GitLab 14.0 released with a celebration of GitLab 14
GitLab 14.0 released with a celebration of GitLab 14
When we think of everything released in the year since GitLab 13.0, we could not be more proud of our community and our team. This month, we celebrate our release of GitLab 14.0 by first taking a step back.
Together, we’ve made so much progress over the last year that we want to talk about everything it took to get to GitLab 14.
We use semantic versioning so a point release, like 14.0, represents everything new in this month. GitLab 14 is the culmination of the past year. Even more than that, GitLab 14 represents the future of GitLab, and the future of DevOps.
With GitLab 14, teams of all sizes are moving from maintaining DIY DevOps toolchains to adopting modern DevOps. GitLab 14 is a complete DevOps platform with security embedded in its DNA, visibility and insights enabled by its single data store, and a seamless experience and extensible system, so end users and enterprises alike reap the benefits of speed and efficiency.
As ever, we are also excited about what’s new this month in 14.0. Read on for our regular highlights from dozens of significant new features and improvements. Along with these exciting new features, there are a few breaking changes in 14.0. To preview what's coming in next month’s release, check out our Upcoming Releases page, which includes our 14.1 release kickoff video.
Mathieu has contributed significantly to the Package stage with his work on both the Debian and Helm package registries. These direction features have been fully contributed by Mathieu thus far.
The effort to implement Debian packages has been ongoing since September of 2020. Approximately 38 MRs merged so far, and now we are nearing the end of the iterative plan that Mathieu put together and maintained. As a result of Mathieu’s efforts, we are just a few merge requests away from feature completion and release.
Mathieu also planned the Helm Charts Package Manager effort and has been working on that over the past three months. In this work, Mathieu has embraced the GitLab values of iteration and collaboration, working closely with the entire Package team and beyond on these and many other features.
Epic Boards align teams and organizations by communicating the status of epics continuously. Previous versions of GitLab required you to view and sort epics in a list to view the overall status. Keeping epics up to date meant making most changes through an epic’s detail page. Epic Boards enable you to visualize and refine all of your epics in one place, using a customizable, drag-and-drop interface that is easy for any teammate to understand and collaborate.
Epic Boards are also a game-changer for managing and visualizing ideal epic workflows, such as authoring workflow states (Draft, Writing, Done), DevOps workflow states (such as Planned, In Development, and In Production), or any other mutually exclusive states you might model with scoped labels. Visualizing workflows with an Epic Board empowers you to increase predictability and efficiency.
Terraform modules play a central role in building standard infrastructure components throughout an organization. Up to GitLab 13.12, GitLab users had to use either a third-party Terraform module registry, local modules, or Git-based modules. While these options work well, they do not help with the distribution of the modules and they lack proper versioning support, which introduces risks for module users. GitLab 14.0 extends our Infrastructure-as-Code offerings with a Terraform module registry. Now, you can use the Terraform module registry built into GitLab to discover Terraform modules with semantic versioning support for upgrades and maintenance. Moreover, you can publish modules easily using GitLab CI/CD.
While following Terraform’s best practices, we recommend developing each Terraform module in a dedicated GitLab project. To simplify the transition to the registry, users can host and publish multiple modules from a single GitLab repository. You can learn more about publishing and consuming a new module in our documentation.
GitLab 14.0 introduces an all-new, streamlined top navigation menu to help you get where you’re going faster and with fewer clicks. This new, consolidated menu offers the combined functionality of the previous Projects, Groups, and More menus. It gives you access to your projects, groups, and instance-level features with a single click. Additionally, all-new responsive views improve the navigation experience on smaller screens.
As a developer, you often spend a majority of your time working in your local development environment. When you’re assigned a merge request for review, this requires you to leave your editor and perform that review inside of GitLab. While performing your review inside GitLab, you might also need to use your local editor to gain more context on the proposed changes.
GitLab Workflow version 3.21.0 for Visual Studio Code (VS Code) now supports the complete merge request review process, including threads. Select the GitLab icon in VS Code to open the sidebar to display Merge requests I’m reviewing. Select a merge request overview to view the complete details and discussions of the merge request.
The sidebar also contains a list of all the changed files in the merge request. Selecting files opens a diff comparison for you to review the changes in VS Code. While viewing the diff, you can read feedback left on the files, and create new comments by selecting a line number and creating your comment. All comments and feedback you provide in VS Code are available in the GitLab web interface, making it easy for you to perform your reviews in VS Code, and other users to participate in GitLab.
We’re really excited about bringing the complete merge request review process to you inside of VS Code. Let us know what you think by opening an issue for GitLab Workflow.
GitLab is big. And it’s getting bigger. As we’ve introduced new features and categories, navigating the densely-packed left sidebar has become less intuitive.
In GitLab 14.0 we’ve redesigned and restructured the left sidebar for improved usability, consistency, and discoverability. We’ve moved some links to features around, split up features in the Operations menu into three distinct menus, improved visual contrast, and optimized spacing so all the menu items can fit comfortably on a smaller screen. These changes are intended to better match your mental model of the DevOps lifecycle, and provide a more predictable and consistent experience while navigating within your projects and groups.
Editing wiki content could be so much easier! Many GitLab wikis use Markdown formatting, and for some users, Markdown is a barrier to efficient collaboration. In this release, you now have access to a rich, modern Markdown editing experience in your wiki, so you can edit with confidence.
Instant feedback and visual editing tools help make wiki editing more intuitive, and remove barriers to collaboration. GitLab saves the changes as Markdown when you’re done, so users who want to edit the Markdown directly can do so. You can even type Markdown into the new editor and it will automatically format the text as you type.
GitLab 14.0 introduces the Content Editor into the Wiki with support for most of the basic Markdown content types like headers, bold and italic text, lists, code blocks, and links. Full support for the entire GitLab Flavored Markdown specification will arrive in upcoming releases. We also plan to make the Content Editor available in other areas of GitLab in the future. We welcome input on this early MVC in this feedback issue.
In GitLab 13.12 and earlier, all DAST vulnerabilities found in a scan were listed individually for each URL the vulnerability was found on. This could create many vulnerabilities when the fix was a single file or configuration change. For example: an issue with a server header sent with every HTTP response would be reported on every page on the site, rather than reported as a single issue with multiple occurrences.
To reduce the overhead of managing vulnerabilities, GitLab combines identical vulnerabilities found on multiple pages into a single reported vulnerability in the DAST report. The vulnerability details include a list of all the URLs where the vulnerability was found, rather than individual vulnerabilities being created in the vulnerability list and dashboard for each page.
This new reporting functionality will not retroactively combine vulnerabilities found in previous scans. It only applies to scans performed in GitLab 14.0 and later.
In this release, we are moving away from the CI/CD template-based approach for cluster management. Cluster management is the ability to manage Kubernetes clusters to improve application availability running on a cluster. The old method hides too much of the logic, restricts customizations and extensions of your apps. With the new approach, you can easily create a cluster management project from a project template and fully control your applications. A project created using the new template contains the code needed for cluster management jobs, including built-in support for several applications. You can easily extend the project to other applications and own them completely.
Additionally, new applications will be installed using Helm v3. If you have former GitLab Managed Applications installed using Helm v2, check the Helm migration guide and the GitLab Managed Apps migration guide. The CI/CD job output will also guide you through these migrations.
In GitLab 14.0, the cluster management project supports only certificate-based cluster integrations. We plan to add support for the GitLab Agent for Kubernetes in the next release.
The pipeline editor in GitLab is your one-stop shop when interacting with CI/CD pipelines. Previously, when writing your first pipeline with the editor, you were presented with a blank configuration. While perfectly useful for experienced pipeline authors, it was a bit of a leap for those just starting out.
In this release, if a project does not have a pipeline configured, the editor preloads a template showing an example 3-stage pipeline. You can save and run this pipeline right away to see it in action in your project. On top of that, it also has comments that help you understand the syntax, and tips and hints to help you start customizing the template to match your needs. It is now much easier to get your first green pipeline!
Container scanning in GitLab now uses the Trivy engine by default. This change provides customers with more timely vulnerability intelligence updates, more accurate results, and support for a larger number of operating systems. Users who run container scanning with default settings are switched seamlessly and automatically to the new engine in GitLab 14.0. Users who customize the variables in their container scanning job should review our migration guide and make any necessary updates.
As part of our efforts to natively support DORA4 metrics in GitLab, the lead time for merge requests chart is now available at the Group level. This release extends on the work completed in GitLab 13.11; you can now use a chart that shows how long it takes merge requests to be deployed to a production environment (not just in individual projects, but aggregated across a group). This allows you to get a full picture of throughput across multiple projects.
The stages in project-level value stream analytics are now shown in a horizontal layout. This helps visualize the flow of work through the stages of a value stream. It also matches the navigation experience in group-level value stream analytics.
The DevOps Adoption table provides insight into how GitLab has been adopted across your organization with a comparison by group and subgroup. Previously, you could add no more than 200 groups to the table. We understand that larger organizations can have thousands of GitLab groups. You can now use a searchable dropdown to add any subgroup to the table.
In addition, subgroups removed from the DevOps Adoption table in one group no longer automatically get removed from the tables of other groups. As a result of the data migration that was done for this fix, you might need to manually re-add some subgroups to your tables the first time that you revisit them.
Expired SSH keys added to GitLab
are now disabled by default. This helps to make your GitLab instance more secure. Previously, expired SSH keys added to GitLab were enabled by default, and could be used unless explicitly disabled by an administrator.
This change affects expired SSH keys used on GitLab.com. If your keys are expired or will expire soon, you need to update the key and any services using them. Our documentation on SSH keys has helpful steps on how to create a new SSH key.
Code Owners are an important piece of the code review process in GitLab. When code owners are clearly identified, contributors can see who should review contributions to a file or repository. The Code Owners feature can also be used to establish a merge request approval process. Now, you can track which teams across your organization are using the Code Owners feature in their development workflow.
If you would like to drive adoption of Code Owners, sort the DevOps Adoption table by the Code Owners column to find teams that haven’t yet adopted the feature so you can easily identify which teams need help getting started. Alternatively, find teams that have successfully configured Code Owners and get tips and feedback. The DevOps Adoption table is available at the group level and the instance level.
Our Slack notification service can notify you when a user edits a wiki page. The Slack message gives you helpful context about the edit, including the project, page name, and the commit message. Sometimes, however, the commit message doesn’t give enough context, and you need more information about how the content changed.
Now you can click Compare changes in the Slack message to immediately view the diff, saving you time and reducing confusion from ambiguous or incomplete commit messages.
We’re also releasing GitLab Runner 14.0 today! GitLab Runner is the lightweight, highly-scalable agent that runs your build jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab.
If you want to reuse scripts and configuration between deployment jobs using the environment: keyword, it can be difficult to exclude certain behaviors based on the type of action the deployment job performs. For example, an environment: action of stop might be a job that is stopping a review_app, and you don’t want your deployment scripts to run.
Now, the value of environment: action: is available as the CI_ENVIRONMENT_ACTION predefined CI/CD variable, making it easier than ever to configure one script that can work for all deployment jobs.
You can use your project’s Package Registry to publish and install PyPI packages. When you install a PyPI package, you must specify which project the package resides in. This works well if you have a small number of projects. If you have multiple projects nested within a group, you might quickly find yourself adding dozens or even hundreds of different sources.
For large organizations with many teams, it’s common for a team to publish packages to their project’s Package Registry alongside the source code and pipelines. However, they must also be able to easily install dependencies from other projects within their organization. You can now install packages from your group, so you don’t have to remember which package lives in which project. To do this, use the simple API to specify a package: GET groups/:id/packages/pypi/files/:sha256/:file_identifier.
You can also write the output to a file, or return the package descriptor as an HTML file. Read the docs for more info and let us know how it goes. We hope that this helps to make your team and organization more efficient.
In some cases, you may wish to change an issue’s type. For example, you may want to escalate an issue to an incident to ensure that your team handles the problem properly. To change an issue’s type, edit the issue and select an issue type from the Issue type selector menu.
With the maturity of GitLab Secure scanning tools, we’ve needed to add more granularity to our release process. Previously, GitLab shared a major version number for all our analyzers and tools. This requires all tools to share a major version and prevent the use of semantic version numbering. Beginning in 14.0 GitLab SAST removed the SAST_ANALYZER_IMAGE_TAG global variable in our managed SAST.gitlab-ci.yml CI template in favor of the analyzer job variable setting the ‘major.minor’ tag in the SAST vendored template. Each analyzer job now has a scoped SAST_ANALYZER_IMAGE_TAG variable which will be actively managed by GitLab and set to the ‘major’ tag for the respective analyzer. To pin to a specific version you simply change the variable value to the specific version tag.
If you override or maintain custom versions of SAST.gitlab-ci.yml you will want to update your CI templates to stop referencing the global SAST_ANALYZER_IMAGE_TAG and move it to a scoped analyzer job tag. We strongly encourage inheriting and overriding our managed CI templates to future-proof your CI templates. This change will allow you to more granularly control future analyzer updates with a pinned major.minor version.
GitLab Static Analysis is comprised of a set of many security analyzers that the GitLab Static Analysis team actively manages, maintains, and updates. Below are the analyzer updates released during 14.0. These updates bring additional coverage, bug fixes, and improvements.
Please note, this analyzer is planned to be replaced by Semgrep in an upcoming release.
If you are including the GitLab managed vendored SAST template (SAST.gitlab-ci.yml) you do not need to do anything to receive these updates. However, if you override or customize your own CI template, you will need to update your CI configurations. If you want to remain on a specific version of any analyzer, you can now pin to a minor version of an analyzer. Pinning to a previous version will prevent you from receiving automatic analyzer updates and require you to manually bump your analyzer version in your CI template.
The Geo Admin UI provides a button to Resync All projects. For customers with a large amount of projects trying
to resync only failed repositories, unintentionally triggering this option can cause significant delays in
troubleshooting. We now display a confirmation modal whenever Resync All is selected. This small, but impactful,
UX improvement reduces the likelihood that administrators will accidentally trigger a resync of all their projects.
GitLab 14.0 upgrades Grafana to chart version to 6.9.1. Chart-deployed Grafana features are now on par with Omnibus (on 7.5.5) and resolves a deprecation issue.
Geo replicates and verifies many different data types. System administrators
need to monitor the health of their Geo sites to know whether there are any issues
requiring attention, such as projects that failed to sync, or checksum mismatches.
In our UX research, we found that administrators using the Geo admin page
often had trouble finding the information they needed, and that the information displayed
could be confusing.
Our redesigned Geo sites dashboard addresses these pain points.
We have added more useful indicators such as sync and verification summaries
for data types, and verification status bars for individual data type components.
We have also improved how the page is organized, reducing the number
of clicks needed to surface important information.
In this release, we upgraded Ruby on Rails to version 6.1 to take advantage of the latest improvements of the application framework. Please refer to the Ruby on Rails 6.1 release notes for more details.
When Hashed Storage was introduced, it became more difficult to discover the storage location of projects. Systems administrators were able to look up the path on the project’s admin UI, but it was impractical to do this for many projects. In this release, we’ve added API endpoints that expose a project’s storage information. In the REST API, this new endpoint is GET /projects/:id/storage. For GraphQL, the diskPath field is now available in the Repository object.
In this release, we have added the ability to identify provisioned users and contributors. A new Enterprise label is displayed against provisioned users. This helps users identify accounts that a group created via SCIM automation instead of accounts created manually by a user.
Instance-level DevOps Adoption report is now enabled by default. The DevOps Adoption report shows which teams in your organization are using GitLab:
Issues
Merge requests
Approvals
Runners
Pipelines
Deploys
Scanning
Compare GitLab adoption across your entire organization by adding groups to the adoption table. Here are just a few of the ways you can use the DevOps Adoption report:
Verify whether you are getting the return on investment that you expected from GitLab.
Identify specific groups that are lagging in their adoption of GitLab so you can help them along in their DevOps journey.
Identify groups that have adopted specific features, such as pipelines, and provide tips to other groups interested in getting started with these features.
This is just the beginning of an exciting vision to measure DevOps adoption in your organization and evaluate the benefits. To learn about the additions that are coming next, read the epic.
The DevOps Adoption report is also available at the group level. For SaaS users, get adoption insights for your entire organization by viewing the DevOps Adoption report in your top-level group.
Forking a project enables you to have an exact copy of an original repository where you can experiment, apply changes, and submit contributions to the parent project. Your forks should have meaningful names that explain their goals, and if your project is diverging, you may need multiple forks of a single project.
In this release, GitLab now supports editing the project name and project slug directly when you create a fork. You can now create multiple forks of the same project, each with a different name, all in the same group!
Securely managing secrets stored in CI/CD variables is a must. You can hide variable values in job logs by masking the variables, but GitLab only support certain characters. Now we support masking variables with ‘~’ in the value, which expands the feature to support more secrets generated from other secrets provider platforms. Thank you to dallmair for the community contribution!
Previously, when looking at the pipeline view, it was difficult to determine which job triggered a downstream pipeline. Starting in 14.0, every downstream pipeline shows the name of the job that triggered it. This makes it easier to track the execution flow in complex pipelines that trigger downstream pipelines.
You use the GitLab Package Registry to publish, install, and share your dependencies. When you publish a dependency, it generates several files including the package archive. Prior to GitLab 14.0, to delete such files you had to use the API. In GitLab 14.0, you can now use the UI to delete files related to a given package, and the package itself.
Since maintaining a tidy registry can be challenging, our goal is to make the process easier and more efficient for you by adding more options for how to delete unused files.
Previously, to access the user lists, you had to navigate to a separate tab under the Feature Flags page. This design obscured the relationship between feature flags and user lists since user lists are a sub-feature of feature flags.
In this release, user lists are now under a subpage of Feature Flags, which improves the workflow and makes their relationship more clear.
The Incident Service Level Agreement (SLA) Timer, introduced in GitLab 13.5, shows the time remaining until an SLA violation for an incident.
However, the user had to refresh the page to update the timer. Starting in GitLab 14.0, the timer updates dynamically every 15 minutes without the need for a page refresh.
Automated security scanning is an important part of any secure development process. There are a wide variety of tools and technologies covering the entire SDLC from source code scanning to post-deployment application and infrastructure scanning. While the ultimate goal of any of these tools is to discover both known and potential vulnerabilities, the information coming from any given scanner can vary widely. Efforts to standardize scanning output data do exist but they tend to focus only on one category of scanning technology or even a specific set of tools. This presents a big challenge to security teams who need to aggregate a wide array of scanner findings. Without a consistent way to normalize disparate findings, viewing the unique details for each scanner’s output can be a very apples-and-oranges experience. And if the tool outputs aren’t aggregated, then results are often reviewed in the source tool, leaving the true picture of vulnerability risk fragmented and sitting outside of the rest of the DevOps toolchain.
The new generalized details structure in our security report schemas can bridge this gap. You can already integrate a wide variety of security scanners into GitLab with minimal effort. Now you can go even further with rich formatting options for finding details. Our new structure makes it easy to map most tool’s existing outputs into our JSON report formats while adding consistent presentation logic automatically. Flexibility without sacrificing the ability to provide rich vulnerability finding data is a primary purpose behind the new structure. Details are provided in an open structure using pre-defined data types. The pre-defined types handle both data validation as well as standardized UI presentation inside GitLab. For instance, we provide types such as Integer, URL, Table, and even GLFM (GitLab Flavored Markdown). This allows granular control over how finding details are presented while keeping the overall experience inside GitLab consistent.
GitLab container scanning can now optionally use the Grype scanning engine instead of the default Trivy engine. This gives users flexibility and choice in selecting their container scanning engine. We did a comparison of the two open source scanners. However, as each scanner is unique, you may wish to do your own comparison to decide which is best for you. Users can try the Grype scanner by setting the CI variable CS_ANALYZER_IMAGE: registry.gitlab.com/security-products/container-scanning/grype:4.
Patroni is a solution for
PostgreSQL high availability, which also allows the
configuration of a highly-available PostgreSQL standby cluster on a Geo
secondary. This configuration is important when a secondary is used as
part of a disaster recovery strategy, because it allows systems
administrators to mirror the number of database nodes on the primary and
secondary site. This means that after a failover, no additional database nodes must be provisioned to regain high availability.
Geo now provides generally available
support for highly-available PostgreSQL configurations using
Patroni.
GitLab 14.0 includes Mattermost 5.35.3, an open source Slack alternative. Due to the introduction of backend database architecture required for upcoming new features, the performance of the migration process for the v5.35 release is noticeably affected. Depending on the size, type, and version of the database, you should expect longer than usual upgrade times. This can vary from a couple of minutes (average case) to hours (worst case, MySQL 5.x only). You should also expect a moderate to significant spike in database CPU usage during this process. More details on the performance impact of the migration and possible mitigation strategies are provided in this post.
v5.35.3 introduces a new feature to search for files and some changes to password generation logic used during bulk user import. Admins should immediately reset the passwords for all users generated during the bulk import process, and whose password has not been changed even once.
v5.35.3 also contains a high level security fix, and upgrading is recommended.
Previously, new GitLab instances would prompt users for the initial root password by default after installation, which meant an anonymous user could get there first to set a root password and take control. Now, an initial root password will be randomly created if one isn’t provided by the user. This improves the default security of newly deployed GitLab instances.
The Omnibus GitLab docker image now includes BusyBox but removes vim and nano as pre-installed editors. BusyBox brings together minimal versions of lots of other tools, and by making BusyBox our default editor, we get many other tools that are useful when debugging inside of a container.
GitLab’s database load balancer enables the distribution of read-only queries across multiple database servers. For GitLab instances with thousands of users, using the load balancer can reduce the load on the primary database and increase responsiveness, thus resulting in faster page load inside GitLab.
In this release, we moved the load balancer from Premium to Free to allow more users to benefit from this feature.
The performance bar allows systems administrators and software developers to understand the performance of a GitLab page.
Increasing the visibility of memory used is important for software developers, so they can improve the performance and user experience of GitLab. In this release, we’ve added a memory field that shows the amount of memory consumed and objects allocated for the current request. When selected, a view is displayed with additional information. With this information available, software developers can spot memory issues earlier and develop more memory-efficient and performant features.
In every release, we continue to make great strides improving GitLab’s performance. We’re committed to making every GitLab instance faster. This includes GitLab.com, an instance with over 1 million registered users!
In GitLab 14.0, we’re shipping performance improvements for issues, projects, milestones, and much more! Some improvements in GitLab 14.0 are:
In every release, we work on improving the overall effectiveness and usefulness of our product.
We also have a UI Polish Gallery to track important updates to our interfaces. These updates, while often small, improve your user experience.
In GitLab 14.0, we’re shipping usability improvements for issues, projects, milestones, and much more! We highlight the following changes in GitLab 14.0:
Webhook rate limiting on gitlab.com for GitLab Free
To improve GitLab.com infrastructure reliability, and protect against abuse and configuration errors, we’re now enforcing a rate limit of 120 calls per minute for each configured webhook in projects or groups. This limit currently only applies to Free users on GitLab.com. We’re also considering introducing higher thresholds for paid GitLab plans, which should still support normal webhook usage.
Free tier scheduled pipeline frequency limit on GitLab.com
Scheduled pipelines that run very frequently affect the performance of GitLab.com. In GitLab 14.0, we are limiting the frequency of scheduled pipelines to no more than once per hour per scheduled pipeline for Free tier users. Premium and Ultimate users are not affected by this change.
Update: You must upgrade to the latest patch release of GitLab 14 (14.0.Z). This is required because at least two patch releases contain batched background migrations as part of our ongoing effort to address primary key event overflow risks. These background migrations have to finish before upgrading to a later version of GitLab. Consult the required GitLab upgrade path for more information.
Before upgrading to GitLab 14.0, you will need to upgrade to 13.12. For more details on upgrading, see Upgrading to a new major version.
You must upgrade to PostgreSQL 12 before upgrading to GitLab 14.0. PostgreSQL 12 is the minimum required version starting in GitLab 14.0. PostgreSQL 11 has been removed and is no longer officially supported. You will need to plan on some downtime for the PostgreSQL upgrade because the database must be down while the upgrade is performed. If you are using the GitLab-provided PostgreSQL database, you should make sure that your database is PostgreSQL 12 on GitLab 13.12 regardless of your installation method.
Remove old ElasticSearch migrations. By removing old ElasticSearch migrations, it will be easier to perform Advanced Search migrations when upgrading GitLab.
We want to hear from you
Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum.
Share your feedback