September 2020 Summaries
28 posts from GitLab
Filter
Month:
Year:
Post Summaries
Back to Blog
Organizations face the challenge of balancing IT system maintenance with innovation, a task exacerbated by the pandemic and the shift to digital channels. GitLab addresses this by streamlining the adoption of DevOps practices, allowing developers to focus more on creating customer-driven features. It facilitates collaboration across various roles and asset types, enhances security and compliance through built-in templates, and offers features like Review Apps for efficient code review. GitLab's deep integration with Kubernetes and automatic environment management simplifies infrastructure tasks, while tools like Auto DevOps automate the CI/CD pipeline, enabling rapid innovation. Through these capabilities, GitLab helps organizations deliver solutions faster, maintain competitiveness, and focus on innovation within a single application.
Sep 30, 2020
999 words in the original blog post.
Gitter, an open-source chat and networking platform focused on developers, has been acquired by Element, the company behind the Matrix network for secure and decentralized communication. GitLab, Gitter's previous owner, sold the platform to concentrate on its core products, allowing Gitter to receive the necessary investment to grow within the developer community. Element aims to enhance Gitter's reach by integrating it into the Matrix network, thereby confirming Matrix as a hub for open collaboration among software developers. Founded in 2014 and independent since 2017, Gitter serves large developer communities with its free, open-source, and developer-centric platform, offering features like indexed message history and robust integration APIs. Element plans to replace the existing matrix-appservice-gitter bridge with native Matrix connectivity, transitioning Gitter into a Matrix client while inviting community feedback on this change.
Sep 30, 2020
421 words in the original blog post.
The GitLab community's Q3 Hackathon on September 2-3 set a new record with 313 merge requests (MRs) submitted, showcasing significant growth in community contributions, particularly in frontend/UX areas, such as the migration of Pajamas components. Feedback from previous events led to the inclusion of more backend-related issues, supported by numerous tutorial sessions that received over 100 views within 24 hours. Participants whose MRs were merged by September 15th received laptop sleeves, with special recognition for top contributors like Rajendra Kadam and Jonston Chan. The next Hackathon is scheduled for December 2-3, 2020, featuring a Community Challenge offering custom merchandise for successful contributions. Interested participants can begin by visiting the "Contributing to GitLab" page to explore ways to engage with the project, whether through code, documentation, or design.
Sep 30, 2020
558 words in the original blog post.
GitLab offers an efficient solution for continuous integration (CI), code reviews, and collaboration, specifically designed to handle enterprise-scale development workflows. By integrating these processes, GitLab reduces the need for context switching between different tools in complex DevOps toolchains, thereby simplifying management. This streamlined approach allows users to release software more rapidly and effectively respond to market changes, giving them a competitive edge. A short demo video showcases the seamless experience developers have when utilizing Source Code Management (SCM), CI, and Code Review within GitLab.
Sep 30, 2020
82 words in the original blog post.
Enterprises worldwide have increasingly moved mission-critical workloads to public cloud environments, necessitating ease in software deployment and management across various cloud platforms. Major cloud vendors have created marketplaces for swift application deployment, and Bitnami, now part of VMware, has partnered with these vendors to offer a library of up-to-date, open-source software that is free to users. Bitnami's collaboration with GitLab has made GitLab Community Edition (CE) more accessible by providing an easy-to-use, up-to-date package for multiple cloud platforms, benefiting millions of organizations and contributors. This partnership extends to GitLab Enterprise Edition (EE), which is now available in the Microsoft Azure marketplace and the VMware Cloud marketplace, allowing seamless deployment and enterprise-level support. Bitnami's expertise ensures timely updates for GitLab EE, addressing security and dependency updates, and allows customers to apply existing licenses in these environments.
Sep 30, 2020
459 words in the original blog post.
GitLab emphasizes its open-source ethos, encouraging everyone to contribute to its development by offering multiple tracks for contributions, such as development, documentation, translation, UX design, and project templates. The company values community contributions, having merged over 7,700 merge requests from non-employees, and highlights the collaborative nature of these contributions, which often involve numerous participants and extensive discussions. Notable examples include the implementation of interruptible builds, artifact preview support, S/MIME signature verification, Docker executor architectural changes, and batch suggestions, each requiring months of collaboration and involving a significant number of contributors. To facilitate contributions, GitLab provides various resources, including merge request coaches and community channels, while implementing automation and metrics to streamline the contribution process and stay engaged with community contributors efficiently.
Sep 30, 2020
1,056 words in the original blog post.
A successful bug bounty program hinges on attracting skilled security researchers capable of delivering insightful and innovative findings, as highlighted by the experiences of an organization that has shared its strategies for running such a program effectively. The key to an impactful bug bounty report lies in its clarity and completeness, with a thorough description of the setup, step-by-step reproduction instructions, and a precise impact analysis that helps prioritize the triage process. Security engineers emphasize avoiding irrelevant details and focusing on the vulnerability itself, with the inclusion of videos or scripts where applicable to aid comprehension. The organization celebrates outstanding contributions with a community hacking contest, offering rewards across various categories such as best-written report, most innovative report, and most impactful finding, to encourage and recognize the efforts of both new and experienced reporters.
Sep 28, 2020
1,001 words in the original blog post.
GitLab has implemented several strategies to enhance diversity and inclusivity within its recruiting process, aiming to exceed 95% outreach to candidates from underrepresented groups. Adopting an outbound-only recruiting model has allowed them to focus on sourcing diverse candidates, leading to a significant impact, such as 60% of sales candidates identifying as non-male and 28% of engineering candidates identifying as Black. GitLab has improved job family pages to include more inclusive language, utilizing tools to detect and correct gendered language and biases. Their Sourcing for Underrepresented Groups (SURG) initiative promotes collaboration among team members to source candidates for priority roles, resulting in successful hires. Feedback from team members has enhanced messaging response rates by emphasizing GitLab's asynchronous work culture and growth opportunities. Additionally, candidates nearing the end of the hiring process are offered conversations with Team Member Resource Group (TMRG) members to provide unique perspectives and foster early relationships. These efforts, led by the Diversity, Inclusion, and Belonging Manager, are part of GitLab's broader strategy to create an inclusive environment where everyone can thrive.
Sep 28, 2020
935 words in the original blog post.
DevOps is crucial for maintaining agility in a competitive market, yet technology teams in non-tech organizations often struggle to gain support from business stakeholders due to communication gaps and misaligned incentives. Google Developer Advocate Nathen Harvey highlights the need to align incentives within tech teams and between tech and business units, emphasizing the benefits of DevOps in balancing agility and stability. Research from Google's DevOps Research and Assessment (DORA) shows that elite DevOps performers achieve faster deployments with fewer failures and quicker recovery times. Successful implementation requires empathy, strategic communication, and presenting evidence of DevOps' business value. By understanding stakeholders' motivations and demonstrating the tangible benefits of DevOps, tech teams can secure the necessary buy-in from key decision-makers for enhancing business agility.
Sep 24, 2020
1,080 words in the original blog post.
GitLab simplifies the process of setting up continuous integration and deployment pipelines by offering a range of CI/CD pipeline templates and the Auto DevOps feature. These templates, available in over 30 popular programming languages and frameworks, allow teams to quickly create deployment pipelines without starting from scratch, integrating directly with the gitlab-ci.yml file used to define pipelines. Auto DevOps enhances this experience by automatically detecting, building, testing, deploying, and monitoring applications with predefined configurations, ensuring a seamless integration process. It incorporates features like Auto CI, Auto Review, Auto Deploy, and Auto Metrics to streamline various stages of development and deployment, providing default settings that can be customized to suit specific project needs. GitLab also offers numerous resources, such as examples, sample projects, and tutorials, to help users implement and optimize their CI/CD pipelines for different scenarios, making it a comprehensive solution for teams managing multiple projects.
Sep 23, 2020
641 words in the original blog post.
GitLab has introduced the GitLab Agent for Kubernetes, marking the first iteration of a new integration aimed at addressing limitations of previous Kubernetes integrations, such as the need for internet access to clusters and admin rights. Released in GitLab 13.4, the Agent is designed to enhance security and flexibility while providing a cloud-native connection between GitLab and Kubernetes. It allows for pull-based deployments, configured by code to align with GitOps best practices, and is built on the gitops-engine project. The Agent requires initial setup, including creating an Agent token and configuring repositories. Though the initial release focuses on Helm-based installations and lacks some features of previous integrations, GitLab plans to expand its capabilities to include dynamic container scanning, authentication and authorization, and Kubernetes best practices checks. The introduction of the Agent is seen as a foundational step towards offering comprehensive functionalities within locked-down clusters.
Sep 22, 2020
810 words in the original blog post.
GitLab 13.3 introduced a composer package repository feature, allowing users to store and manage both private and public composer packages within their GitLab instance. Creating packages involves adding a composer template to the .gitlab-ci.yml file, which triggers package creation upon committing to a branch or creating a git tag. For existing repositories, packages can either be manually created using curl or automated through a GitLab API package. While publishing and installing packages work seamlessly, managing permissions is straightforward, albeit currently limited to a group endpoint, necessitating multiple endpoints in composer.json for different groups. Improvements such as enhanced GUI details and full semantic versioning support are needed, presenting opportunities for community contributions to enhance the GitLab and Composer experience.
Sep 22, 2020
279 words in the original blog post.
September 2020 marks two decades of IBM Linux on Z, highlighting its significance in the realm of resilient systems used by developers employing DevOps practices. The article discusses how GitLab integrations can enhance the DevOps journey on platforms like IBM Z and Red Hat OpenShift by ensuring high availability for revenue-generating applications such as banking or POS systems. It emphasizes the role of GitLab in cloud-native environments, particularly its recent updates like the GitLab Runner support for Linux on IBM Z and the collaboration with Red Hat teams to develop the GitLab Runner Operator for OpenShift. GitLab, an open-source DevOps platform, aids organizations by accelerating the software development lifecycle with features like CI/CD, version control, and DevSecOps workflows. The ongoing collaboration between GitLab and IBM aims to further streamline the deployment of mission-critical applications on resilient systems, with future plans to expand GitLab's presence on OpenShift.
Sep 17, 2020
667 words in the original blog post.
Over the past year, GitLab's infrastructure department has been migrating services on GitLab.com to Kubernetes to enhance scaling, deployments, and resource efficiency, transitioning from the previous virtual machine-based system managed by Chef. This migration, which began planning in 2019, involves overcoming challenges like managing a hybrid deployment, network storage dependencies, and resource utilization issues. The transition has been carefully managed using a single regional Google Kubernetes Engine (GKE) cluster with segmented node pools and a focus on observability, ensuring that workloads are monitored against service-level objectives (SLOs). The migration strategy involves using a canary stage to gradually shift traffic to the new infrastructure, allowing rollback if necessary, and employing reserved pod capacity to manage workload spikes effectively. This approach has resulted in faster and safer deployments, benefiting both GitLab.com and self-managed customers using the GitLab Helm chart. The ongoing migration efforts and lessons learned, such as managing cross-availability zone network charges and improving pod start times, are documented for transparency and to aid future migrations.
Sep 16, 2020
1,964 words in the original blog post.
GitLab reimagined its Commit conference by transitioning to a 24-hour digital format to accommodate its global audience, offering a comprehensive program focused on DevOps strategies from experts in development, operations, and security. This virtual approach allowed participants worldwide to access real-time content and insights, with GitLab customers and partners sharing practical examples of how GitLab facilitates innovation and success at speed. Notable presentations included topics such as digital transformation in the public sector, DevSecOps in government and regulated industries, and the U.S. Army Cyber School's use of GitLab for 'Courseware-as-Code'. The conference highlighted GitLab's role in enabling cloud-native security, accelerating mission speed through cross-domain collaboration, and deploying DevSecOps practices using exclusively open-source tools.
Sep 14, 2020
289 words in the original blog post.
Andrew Kelly, a Senior Security Engineer at GitLab, focuses on ensuring the security of GitLab's products by working with teams and HackerOne reporters to investigate and address vulnerabilities. He finds collaborating with the HackerOne community rewarding as it often leads to new insights about application security. His current initiatives include being an application security stable counterpart for the Growth and Enablement teams and enabling GitLab's Secure tooling across major product repositories. Kelly emphasizes the importance of writing unit tests for unexpected cases to improve security and shares that his interest in security was sparked by early internet experiences and pop culture. He applauds GitLab's commitment to transparency in security practices and advocates for integrating vulnerability management into the software development lifecycle across the tech industry. A personal experience taught him the importance of verifying website authenticity and using multi-factor authentication, and he humorously notes his preference for VIM over EMACS and his fondness for dog-related emojis.
Sep 14, 2020
1,183 words in the original blog post.
In May 2020, GitLab.com, in collaboration with OnGres, successfully upgraded its main PostgreSQL cluster from version 9.6 to 11. This upgrade, motivated by the need to discontinue support for PostgreSQL 10.0 and prepare for the end-of-life of version 9.6, involved a meticulously planned process that included automation, regression testing, and comprehensive blueprint and design documentation. The upgrade was executed during a maintenance window and involved transitioning a 12-node cluster handling 6TB of data and up to 300,000 transactions per second. Key improvements in PostgreSQL 11, such as native table partitioning and enhanced query parallelism, were among the driving factors for the upgrade. The project was divided into phases that involved developing and testing automation scripts, integrating with configuration management, end-to-end testing in a staging environment, and finally executing the upgrade in production. A thorough rollback plan was prepared to ensure minimal downtime and maintain data consistency. The entire process was characterized by a commitment to Infrastructure as Code (IaC) and automation, reducing human error and ensuring a seamless transition. The upgrade was documented and recorded, providing valuable insights into the complexities and challenges of such a large-scale operation.
Sep 11, 2020
2,637 words in the original blog post.
Cloud-native software development leverages the power of the cloud from the start of the software lifecycle, with containers playing a pivotal role due to their flexibility and portability across different cloud environments. However, while containers are advantageous for their disposability, they pose challenges for storage needs, as applications require persistent and reliable storage solutions, which containers alone cannot provide. The Cloud Native Computing Foundation emphasizes the necessity for "persistent information" that remains stable regardless of the dynamic nature of cloud environments, recommending against storing data in volatile containers. To address this, various companies are developing solutions like OpenEBS, Rook, Cockroach Labs, and Rancher Longhorn, which offer stateful and scalable storage options for Kubernetes. A Gartner report suggests aligning storage solutions with container-native data service requirements and using the Container Storage Interface (CSI) to facilitate seamless communication between container orchestration platforms and stored data. Brendan O'Leary of GitLab highlights the practicality of utilizing existing cloud provider storage tools, especially for those new to Kubernetes, to simplify cloud-native development.
Sep 10, 2020
510 words in the original blog post.
At GitLab, fostering an inclusive and diverse work environment is integral to its culture, as outlined in their Handbook, which emphasizes values such as "Diversity, Inclusion, and Belonging." The author, a GitLab team member, reflects on their journey toward becoming a better ally in the workplace, acknowledging their privilege and learning through resources like the GitLab Handbook and diversity training. They stress the importance of listening, learning, and making spaces inclusive, while recognizing that mistakes are part of the process and should be met with humility and a commitment to improvement. The author encourages active participation in allyship, such as addressing discriminatory behavior, supporting marginalized voices, and contributing to a culture that values all contributions equally. They also highlight the importance of continuous learning, empathy, and collaboration to foster a supportive environment at GitLab and beyond.
Sep 09, 2020
2,307 words in the original blog post.
Over the past two years since moving to GitLab, the GNOME project has experienced significant changes in its community engagement and software development lifecycle. The transition to GitLab's Community Edition has enhanced collaboration across all teams, including non-coding teams, by utilizing features like CI/CD for testing, issue tracking, and kanban boards, although the translation team still partially relies on Bugzilla due to specific role requirements. The shift has increased transparency and community involvement, with more developers hosting projects related to GNOME, though it sometimes causes friction when the wider community engages with designs prematurely. The integration of GitLab has also improved the relationship between designers and maintainers and expedited the development cycle for the Flatpak software. Despite ongoing challenges in quality assurance and testing, GNOME continues to adapt by using homegrown tools to overcome GitLab's limitations and aspires to become more data-driven with the implementation of community health metrics. GitLab's transparency and growing support for open-source communities are appreciated, and GNOME is actively working to expand its contributor base through initiatives like the Community Engagement Challenge and upcoming conferences, with the aim of fostering a younger generation's involvement in open source.
Sep 08, 2020
1,357 words in the original blog post.
The blog post, initially published on the GitLab Unfiltered blog, discusses efficient code review practices that can minimize delays and frustrations commonly associated with code review processes, as highlighted by GitLab's 2020 Global DevSecOps Survey. The author, with three years of experience as a maintainer, shares personal strategies to streamline code reviews, emphasizing the importance of effective time management, prioritizing unblocking authors quickly, focusing on code quality rather than features, and fostering open dialogue with authors to enhance understanding and collaboration. By adhering to a structured routine and continuously learning from discussions, the author aims to optimize their workflow and encourages others to share their insights to collectively improve the code review process.
Sep 08, 2020
1,021 words in the original blog post.
GitLab is expanding its DevOps platform to better integrate designers into its workflow, recognizing that cross-functional collaboration enhances product development. By incorporating design management tools and creating a Figma plugin, GitLab aims to facilitate smoother handovers and iterative feedback loops between designers and developers, thus improving the overall user and developer experience. This initiative reflects a broader trend in tech companies to increase the designer-to-developer ratio, acknowledging the value of design in software development. GitLab's efforts include developing new product categories to support designers, addressing community requests, and ensuring compatibility for users on Linux systems. This move aligns with the company's strategy to foster a more inclusive and efficient environment for all contributors involved in the software creation process.
Sep 03, 2020
1,027 words in the original blog post.
In a reflection on the use of risk maps within software development, the author discusses their experience at GitLab, where they were tasked with automating tasks for the advanced search team. Confronted with a lack of clarity about the most pressing issues following a change in management, the author created a risk map to identify areas of unmitigated risk in the project. Risk maps, commonly used by organizations like FEMA and insurance companies, serve to guide testing efforts by highlighting where risk is most concentrated, helping teams direct their focus effectively. The process involves identifying "risk facets," or potential problem areas, and tracking whether they are being tested either implicitly or explicitly. Despite criticisms such as the maps becoming quickly outdated or distorting risk perception, the author argues that even an imperfect map is preferable to relying solely on instinct or reacting to issues post-factum. This approach not only aids in aligning testing efforts but also assists product managers in quantifying the energy needed to mitigate risks without over-investment. The iterative nature of maintaining a risk map is acknowledged, emphasizing the importance of team input in assessing risk levels, impact, and likelihood, ultimately aiming to better manage and mitigate risks as part of the development process.
Sep 03, 2020
1,368 words in the original blog post.
Mark Loveless, a senior security researcher at GitLab since February 2019, discusses his role in enhancing security practices at the company and the broader tech industry's shift towards remote work and open-source transparency. Loveless highlights the importance of seamless security integration that minimizes user friction and emphasizes the value of maintaining professional networks, which proved beneficial during career transitions. He is currently focused on outreach through blogs and conferences, securing GitLab products, and serving as a media spokesperson. Loveless predicts a future where Zero Trust and BYOD become standard practices due to increased remote work, and he envisions a shift towards passwordless authentication systems. Outside of work, he enjoys playing progressive metal music and woodworking, and he recounts a travel experience where he was mistakenly flagged for TNT by the TSA.
Sep 03, 2020
1,238 words in the original blog post.
With the shift to remote work due to the pandemic, many employees are experiencing a decline in informal workplace recognition, exacerbating feelings of impostor syndrome, which is characterized by self-doubt and feelings of inadequacy despite evidence of success. Taylor McCaslin of GitLab explains that impostor syndrome can hinder progress and suggests that adopting a growth mindset, as opposed to a fixed mindset, can help combat these negative thoughts. Various types of impostor syndrome are explored, including the perfectionist, superhero, natural genius, lone ranger, and expert, each with unique challenges and solutions. For instance, the perfectionist struggles with procrastination due to a fear of imperfection, while the superhero risks burnout by overworking to prove their worth. The natural genius finds it difficult to cope with challenges, the lone ranger hesitates to seek help, and the expert feels compelled to acquire exhaustive knowledge before undertaking new projects. GitLab addresses these issues through mentorship programs and encourages collaboration and communication to foster a supportive work environment. Techniques such as challenging negative thoughts and reframing one's mindset are also recommended to help people redefine success and reduce feelings of inadequacy.
Sep 02, 2020
1,956 words in the original blog post.
GitLab is focusing on making DevOps accessible to teams of all sizes by moving features to their free product, resulting in significant user growth, with nearly 30 million registered users and almost 6 million on the GitLab.com free tier. However, the cost of supporting this growth has increased, prompting GitLab to adjust the CI/CD minute usage limits for their free tier. Effective October 1, 2020, the free tier will be limited to 400 CI/CD minutes per month per top-level group or personal namespace, aligning usage with tier prices while maintaining the free offering. Users exceeding this limit can purchase additional minutes or upgrade to a paid tier, and options like bringing personal runners are available to manage usage. The CI/CD minute limits remain unchanged for GitLab's Open Source, Education, and Startups programs, which continue to offer Gold tier capabilities and 50,000 minutes per month. GitLab encourages users to refer to their customer FAQ and Community Forum for more information and support regarding these changes.
Sep 01, 2020
479 words in the original blog post.
The study discussed in this blog post, originally published on the GitLab Unfiltered blog and republished in November 2020, investigates user preferences between GitLab's single-file editor and the Web IDE. Initially aiming to phase out the single-file editor, the research revealed that it was significantly more popular than the Web IDE, prompting questions about usability and discoverability. Survey results showed distinct use cases for both editors: the single-file editor is favored for simple, single-file changes, while the Web IDE is preferred for complex tasks involving multiple files. This insight disproved the initial theory that users were unaware of the Web IDE, leading to plans for a more streamlined editing workflow, allowing users to toggle seamlessly between editors without losing context. The study underscores the importance of research in preventing misguided decisions and highlights proposed improvements, such as consolidating editor options into a dropdown menu to enhance user experience.
Sep 01, 2020
687 words in the original blog post.
Bazel is a powerful tool that enhances build pipelines by integrating with GitLab CI to improve both speed and correctness in software development processes. Unlike traditional methods that rebuild all artifacts from scratch, Bazel optimizes builds by only recompiling necessary components, thus making it faster and more reliable than conventional build scripts like Makefiles. This efficiency is achieved without compromising the accuracy of builds, thanks to Bazel's adept handling of incremental changes and caching. Bazel supports multiple programming languages, including Java, C, C++, Python, and Objective-C, and is continually expanding its capabilities with open-source rule sets for languages like Go and Scala. In GitLab CI, setting up Bazel for builds is straightforward, involving configurations that ensure cache immutability and effective artifact management, although remote caching or execution can further accelerate the process. The tool is also beneficial for testing, allowing teams to run selective incremental tests based on changes, thus optimizing the development cycle. GitLab is exploring further integration of Bazel to enhance its CI/CD capabilities, such as enabling faster builds and tests triggered directly from the Web IDE, and considering distributed builds and caching for autoscaling. Users are encouraged to share their experiences and suggestions to improve Bazel's integration with GitLab CI.
Sep 01, 2020
1,525 words in the original blog post.