GitLab 15.8 Release

GitLab 15.8 released with external status checks and self-managed SCIM

GitLab 15.8 released with external status checks before merge, SCIM support for self-managed, direct project transfer migration beta, and much more!

Today, we are excited to announce the release of GitLab 15.8 with block merges unless external status checks pass, SCIM support for self-managed GitLab, view estimated queuing for runners in the admin area, migrate GitLab projects by direct transfer beta, and much more!

These are just a few highlights from the 35+ improvements in this release. Read on to check out all of the great updates below.

We thank the wider GitLab community for the 85+ contributions they provided to GitLab 15.8! At GitLab, everyone can contribute and we couldn't have done it without you!

To preview what's coming in next month’s release, check out our Upcoming Releases page, which includes our 15.9 release kickoff video.

GitLab MVP badge

MVP This month's Most Valuable Person (MVP) is Patrick Rice

Patrick is a consistent contributor to GitLab Terraform Provider - contributing 2-3 releases every milestone. He not only contributes code, but also triages and reviews issues in the provider and contributes to dependencies. He also helps out in the GitLab community: with community hours, and also in Discord.

We are so appreciative of all that Patrick does, both in our codebase and for our wider community. There is no doubt that much of the success of the Terraform Provider can be attributed to him. Thank you, Patrick!

15.8 Key improvements released in GitLab 15.8

Block merges unless external status checks pass

Block merges unless external status checks pass

You can now configure projects to block merge request merges unless all external status checks pass. This allows you to confidently rely on external systems as part of your GitLab workflows and ensure that all required steps are completed before the code is merged.

When configured, users can only merge merge requests if external status checks pass and the green checkmark is displayed on the merge request. If an external status check is pending or failed, merging the merge request is blocked.

This feature is available to self-managed users, but is not enabled by default. You can enable this feature in Gitlab 15.5 and later with the only_allow_merge_if_all_status_checks_passed feature flag. This feature is now enabled by default in GitLab 15.8 for SaaS users and will be enabled by default in GitLab 15.9 for self-managed users.

Block merges unless external status checks pass

Migrating GitLab projects by direct transfer Beta

Migrating GitLab projects by direct transfer Beta

We are excited to announce the availability of migrating GitLab projects by direct transfer Beta. Now, you can migrate group and project resources together when using direct transfer. You can use direct transfers to migrate between GitLab instances or within the same GitLab instance.

Migrating projects when migrating groups using direct transfer is a major improvement from migrating groups and projects using file exports because:

  • You don’t need to manually export each project to a file and then import all those export files to a new location. Now all projects within a top-level group are migrated automatically, making your work more efficient.
  • When migrating from self-managed GitLab to GitLab.com, user associations (such as comment author) are not changed to the user who is importing the projects. Migration using direct transfer maps users and their contributions correctly, provided a few conditions are met.

This feature is available on GitLab.com. You can migrate from a self-managed GitLab to GitLab.com right now!

To enable it on GitLab self-managed instances, see the linked documentation.

Learn more about migrating GitLab projects by direct transfer Beta and what’s coming next in our recent blog post.

Migrating GitLab projects by direct transfer Beta

SCIM support for self-managed GitLab

SCIM support for self-managed GitLab

Self-managed GitLab now supports the open standard System for Cross-domain Identity Management (SCIM), which allows you to automatically:

  • Create users.
  • Remove users by deactivating their SCIM identities.

Previously, this was only available for GitLab.com. SCIM enables GitLab administrators to completely automate their user lifecycle management.

SCIM support for self-managed GitLab

Selective SSO enforcement for group members

Selective SSO enforcement for group members

Previously, when SAML SSO was enabled, groups could choose to enforce SSO which required all members to use SSO authentication to access the group. However, some groups want the security of SSO enforcement for employees or group members, while still allowing outside collaborators or contractors to access their groups without SSO.

Now, groups with SAML SSO enabled have SSO automatically enforced for all members who have a SAML identity. A member has a SAML identity if one or both of the following are true:

  • They signed in to GitLab using their GitLab group’s single sign-on URL.
  • They were provisioned by SCIM.

Users without SAML identities are not required to use SSO unless SSO enforcement is explicitly enabled.

To ensure smooth operation of the selective SSO enforcement feature, please ensure your SAML configuration is working properly before selecting the Enable SAML authentication for this group checkbox.

View estimated queuing time for runners in the Admin Area

View estimated queuing time for runners in the Admin Area

A key input in GitLab Runner fleet optimization is having deep insights into queue performance over time. While today there are historical queue duration metrics available for each job on a runner in the Admin Area view, there is no simple mechanism to determine the current queue performance for runners.

With the new estimated queue time feature, you are now able to, at a glance, determine the median estimated wait time for all instance runners. This data will enable you to proactively identify potential CI job execution issues for your organization’s developers and provide insights to inform decisions on configuration or resource changes to optimize your runner fleet.

View estimated queuing time for runners in the Admin Area

15.8 Other improvements in GitLab 15.8

Check personal access token before migrations start

Check personal access token before migrations start

Previously, GitLab validated personal access tokens only after migrations had started. This meant group migrations by direct transfer could fail mid-migration because the personal access token didn’t have sufficient scope or was no longer valid.

Now we perform an early check and return an informative error when the scope is not sufficient or the token has expired. This avoids starting migrations that will definitely fail.

Create To-Dos for project owners on access requests

Create To-Dos for project owners on access requests

Previously, access requests to a project appeared only in the Access requests tab in the Project members section. Now, access requests also appear in the project owner’s To-Do List. As a project owner, having access requests added directly to your To-Do List can help you manage your tasks more efficiently and add members quicker.

Include expiring token’s name in email notification

Include expiring token’s name in email notification

When a personal access token expires, you are sent an email notification. Previously, this email told you that the token expired, but did not provide the token name. This email now provides the token name, so you can identify which token expired.

Option to not include projects when migrating GitLab groups

Option to not include projects when migrating GitLab groups

Previously when migrating a GitLab group with direct transfer to GitLab.com, you had to migrate its projects as well.

Now you have the option to not include projects when migrating groups. This option is available in the UI and the API and you can choose this option for each group separately or for all selected groups at once. The default is to a migrate group with its projects.

Setting for enabling group migration by direct transfer

Setting for enabling group migration by direct transfer

As part of group migration by direct transfer with project migration (in Beta), we have added a new application setting so that GitLab self-managed administrators can more easily enable this feature. Previously, administrators had to use feature flags to enable this feature.

This new setting must be enabled on both the source and target instances. Remember to also enable the bulk_import_projects feature flag if you want to migrate projects with your groups.

GitLab Runner 15.8

GitLab Runner 15.8

We’re also releasing GitLab Runner 15.8 today! GitLab Runner is the lightweight, highly-scalable agent that runs your CI/CD jobs and sends the results back to a GitLab instance. GitLab Runner works in conjunction with GitLab CI/CD, the open-source continuous integration service included with GitLab.

Bug Fixes:

The list of all changes is in the GitLab Runner CHANGELOG.

Static Analysis analyzer updates

Static Analysis analyzer updates

GitLab Static Analysis includes many security analyzers that the GitLab Static Analysis team actively manages, maintains, and updates. The following analyzer updates were published during the 15.8 release milestone. These updates bring additional coverage, bug fixes, and improvements.

  • CodeClimate-based analyzer updated to version 0.89.0. See CHANGELOG for further details.
    • This version also adds support for setting DOCKER_CONFIG as an alternative to CI_REGISTRY_USERNAME and CI_REGISTRY_PASSWORD variables, thanks to a community contribution from @bitcasso.
  • KICS-based analyzer updated to version 1.6.6. See CHANGELOG for further details. This version improves existing rules.
  • Kubesec-based analyzer updated to automatically fetch Helm dependencies in Helm projects. See CHANGELOG for further details.
  • NodeJSScan-based analyzer updated to improve error logging. See CHANGELOG for further details.
  • Semgrep-based analyzer updated to version 1.3.0. See CHANGELOG for further details.
  • SpotBugs-based analyzer updated to fix an error where invalid line numbers could prevent vulnerabilities from being reported. See CHANGELOG for further details.

If you include the GitLab-managed SAST template (SAST.gitlab-ci.yml), you don’t need to do anything to receive these updates. However, if you override or customize your own CI/CD template, you need to update your CI/CD configurations.

To remain on a specific version of any analyzer, you can pin to a minor version of an analyzer. Pinning to a previous version prevents you from receiving automatic analyzer updates and requires you to manually bump your analyzer version in your CI/CD template.

For previous changes, see last month’s updates.

Promote an issue to an incident with a quick action

Promote an issue to an incident with a quick action

With this release, when you create an issue, you can set the issue type to an incident on creation with the /promote_to_incident quick action.

Create an issue template and include this quick action in the description, and you will no longer have to manually select the issue type from the dropdown.

Create To-Dos for group owners on access request

Create To-Dos for group owners on access request

Previously, access requests to a group appeared only in the Access requests tab in the Group members section. Now, access requests also appear in the group owner’s To-Do List. As a group owner, having access requests added directly to your To-Do List can help you manage your tasks more efficiently and add members quicker.

Import GitHub gists into GitLab snippets using API

Import GitHub gists into GitLab snippets using API

Previously, you could import GitHub repositories to GitLab but couldn’t import GitHub gists as well.

Now you can use GitLab REST API to import your personal gists (with no more than 10 files) into personal GitLab snippets. These appear on your snippets dashboard.

Gists with more than 10 files are skipped and must be manually copied over.

If any gists were skipped or did not import for any other reason, you receive an email with the list of gists that could not be imported and reason for the import failure.

Introducing two new fonts for GitLab

Introducing two new fonts for GitLab

GitLab has historically relied on system fonts, like San Francisco on macOS and Segoe UI on Microsoft Windows, for text in the user interface (UI). There are, however, limitations to using these, as each system font renders differently, and there are variations that can impact your experience with GitLab.

In the recent GitLab rebranding, we selected Inter as the primary typeface, and we’ve adapted it for use in the GitLab UI by enabling disambiguation features (increased distinction between some characters) by default. Because of this change, we’re including it under the name GitLab Sans in the open source package of GitLab.

We’ve also chosen JetBrains Mono for our code editors and any UI requiring monospaced text. You can read more about the design process for this font in the blog post and leave feedback here.

Introducing two new fonts for GitLab

Populate Allowed to push branch protection rule on GitHub imports

Populate Allowed to push branch protection rule on GitHub imports

When importing projects from GitHub to GitLab, the GitLab Allowed to push branch protection rule is set if the following conditions are met in the GitHub project:

  • The Require a pull request before merging setting is set.
  • The Allow specified actors to bypass required pull requests setting lists some users.

If the group you are importing your project to:

  • Has at least a Premium license, GitLab users populate the list of users that are allowed to push.
  • Doesn’t have at least a Premium license, the list of users that are allowed to push is limited to roles.

Setting to make user profiles private by default

Setting to make user profiles private by default

Newly created user profiles can now be made private by default. This instance-wide setting helps to comply with local data privacy laws and individual company agreements, for example with a works council. Users can still change the visibility of their profile page from the profile settings, and GitLab administrators can override this setting to make new profiles public.

SAST false positive detection now supports Go

SAST false positive detection now supports Go

GitLab SAST uses proprietary technology to identify likely false positive results that open-source scanners return. We’ve added Go support in addition to existing support for Ruby.

Audit event for changing protected status of an environment

Audit event for changing protected status of an environment

GitLab now records audit events when an environment is set to protected and when it is unprotected. A protected environment is typically used for high-risk deployments, so it’s important to have an audit trail for when protection is removed or added.

In this release, we’ve added a Syntax options link to the search page to help you with complex queries. The drawer content provides syntax options for Advanced Search and serves as a quick reference for you when typing a query.

More discoverable syntax options for Advanced Search

Bug fixes, performance improvements, and usability improvements

Bug fixes, performance improvements, and usability improvements

At GitLab, we’re dedicated to providing the best possible experience for our users. With every release, we work tirelessly to fix bugs, improve performance, and enhance usability. Whether you’re one of the over 1 million users on GitLab.com or using our platform elsewhere, we’re committed to making sure your time with us is smooth and seamless.

Click the links below to see all the bug fixes, performance enhancements, and usability improvements we’ve delivered in 15.8.

Deprecations Deprecations

New deprecations and the complete list of all features that are currently deprecated can be viewed in the GitLab documentation. To be notified of upcoming breaking changes, subscribe to our Breaking Changes RSS feed.

  • Approvers and Approver Group fields in Merge Request Approval API
  • Auto DevOps no longer provisions a PostgreSQL database by default
  • Auto DevOps support for Herokuish is deprecated
  • Automatic backup upload using Openstack Swift and Rackspace APIs
  • Azure Storage Driver defaults to the correct root prefix
  • Conan project-level search endpoint returns project-specific results
  • Configuring Redis config file paths using environment variables is deprecated
  • Container Registry pull-through cache
  • Cookie authorization in the GitLab for Jira Cloud app
  • Dependency Scanning support for Java 13, 14, 15, and 16
  • Deployment API returns error when updated_at and updated_at are not used together
  • Developer role providing the ability to import projects to a group
  • GitLab Helm chart values gitlab.kas.privateApi.* are deprecated
  • GitLab.com importer
  • GraphQL: The DISABLED_WITH_OVERRIDE value of the SharedRunnersSetting enum is deprecated. Use DISABLED_AND_OVERRIDABLE instead
  • Limit personal access token and deploy token's access with external authorization
  • Live Preview no longer available in the Web IDE
  • Maintainer role providing the ability to change Package settings using GraphQL API
  • Non-standard default Redis ports are deprecated
  • Null value for private_profile attribute in User API is deprecated
  • Projects API field operations_access_level is deprecated
  • Rake task for importing bare repositories
  • Slack Notifications integration
  • Support for third party registries
  • Test system hook endpoint
  • The API no longer returns revoked tokens for the agent for Kubernetes
  • The Visual Reviews tool is deprecated
  • The latest Terraform templates will overwrite current stable templates
  • environment_tier parameter for DORA API
  • openSUSE Leap 15.3 packages
  • Removals and breaking changes Removals and breaking changes

    The complete list of all removed features can be viewed in the GitLab documentation. To be notified of upcoming breaking changes, subscribe to our Breaking Changes RSS feed.

    • CiliumNetworkPolicy within the auto deploy Helm chart is removed
    • Other notable changes Other notable changes

      GitLab is upgrading to Ruby 3.0 in GitLab 15.10

      GitLab is upgrading to Ruby 3.0 in GitLab 15.10

      Administrators installing from source will need to have Ruby 3.0 as a minimum version when upgrading to 15.10+. Otherwise, there is no action required by users at this time. This change is necessary as Ruby 2.7 will reach its end-of-life (EOL) and will no longer receive official updates or support. GitLab will continue our policy of backporting security fixes to the previous two monthly releases in addition to the current stable release.

      Changelog Changelog

      Please check out the changelog to see all the named changes:

      Installing Installing

      If you are setting up a new GitLab installation please see the download GitLab page.

      Updating Updating

      Check out our update page.

      Questions? Questions?

      We'd love to hear your thoughts! Visit the GitLab Forum GitLab Forum and let us know if you have questions about the release.

      GitLab Subscription Plans GitLab Subscription Plans
      • Free: Free-forever features for individual users
      • Premium: Enhance team productivity and coordination
      • Ultimate: Organization wide security, compliance, and planning

      Try all GitLab features - free for 30 days

      Cover image licensed under Unsplash license

      Try all GitLab features - free for 30 days

      GitLab is more than just source code management or CI/CD. It is a full software development lifecycle & DevOps tool in a single application.

      Try GitLab Free
      Open in Web IDE View source