GitLab 12.0 Release

Multiple extends support in .gitlab-ci.yml

Multiple extends support in .gitlab-ci.yml

The extends keyword allows users to keep their GitLab CI/CD code dry. Using extends to condense common sections of code is a frequently used feature for advanced users of GitLab CI/CD, and is used by our own teams to build GitLab as well as our Auto DevOps features.

In GitLab 12.0, we’re very happy to welcome a contribution from Lumi Akimova to improve this feature by allowing users to include multiple extends snippets in a single job and, with multiple extends, you can now achieve streamlined and dry CI configuration.

Thanks Lumi!

Collapsible job logs

Collapsible job logs

In GitLab 12.0, we’re adding the ability to expand and collapse the log output from GitLab CI/CD jobs. This will allow users to more easily debug certain steps in the job, and provide a great overview of the steps when desired - or a detailed view if you want to see the entire output.

This originally started as a community contribution from Matthias van de Meent. Thank you Matthias for your contribution!

Vulnerability database available for viewing and accepting contributions

Vulnerability database available for viewing and accepting contributions

Our vulnerability database project can now be viewed here. You can view the entries and verify the vulnerabilities you are most interested are a part of our checks.

In addition, here are guidelines on how you can contribute to help make the vulnerability database more robust.

Lock all memberships to LDAP

Lock all memberships to LDAP

Organizations leaning on LDAP typically synchronize it with GitLab for permissions management.

In GitLab 12.0, instances can now prevent permissions changes outside of LDAP by non-admins with an instance-level setting. With this approach, compliance-minded organizations can use this option to ensure that the permissions in LDAP are reflected on the instance - and aren’t modifiable by users who aren’t instance admins.

GitLab Insights

GitLab Insights

GitLab Insights introduced in GitLab Ultimate 11.9 (feature flag) is now Generally Available (GA) in GitLab Ultimate 12.0.

Configure the Insights that matter for your projects to explore data such as triage hygiene, issues created/closed per a given period, average time for merge requests to be merged and much more.

Improved support for passing variables to downstream pipelines

Improved support for passing variables to downstream pipelines

In GitLab 11.8, we introduced the ability to trigger a downstream pipeline from an upstream bridge job. We also introduced basic support for passing variables to the downstream pipeline.

With GitLab 12.0, we support passing current environmental variables to the downstream pipeline as well. This allows users to provide context to the downstream pipeline as well as to the commit, merge request, or other details from the pipeline that triggered it.

Dependency proxy is enabled per-group by default

Dependency proxy is enabled per-group by default

In GitLab 11.11, we launched the MVC of the dependency proxy, which allows users to download and cache Docker images for faster, more reliable downloads.

In GitLab 12.0, we have enabled the feature by default at the group level.

Developers now can delete tags from the Container Registry via API

Developers now can delete tags from the Container Registry via API

The Container Registry API allows GitLab users to easily manage their registry programmatically.

With GitLab 12.0, we have updated the permissions model to allow Developers to delete a tag.

Enabled Git bitmap hash cache to speedup repacking

Enabled Git bitmap hash cache to speedup repacking

In GitLab 12.0, when repacking Git repositories, a bitmap hash cache will be saved in the bitmap index. The cache improves repack performance, particularly when using delta islands.

Note that versions of JGit prior to 3.5.0 are incompatible with the bitmap hash cache.

Use GitLab Serverless with existing Knative installations

Use GitLab Serverless with existing Knative installations

Prior to this release, GitLab Serverless features could only be used when installing Knative via GitLab. With GitLab 12.0, existing installations of Knative can now take advantage of GitLab Serverless. Simply add the existing cluster manually, add the relevant Serverless templates to your project, and GitLab will do the rest.

This means you can now use GitLab Serverless with hosted Knative offerings, such as Google’s Cloud Run on GKE or IBM’s hosted Knative service.

Link to external dashboards from environment dashboards

Link to external dashboards from environment dashboards

Operations teams often use more complex metrics dashboards for visualizing the state of their environments.

Starting in GitLab 12.0, you can now supply and easily access your external dashboards directly from within GitLab’s environment dashboards.

Add ability to query epics in GraphQL

Add ability to query epics in GraphQL

GraphQL APIs allows users to request exactly the data they need, making it possible to get all required data in a limited number of requests.

In this release, GitLab is now supporting the ability to query epics in the GraphQL API.

New threaded discussion design

New threaded discussion design

Our existing design for discussions for merge requests and issues involved many boxes and borders, often times making it difficult to follow the conversation.

In GitLab 12.0, we introduced a redesign to enhance the user experience of discussions.

Enhancements for system notes for adding and removing epic relationships

Enhancements for system notes for adding and removing epic relationships

Changes in epic relationships have not been recorded as system notes in the discussion feed of an epic.

In GitLab 12.0, system notes are now recorded for when epic relationships for parent and sub-epics are added or removed.

No longer require Docker in Docker for DAST

No longer require Docker in Docker for DAST

Dynamic Application Security Testing (DAST) no longer requires the use of Docker in Docker to run. As a result, the DAST Docker image (3GB) will now be cached on Runners.

Note that the image is updated weekly, so the cache will be invalidated every Monday.

GitLab Runner 12.0

GitLab Runner 12.0

We’re also releasing GitLab Runner 12.0 today! GitLab Runner is the open source project that is used to run your CI/CD jobs and send the results back to GitLab.

Most interesting changes:

• Docker Credentials helper support
• Add configuration of access_level for runners on registration
• Allow configuration of Pod Security Context by Kubernetes Executor
• Make PowerShell default for new registered Windows shell executors
• Support windows docker volumes configuration

As mentioned in previous posts, with version GitLab Runner 12.0, we’re also removing a few previously deprecated things:

• Remove deprecated clone/fetch command
• Remove deprecated git clean strategy
• Remove support for deprecated metrics_server setting
• Remove support for deprecated entrypoint configuration for K8S
• Remove support for deprecated S3 cache configuration
• Remove support for deprecated distributions
• Remove old docker helper image commands

A list of all changes can be found in GitLab Runner’s CHANGELOG.

Performance improvements

Performance improvements

We continue to improve the performance of GitLab with every release for GitLab instances of every size.

Some of the improvements in GitLab 12.0 are:

• Make epics list page more efficient
• Avoid hitting the database for Elasticsearch results
• Avoid hitting Elasticsearch twice for search results
• Submit documents to ElasticSearch index in bulk
• Cache rendered Markdown in commit messages to improve performance of listing commits
• Improve performance of repository size limit check on each push
• Improve performance when loading an issue or merge request with a long description
• Improve performance of merge requests with suggested changes
• Improve performance and reduce CPU usage of clones by using delta islands when repacking Git repositories
• Improve peformance of monitoring charts
• Fix Git N + 1 on ListLastCommit RPC
• Improve Git code search performance by using --perl-regexp
• Improve performance of JobsController by fixing Git N + 1

Sequential merge trains

Sequential merge trains

With the 12.0 release we’re introducing a new way to keep your master or release branches green: merge trains. Merge trains build on our pipelines for merge requests/results feature by allowing you to queue up pipelines in sequence.

For this first iteration, it’s important to note that merge train pipelines run in sequence (one at a time) so, depending on the frequency and duration of your pipelines, it may or may not be appropriate to enable this feature yet for your team.

In the future we plan to enable it by default, but we want to have parallelization support in place first to make it more accessible to more teams.

Group-specific notification email addresses

Group-specific notification email addresses

In 12.0, we have added the ability to select a separate email address for group notifications. This now allows users to separate group notifications to different email addresses. For example, a work email address for a work group and a personal email address for personal groups.

Add a reason when dismissing vulnerabilities

Add a reason when dismissing vulnerabilities

When dismissing a vulnerability identified by our scanners, there is now a field available to add a reason detailing why this vulnerability was dismissed.

This will allow security teams and developers to be able to review the history and understand why items were not remediated.

Prevent non-admins from deleting projects

Prevent non-admins from deleting projects

Compliance-minded organizations may wish to ensure that projects - which may include important code in a repository - can only be archived, rather than deleted and permanently lost.

With an instance-level setting to prevent project deletion by non-admins, instance administrators can feel more secure knowing that projects are being archived and retained.

Email notifications for broken master builds

Email notifications for broken master builds

The GitLab Pipeline Emails service integration allows users to create email alerts on build completion and failure to a list of recipients. Previously, users could only subscribe to all build failures.

In GitLab 12.0, we have added the option to only send the failure notification on the default branch for the project (e.g. master).

Thank you to Peter Marko for this contribution!

Faster shallow clones by default for all new projects in GitLab CI/CD

Faster shallow clones by default for all new projects in GitLab CI/CD

Since GitLab 8.9, GitLab CI/CD has supported shallow git clones by specifying the GIT_DEPTH variable in your job definition.

In GitLab 12.0, we’ve added the ability to set this depth at the project level - enabling project maintainers to default to a shallow clone if desired. Shallow Git clones are faster than cloning the entire Git repository every time, and if your CI/CD jobs are set up to build the latest, often a shallow clone is sufficient.

Also in GitLab 12.0, new projects created in GitLab will, by default, have a GIT_DEPTH setting of 50 when they are created. This sensible default will help users have faster clone and build times with GitLab CI/CD, while still allowing advanced users to change this setting if required for different types of CI/CD use cases.

Maven template now automatically pushes to the Maven Repository

Maven template now automatically pushes to the Maven Repository

Java developers need an easy way to build and manage their dependencies with GitLab’s CI/CD pipelines.

In GitLab 12.0, we have modified the bundled Maven.gitlab-ci.yml template to easily allow users to upload and manage their Java dependencies to the GitLab Maven Repository from their CI/CD pipelines.

Git object deduplication (Beta)

Git object deduplication (Beta)

Forking workflows make it easy to contribute to any project by creating a copy of the upstream project to work on before opening a merge request to merge your changes into the upstream project. For popular projects, the server side storage requirements needed for thousands of copies accumulate quickly and increase hosting costs.

In GitLab 12.0, object deduplication can be enabled by instance administrators using the object_pools feature flag. When enabled, creating a fork of a public will also create an object pool and use objects/info/alternates to reduce the storage requirements of forks.

Object deduplication requires hashed storage to be enabled, and for the parent project to be using hashed storage. Existing forks are not currently migrated to object pools automatically – for updates follow gitaly#1560.

In an upcoming release, we will also implement fast forking by directly creating the fork in a deduplicated state. Currently the fork is first created, then deduplicated.

Object deduplication has been enabled on GitLab.com since 30 May 2019, but it remains off by default for self-managed instances because of a duplicate bitmap warning shown when fetching. This issue is fixed in 12.0 but the feature flag could not be removed in time for this release.

Validate Kubernetes credentials provided at cluster creation

Validate Kubernetes credentials provided at cluster creation

Adding a Kubernetes cluster manually requires entering multiple data points and can be error prone. In order to effectively surface access and permission issues when adding a cluster manually, the kubernetes integration will now validate the reachability of the API URL as well as the validity of both then cluster token and CA certificate.

Relevant alerts will be presented when an issue is encountered.

Link and access a Zoom meeting from an issue

Link and access a Zoom meeting from an issue

In GitLab 12.0, we have made it easy to collaborate with teammates on an issue via a Zoom conference call. Paste a Zoom meeting link in the description of an issue. GitLab will detect the link and display a “Join Zoom meeting” button at the top underneath the title surfacing it to all collaborators.

Notifications for shared CI runner limits on GitLab.com

Notifications for shared CI runner limits on GitLab.com

Group owners on GitLab.com will now be notified via email to let them know that the group’s CI Minutes Usage Quota has expired, with instructions on how to purchase more CI Minutes.

Issue API now responds with task completion statistics

Issue API now responds with task completion statistics

Users are able to define tasks in issues and this information is surfaced in various places throughout the application.

In GitLab 12.0, users will now have the ability to return task progress information through the API.

Additional issue stats from the issues API

Additional issue stats from the issues API

Users have been unable to get detailed issue statistics from the issues API.

In GitLab 12.0, we are adding the ability to return counts of issues for all, closed, and opened states.

Add and remove child epics via quick actions

Add and remove child epics via quick actions

Child epics cannot currently be added or removed from parent epics via quick actions.

In GitLab 12.0, we have added the ability to add and remove child epics via the /child_epic and /remove_child_epic quick action commands.

Support for AsciiDoc include directive

Support for AsciiDoc include directive

The AsciiDoc markup format supports declaratively including content from other files, allowing unnecessary duplication to be removed from documents. The AsciiDoctor implementation presumes a local file system, not a Git repository, preventing includes from being rendered when viewing an AsciiDoc file inside GitLab.

In GitLab 12.0, the include directive (include::example.adoc[]) is now supported, allowing text files in the same branch or tag to be included when viewed in GitLab.

Thanks Guillaume Grossetie for your contribution!

Omnibus improvements

Omnibus improvements

We continue to improve the GitLab Omnibus with every release.

Some of the improvements in GitLab 12.0 are:

• GitLab 12.0 includes Mattermost 5.11, an open source Slack-alternative whose newest release includes a new remote CLI tool, plus much more. This version also includes security updates and upgrading from earlier versions is recommended.
• Enabling JSON logging by default.
• Grafana service is now enabled by default in omnibus-gitlab packages. Also, OAuth authentication is now automatically enabled between Grafana and GitLab.
• Improved GitLab metrics with directly instrumented ruby metrics