Why should we choose GitLab?
In this article, I will try to tell you about the general structure of GitLab.
GitLab is a web-based DevOps cycle tool, we can say it is a platform that includes all the processes needed to execute a project.
Continuous Integration (CI) and Continuous Deployment (CD), bug registration, code analysis, and wiki support are the first prominent features.
It has an Open-Source license and this platform is GitLab inc. as of August 2017. It is being developed by 171 team members in 31 different countries.
In addition, more than 1200 people contributed in total.
We can also say that developers seeking alternative open source have made GitLab more popular after Microsoft bought GitHub for $ 7.5 m.
IOS SUPPORT
Also, there is an iOS app for managing your GitLab projects on iPhone or iPad. GitLab Control gives you full access to your GitLab projects with the built-in code viewer and search tools.
Want to read this story later? Save it in Journal.
You can fully navigate your code tree, issues, milestones, and code snippets or search for any filenames, IDs, or labels. You can also capture, organize and prioritize your team’s issues, and stay up-to-date using activity streams displaying commits, issues, and more across all repositories.
Some companies using GitLab;
Sony, IBM, NASA, Oracle, Alibaba, O’Reilly Media
IMPORT PROJECTS TO GITLAB
If you want to execute your existing projects in GitLab, all you have to do is import them.
It’s really easy and fast.
If you do not have an existing project and you are going to create a new project, it also offers you a ready template based on the programming language you will use like Ruby on Ralls, IOS(Swift), .Net Core…
ADVANTAGES
All In One: The entire workflow, including DevOps processes, is managed through a single application.
Shorten Development: It accelerates the development and deployment process.
Free Container Registry: You can easily create the docker image for each repo without the need for configuration.
Self Host: You can host GitLab on your own server, in a container, or in a cloud provider.
Trunk Based Development: Allows developers to work on a single branch.
Easy Integration: It can operate integrated with Jenkins, Slack, Kubernetes and similar applications.
ISSUES
GitLab issue is an advanced tool to jointly develop ideas, solve problems, plan business and you can still work with the JIRA integration tool.
I mentioned that GitLab has its own issue tracking structure. For example, the issue has a similar structure to task management in Jira.
INTEGRATIONS
There are many applications that can be integrated and some of them can be listed as follows.
Jenkins: When you install GitLab Jenkins integration, it triggers a structure in the Jenkins installation when any event occurs in your project and the resulting pipeline can be viewed as successful or unsuccessful.
Slack: Create, updated, closed events can be sent to the slack channel as a notification.
Jira: You can also follow up on the issue via Jira.
Redmine: You can also follow up on the issue via Redmine.
Prometheus : You can monitor deployed applications.
For detailed information on all integrations: Gitlab integrations
CI / CD PIPELINE
GitLab comes with a strong and well-integrated Continuous Integration (CI) and Continuous Deployment (CD) processes.
Let’s talk about CI/CD processes briefly;
Continuous Integration (CI)
Continuous Integration is the definition of the process that is usually given to the process by which the developer’s changes in an application are automatically error-tested and then stored in the repository of the code.
It is the process of making the code ready for the deployment process after making sure that the development made is error-free and that the tests have passed successfully. The goal of continuous delivery is to ensure that every code written requires minimal effort to make it a product.
Continuous Deployment (CD)
Continuous Deployment is a process of secure release of software that we are sure has gone through the CI process successfully.
Fixes the problem of overloading operations teams with manual operations that slow application delivery. It relies on the benefits of continuous delivery by automating the next stage in the sequential order.
GitLab RUNNER
The runner is an example of an assembly that can be used to run jobs on multiple machines and send results to GitLab and can be placed on separate users, servers, and the local machine.
It is written in Go and can be installed on GNU/ Linux, macOS, FreeBSD, and Windows.
It can be used in 5 types Shared, Group, Specific Runners, Locked, and Paused.
Shared: All of your projects are available for CI/CD tasks.
Group: It can be used for all projects within the team or group you have defined.
Specific: It only works on the defined repository.
Locked: Runner cannot be assigned to other projects.
Paused: Runner can’t get a new job and process it.
You can define more than one task at a time by using .gitlab-ci.yml file. (build:debian, build:centos, build:windows)
SECURITY
I want to talk about the features that Gitlab offers especially with the Gold package, I will explain the protection mechanism before and after deployment with their own products that they have developed about security.
SAST (Static Application Security Testing) :
Source code scans using open source tools before the deployment process started. You need a GitLab runner with docker or Kubernetes by default to run SAST jobs. Our SAST jobs require a Linux container, Windows containers are not yet supported.
.gitlab-ci.yml:
DAST (Dynamic Application Security Testing) :
In general, it examines the vulnerabilities of your application in the live environment. Unlike static application security test tools, DAST tools do not have access to source code and therefore detect vulnerabilities by actually carrying out attacks.
DAST uses the popular open-source tool OWASP Zed Attack proxy to perform an analysis on your running web application.
.gitlab-ci.yml:
FUZZ (Fuzz Testing) :
It is a closed-box software testing method that aims to find errors in the internal structure of the system through methods such as sending unexpected, sequential data to the system. This helps you discover errors and potential security issues that other QA processes may overlook.
Fuzzing sends random entries to an instrumental version of your application to cause unexpected behavior, such as random input. Such behavior indicates an error that you must resolve. It is a closed-box software testing method that aims to find errors in the internal structure of the system.
.gitlab-ci.yml:
Fuzzing does 2 types of testing:
Fuzzing: Standard fuzzing session. You can configure a long session with a user-defined timeout.
Regression: It does a test from start to finish along with previous fuzzing tests.
DEPENDENCY SCANNING:
Externally identifies dependencies and analyzes vulnerabilities that you include in your project.
.gitlab-ci.yml
CONTAINER SCANNING:
Docker examines the vulnerabilities of your image.
.gitlab-ci.yml:
DISASTER RECOVERY
Everyone wants a system that works smoothly but both physical problems or cyber-attacks can damage our infrastructure, all the processes we work on can collapse in an instant.
You do your development, you commit to the repository, the CI process comes in, the build is taken, the necessary tests are run, the CD process comes in and your development is eventually moved to the live environment. The most critical layer in this process is your Repository.
So GitLab creates a safe replication of your database, your repository, and other tools, protect your data and process without loss or minor loss.
MERGE TRAINS
Merge Trains is a feature that comes with GitLab which allows you to process your merge-operations.
It continues to merge by adding changes to the previous pipeline while running your Merge operations in order.
For example;
In turn, three join requests (A, B, and C) are added to a merge train, resulting in three joined result sequences running in parallel.
- The first pipeline runs on the changes from
Acombined with the target branch - The second pipeline runs on the changes from
AandBcombined with the target branch. - The third pipeline runs on the changes from
A,B, andCcombined with the target branch.
If the pipeline for B fails, it is removed from the train. The pipeline for C begins again with changes A and C, but without changes B.
If A is then successfully completed, it merges with the target branch and C continues to operate. If more merge requests are added to the train, these will include the A changes that are now in the target branch and the C changes that come from the merge request that are already in the train.
CODE QUALITY
It can be problematic to keep your project’s code simple, readable, and easy to develop.
Working with SonarQube logic, GitLab code quality analyzes your code and makes suggestions.
Code Quality:
- Uses Code Climate Engines, which are free and open source. Code Quality does not require a Code Climate subscription.
- Runs in pipelines using a Docker image built in the GitLab Code Quality project using default Code Climate configurations.
- Can make use of a template.
- Is available with Auto DevOps.
- Can be extended through Analysis Plugins or a custom tool.
.gitlab-ci.yml
DISADVANTAGES
I want to tell you about some disadvantages of GitLab in my opinion.
Jira issue tracking is better than GitLab issues because Jira is more flexible and advanced, especially if you work on multiple projects.
GitLab issues can be defined only for a specific project but Jira issues can be created in a backlog and allow to link to any project.
PR review is difficult because of confusing UI, it must be more clear.
There is not much community activity but I think it will be over time.
Still, there are some bugs in UI but there is no big deal.
Thanks for reading.
References and Sources:
GitLab Docs :https://docs.gitlab.com/ee/README.html
About GitLab: https://about.gitlab.com/company/
Explore GitLab: https://gitlab.com/explore
SonarQube: https://docs.sonarqube.org/latest/analysis/overview/
