, .

S/MIME Helm- GitLab

CORE, STARTER, PREMIUM, ULTIMATE

S/MIME , , « » . S/MIME Omnibus 12.3 , S/MIME GitLab Kubernetes. 12.4 S/MIME GitLab Helm- GitLab .

Cert-Manager Kubernetes Kubernetes

CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD

, Kubernetes, . GitLab 12.4 Cert-Manager GitLab Kubernetes. , GitLab, Operations > Kubernetes , Cert-Manager.

Omnibus

CORE, STARTER, PREMIUM, ULTIMATE

• GitLab 12.4 5.15, Slack . Mattermost .
• OpenSSL 1.1.1d, CVE. - OpenSSL .
• . , , . , , Omnibus . , ** ***.

Let's Encrypt Cert-Manager 0.8.0 1

GitLab 12.4 Kubernetes Cert-Manager v0.5.2 Kubernetes. Let's Encrypt Cert-Manager 0.8.0 1 2019 . Cert-Manager . .

: 1 2019 .

gitlab.rb GitLab

GitLab, , , . IP , /etc/gitlab/gitlab.rb



. gitlab.rb



GitLab 12.4 GitLab 13.0. Omnibus GitLab 12.3 ( ) , .

: GitLab 13.0

Elasticsearch 5.6

Elasticsearch Elasticsearch 5.6.x GitLab 12.7. Elasticsearch 5.6 Elasticsearch 7.x.

GitLab 12.7 Elasticsearch 6.x. , Elasticsearch 7.x GitLab. . GitLab ElasticSearch 6.x.

: 22 2020 .

openSUSE Leap 15.0

openSUSE 15.0 2019 . GitLab 12.5 openSUSE 15.0. 4404 openSUSE Leap 15.1.

: GitLab 12.5

GitLab 12.4

• GitLab 12.4 Knative 0.7 GitLab . . GitLab Serverless -. Knative, GitLab.
• GitLab 12.4 Kubernetes Cert-Manager v0.9.1. Cert-Manager Kubernetes, . Let's Encrypt 1 2019 . Cert-Manager . GitLab 12.3 Cert-Manager 0.9.1 Kubernetes. Cert-Manager ( Kubernetes), .
• . — Sidekiq, . GitLab.com 36 . , . Rails: (Project.count.to_f / 300_000).ceil
  
  
  
  . Rails: Sidekiq::Queue.new('background_migration').size
  
  
  
  .