This document explains the workflow for anyone working with issues in GitLab Inc. For the workflow that applies to everyone please see PROCESS.md.
Products at GitLab are built using the GitLab Flow.
If you notice that pipelines for the master
branch of GitLab CE or EE are failing (red) or broken (green as a false positive), fixing this takes priority over everything else development related, since everything we do while tests are broken may break existing functionality, or introduce new bugs and security issues.
#development
so that other developers are aware of the problem and can help#development
by mentioning the issue@mention
the relevant Engineering Leads and CTO in the issue and on Slack, so that resources can be assigned to fix it as quickly as possible.It's ok to merge a merge request with a failing pipeline if the following conditions are met:
master
, and the failing specs are not directly related to functionality touched by the merge requestBefore merging, it's a good practice to mention that the failure happens in master
, and to post a reference to the issue. For instance:
Failure in <JOB_URL> happens in `master` and is being worked on in #XYZ, merging.
Security issues are managed and prioritized by the security team. If you are assigned to work on a security issue in a milestone, you need to follow these steps:
security-23-5
branch as the target for your merge request.If no security branch exists, create one from the latest stable branch. For the previous example, you can run (assuming dev is the remote):
git checkout -b security-23-5 origin/23-5-stable
git push -u dev HEAD
security-23-4
and security-23-3
. master
using a patch set from the most recent stable branch. After the merge requests for the stable branches have been merged, the release manager will ping you if the changes don't apply cleanly to master
or pass all tests.If you find a security issue in GitLab, create a confidential issue mentioning the relevant security and engineering managers, and post about it in #security
.
If you accidentally push security commits to GitLab.com, we recommend that you:
#releases
. It may be possible to execute a garbage collection (via the Housekeeping task in the repository settings) to remove the commits.For more information on how the entire process works for security releases, see the documentation on security releases.
For general guidelines about issues and merge requests, be sure to read the GitLab Workflow.
For larger issues or issues that contain many different moving parts, you'll be likely working in a team. This team will typically consist of a backend developer, a frontend developer, a UX designer and a product manager.
Avoid adding configuration values in the application settings or in gitlab.yml
. Only add configuration if it is absolutely necessary. If you find yourself adding parameters to tune specific features, stop and consider how this can be avoided. Are they values really necessary? Could constants be used that work across the board? Could values be determined automatically? See Convention over Configuration for more discussion.
Start working on things with the highest priority in the current milestone. The priority of items are defined under labels in the repository, but you are able to sort by priority.
After sorting by priority, choose something that you’re able to tackle and falls under your responsibility. That means that if you’re a frontend developer, you work on something with the label frontend
.
To filter very precisely, you could filter all issues for:
CI/CD
, Discussion
, Edge
, frontend
, or Platform
Use this link to quickly set the above parameters. You'll still need to filter by the label for your own team.
If you’re in doubt about what to work on, ask your lead. They will be able to tell you.
It's every developers' responsibilities to triage and review code contributed by the rest of the community, and work with them to get it ready for production.
Merge requests from the rest of the community should be labeled with the Community Contribution
label.
This should be to be part of your daily routine. For instance, every morning you could triage new merge requests from the rest of the community that are not yet labeled Community Contribution
and either review them or ask a relevant person to review it.
Make sure to follow our Code Review Guidelines.
Labels are described in our Contribution guide.
GitLab.com is a very large instance of GitLab Enterprise Edition. It runs release candidates for new releases, and sees a lot of issues because of the amount of traffic it gets. There are several internal tools available for developers at GitLab to get data about what's happening in the production system:
There is extensive monitoring publicly available for GitLab.com. For more on this and related tools, see the monitoring handbook.
More details on GitLab Profiler are also found in the monitoring performance handbook.
If you've built feature flags into your code, be sure to read about how to use the feature flag to test a feature on GitLab.com.
GitLab Inc has to be selective in working on particular issues. We have a limited capacity to work on new things. Therefore, we have to schedule issues carefully.
Product Managers are responsible for scheduling all issues in their respective product areas, including features, bugs, and tech debt. Product managers alone determine the prioritization. The UX Lead and Engineering Leads are responsible for allocating people making sure things are done on time. Product Managers are not responsible for these activities, they are not project managers.
Direction issues are the big, prioritized new features for each release. They are limited to a small number per release so that we have plenty of capacity to work on other important issues, bug fixes, etc.
If you want to schedule an Accepting Merge Requests
issue, please remove the label first.
Any scheduled issue should have a team label assigned, and at least one type label.
To request scheduling an issue, ask the responsible product manager
We have many more requests for great features than we have capacity to work on. There is a good chance we’ll not be able to work on something. Make sure the appropriate labels (such as customer
) are applied so every issue is given the priority it deserves.
There is an informal scheduling process discussion in the #scheduling Slack channel. Anyone can join and suggest improvements to our scheduling process.
Teams (Product, UX, Engineering) continually work on issues according to their respective workflows. There is no specified process whereby a particular person should be working on a set of issues in a given time period. However, there are specific deadlines that should inform team workflows and prioritization. Suppose we are talking about milestone m
that will be shipped in month M
(on the 22nd). We have the following deadlines:
M-1, 7th
: m
.m
scope. The labels represent acknowledgement from engineering that the requirements are detailed enough to reasonably kickoff development effort in an agile setting. m
issues are updated with docs starter blurb. Release post (WIP merge request) created with m
issues and docs starter blurbs.M-1, 8th
(or next business day): Kickoff callM, 7th
: Completed m
issues with docs have been merged into master. Un-started or unfinished m
issues are de-scoped from m
, with m
being removed from them.M, 22nd
: Release shipped to production. Release post published.Refer to release post due dates for additional deadlines.
Note that release timelines are overlapping. For example, when a release is shipped to production on the 22nd, the scope for the following release has already been established earlier in that same month.
An in-scope issue already has a docs starter blurb (written by the PM) by the time engineers start development. Engineers should create and merge in the updated docs as part of completing an issue by the 7th. PMs revise the starter docs blurbs in the release post appropriately before the release post is published.
Refer to Feature freeze on the 7th for the release on the 22nd for further timeline details of code releases, including major/minor version releases, as well as patch releases.
Team members use labels to track issues throughout development. This gives visibility to other developers, product managers, and designers, so that they can adjust their plans during a monthly iteration. An issue should follow these stages:
In dev
: A developer indicates they are developing an issue by applying the In dev
label.In review
: A developer indicates the issue is in code review and UX review by removing the In dev
label, and applying the In review
label.At the beginning of each release, we have a kickoff meeting, publicly livestreamed to YouTube. In the call, the Product Development team (PMs, UX designers, and Engineers) communicate with the rest of the organization which issues are in scope for the upcoming release. The call is structured by product area with each PM leading their part of the call.
The notes are available in a publicly-accessible Google doc. Refer to the doc for details on viewing the livestream.
After each release, we have a retrospective meeting, publicly livestreamed to YouTube. We discuss what went well, what went wrong, and what we can improve for the next release.
The notes are available in a publicly-accessible Google doc. Refer to the doc for details on viewing the livestream.
When working in GitLab (and in particular, the GitLab.org group), use group labels and group milestones as much as you can. It is easier to plan issues and merge requests at the group level, and exposes ideas across projects more naturally. If you have a project label, you can promote it to a group milestone. This will merge all project labels with the same name into the one group label. The same is true for promoting group milestones.