GitLab 11.9 Release

Reply to comment

Reply to comment

GitLab has threaded discussions. Up to now, the user writing the initial comment has to decide at the outset if they want a discussion.

With this release, we’ve relaxed that constraint. You can now take any comment in GitLab (in issues, merge requests, and epics) and reply to it, thus starting a threaded discussion. This allows for much more organized collaboration amongst your teams.

Require merge request approvals from Code Owners

Require merge request approvals from Code Owners

It isn’t always obvious who you should ask to approve your merge request.

GitLab now supports requiring merge request approvals based on which files a merge request changes using Code Owners. Code owners are assigned using a file named CODEOWNERS, a format similar to gitattributes.

Support for automatically assigning Code Owners as merge request approvers was added in GitLab 11.5.

Alphabetically ordered labels

Alphabetically ordered labels

GitLab labels are incredibly versatile, with teams always finding new ways to use them. Consequently, users often add many labels to a given issue, merge request, or epic.

In GitLab 11.9, we are making consuming those labels a little bit easier. In issues, merge requests, and epics, the labels showing up in the sidebar are now ordered alphabetically. This is also the same in the list views of these objects too.

Reorder child epics

Reorder child epics

We recently released Child Epics, which is the ability to have epics of epics (in addition to child issues of epics).

With this release, you can now reorder the child epics of an epic simply by dragging and dropping, exactly the same as with child issues. This allows teams to use ordering to represent priority or to prescribe an order of implementation of work.

Filter by confidential issues

Filter by confidential issues

Confidential issues are a useful tool for teams to have private discussions on sensitive topics in an otherwise public project. In particular, they are ideal for working on security vulnerabilities. Until now, it was not particularly easy to manage or surface confidential issues.

In GitLab 11.9, you can now filter by confidential or non-confidential issues in issue list views of GitLab. You can also do the same when retrieving issues via the API.

Thank you, Robert Schilling, for the contribution!

Expand merge request diff to an entire file

Expand merge request diff to an entire file

When reviewing the changes in a merge request, the diff for each file can now be expanded to show the entire file for more context and to leave comments on unchanged lines.

GitLab self-monitoring with Grafana

GitLab self-monitoring with Grafana

Grafana is now bundled in our Omnibus package, making it easier than ever to understand how your instance is performing.

To enable, set grafana['enable'] = true in gitlab.rb, and Grafana will then be available at https://your.gitlab.instance/-/grafana. In the near future, we will also be including a GitLab dashboard out of the box.

Link to new issue from a moved and closed issue

Link to new issue from a moved and closed issue

In GitLab, you can easily move an issue to another project via the sidebar or with a quick action. Behind the scenes, the existing issue is closed, and a new issue is created in the target project, with everything copied over, including system notes and sidebar attributes. This is a great feature.

While there is a system note indicating the move, users have found it confusing when viewing the now-closed issue, since they may not understand that the issue is closed due to being moved.

With this release, we now indicate right in the badge at the top of the issue page in the closed issue that it has been moved, and also include a link to the new issue inline, so that anyone arriving at the older issue can quickly navigate to the new one.

Navigate to recent issue boards

Navigate to recent issue boards

Issue Boards are very powerful and teams are creating many boards per project and per group. Recently, we added a search bar to quickly filter down to boards you care about.

In GitLab 11.9, we’ve also introduced a Recent section in the dropdown, so that you can quickly navigate to boards you’ve recently interacted with.

De-duplicated Git objects for public forks (Beta)

De-duplicated Git objects for public forks (Beta)

Forking allows anyone to contribute to open source projects without needing to give everyone write permissions, by copying the entire repository into a new project. Storing full copies of frequently forked Git repositories is inefficient. Using Git alternates, forks now share common objects from the upstream project in an object pool to reduce disk storage requirements.

Object pools for forks are only created for public projects when hashed storage is enabled. Object pools can be enabled using the object_pools feature flag.

Keyboard shortcuts for next and previous file in merge request

Keyboard shortcuts for next and previous file in merge request

When reviewing the changes in a merge request, quickly jump from file to file using ] or j for the next file, and [ or k for the previous file.

Simplify .gitlab-ci.yml on serverless projects

Simplify .gitlab-ci.yml on serverless projects

Building on the include functionality of GitLab CI, the serverless gitlab-ci.yml template has been greatly simplified, allowing new functionality to be introduced in future releases without needing to introduce changes to this file.

Restrict JupyterHub login access only to group/project members

Restrict JupyterHub login access only to group/project members

Deploying JupyterHub via GitLab’s Kubernetes integration is a great way to serve and share Jupyter notebooks with large groups. It is also beneficial to control access to notebooks when sensitive or private data is shared.

With GitLab 11.9, login to JupyterHub instances deployed via Kubernetes integration is limited to members with “Developer” project access (via either group or project).

Add Auto DevOps build job for tags

Add Auto DevOps build job for tags

Auto DevOps’ Auto Build stage creates a build of your application by making use of the project’s Dockerfile or a Heroku buildpack.

With GitLab 11.9, the resulting Docker image built in the tag pipeline will be named similarly to traditional image names using the commit tag instead of the commit SHA.

Thank you, Aaron Walker, for the contribution!

Upgrade Code Climate to 0.83.0

Upgrade Code Climate to 0.83.0

GitLab Code Quality uses the Code Climate engine to check how a change will affect the health of your code and project.

With GitLab 11.9, we’ve upgraded the engine to the latest release ( 0.83.0) to bring the benefits of additional language and linting support to GitLab Code Quality.

Thank you GitLab Core Team member Takuya Noguchi for the contribution!

SAST for TypeScript

SAST for TypeScript

TypeScript is a relatively new programming language based on JavaScript.

With GitLab 11.9, the Static Application Security Testing (SAST) is able to analyze and detect vulnerabilities in TypeScript code, showing them in the merge request widget, at the pipeline level, and in the security dashboard. You don’t need to change your current sast job definition, and it is also automatically included in Auto DevOps.

GitLab Runner 11.9

GitLab Runner 11.9

We’re also releasing GitLab Runner 11.9 today! GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab.

The following are some of the changes in GitLab Runner 11.9:

• Update alpine images to alpine 3.9.
• Add windows Dockerfiles for gitlab-runner-helper and add script for building windows helper image.
• Update docker API version. This also deprecates support for the Docker executor in CentOS 6.
• Add ability to mask variables in log trace to support simple masking of protected variables in logs coming in GitLab 11.10.
• Add documentation for OS deprecations coming in 12.0.
• Update SNTP command to fix time sync in Parallels executor.
• Migrate multiple scripts including service wait script and cache bash script to Go.
• Deprecate helper image commands.
• Fetch code from provided refspecs.
• Resolve memory allocation failure when cloning repositories with LFS objects larger than available RAM.

A complete list of changes can be found in GitLab Runner’s CHANGELOG.

Omnibus improvements

Omnibus improvements

The following improvements have been made to Omnibus in GitLab 11.9:

• GitLab 11.9 includes Mattermost 5.8, an open source Slack alternative whose newest release includes MFA for Team Edition, improved image performance, and much more. This version also includes security updates and upgrading is recommended.
• A new flag has been added that allows the GitLab Registry to be compatible with versions of Docker prior to 1.10. To enable, set registry['compatibility_schema1_enabled'] = true in gitlab.rb.
• The GitLab Registry now exports Prometheus metrics and is automatically monitored by the bundled Prometheus service.
• Support for Google Cloud Memorystore has been added, which requires redis_enable_client to be disabled.
• openssl has been updated to 1.0.2r, nginx to 1.14.2, python to 3.4.9, jemalloc to 5.1.0, docutils to 0.13.1, and gitlab-monitor to 3.2.0.

Project templates for .NET, Go, iOS, and Pages

Project templates for .NET, Go, iOS, and Pages

To make it easier for our users to create new projects, we shipped several new projects templates:

• A starter .NET Core project template that includes a basic application integrated with CI.
• A ready-to-go template that combines the Go Micro microservices framework with GitLab CI/CD.
• An iOS “hello world” app ready for you to start customizing in GitLab. Note that since iOS builds require a dedicated macOS runner, you’ll need to provide your own build server if you want to use this with GitLab CI/CD.
• GitLab Pages templates configured to work with Netlify.

Move files in the Web IDE

Move files in the Web IDE

Files and directories can now be moved to a new path in a repository from the Web IDE when renaming a file or directory.

Quickly comment when filtering issue activity

Quickly comment when filtering issue activity

We recently released a feature to enable users to filter the activity feed in an issue, merge request, or epic, allowing users to focus on only comments or system notes. Since this setting is saved per person in the system, sometimes a user may not realize they are looking at a filtered feed when they view an issue a few days later and seem to be unable to comment.

In this release, we improved this interaction. Users can now quickly switch back to a mode that allows them to comment without scrolling back to the top of the feed. This applies to issues, merge requests, and epics.

Custom header and footer system message in web and email

Custom header and footer system message in web and email

Previously, we added a feature to allow a custom header and footer message to appear on every page in GitLab. This was extremely well received and teams are using it to communicate critical information such as system-wide messages relating to their GitLab instance.

In this release, we’re happy to bring this feature to Core so that even more users can use it. Additionally, we are allowing users to optionally have the same custom messages appear in all emails sent by GitLab, bringing the same consistency to another GitLab user touchpoint.

Edit Knative domain post-deployment

Edit Knative domain post-deployment

Specifying a custom domain when installing Knative allows different serverless applications/functions to be served from a unique endpoint.

GitLab’s Kubernetes integration now allows the custom domain to be changed/updated after Knative has been deployed to your Kubernetes cluster.

Validate Kubernetes CA certificate format

Validate Kubernetes CA certificate format

When adding an existing Kubernetes cluster, GitLab will now validate that the CA certificate being entered is in a valid PEM format to reduce possible errors when using the Kubernetes integration.

Run specific jobs on merge requests only when certain files change

Run specific jobs on merge requests only when certain files change

In GitLab 11.6, we added the ability to specify only: merge_requests for pipeline jobs to enable users to run certain jobs only when creating a merge request.

Now, we’re expanding that functionality to include conjunction logic with only: changes so that users can run specific jobs only on merge requests when only particular files are changed.

Thank you, Hiroyuki Sato, for this contribution!

View ancestor epics in the epic sidebar

View ancestor epics in the epic sidebar

We recently released Child Epics, which is the ability to have epics of epics.

In GitLab 11.9, we’ve made it even easier to see that relationship. You can now see not only your parent epic in a given epic, but your entire epic tree, right in the sidebar. You can see whether those epics are closed or not, and even navigate directly to them.

YouTrack integration

YouTrack integration

GitLab integrates with many external issue tracking systems, making it easier for teams to take advantage of GitLab for other features, while still maintaining their issue management tool of choice.

With this release, we now also integrate with YouTrack by JetBrains.

Thank you, Kotau Yauhen, for the contribution!

Resizeable merge request file tree

Resizeable merge request file tree

When reviewing the changes in a merge request, the file tree can now be resized to show long filenames or take up less space on smaller screens.

Allow protected branches to be created by developers

Allow protected branches to be created by developers

Protected Branches prevent unreviewed code from being pushed or merged. However, when no one is allowed to push to a protected branch, no one is able to create a new protected branch, like a release branch.

In GitLab 11.9, developers can now create a protected branch from an already protected branch through GitLab or the API. Using Git to push a new protected branch is still protected to prevent accidentally creating new protected branches.

Filter the merge request list by assigned approvers

Filter the merge request list by assigned approvers

Code review is an essential practice of every successful project but, as a reviewer, it can be hard to keep track of which merge requests you have been asked to review.

In GitLab 11.9, the merge request list can now be filtered by the assigned approver, so that you can find the merge requests you have been added to as an approver.

Thank you, Glavin Wiechert, for the contribution!

Support Ingress hostnames

Support Ingress hostnames

When deploying a Kubernetes Ingress controller, some platforms may return an IP address (for example, Google’s GKE) while others may return a DNS name (for example, AWS’ EKS).

Our Kubernetes integration now supports both types of endpoints for display in the clusters section of the project.

Thank you, Aaron Walker, for the contribution!

Adjustable time ranges for security dashboard charts

Adjustable time ranges for security dashboard charts

The group security dashboard includes a vulnerability chart to have an overview of the recent security status of your groups’ projects. This is very useful to security directors to tune their processes and understand how the team is performing.

In GitLab 11.9, you can now select the time range of this vulnerability chart. The default is the last 90 days, but you can set the time window to 60 or 30 days, based on the level of details you want to reach.

This doesn’t affect data shown in the counters or in the list, but only data points plotted on the chart.

Zoom and scroll the metrics dashboard

Zoom and scroll the metrics dashboard

While investigating a performance anomaly, it is often useful to be able to take a closer look at select portions of a given metric.

With GitLab 11.9, users can now zoom in on particular time periods on the metrics dashboard, scroll across the entire time window, as well as easily reset the view back to the original time span. This makes it quick and easy to investigate these interesting events.

SAST for multi-module Maven projects

SAST for multi-module Maven projects

Maven projects are often organized to aggregate multiple modules in one single repository. Previously, GitLab was not able to scan those projects correctly, and vulnerabilities were not reported to developers and security researchers.

GitLab 11.9 introduces improved Static Application Security Testing (SAST) support for this specific project configuration that can now be tested for vulnerabilities out of the box. Because of the flexibility of our analyzers, the configuration is automatically detected and you don’t need to change anything to see results for your multi-module Maven apps. As usual, the same improvements are also available as part of Auto DevOps.

GitLab chart improvements

GitLab chart improvements

The following improvements have been made to GitLab charts:

• Support for Google Cloud Memorystore has been added.
• Cron job settings are now global settings as they are shared across multiple services.
• The registry has been updated to 2.7.1.
• A new flag has been added that allows the GitLab Registry to be compatible with versions of Docker prior to 1.10. To enable, set registry.compatibility.schema1.enabled: true.

Performance improvements

Performance improvements

We continue to improve the performance of GitLab with every release for GitLab instances of every size. Some of the improvements in GitLab 11.9 are:

• Reduce SQL queries in todos API endpoint.
• Improve performance of labels dropdown in issues.
• Optimize SQL queries used for counting group issues when searching.
• Improve performance of rendering labels in the sidebar.