We upgraded our self-hosted gitlab-ce to the latest 11.11 which brings in multiple reviewer merge request approval feature. Although this needs to be explicitly enabled via gitlab-rails console.
On the machine running our gitlab instance, I ran gitlab-rails console and got to a ruby console where I put in Feature.enable(:approval_rules) and hit Enter but I get:
>> Feature.enable(:approval_rules)
Nothing known about Feature.enable(
I do not have much experience with ruby so am not sure what am doing wrong. I searched on the web but I found documentation on how to develop with Ruby's "feature flags" but not how to enable them as a end user of the application.
You can do it via the GitLab api.
POST to https://gitlab.myhost.com/api/v4/features/approval_rules with the payload
{
"value": true
}
https://docs.gitlab.com/ee/api/features.html
Additionally, I found that the new approval rules workflow was automatically enabled upon upgrading from 11.9 to 11.10, though my experience may be different. If you perform a GET to that API endpoint, you will be able to see its current status.
If it is already enabled, perhaps you may be mistaking the new approval rules implementation with the EE feature Multiple Approval Rules. I only mention due to the -ce tag in your question.
With GitLab 13.5 (October 2020), actual feature flags are available for all:
Feature Flags made available in all tiers
In GitLab 11.4, we introduced Feature Flags.
In GitLab 12.2, we introduced percent rollout and user ID Feature Flag strategies.
In GitLab 13.1, we introduced Feature Flag user lists and support for multiple Feature Flag strategies per environment.
Earlier this year, we committed to moving 18 features to our open source Core product and took the first step in delivering on this promise by making Feature Flags available in Starter in the last release.
Now we’ve officially finished moving Feature Flags to our Core offering. We’re excited about making these features available to more of the GitLab community and seeing the positive impact it’ll have on your development workflow.
See Documentation and Issue.
That includes, still with GitLab 13.5 (October 2020):
Feature Flags flexible rollout strategy
When you use the percent rollout strategy today, the stickiness, or the experience consistency, is determined only by the user ID. This can be limiting; as an example, anonymous users cannot be affected by this strategy.
We have improved this rollout strategy by enabling you to define the stickiness based on session ID, user ID, or at random (no stickiness). This gives you more control over the rollout and allows you to support stickiness for anonymous users.
See Documentation and Issue.
The feature flag API is more about creation/update/deletion.
You will have to use a feature flag strategy in order to enable/disable a feature flag.
Feature.disable(:feature_flags_new_version)
Feature.enable(:feature_flags_new_version)
See also GitLab 13.6 (November 2020)
Fire Webhook on Feature Flag change
As a developer, you can use GitLab’s webhook features for various events, such as MR events, pipeline events, job events, and deployment events. In this release, you can now use webhook events when a feature flag is toggled either on or off. This addition streamlines the process to update your CI/CD pipelines, receive Slack notifications for events, and more. A huge thanks to Sashi for a great community contribution!
See Documentation and Issue.
Related
GitHub dependabot security alerts may sometimes become a chore especially when an abandoned project that is no longer in active use receives frequent security advisories. Is there an option to disable the active security monitoring?
Open you repo and go to Settings. Click on Code security and analysis in the Security subsection. There you will find dependabot settings with a Disable button for turning off the automated advisories.
The page is also available through direct link https://github.com/<USERNAME>/<REPO>/settings/security_analysis by replacing placeholders <USERNAME> and <REPO> with the corresponding identifiers.
Note that disabling the advisories will negatively impact the security of your software and should be avoided for any software with production deployments.
This is the top result on google.
I'm sick of getting alerts from dependabot. I have dependabot alerts disabled on all my repositories.
However, I think what we are not getting dependabot alerts but pull request alerts.
Even if we disable dependabot alerts, it continues to create pull requests.
Since we do want to receive pull request alerts, we get them.
In the official dependabot repository there are people commenting on how to disable it but all the links are outdated. Now most of them lead to the documentation or to parts of the options not related to dependabot.
At the moment I have found two possible solutions:
disable security updates:
https://github.com/settings/security_analysis
OR
Delete/truncate the dependabot configuration file:
https://github.com/USERNAME/REPOSITORY/blob/master/.github/dependabot.yml
(change USERNAME and REPOSITORY as appropriate)
I have not yet been able to verify that it works but I think that I will not receive any more PR from dependabot and, therefore, I will not receive the emails either.
Cyberixae's answer should work but if you're getting these alerts on a forked repository, I found a good fix here that involves deleting the dependabot.yml file in a different branch and setting that branch to the default branch.
The documentation for Dependabot version updates > Configure dependabot.yml > open-pull-requests-limit demonstrates how to disable version updates by setting this option to 0. Example .github/dependabot.yml file content:
version: 2
updates:
- package-ecosystem: "mix"
directory: "/"
schedule:
interval: "weekly"
# Disable version updates for hex dependencies
open-pull-requests-limit: 0
Just removing this file from the repository (as the official Github documentation about "Disabling Dependabot version updates" says) did not work for me.
I have recently started using Gitlab and integrated with Jira. Both Gitlab and Jira server are self hosted internally in my corporate environment.
I have come across a requirement where I want to create a branch in Gitlab for a project/issue directly from the JIRA issue.
Is it possible to do it? If yes then how? Is there any plugin required for that?
I have gone through some documentation but I couldn't find anything similar so if anyone has any idea please let me know.
https://docs.gitlab.com/ee/user/project/integrations/jira.html
This is now supported, with GitLab 14.2 (August 2021), in certain condition (Jira Cloud):
Create a GitLab branch from a Jira issue
Users of the GitLab.com for Jira Cloud application can now create GitLab branches directly from a Jira issue’s development panel.
This enables developers to begin work on issues without having to switch tools and lose context.
See Documentation and Issue.
That's not possible using the embedded Gitlab-Jira integration.
In jira, I suppose you have a workflow with statuses and transition. You need to configure a post function on your transition to call Gitlab API from your jira using groovy script.
I have read the official article and it says that dialogflow automatically saves a snapshot of the agent when we release the action into a particular channel like Alpha , Beta or Production.
I have submitted my action for Production and it is under review.
If I make any changes to my action now on the inline editor of dialogflow , they won't be reflected on the
released version would they ?
I am unsure due to the fact that it doesn't say deployed to any channel but says it's under review. Do I have to wait till it's in production ? There is no way to confirm that version control is in place.
If you make changes to either your webhook fulfillment or to the code in the Inline Editor, it goes into effect immediately. There is no version control at all for fulfillment.
At the same time, it means that if you make a change to fulfillment, you do not need to have it re-reviewed before it goes live.
The Alpha, Beta, and Production channels refer to the Intents, phrases, etc.
While, in theory, you can create a different environment for Alpha, Beta, and Production and in each environment use a different URL for the webhook, this definitely won't work if you're using the Inline Editor.
The best solution is to create a completely separate project and do your development and testing in that project.
I’m investigating alternatives in my projects for my team (20+ developers). i want something that can be run on server and has auditing (check) that logs
Push
Pull
Clone of projects
I can’t find anything in the docs about this for GitLab community
Does anyone here know if these features are supported? or any plugin ?
Currently, the level of logging you're requesting has not been implemented into GitLabs, but there are plans in place to implement them, though there is currently no estimated time of arrival.
Audit events are richer now, with GitLab 14.3 (September 2021)
Audit events for merge request approval setting changes
Audit events are now created if changes are made to the merge request approval settings
in a project. You can now see if a change is made to the following policies:
Requiring user password for approvals.
Allowing modifying merge request approvals in a merge request.
Needing to get new approvals when a new commit is added to a merge request.
You can now be confident that once you configure approval settings, you can quickly see
if they are changed. This is a great way to show auditors that controls were put in place
and have not been removed or modified.
Thanks to Adrien Gooris from Michelin for this contribution!
See Documentation and Issue.
And GitLab 15.2 (July 2022) adds (for non-CE only)
Audit events for group-level merge request settings
GitLab now records additional audit events when changes are made to group-level merge request settings. These are in addition to project
audit events that record changes to the same settings on projects. Specifically, audit events are now created when changes are made to groups to:
Prevent approval by author
Prevent approvals by users who add commits
Prevent editing approval rules in projects and merge requests.
Require user password to approve
Remove all approvals when commits are added to the source branch
These audit events can help you know that the settings and default configurations for your group-level merge request settings have been put in place correctly and that they have not been changed.
This is especially important because these group-level settings
will cascade down to child projects.
Governance and visibility over these changes will help you strengthen separation of duties and further simplify audits.
See Documentation and Issue.
GitLab 15.2 (July 2022) also propose to audit a special kind of clone: forks.
But only for GitLab Ultimate, so again, not CE.
Streaming audit events for project forks
You can now monitor the project forking inside your groups with new audit events that are recorded whenever
a project is forked. This includes information such as:
The user name of the user that forked the project.
The timestamp of when the project was forked.
Details of the forked project.
This gives you visibility on where your projects and source code are being copied to, and by
whom, so that you can take action if needed.
These events potentially generate a high volume of data, so they are only available as
streaming audit events.
Thank you Linjie Zhang for this contribution!
See Documentation and Issue.
In the latest(4.9) Mattermost, it provides integration with Gitlab and a Beta plugin for JIRA.
I followed the documents to finish the integration, and it works, I got notifications for the "create", "close" and "reopen" operation.
For the BUG issue, we'd like to make it "Resolved" so that our QA engineer will verify it, then it can be closed, but the "resolve" operation will not trigger any notifications neither in Gitlab nor JIRA.
I tried to use tcpdump to capture the TCP package, and it turns out that JIRA actually has sent the hook message to Mattermost. It seems to be mattermost itself who ignored those events.
Is there any configuration for such things? What can I do to meet our requirements?
BTW, I'm using the Docker preview version of Mattermost server.