I'm trying to setup a gitlab worflow for my team with gitlab-ci. We have a Gitlab CE version 10.2.4 with gitlab CI configured to run a build on every push. Now we would like to use the merge request workflow with protected develop and release branches. Our requirement is that no code can be merged into these branch without running on gitlab-ci first to keep these branches clean.
Since gitlab doesn't seem to have the possibility to automatically test merge request, our only option is to use either Merge commit with semi-linear history or Fast-forward merge. (cf open issue on gitlab)
The issue is that since these merge option require fast-forward, if multiple merge request are created for the same target branch, accepting one merge request changes the target branch. This then prevent other merge request from being merged as they are no longer fast-forward. This means that every time we accept a merge request we have to rebase/merge all the other merge request with the target branch which is quite tedious.
Can anyone using Fast-forward merge option on gitlab explain how they deal with this multiple merge request scenario ? Or is there an other way to ensure that code is tested before being merge without requiring the fast-forward ?
In your project settings, go to "General"->"Merge request" and check "Only allow merge requests to be merged if the pipeline succeeds".
Related
In their documentation regarding pull request pipelines, bitbucket says:
Pull requests:
a special pipeline that only runs on pull requests initiated from within your repository. It merges the destination branch into your working branch before it runs. If the merge fails, the pipeline stops.
So I'm wondering, why merging before running the pipeline? Why not just running against the coming branch without merging?
Could the reason be detecting merge conflicts early on in the pipeline before the real merge?
If you want to run a pipeline against the coming branch, this is very doable by using Branch workflows. PR merge trigger is just a slightly different idea, as the result of a PR merge is not necessarily the same as the coming branch. For example, merge conflicts can be introduced, which will make your pipeline fail.
There's one thing that documentation is not quite clear about, so I'll clarify it: all this pre-pipeline merging only occurs inside your build environment. Git history of your repository is absolutely safe, and Bitbucket Pipelines won't introduce any changes to it on your behalf.
Finally, you can run a PR merge pipeline manually from the Pipelines UI, without actually merging a PR (see the same link). This way, you can make sure that the merge result build is passing without actually doing a merge.
For example, if the dev branch is behind the build branch when the two branches merge, the merge request can be created. But it is clear that it cannot merge because it is not possible to merge a backward branch into the current branch. In this case, I want to use the.gitlab-ci.yml configuration, To determine if the dev branch is behind the build branch, I wonder, can this be done? How to configure the.gitlab-ci.yml file if possible?
Basically, gitlab attempts the merge using git to determine if there's a conflict. It actually calls to gitaly to do this.
Basically the process goes like this:
The rails app in repository.rb will call to the gitaly conflict service to check for conclicts
The conflict service list_conflict_file in gitaly will call to git2go
The git2go conflicts subcommand will basically perform the git merge operation and return any conflicts that were encountered. This eventually makes its way back as a response to the call from rails in step (1)
So, if you wanted to do something similar in your CI/CD pipeline, you could use git (or a programatic API to git in your favorite language) to attempt a local merge of the two branches in order to detect conflicts.
Is there a way to block creating/approving merge requests from "feature/*" branches into master?
I need to allow only merge requests from "release/*" and "hotfix/*" branches.
When creating MergeRequest via GUI the default target branch is master. So human error while doing this may break a workflow and merge untested\unbuild feature into master.
Our current workflow is coding new features in "feature/*" branches. Merging several features into new "release/*" branch and CI makes a build and tests of this release. After testing this release goes on the prod server and into master.
Since GitLab permissions are role-based, there's no way to set permissions per branch (other than setting a branch as protected in Settings / Repository / Protected Branches, which which controls who can merge not which branch can merge ). However, you could do the following:
In your GitLab CICD (if you don't have it set up already I highly recommend, its a handy tool) set up a check that runs always to determine which branch is trying to be merged ($CI_COMMIT_REF_NAME is what you want, see all GitLab default environment variables here) and if the branch name matches 'feature/*', then have the pipeline fail
Under Settings / General / Merge Requests, under Merge Checks, check the option Pipelines must succeed.
Now, if someone attempts to create a Merge Request from a feature branch, the pipeline will fail and no one will be allowed to approve the Merge Request.
So our company is using Gitflow. Can't currently change that. I have looked into github-flow and gitlab-flow, but we can't currently move to a different model.
When finishing a hotfix or release branch, right now we don't use merge requests, but manually use gitflow to locally merge the branches into master/dev/release.
Is there a supposed way of finishing a branch using merge requests in Gitlab? We'd like to go protect the master and dev branches from pushes. It's just safer to let gitlab handle the actual merging.
I'd've opened an issue on gitlab directly, but I'm not actually sure where.
Edit: I also thought about making two Merge Requests in Gitlab, but that can't be the way either.
My GitLab CI/CD is run when I:
click Create merge request
every commit in created branch
when merge request branch is merged to master
I would like to skip first pipeline (on creating merge request), because I would like to optimize (fasten) my CI/CD.
On creating merge request new branch is created from master which already build successfully. There is no point of running the pipeline again.
Can I do that? I already check documentation for when but no idea how to solve this.
I often use the option Create branch instead of Create merge request. This can only be done in the issue view.
Then the first pipeline in this branch is running after the first push into the branch. With a push in the branch you can create a merge request.