GitLab 11.5 released with Group Security and Operations Dashboards, and Access Control for Pages

Gitlab is an opensource software that can be installed into Contact us to find out our latest offers!

An important purpose of code review is to draw attention to aspects of the proposed change that may not have been considered. Often this means pointing out unforseen consequences in areas of the code base that are unchanged.

GitLab now supports commenting on both changed and unchanged lines in merge request diffs, so that you can directly draw the attention of the author to changes that are required that have not yet been made. When reviewing a merge request diff you can expand collapsed, unchanged lines using the ellipsis () button.

In upcoming releases, support for commenting on unchanged lines will be expanded from changed files to unchanged files.

Comment on unchanged lines in merge request

When you’re working on a branch and have only changed a few files, it’s not very helpful for the Review App link to take you to the root of the website. To make this more useful, we’ve added a dropdown selector to the Review App link which can now take you directly to the page(s) that you’ve changed.

Review App direct link

Preview merge request review before submitting it

Code review is an essential practice of successful projects, but providing clear and actionable feedback can be difficult. A particular challenge is avoiding leaving comments that become irrelevant or incomplete as one’s understanding of the changes improves as one reads more of the diff.

With this release you are now able to preview your merge request review before submitting. Merge request reviews, introduced in GitLab 11.4, allow reviewers to draft many items of feedback and submit them all as a single action.

In future iterations, we will improve the feature to send one email notification per merge request review.

Preview merge request review before submitting it

New CI/CD syntax for security, quality, and performance report types

Before GitLab 11.5, reports like SAST or DAST relied on a combination of job and artifacts names to be recognized as such by the system. This was not optimal to scale and to support more advanced features like the Group Security Dashboard, because of the performance implications to access artifacts. With the previous syntax you needed to use specific job names (like sast) but now you can specify custom job names.

In GitLab 11.5 a new implementation has been introduced to leverage the new reports syntax. New job definitions are now available for SAST, DAST, Dependency Scanning, Container Scanning, License Management, Code Quality, and Browser Performance Testing. The old syntax has been deprecated and could be removed in a future release. You are encouraged to upgrade your definitions in order to benefit from improved performances and the Group Security Dashboard, even if the old syntax is still working. The new syntax requires GitLab Runner 11.5 or above.

Empty state for Wiki-only projects

We’ve improved the experience for Wiki-only projects without a default project overview page. The empty state for this project setup now better encourages users to add a page to the relevant Wiki and get these projects off to a great start.

Empty state for Wiki-only projects

Consistent status-check names for GitHub integration

It is now possible to configure status checks on the GitHub side that can be marked as “required” without having to configure this one by one, based on their name. Previously, the check names included the branch name, so it was not possible to do this easily. This feature is enabled via the GitHub integration configuration section.

Consistent status-check names for GitHub integration

Close epic notification

We recently released the ability to close epics, namely having different open and closed states for epics. In this release, we are adding notifications for closing and reopening epics, to help users follow more closely on work they are interested in.

Close epic notification

Autocomplete epic in issue and merge request

You can now more easily search and refer to epics while working in an issue or merge request. Just type & and enter a few numbers or characters in the issue or merge request’s description or a comment. GitLab’s autocomplete will search for epics in the immediate parent group, allowing you to select one easily all without leaving the current page.

Autocomplete epic in issue and merge request

More information about deployments in merge requests

Currently, environment information is hidden when a newer pipeline is running. With this change we are adding information on in-progress deployments to the widget, so you know that an update is on its way.

One of the most exciting results of this functionality in this release is that the link to the current deployment will remain available in cases where a new deployment is running, allowing you to still find the link to the Review App. In cases where lots of deployments were constantly running, this previously made it quite difficult to get the timing right in some cases.

More information about deployments in merge requests

Automatically navigate to last visited board

As teams use more and more issue boards, it can become cumbersome to navigate among many of them in the dropdown navigation. With this release, GitLab will automatically send you to the last visited board, whenever you access the boards navigation from the sidebar menu of a given project or a group. This is saved to the system, so even if you use GitLab between different browsers and devices, the last visited board will be saved.

Note that you can still directly link to a specific board by saving the URL of the board when you are viewing it.

See upcoming planned improvements to managing multiple boards and participate in the comments.

Milestone changed notification

GitLab milestones are useful for teams to plan and track work to be done in a time-boxed period or to associate with a code release. These dates are important for teams to communicate timelines with each other and stakeholders in general. So when milestones change, it is critical that people are updated.

With this release, we’ve added email notifications for changing milestones in issues and merge requests, so that people can stay updated if a piece of work has been delayed, moved earlier, or just de-scoped.

Milestone changed notification

Issue Board cards redesigned

A central place of collaboration in GitLab is Issue Boards, where teams can organize and view planned and ongoing work in one location. With this release, we’ve improved the design of issue cards, showing relevant information in a simple and organized manner. We are showing the issue title, time-tracking information, confidentiality, labels, due date, weight, and assignee, all in the card.

Issue Board cards redesigned

RBAC creates service account restricted to project’s namespace

Securing Kubernetes instances is paramount for running production-ready, mission-critical apps. RBAC provides great power and flexibility in securing your cluster.

Starting in GitLab 11.5, our Kubernetes integration will create a dedicated service account and role binding for each project’s namespace which will be used in GitLab CI jobs. This eliminates the need to use the cluster-admin token when interacting with GitLab CI runners.

Update Git submodules via API

Git submodules allow you to include a Git repository within another Git repository. GitLab now supports updating the submodule reference via the API. This is particularly useful for automation, allowing you to keep your project up to date with the latest dependencies using the API.

Discussion activity redesign in issues, merge requests, and epics

In this release, we’ve improved the design of discussion activity in issues, merge requests, and epics. We’ve made it easier to read comments and parse system note activity, so you can focus on the information that’s relevant to you at the given moment.

Discussion activity redesign in issues, merge requests, and epics

‘Create new group’ page redesign

With this release, we are aligning the ‘New group’ page with the ‘New project’ page, consolidating and repositioning relevant fields for clarity and consistency.

'Create new group' page redesign

Remediation info for Gemnasium

Dependency Scanning relies on the Gemnasium service for the majority of supported languages. This allows GitLab to report known vulnerabilities in packages, but this information was missing a remediation that helps developers to easily fix the problem.

With GitLab 11.5, Gemnasium service provides remediations every time the information is available. This is then reported in the vulnerability details window, and in the related issue. For example, the remediation could report the minimum version a library should be updated to in order to fix the security problem.

Remediation info for Gemnasium

GitLab Helm chart improvements

GitLab Runner 11.5

We’re also releasing GitLab Runner 11.5 today! GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab.

Most interesting changes:

A list of all changes can be found in GitLab Runner’s CHANGELOG.

Omnibus improvements

  • GitLab 11.5 includes Mattermost 5.4, an open source Slack-alternative whose newest release includes user-focused features, new data export tool, plus much more. This version also includes security updates and upgrade is recommended.
  • It is now possible to set the desired group name for each GitLab services to run as.
  • Go-based applications included in GitLab Omnibus now utilize the standard Omnibus Gitlab directory for trusted certificates.
  • The maximum number of concurrent connections to GitLab Pages can now be configured using gitlab_pages['max_connections'].
  • bundler has been updated to 1.16.6, unicode-display_width to 1.4.0, gitlab-monitor to 2.19.1, and gitlab-elasticsearch-indexer to 0.3.0
  • We have improved the readability of the list of open source licenses in use by GitLab.

Group file templates

File templates for LICENSE, .gitignore, Dockerfile, and .gitlab-ci.yml files make it easy to add these common files to projects. Custom file templates can now be shared with all the projects in a group and sub-groups, by configuring a template repository for the group.

Custom templates are useful when the templates provided by GitLab are too generic, for example a custom license that should be used for every project in the company, or a complex Dockerfile that should be used for every microservice.

Support for instance-wide template repositories was introduced in GitLab 11.3.

Group file templates

Issue Analytics

In this release, we have provided a dynamic chart showing the number of issues created in your group, per month, for the past year. There is even a filter that allows you to filter down to a particular scope of issues.

This will help teams dig more deeply into their issue analytics. For example, you can quickly see how many bug issues have been created, if you use a bug label.

See how we plan to expand on charting capabilities and please participate in the discussion.

Issue Analytics

Keep your email address private

It’s important to know who is contributing code to your project and be able to look up a commit author in the GitLab interface, using Git locally, or on a fork hosted elsewhere, but this exposes your email publicly.

GitLab now provides a noreply email address that can be used locally and for web commits to help make it easier to keep your email address private.

Keep your email address private

Open a merge request with a patch via email

GitLab has supported opening a merge request via email for a long time, but before sending the email the branch must already exist on the server. Now you can open a merge request with only an email by attaching one or more patch files (.patch).

Patch files are the standard for sharing and transmitting changes between systems. In future releases of GitLab we will build on this foundation for distributed merge requests, which will allow merge requests between GitLab instances, and other Git hosting tools too.

Open Jaeger from GitLab

Tracing provides deep introspection into the performance and health of a deployed application, tracking each function or microservice which handles a given request. This makes it easy to understand the end-to-end flow of a request, regardless of whether you are using a monolithic or distributed system.

GitLab 11.5 includes an initial integration with Jaeger, the CNCF-hosted tracing project, allowing users to easily open the Jaeger UI from GitLab.

Open Jaeger from GitLab

Omnibus Go apps now use the GitLab cert directory

GitLab includes a number of Go-based applications. Prior to 11.5, these applications utilized the standard OS system location for trusted certificates, instead of the Omnibus GitLab directory.

With this release, Go applications now use the same directory for trusted certificates as the rest of GitLab, by default /opt/gitlab/embedded/ssl/certs/, making certificate management easier and more straightforward.

GitLab installations which depended upon the Go applications using the system directory should move those certificates to the standard Omnibus GitLab location.

JSON logging for audit events

In order to make audit events easier to analyze and ingest outside of GitLab, we’ve added audit_json.log to capture audit events in a structured log file. With this change, shipping and parsing logs becomes much easier – especially for visualization and analysis in other tools.

File list for browsing merge request diff

Moving backwards and forwards between files in the merge request diff is necessary in all but the smallest of changes. In addition to the file tree added in GitLab 11.4, GitLab now includes a searchable file list of changes to make it easy to see which files have changed and jump between them, whether you prefer a tree or a list.

File list for browsing merge request diff

Authenticate with Jira Cloud using email address and API token

Jira Cloud is removing usernames for authentication. So to support this change, we now allow you to use an email address and API token to authenticate with Jira Cloud instead.

Authenticate with Jira Cloud using email address and API token

Filter by open or closed epics in API

We recently released the ability to close epics, namely having different open and closed states for epics. In this release, we are exposing that state in the API itself, so that you can filter on open or closed epics when retrieving a list of them, as well as see the state in a single epic retrieved itself.

Epic keyboard shortcuts

Similar to issues and merge requests, you can perform basic operations in an epic page with keyboard shortcuts, helping those users who want to get more done, more quickly, without leaving the keyboard.

Use r to start a new comment. (It will even quote selected text.) Use e to edit the description. And use l to change labels.

Render ‘index’ files like ‘README’s in repositories

When a README.* file is present in a directory of a repository, it’s rendered automatically by GitLab without the need to explicitly open it. With GitLab 11.5, it’s now possible to do the same thing with an index.* file.

This is particularly useful when you also deploy your content online using a static site generator. Previously, if you used README.md it would render to README.html, whereas with index.html you can now have clean URLs since most web servers treat http://example.com/page/index.html and http://example.com/page/ the same.

This is not limited to Markdown files as GitLab supports a number of markup languages.

Render 'index' files like 'README's in repositories

Discussion activity filter in issues and merge requests

We are glad to see teams collaborating actively in issue and merge request comments. For more involved discussions and longer-lived issues and merge requests, the discussion activity can become very long, with a lot of generated system notes.

With this release, we’ve implemented a filter to allow you to focus on just comments or system activity in the discussion area of an issue or merge request. Your selection is saved for all issues or all merge requests in GitLab. So if you prefer one mode, you can just make the selection once, and it will persist forever.

We are planning to bring the same functionality to epics too.

Discussion activity filter in issues and merge requests

Show feedback if Git push validation takes too long

Every time you push changes to a Git repository on GitLab, GitLab performs checks on each commit to enforce permissions, repository size restrictions and validates the presence of LFS objects. In some cases large pushes can fail without feedback when validation takes too long.

GitLab now provides feedback when Git push operations time out because validation is taking too long. This will help debug the source of the problem by providing better feedback to the user.

Quick access to prioritized Group settings

With GitLab 11.5, we are iterating on the settings page of Groups to prioritize the most sought-after configuration options. The top-most section is expanded by default, and we’ve clarified labels and links to provide clear direction on where to find settings and what they do. We’re continuously working on this – Project and Admin settings improvements are coming soon!

Quick access to prioritized Group settings

With this release, we are updating the top navigation bar by moving two items into a new, dedicated Help menu section. We’ll continue to add additional items there related to instance-level support and feedback in future iterations coming soon!

Help menu in top navigation

Audit event logging for project features and group settings

Audit Events captures important events that take place on your GitLab instance, and we’re now capturing additional changes in 11.5:

Activity dashboard redesign

With this release, we are updating the activity dashboard design to give a better view into who is doing what in your GitLab instance. The new activity feed gives a reader more context on what actions have taken place to keep you always up to date.

Activity dashboard redesign

Geo improvements

We continually focus on improving our Geo feature for distributed teams. Some of the additional noteworthy improvements in GitLab 11.5 include:

Performance improvements

Some of the more noteworthy performance improvements in GitLab 11.5 include:

Gitlab is an opensource software that can be installed into Contact us to find out our latest offers!

Comments are closed.

>
%d bloggers like this: