GitLab 11.7 shipped with Releases, Multi-level Child Epics, and NPM Registry

Search filter box for issue board navigation

Teams often use many issue boards in a given project or board, making the dropdown navigation difficult to use if the list is very long. With this release, we are introducing a search filter. Simply type a few characters in the search filter box to quickly narrow down to the issue board you are interested in, making navigation much easier.

Support catch-all email mailboxes including Microsoft Exchange and Google Groups for incoming email features

GitLab has some great features that use incoming email, such as reply by email, new issue by email, new merge request by email, and service desk. Previously, you could only take advantage of these features if you used an email server configured to use sub-addressing.

With this release, GitLab now supports both sub-addressing and catch-all email mailboxes, using a new email format, allowing more email servers to be used with GitLab, including Microsoft Exchange and Google Groups (which do not support sub-addressing).

Short commit SHA available as environment variable

Git SHAs are 40-character pointers to specific objects (i.e., commits) in a Git repo. Often, showing the full string is unwieldy and you just want to show the first eight characters as a quick (though not guaranteed unique) reference. We’ve added the CI_COMMIT_SHORT_SHA environment variable to the CI pipeline for this purpose, which will give you the first part of the commit SHA being built.

Authorization support for fetching includes

When including external files in your pipeline definition using the include keyword, these are fetched using HTTP/HTTPS requests. You are now able to access yamls on another project with no public access (e.g., a private project on GitLab.com) using the credentials the pipeline is running as.

Show Dependency Scanning results in the Group Security Dashboard

The Group Security Dashboard was initially released with SAST results only, so users were not able to manage other types of vulnerabilities with this feature.

With GitLab 11.7, Dependency Scanning findings have been added to the set of available data. If you are already using the new report syntax, you will automatically see results in the dashboard. The Auto DevOps template has been updated as well, and it now requires GitLab Runner 11.5 or above to run the Dependency Scanning job correctly.

RBAC mode default for Kubernetes cluster creation

Securing your Kubernetes cluster is vital in order to control and limit who can access the cluster and what actions they are allowed to perform.

Starting with GitLab 11.7, all clusters will default to RBAC-enabled at time of creation, providing more secure and protected infrastructure.

Support for NGINX Ingress 0.16.0+ metrics

With the release of NGINX Ingress 0.16.0, Prometheus metrics are now built in natively rather than relying on an external exporter.

GitLab 11.7 now includes support for the metrics exported by NGINX Ingress 0.16.0+, and will automatically detect and display the throughput, latency, and error rate of deployments.

GitLab Runner 11.7

We’re also releasing GitLab Runner 11.7 today! GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab.

Most interesting changes:

• Kill Web Terminal session when build is canceled
• Fix path separator for CI_PROJECT_DIR in Windows

List of all changes can be found in GitLab Runner’s CHANGELOG.

Performance improvements

We continue to improve the performance of GitLab with every release, for GitLab instances of every size.

In GitLab 11.7, we have significantly improved the performance of viewing merge requests by caching syntax highlighted discussion diffs.

Other noteworthy performance improvements include:

• Improve push performance by skipping pre-commit validations that have passed on other branches
• Remove redundant counts in snippets search
• Speed up Open board list when there are assignee lists

Project list redesign

Projects are first-class citizens in GitLab, and we want to make project lists visually pleasing and easy to parse.

In GitLab 11.7, we introduced a redesign of the project list UI that focuses on readability and a summary of the project’s activity. We’ve given each project row additional project information and whitespace, and will continue to iterate on the design based on feedback.

Import issues CSV

Often when teams start using GitLab, they may be using different tools and have legacy data. You may be currently using Jira but would like to move to GitLab issues.

With this release, we are making this transition easier. Since many issue tracking systems allow for a CSV export, you can now import such an export of issues into GitLab, allowing you to continue managing your existing work, importing legacy data into GitLab for future search and retrieval as necessary. This will work with Jira or any issue tracking system that can generate a CSV export.

GitLab also has an existing CSV export feature too.

Stricter self-approval restrictions

Code review is an essential practice of every successful project, and should be conducted by someone who isn’t the author of the change. By default, self approval of merge requests is not permitted, but was prevented based on the author of the merge request, not the commits in the merge request.

From GitLab 11.7, self-approval restrictions also prevent people who have committed changes to the merge request from approving, so that merge requests authored by multiple engineers receive fully independent code reviews and approvals.

Filter vulnerabilities in the Group Security Dashboard

The Group Security Dashboard allows security teams to keep everything under control by showing vulnerabilities that affect their groups.

With GitLab 11.7, users can filter displayed vulnerabilities by severity, report type, and project name. With this ability, they can focus on what they need and reach their data faster, especially useful when there are many entries in the list.

Include CI/CD files from other projects and templates

The include keyword allows users to create CI/CD pipelines dynamically, with external files included into the configuration. This was previously possible only for files in the project repository, or for remote files fetched via HTTP.

With GitLab 11.7, users can include their snippets of configuration also from other projects and from the predefined templates. GitLab will include snippets for specific jobs, like sast or dependency_scanning, so users can reference them instead of copying and pasting the current definition. The jobs will automatically be updated to the latest version when GitLab is updated, so there is no need for manual changes.

Support for private Go packages in subgroups

Go packages hosted in GitLab can be installed using go get, however this was not supported for private projects in subgroups. Starting with GitLab 11.7, any project can be used as a Go package, including private projects in subgroups.

Private packages are supported by the go get command using a .netrc file, and using a personal access token in the password field.

Thank you MortyChoi for the contribution!

Skip CI builds during git push

For commits where users don’t want to run the CI/CD pipeline, they were able to add a note to the commit message with [ci skip] or [skip ci]. However, many users don’t want to or can’t change their commit messages to contain additional information.

As of GitLab 11.7, users can use Git push options in Git 2.10 or newer when pushing to GitLab to prevent the pipeline run for their push. Using git push -o ci.skip will now achieve the same goal without any changes to the commit message.

Thank you Jonathon Reinhart for the contribution!

Omnibus improvements

• GitLab 11.7 includes Mattermost 5.6, an open source Slack-alternative whose newest release includes interactive message dialogs, new admin tools, Ukrainian language support, and much more.
• Enhanced Networking support is now available for the official GitLab AMI images, allowing for additional instance types to be utilized, as well as increased bandwidth.