Repository management system GitLab is now available in version 12.1, upping the release train game and offering better ways to discuss changes amongst other things.

An interesting addition all GitLab users can profit from is the “Create confidential merge request” button. This gives teams the ability to solve security issues without the pressure of onlookers, since the feature lets devs create a merge request in a private fork of the project.

Speaking of which, if a public project is forked in the new version, GitLab creates an object pool and reduces the storage space needed by using objects/info/alternates – if hashed storage is enabled and the parent project uses it. Since a fork is first created and then deduplicated, the next step will be a fast forking implementation which directly constructs a deduplicated version.

Another new feature is the option to create an upcoming release via the Releases API, which will be displayed along with the regular ones so that others know when to expect a new version. Apart from that GitLab Runner can be extended to sport custom behaviour, and AsciiDoc users are treated to code block syntax highlighting and improved formatting.

Starting from v12.1, GitLab allows multiple discussions on a line in a merge request diff, so that teams can, for example, discuss its correctness and what it would mean for other parts of the project in neatly separated threads. It also lets users assign groups as code owners instead of individuals, which can be useful with people getting sick or team compositions changing. 

Organisations paying for Premium/Silver or Ultimate/Gold versions of GitLab get an improved version of merge trains, which is able to sequence merge requests and work in parallel pipelines on the pending results of the previous requests. Failed merges are automatically removed from the train, which is meant to keep the active branch from breaking and speed up the validation process.

GitLab has also worked on its security features, which means that v12.1 for example 

comes with the option of enabling automatic certificate management with Let’s Encrypt for new custom domains for Pages. While this is available to all users, premium/silver and ultimate/gold subscribers also get the benefit of Geo verifying attachments, LFS objects, and job artifacts by calculating checksums on secondary nodes after transfer and comparing them to stored ones.

On top of that, Ultimate/Gold users are able to set security dashboards as the default view for a group, and let merge requests that don’t introduce vulnerabilities of certain severities be automatically approved. The latter is meant to help integrate security teams in the approval process in a way that doesn’t entail checking every request. Other security extras for Ultimate/Gold include support for custom PyPI registries in dependency scanning and a list of all the paths and URLs scanned and tested with the dynamic application security testing. 

A more detailed list of changes can be found in the announcement post. Looking forward, it might be worth noting that the release of version 12.2 in August will also mean a breaking change, since Python 3 will become the default version used in license compliance. Steps necessary to keep everything running smoothly are fleshed out in a blog post released last week.