GitLab的权限管理及Merge Request
目录
1、前言
团队目前在日常开发工作中都是在线下进行代码审查,但是这样的模式根本无法做到过程留痕。因此,需要使用GitLab的Merge Request或者Gerrit这样的工具进行过程管理。这里详述一下如何通过Merge Request进行线上的代码审查。
2、角色权限
首先,在GitLab中的角色分为以下5种:Guest、Reporter、Developer、Maintainer、Owner。具体权限可以参考官方文档
https://docs.gitlab.com/ee/user/permissions.html
具体的权限可以参考以下:
| Action | Guest | Reporter | Developer | Maintainer | Owner |
|---|---|---|---|---|---|
| Create new issue | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| Create confidential issue | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| View confidential issues | (✓) 2 | ✓ | ✓ | ✓ | ✓ |
| Leave comments | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| See related issues | ✓ | ✓ | ✓ | ✓ | ✓ |
| See a list of jobs | ✓ 3 | ✓ | ✓ | ✓ | ✓ |
| See a job log | ✓ 3 | ✓ | ✓ | ✓ | ✓ |
| Download and browse job artifacts | ✓ 3 | ✓ | ✓ | ✓ | ✓ |
| View wiki pages | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| Create and edit wiki pages | ✓ | ✓ | ✓ | ||
| Delete wiki pages | ✓ | ✓ | |||
| View license management reports | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| View Security reports | ✓ 1 | ✓ | ✓ | ✓ | ✓ |
| View project code | 1 | ✓ | ✓ | ✓ | ✓ |
| Pull project code | 1 | ✓ | ✓ | ✓ | ✓ |
| Download project | 1 | ✓ | ✓ | ✓ | ✓ |
| Assign issues | ✓ | ✓ | ✓ | ✓ | |
| Assign merge requests | ✓ | ✓ | ✓ | ||
| Label issues | ✓ | ✓ | ✓ | ✓ | |
| Label merge requests | ✓ | ✓ | ✓ | ||
| Create code snippets | ✓ | ✓ | ✓ | ✓ | |
| Manage issue tracker | ✓ | ✓ | ✓ | ✓ | |
| Manage labels | ✓ | ✓ | ✓ | ✓ | |
| See a commit status | ✓ | ✓ | ✓ | ✓ | |
| See a container registry | ✓ | ✓ | ✓ | ✓ | |
| See environments | ✓ | ✓ | ✓ | ✓ | |
| See a list of merge requests | ✓ | ✓ | ✓ | ✓ | |
| Manage related issues | ✓ | ✓ | ✓ | ✓ | |
| Lock issue discussions | ✓ | ✓ | ✓ | ✓ | |
| Create issue from vulnerability | ✓ | ✓ | ✓ | ✓ | |
| View Error Tracking list | ✓ | ✓ | ✓ | ✓ | |
| Pull from Maven repository or NPM registry | ✓ | ✓ | ✓ | ✓ | |
| Publish to Maven repository or NPM registry | ✓ | ✓ | ✓ | ||
| Lock merge request discussions | ✓ | ✓ | ✓ | ||
| Create new environments | ✓ | ✓ | ✓ | ||
| Stop environments | ✓ | ✓ | ✓ | ||
| Manage/Accept merge requests | ✓ | ✓ | ✓ | ||
| Create new merge request | ✓ | ✓ | ✓ | ||
| Create new branches | ✓ | ✓ | ✓ | ||
| Push to non-protected branches | ✓ | ✓ | ✓ | ||
| Force push to non-protected branches | ✓ | ✓ | ✓ | ||
| Remove non-protected branches | ✓ | ✓ | ✓ | ||
| Add tags | ✓ | ✓ | ✓ | ||
| Cancel and retry jobs | ✓ | ✓ | ✓ | ||
| Create or update commit status | ✓ | ✓ | ✓ | ||
| Update a container registry | ✓ | ✓ | ✓ | ||
| Remove a container registry image | ✓ | ✓ | ✓ | ||
| Create/edit/delete project milestones | ✓ | ✓ | ✓ | ||
| View approved/blacklisted licenses | ✓ | ✓ | ✓ | ✓ | ✓ |
| Use security dashboard | ✓ | ✓ | ✓ | ||
| Dismiss vulnerability | ✓ | ✓ | ✓ | ||
| Apply code change suggestions | ✓ | ✓ | ✓ | ||
| Use environment terminals | ✓ | ✓ | |||
| Run Web IDE’s Interactive Web Terminals | ✓ | ✓ | |||
| Add new team members | ✓ | ✓ | |||
| Push to protected branches | ✓ | ✓ | |||
| Enable/disable branch protection | ✓ | ✓ | |||
| Turn on/off protected branch push for devs | ✓ | ✓ | |||
| Enable/disable tag protections | ✓ | ✓ | |||
| Rewrite/remove Git tags | ✓ | ✓ | |||
| Edit project | ✓ | ✓ | |||
| Add deploy keys to project | ✓ | ✓ | |||
| Configure project hooks | ✓ | ✓ | |||
| Manage Runners | ✓ | ✓ | |||
| Manage job triggers | ✓ | ✓ | |||
| Manage variables | ✓ | ✓ | |||
| Manage GitLab Pages | ✓ | ✓ | |||
| Manage GitLab Pages domains and certificates | ✓ | ✓ | |||
| Remove GitLab Pages | ✓ | ✓ | |||
| View GitLab Pages protected by access control | ✓ | ✓ | ✓ | ✓ | ✓ |
| Manage clusters | ✓ | ✓ | |||
| Manage license policy | ✓ | ✓ | |||
| Edit comments (posted by any user) | ✓ | ✓ | |||
| Manage Error Tracking | ✓ | ✓ | |||
| Switch visibility level | ✓ | ||||
| Transfer project to another namespace | ✓ | ||||
| Remove project | ✓ | ||||
| Delete issues | ✓ | ||||
| Force push to protected branches 4 | |||||
| Remove protected branches 4 | |||||
| View project Audit Events | ✓ | ✓ | |||
| View project statistics | ✓ | ✓ | ✓ | ✓ | |
| View Insights charts | ✓ | ✓ | ✓ | ✓ | ✓ |
从上图可以看出来,Maintainer能够push代码到受保护分支,而Developer只能创建Merge Request,这就为团队推行强制代码审查并做到有迹可循提供了技术保证。
3、强制代码审查
一、设置受保护分支
通过菜单 Project -> Settings -> Repository -> Protected Branches,然后按照下图步骤设置,最终可以得到第十步的结果:
二、创建及批核Merge Request
我们把本地修改的代码提交到个人远程分支上,并想把个人分支合并到某个Dev分支上用于SIT提测即可参考以下步骤。这里用从dev_sp16_man 合并到 Dev_Sprint16_Kid 作为例子。
第一步:Team1_Dev(开发人员)创建MR并提交,MR主要填写以下5个参数:(同步你可以根据团队情况选择勾选【remove source branch when merge request is accepted】)
- Title
- Description
- Assignee
- Source branch
- Target branch
第二步:Team1_Leader登录,在【Merge Request】的角标已经提醒有一个request需要审核。
然后,在点击该merge request后,可以通过GitLab自带的Web IDE或者下载到本地IDE进行查看。
第三步:在代码审核无误后,可以添加comment并点击【Merge】进行代码合并,可以看到这时候的左上角状态仍然是【Open】。
第四步:在点击【Merge】后,可以看到代码合并已经成功,这时候左上角状态变为【Merged】。
三、历史查询
通过菜单 Project 选择你想进入的项目,然后点击【Merge Request】,然后再点击【All】即可展示所有的代码审查历史,这样就能在流程层面保证所有的代码合并是经过审核的,并可以做到有迹可循。
