New GitLab 12.0 with visual reviews and a list of dependencies
Dev, Sec and Ops
GitLab 12.0 is a key release on the road to implementing an approach that will cover all the elements of DevSecOps and allow everyone to contribute.
We had a very exciting year - we worked a lot on a solution that would unite all the teams. The community has made thousands of additions to make GitLab even cooler.
We believe that everyone can contribute, so we added features for collaboration between different teams, fast delivery of excellent code, and combining Dev, Sec, and Ops.
Visual Code Review
GitLab review applications are convenient tools with which anyone (from the maintenance team and quality control specialists to company owners) can evaluate and approve changes in applications to production release.
In GitLab 12.0, you can easily provide a visual feedback directly in the review application. No extra effort, like switching between tabs and typing text, which reduces the review time and speeds up delivery.
List of project dependencies
Typically, projects consist of dozens of individual components, and this is fraught with vulnerabilities. Security and compliance professionals need to be aware of all project components.
Now you can easily view project dependencies in one place.
Restricting access by IP address
Some companies prefer to restrict access to repositories by IP addresses.
In GitLab 12.0, you can deny access to data on GitLab for traffic from external IP addresses.
This month’s most valuable employee ( MVP ) is Wolphin .
Thanks to him , GitLab CI now supports several extends, which markedly adorned an already beautiful primitive.
Thanks, Wolphin!
Main features of GitLab 12.0
Visual Code Review
STARTER, PREMIUM, ULTIMATE, BRONZE, SILVER, GOLD
GitLab allows users to automatically create review applications for each merge requester. Anyone can see the change of the project or user interface.
In GitLab 12.0, it is even more convenient to discuss these changes thanks to the visual review tools available directly in the review application. One small piece of code - and designers, product managers, and all concerned, can quickly leave feedback on Merge Requests, without leaving the application.
List of project dependencies
ULTIMATE, GOLD
Now from the left menu, you can open a list of project dependencies (sometimes called specifications or BOM (Bill of Materials)).
The BOM shows which components are included in the project, and this is important for security or compliance specialists. The report can be not only viewed, but also exported as JSON.
Restricting access by IP address
ULTIMATE, GOLD
If the company has strict control, it can deny access to its resources from external IP addresses. This feature is especially useful for companies that use VPN, because now you can prohibit traffic outside the specified subnet from accessing resources in the GitLab user interface.
Strict control over the most valuable company code can now be configured at the group level in self-managed instances or at GitLab.com, and it is very simple.
Synchronize files with a web terminal
ULTIMATE, GOLD
In GitLab 12.0, changes made to the Web IDE can now be synchronized with the web terminal. Changes in the Web IDE can be tested in a web terminal before being sent to a project.
This feature also simplifies the arrival of new participants, who can now view, edit and test the code without installing local dependencies for the project.
Note: GitLab.com supports interactive web terminals only through private runners.
Git integration for JupyterHub
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Deploying JupyterHub through the integration of Gitlab with Kubernetes allows you to get down to work with notebooks of Jupyter, with which you can create and send documents with live code, diagrams and even instructions.
Starting with GitLab 12.0, the Git extension for JupyterLab is automatically configured when you install JupyterHub on a Kubernetes cluster. This integration allows you to completely control notebooks and execute Git commands in Jupyter. Git commands can be executed on the Git tab in the left pane or on the Jupyter command line.
Other improvements in GitLab 12.0
Multiple extends support in .gitlab-ci.yml
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The extends allows users to keep the GitLab CI / CD code concise . Advanced GitLab CI / CD users are already using extends to compress common parts of the code. We ourselves use them to build GitLab and our Auto DevOps features.
In GitLab 12.0, we are pleased to introduce a supplement from Wolphin , through which you can include several extends fragments in one task in order to optimize and reduce the CI configuration.
Thanks, Wolphin!
Merge chained
PREMIUM, ULTIMATE, SILVER, GOLD
In release 12.0, we present a new way to keep master or branch green: a chain of merdzhey. Merge chains are based on our merge requests / results feature and allow you to queue the pipelines in order.
Now the pipelines of the chain of mardies go sequentially (one at a time), so perhaps you should not include this feature yet, depending on the frequency and duration of your pipelines.
In the future, we plan to enable this feature by default, but first we need support for parallel execution for greater convenience.
Collapsible task logs
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In GitLab 12.0, we add the ability to expand and collapse logs in GitLab CI / CD tasks. It will be easier to debug some of the steps of the tasks and view general information about the steps - or for details if you need to see all the output.
Initially it was a supplement from Matthias van de Meent . Thank you, Mattias!
Email addresses for notifications by specific groups
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In 12.0, we added the ability to select individual addresses for group notifications. Now users can receive group notifications to other addresses. For example, a work address for a work group and a personal address for a personal group.
Database vulnerabilities for viewing and making additions
ULTIMATE, GOLD
Our vulnerability database project can be viewed here . Examine what is in it, and check out the most relevant vulnerabilities for you.
And also read the recommendations on making a contribution to improve the database of vulnerabilities.
Specifying a reason for missing a vulnerability
ULTIMATE, GOLD
If you ignore the vulnerability found, you can now explain the reason in a special field.
Security specialists and developers will be able to review the history and understand why there are no patches.
Manage permissions in LDAP only
PREMIUM, ULTIMATE
Companies that use LDAP usually sync it with GitLab to manage permissions.
In GitLab 12.0, you can now prevent anyone other than the administrator from changing permissions for an instance outside of LDAP. With this approach, strict control companies can ensure that the permissions in LDAP correspond to the permissions in the instance and cannot be changed by anyone other than the administrators of the instance.
Only admins can delete projects.
PREMIUM, ULTIMATE
Companies with strict control can only allow archiving of projects that may contain important code in the repository, so as not to lose it forever.
Instance administrators can, at the instance level, prohibit ordinary users from deleting projects and will know for sure that projects will only be archived and will not go anywhere.
Gitlab insights
ULTIMATE, GOLD
GitLab Insights, introduced in GitLab Ultimate 11.9 (feature parameter), is now publicly available in GitLab Ultimate 12.0.
Customize the display of the most up-to-date information, such as the cleanliness of sorting, the number of created and closed tasks for a certain period, the average time to merge merge requests, and much more.
Notifications about failures of assemblies on the master branch
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The GitLab Pipeline Notification Service allows users to set alerts for completion or failure of assemblies for a list of recipients. Previously, you could only subscribe to all build problems.
In GitLab 12.0, we added the ability to subscribe to crash notifications only in the default project branch (for example, master ).
Thanks for the work, Peter Marko !
Improved support for passing variables to lower pipelines
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In GitLab 11.8, we presented the ability to run a downstream pipeline from the intermediate task to the upstream. We also introduced basic support for passing variables to the downline pipeline.
GitLab 12.0 supports the transfer of current environment variables to downstream pipeline. This allows users to provide context for the downstream pipeline and for commits, merge requests, or other elements from the pipeline that launched it.
Accelerated default surface clones for new projects in GitLab CI / CD
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Since the release of GitLab 8.9, GitLab CI / CD supports surface git clones using the GIT_DEPTH variable in the job definition.
In GitLab 12.0, we added the ability to set this depth at the project level, so project maintainers could select default surface collation. Creating surface Git-clones is faster than cloning the entire Git repository each time, and if your CI / CD tasks are set up to build the latest changes, surface clones will suffice.
In addition, in GitLab 12.0 for new projects created in GitLab, the GIT_DEPTH parameter will default to 50 when it is created. This reasonable value will help users more quickly clone and execute builds in GitLab CI / CD, and advanced users can change this parameter for other CI / CD scenarios.
Proxy dependencies enabled for default groups
PREMIUM, ULTIMATE
In GitLab 11.11, we launched a dependency proxy so that users can download and cache Docker images for faster and more reliable download.
In GitLab 12.0, we enabled this feature by default at the group level.
The Maven template now automatically sends code to the Maven repository.
PREMIUM, ULTIMATE, SILVER, GOLD
Java developers need a simple way to build dependencies and manage them in the GitLab CI / CD pipelines.
In GitLab 12.0, we changed the Maven.gitlab-ci.yml template attached so that users send Java dependencies to the GitLab Maven repository from their CI / CD pipelines and manage them.
Removing tags from the registry of containers through the API
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
With the Container Registry API, GitLab users can easily manage their registry with code.
In GitLab 12.0, we updated the permissions model so that developers can remove tags.
Deduplication of Git Objects (Beta)
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Branching workflows makes it easier to work together on a project: you create a copy of the upstream project, work with it, and then open a merge-request to add your changes to the upstream project. For popular projects, server-side storage requirements for thousands of copies are increasing rapidly — along with costs.
In GitLab 12.0, instance administrators can enable object deduplication using the feature object_pools . If it is enabled, when branching a public project, a pool of objects will be created and objects/info/alternates will be used to make branches take up less space.
To deduplicate objects, you must enable hashed storage, and the parent project must use hashed storage. Existing branches are not transferred to the pool of objects automatically. Stay tuned for news: gitaly # 1560 .
In the next issue, we implement fast branching so that branches are created immediately with deduplication. Now they are first created and then deduplicated.
Object deduplication has been running on GitLab.com since May 30, 2019, but it is turned off by default for self-managed instances, because the call displays a warning about a repeated bitmap . The problem is fixed in 12.0, but we did not have time to remove the feature parameter in this release.
Git bitmap hash cache enabled for fast repacking
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In GitLab 12.0, when repacking Git repositories, the bitmap hash cache is stored in a bitmap index. Cache improves repacking performance, especially when using delta parcels.
JGit versions prior to 3.5.0 are incompatible with a bitmap hash cache.
Verifying Kubernetes credentials provided during cluster creation
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
If you add a Kubernetes cluster manually, you need to enter a lot of data, and errors are not excluded. To identify problems with access and permissions, now when you manually add a cluster, Kubernetes integration will check the availability of the URL API, as well as the validity of the cluster token and the CA certificate.
If a problem occurs, you will receive an alert.
Using GitLab Serverless with current Knative settings
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Prior to this release, the GitLab Serverless features could only be used when installing Knative via GitLab. In GitLab 12.0, existing Knative installations can also take advantage of GitLab Serverless. Simply add the existing cluster manually , add the necessary Serverless templates to the project, and GitLab does the rest.
This means that you can now use GitLab Serverless with Knative third-party solutions, such as Cloud Run on GKE by Google or Knative, hosted by IBM.
Links and access to the conference Zoom from the task
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
In GitLab 12.0, we made it easier to collaborate on tasks using Zoom conferences. Paste the link to the Zoom conference in the task description. GitLab recognizes the link and shows the “Join Zoom meeting” button under the heading.
Link to external dashboards from environment dashboards
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Maintenance teams often use more sophisticated dashboards with metrics to visualize the state of their environments.
Starting from GitLab 12.0, you can provide and open third-party dashboards directly from the media panels on GitLab.
CI Runner general limit notifications on GitLab.com
FREE, BRONZE, SILVER, GOLD
Group owners on GitLab.com will now receive email notifications that the CI minute quota has ended and instructions for purchasing additional CI minutes.
Ability to request epics in GraphQL
ULTIMATE, GOLD
Using the GraphQL API, users can specify exactly what data they need and receive all the necessary data in a few queries.
In this release, GitLab supports the ability to query epics in the GraphQL API.
Task API now provides action statistics
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Users can define actions in tasks, and this information is displayed in different places of the application.
In GitLab 12.0, users can get information about progress through the API.
New design discussions with threads
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
The existing design for discussions of merge requisitions and tasks included many fields and borders, so it was sometimes difficult to follow the conversation.
In GitLab 12.0, we present a more user-friendly design.
Additional task statistics from the task API
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Users did not receive detailed task statistics from the task API.
In GitLab 12.0, we add the ability to view the number of all tasks, open and closed tasks.
Improved system notes when adding or removing links between epics
ULTIMATE, GOLD
Changes in the connections between epics were not recorded in the system notes in the epic discussion tape.
In GitLab 12.0, system notes are recorded when links between parent and child epics are added or removed.
Adding and removing child epics via quick actions
ULTIMATE, GOLD
Now child epics cannot be added or removed from the parent through quick actions.
In GitLab 12.0, we added the ability to add and remove child epics using the /child_epic and /remove_child_epic .
Docker in Docker is no longer needed for DAST
ULTIMATE, GOLD
For dynamic testing of application security (Dynamic Application Security Testing, DAST), Docker in Docker is no longer needed. Therefore, the DAST Docker image (3 GB) will be cached in the runners.
The image is updated weekly, so the cache becomes invalid every Monday.
GitLab Runner 12.0
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
Today we released GitLab Runner 12.0! GitLab Runner is an open source project that is used to run CI / CD jobs and send the results back to GitLab.
The most interesting changes:
- Docker Credentials Helper Support
- Adding access_level configuration for runners during registration
- Allow pods to set security context in Kubernetes Executor
- PowerShell is installed by default for new registered Windows executables.
- Windows Docker Volume Configuration Support
As we have said in previous posts, in GitLab Runner 12.0 we remove obsolete functions:
- Removed obsolete clone / fetch command
- Removed outdated git clean strategy
- Removed support for obsolete metrics_server parameter
- Removed support for legacy entry point configuration for K8S
- Removed support for outdated S3 cache configuration
- Removed support for obsolete distros
- Removed support for old docker helper commands image
A complete list of changes can be found in the GitLab Runner change log: CHANGELOG .
Omnibus Improvements
CORE, STARTER, PREMIUM, ULTIMATE
We continue to improve the GitLab Omnibus with every release.
Some improvements in GitLab 12.0:
- GitLab 12.0 includes the Mattermost 5.11 - an open source alternative to Slack , the new release of which includes the remote CLI tool and much more. This version includes security updates and we advise you to upgrade.
- Enable JSON logs by default .
- Grafana is now enabled by default in omnibus-gitlab packages. And OAuth authentication is now enabled automatically between Grafana and GitLab.
- Improved GitLab metrics with directly instrumented ruby ​​metrics
Performance improvements
CORE, STARTER, PREMIUM, ULTIMATE, FREE, BRONZE, SILVER, GOLD
We continue to improve GitLab performance with each release for GitLab instances of any size.
Some improvements in GitLab 12.0:
- The epic list page has become more efficient.
- Database is not counted in Elasticsearch results.
- No need to call Elasticsearch twice to get results.
- Documents can be sent to the index Elasticsearch package.
- Cached Markdown in commit messages to improve commit output performance.
- Improved performance of checking repository size limits on each upload.
- Improved performance when loading a task or a merge-request with a long description.
- Improved performance merge rekvestov with the proposed changes.
- Improved performance and reduced consumption of processor resources by clones using delta plots when repacking Git repositories.
- Improved performance monitoring charts.
- Fixed Git N + 1 in ListLastCommit RPC.
- Improved Git code lookup performance with --perl-regexp
- Improved JobsController performance thanks to the Git N + 1 fix.
Obsolete features
GitLab 9.x is no longer supported.
We are introducing a new major version of GitLab, so GitLab 9.x is no longer supported . We recommend upgrading to at least GitLab 10.0 to get help from our support team.
Date of deletion: June 22, 2019
GitLab Geo requires hashed storage in GitLab 12.0
In GitLab 12.0, GitLab Geo requires hashed storage to mitigate competition on secondary nodes. Use sudo gitlab-rake gitlab:geo:check to check if hashed storage is enabled and all projects are migrated. See the documentation on how to move to hashed storage .
We have already talked about this before .
In GitLab 11.5, we added this requirement to the Geo documentation .
In GitLab 11.6 , sudo gitlab-rake gitlab:geo:check checks whether hashed storage is enabled and all projects are transferred . If you are using Geo, please run this check and migrate as soon as possible.
In GitLab 11.8, a constantly disabled warning will be displayed on the Admin Area ›Geo› Nodes page if the above checks are not enabled.
Date of deletion: June 22, 2019
GitLab Geo requires PostgreSQL Foreign Data Wrapper in GitLab 12.0
In GitLab 12.0 Geo, PostgreSQL Foreign Data Wrapper is required, so PostgreSQL version must be at least 9.6. GitLab Geo uses PostgreSQL Foreign Data Wrapper to query data from different PostgreSQL instances. This is necessary for the Geo Log Cursor , as it significantly improves the performance of some synchronization operations. Foreign Data Wrapper also improves the performance of Geo node status queries. Previous requests had too low performance in large projects.
Learn how to configure PostgreSQL Foreign Data Wrapper in the documentation for Geo Database Replication .
Date of deletion: June 22, 2019
Discard mapping by app label on Kubernetes Deploy panels
In GitLab 12.1, we will remove the mapping by the app label in the Kubernetes Deploye selector (initially the removal was planned for release 12.0). In GitLab 11.10, we introduced a new mapping mechanism that looks for matches on app.gitlab.com/app and app.gitlab.com/env to display layouts on the panel.
In order for these deployments to be displayed on the deploys panels, you just need to send a new denley, and GitLab will apply the new labels.
Date of deletion: June 22, 2019
Delete the environment variable AUTO_DEVOPS_DOMAIN
A new environment variable KUBE_INGRESS_BASE_DOMAIN was introduced in GitLab 11.8 . You no longer need to use AUTO_DEVOPS_DOMAIN to define several domains, since they are now individually defined on the cluster page.
Date of deletion: June 22, 2019
Removing Kubernetes Service Template
In GitLab 12.1, we plan to abandon the Kubernetes service template at the instance level in favor of the cluster configuration at the instance level , presented in GitLab 11.11.
All self-managed instances where the service template is used will be transferred to the cluster at the instance level when upgrading to GitLab 12.0.
Date of deletion: June 22, 2019
Remove skip_auto_migrations file support
In GitLab 12.0 we are complete skip_auto_migrations. It was deprecated in GitLab 10.6.
Date of deletion: June 22, 2019
Prometheus 1.x Support Removal
In GitLab 12.0 we completely remove support for 1.x Prometheus .
Date of deletion: June 22, 2019
Dated openSUSE 42.3
EOL openSUSE 42.3 comes June 30, 2019. We will continue to build packages for this version until GitLab 12.1, but stop support in GitLab 12.2.
Date of deletion: June 22, 2019
Outdated legacy GitLab Runner code paths
Gitlab 11.9 GitLab Runner / . GitLab Runner , . .
GitLab 11.0 GitLab Runner. metrics_server listen_address GitLab 12.0. .
11.3 GitLab Runner - . S3 . . .
GitLab 12.0. , , , GitLab 11.9+ GitLab Runner 12.0.
: 22 2019 .
GitLab Runner
11.4 GitLab Runner .
FF_K8S_USE_ENTRYPOINT_OVER_COMMAND , #2338 #3536 .
: 22 2019 .
Linux, EOL, GitLab Runner
Linux, GitLab Runner, .
GitLab 12.0 GitLab Runner Linux. , , .
, ( Javier JardĂłn ), !
: 22 2019 .
GitLab Runner Helper
Windows Docker executor , helper image .
GitLab 12.0 GitLab Runner . , helper image. .
: 22 2019 .
legacy git clean GitLab Runner
GitLab Runner 11.10 , Runner git clean . , git reset git clean .
GitLab 12.0 GitLab Runner . . .
: 22 2019 .
Secure License Management License Compliance GitLab 12.0
License Management , , GitLab 12.0. License Compliance — , , , , .
License Compliance .
: 22 2019 .
.gitlab-ci.yml Secure
.gitlab-ci.yml , :
--auth-first-page, , .DEP_SCAN_DISABLE_REMOTE_CHECKS, , .sast_containerGITLAB_FEATURES,container_scanning.
.gitlab-ci.yml , , . Secure . , Secure .
: 22 2019 .
Secure GitLab 12.0
Secure . Secure .
Secure .gitlab-ci.yml include: template: Dependency-Scanning.gitlab-ci.yml .
: 22 2019 .
3DES GitLab.com Pages
3DES . , Internet Explorer 7 8 Windows XP.
: 22 2019 .
MySQL GitLab 12.1
GitLab 12.0 — MySQL ( MariaDB) . PostgreSQL, . MySQL , Enterprise Edition Starter Premium.
: 22 2019 .
Sentry GitLab 12.1
GitLab 12.1 gitlab.yml GitLab 11.11. , Sentry, (, , ). . gitlab-ce#49771 .
: 22 2019 .
Silver/Premium
22 2019 Silver/Premium , .
: 22 2019 .
License Management Python 3 GitLab 12.2
Python 3 Secure License Management.
Python 2 CI LM_PYTHON_VERSION «2», , GitLab 12.2. Python 3 CI LM_PYTHON_VERSION «3» .
: 22 2019 .
Windows
GitLab 12.3 Windows GitLab Runner (, cmd.exe ) Windows PowerShell.
DevOps Microsoft, PowerShell — Windows.
cmd.exe , PowerShell, Windows - , .
: 22 2019 .
GitLab Runner Docker Executor
GitLab Runner 11.10 , , Docker Docker Machine. GitLab Runner , builds_dir . - , .
: 22 2019 .
Python 2 Secure License Management
Python 2 GitLab, Python 2.7 EOL 1 2020 .
: 22 2019 .
GitLab 12.0
GitLab 12.0 , Enterprise Edition , Community Edition. . , GitLab, 11.11, 12.0.0. , 12.3.0, 11.11 . , , . Omnibus 12.0.0, GitLab Helm Chart . .
- GitLab 12.0 . .
GitLab 12.0 PostgreSQL 10.0 .
- PostreSQL 10.0,
/etc/gitlab/disable-postgresql-upgrade. - GitLab Geo , PostgreSQL
primarysecondary. Geo 12.1 .
- GitLab 12.0 JSON . , , JSON .
- Omnibus .
:
Installation
GitLab, GitLab .
Update
')
Source: https://habr.com/ru/post/458136/
All Articles