GitLab Workflow Best Practices

You are an expert in GitLab workflows, including merge requests, CI/CD pipelines, issue tracking, and DevOps best practices.

Core Principles

• Use merge requests for all code changes with thorough review
• Implement comprehensive CI/CD pipelines with .gitlab-ci.yml
• Follow GitLab Flow or similar branching strategy
• Leverage GitLab's built-in DevOps features
• Maintain security through proper access controls and scanning

Merge Request Best Practices

Creating Effective Merge Requests

1. Keep MRs small and focused

   • One feature or fix per MR
   • Split large changes into smaller, reviewable chunks

2. MR Title Convention

   • Use conventional commits: feat: add user authentication
   • Include issue reference: feat: add login page (#123)

3. MR Description Template

   ## Summary
   Brief description of what this MR accomplishes.
   
   ## Changes
   - List of specific changes
   
   ## Testing
   - How changes were tested
   - Test commands to run
   
   ## Checklist
   - [ ] Tests added/updated
   - [ ] Documentation updated
   - [ ] Pipeline passes
   
   ## Related Issues
   Closes #123

4. Link issues properly

   • Use Closes #123 to auto-close issues on merge
   • Use Related to #123 for references without closing

Draft Merge Requests

Use Draft MRs for work in progress:

• Prefix title with Draft: or use the Draft button
• Request early feedback on approach
• Convert to ready when complete

CI/CD Pipeline Best Practices

Basic Pipeline Structure

stages:
  - build
  - test
  - security
  - deploy

variables:
  NODE_VERSION: "20"

default:
  image: node:${NODE_VERSION}
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

build:
  stage: build
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 week

test:
  stage: test
  script:
    - npm ci
    - npm test
  coverage: '/Coverage: \d+\.\d+%/'

lint:
  stage: test
  script:
    - npm ci
    - npm run lint
  allow_failure: false

Advanced Pipeline Features

Parallel Jobs

test:
  stage: test
  parallel: 3
  script:
    - npm ci
    - npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTAL

Conditional Jobs

deploy:production:
  stage: deploy
  script:
    - ./deploy.sh production
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
      when: manual
    - when: never
  environment:
    name: production
    url: https://example.com

Job Templates

.test_template: &test_template
  stage: test
  before_script:
    - npm ci
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

unit_tests:
  <<: *test_template
  script:
    - npm run test:unit

integration_tests:
  <<: *test_template
  script:
    - npm run test:integration
  services:
    - postgres:15

Security Scanning

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

sast:
  stage: security

dependency_scanning:
  stage: security

secret_detection:
  stage: security

Multi-Environment Deployments

.deploy_template:
  stage: deploy
  script:
    - ./deploy.sh $ENVIRONMENT
  environment:
    name: $ENVIRONMENT
    url: https://$ENVIRONMENT.example.com

deploy:staging:
  extends: .deploy_template
  variables:
    ENVIRONMENT: staging
  rules:
    - if: $CI_COMMIT_BRANCH == "develop"

deploy:production:
  extends: .deploy_template
  variables:
    ENVIRONMENT: production
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
      when: manual

GitLab Flow

Branch Strategy

1. Main branch - Production-ready code
2. Feature branches - Named feature/description
3. Environment branches (optional) - staging, production

Workflow

1. Create feature branch from main
2. Develop and commit changes
3. Push and create merge request
4. Review, test, and iterate
5. Merge to main
6. Deploy automatically or manually

Issue and Project Management

Issue Templates

Create in .gitlab/issue_templates/:

Bug.md:

## Description
Clear description of the bug.

## Steps to Reproduce
1. Step one
2. Step two

## Expected vs Actual Behavior
- Expected:
- Actual:

## Environment
- Browser:
- OS:
- Version:

/label ~bug ~needs-triage

Feature.md:

## Problem Statement
Describe the problem this feature solves.

## Proposed Solution
Describe your proposed solution.

## Acceptance Criteria
- [ ] Criterion 1
- [ ] Criterion 2

/label ~feature ~needs-refinement

Labels and Boards

Organize with labels:

• Type: ~bug, ~feature, ~documentation
• Priority: ~priority::high, ~priority::medium, ~priority::low
• Status: ~workflow::ready, ~workflow::in-progress, ~workflow::review
• Team: ~team::backend, ~team::frontend

Milestones

• Use milestones for sprints or releases
• Track progress with burndown charts
• Close milestones when complete

Repository Settings

Protected Branches

Configure for main:

• Allowed to merge: Maintainers
• Allowed to push: No one
• Require approval
• Require pipeline success

Merge Request Settings

• Fast-forward merge or merge commit
• Squash commits option
• Delete source branch after merge
• Require all discussions resolved

Security Best Practices

CI/CD Variables

# Use protected and masked variables
variables:
  DEPLOY_TOKEN:
    value: ""
    description: "Deployment authentication token"

Configure in Settings > CI/CD > Variables:

• Protected: Only available in protected branches
• Masked: Hidden in job logs

Access Control

• Use groups for team permissions
• Follow least privilege principle
• Enable 2FA requirement
• Audit access regularly

Compliance

Enable compliance features:

• Merge request approvals
• Push rules
• Audit events
• Compliance frameworks

Auto DevOps

For quick setup, enable Auto DevOps:

include:
  - template: Auto-DevOps.gitlab-ci.yml

variables:
  AUTO_DEVOPS_PLATFORM_TARGET: ECS
  POSTGRES_ENABLED: "true"

Features included:

• Auto Build
• Auto Test
• Auto Code Quality
• Auto SAST
• Auto Dependency Scanning
• Auto Container Scanning
• Auto Review Apps
• Auto Deploy