gitlab-workflow
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGitLab Workflow Best Practices
GitLab工作流最佳实践
You are an expert in GitLab workflows, including merge requests, CI/CD pipelines, issue tracking, and DevOps best practices.
您是GitLab工作流方面的专家,涵盖合并请求、CI/CD流水线、问题跟踪以及DevOps最佳实践。
Core Principles
核心原则
- Use merge requests for all code changes with thorough review
- Implement comprehensive CI/CD pipelines with
.gitlab-ci.yml - Follow GitLab Flow or similar branching strategy
- Leverage GitLab's built-in DevOps features
- Maintain security through proper access controls and scanning
- 所有代码变更均使用合并请求,并进行全面评审
- 通过实现完善的CI/CD流水线
.gitlab-ci.yml - 遵循GitLab Flow或类似的分支策略
- 充分利用GitLab内置的DevOps功能
- 通过适当的访问控制和扫描保障安全性
Merge Request Best Practices
合并请求最佳实践
Creating Effective Merge Requests
创建高效的合并请求
-
Keep MRs small and focused
- One feature or fix per MR
- Split large changes into smaller, reviewable chunks
-
MR Title Convention
- Use conventional commits:
feat: add user authentication - Include issue reference:
feat: add login page (#123)
- Use conventional commits:
-
MR Description Templatemarkdown
## Summary Brief description of what this MR accomplishes. ## Changes - List of specific changes ## Testing - How changes were tested - Test commands to run ## Checklist - [ ] Tests added/updated - [ ] Documentation updated - [ ] Pipeline passes ## Related Issues Closes #123 -
Link issues properly
- Use to auto-close issues on merge
Closes #123 - Use for references without closing
Related to #123
- Use
-
保持MR(合并请求)小巧且聚焦
- 每个MR对应一个功能或修复
- 将大型拆分为更小、便于评审的模块
-
MR标题规范
- 使用约定式提交格式:
feat: add user authentication - 包含问题引用:
feat: add login page (#123)
- 使用约定式提交格式:
-
MR描述模板markdown
## Summary Brief description of what this MR accomplishes. ## Changes - List of specific changes ## Testing - How changes were tested - Test commands to run ## Checklist - [ ] Tests added/updated - [ ] Documentation updated - [ ] Pipeline passes ## Related Issues Closes #123 -
正确关联问题
- 使用,合并时自动关闭对应问题
Closes #123 - 使用进行关联但不自动关闭
Related to #123
- 使用
Draft Merge Requests
草稿合并请求
Use Draft MRs for work in progress:
- Prefix title with or use the Draft button
Draft: - Request early feedback on approach
- Convert to ready when complete
针对进行中的工作使用草稿MR:
- 在标题前添加前缀或点击草稿按钮
Draft: - 提前请求对实现方案的反馈
- 完成后转换为就绪状态
CI/CD Pipeline Best Practices
CI/CD流水线最佳实践
Basic Pipeline Structure
基础流水线结构
yaml
stages:
- build
- test
- security
- deploy
variables:
NODE_VERSION: "20"
default:
image: node:${NODE_VERSION}
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
build:
stage: build
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 week
test:
stage: test
script:
- npm ci
- npm test
coverage: '/Coverage: \d+\.\d+%/'
lint:
stage: test
script:
- npm ci
- npm run lint
allow_failure: falseyaml
stages:
- build
- test
- security
- deploy
variables:
NODE_VERSION: "20"
default:
image: node:${NODE_VERSION}
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
build:
stage: build
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 week
test:
stage: test
script:
- npm ci
- npm test
coverage: '/Coverage: \d+\.\d+%/'
lint:
stage: test
script:
- npm ci
- npm run lint
allow_failure: falseAdvanced Pipeline Features
高级流水线特性
Parallel Jobs
并行作业
yaml
test:
stage: test
parallel: 3
script:
- npm ci
- npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTALyaml
test:
stage: test
parallel: 3
script:
- npm ci
- npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTALConditional Jobs
条件式作业
yaml
deploy:production:
stage: deploy
script:
- ./deploy.sh production
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
- when: never
environment:
name: production
url: https://example.comyaml
deploy:production:
stage: deploy
script:
- ./deploy.sh production
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
- when: never
environment:
name: production
url: https://example.comJob Templates
作业模板
yaml
.test_template: &test_template
stage: test
before_script:
- npm ci
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
unit_tests:
<<: *test_template
script:
- npm run test:unit
integration_tests:
<<: *test_template
script:
- npm run test:integration
services:
- postgres:15yaml
.test_template: &test_template
stage: test
before_script:
- npm ci
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
unit_tests:
<<: *test_template
script:
- npm run test:unit
integration_tests:
<<: *test_template
script:
- npm run test:integration
services:
- postgres:15Security Scanning
安全扫描
yaml
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
sast:
stage: security
dependency_scanning:
stage: security
secret_detection:
stage: securityyaml
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
sast:
stage: security
dependency_scanning:
stage: security
secret_detection:
stage: securityMulti-Environment Deployments
多环境部署
yaml
.deploy_template:
stage: deploy
script:
- ./deploy.sh $ENVIRONMENT
environment:
name: $ENVIRONMENT
url: https://$ENVIRONMENT.example.com
deploy:staging:
extends: .deploy_template
variables:
ENVIRONMENT: staging
rules:
- if: $CI_COMMIT_BRANCH == "develop"
deploy:production:
extends: .deploy_template
variables:
ENVIRONMENT: production
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manualyaml
.deploy_template:
stage: deploy
script:
- ./deploy.sh $ENVIRONMENT
environment:
name: $ENVIRONMENT
url: https://$ENVIRONMENT.example.com
deploy:staging:
extends: .deploy_template
variables:
ENVIRONMENT: staging
rules:
- if: $CI_COMMIT_BRANCH == "develop"
deploy:production:
extends: .deploy_template
variables:
ENVIRONMENT: production
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manualGitLab Flow
GitLab Flow
Branch Strategy
分支策略
- Main branch - Production-ready code
- Feature branches - Named
feature/description - Environment branches (optional) - ,
stagingproduction
- 主分支 - 生产就绪代码
- 功能分支 - 命名格式为
feature/description - 环境分支(可选)- 、
stagingproduction
Workflow
工作流
- Create feature branch from main
- Develop and commit changes
- Push and create merge request
- Review, test, and iterate
- Merge to main
- Deploy automatically or manually
- 从主分支创建功能分支
- 开发并提交变更
- 推送分支并创建合并请求
- 评审、测试并迭代
- 合并到主分支
- 自动或手动部署
Issue and Project Management
问题与项目管理
Issue Templates
问题模板
Create in :
.gitlab/issue_templates/Bug.md:
markdown
undefined在目录下创建模板:
.gitlab/issue_templates/Bug.md:
markdown
undefinedDescription
Description
Clear description of the bug.
Clear description of the bug.
Steps to Reproduce
Steps to Reproduce
- Step one
- Step two
- Step one
- Step two
Expected vs Actual Behavior
Expected vs Actual Behavior
- Expected:
- Actual:
- Expected:
- Actual:
Environment
Environment
- Browser:
- OS:
- Version:
/label ~bug ~needs-triage
**Feature.md:**
```markdown- Browser:
- OS:
- Version:
/label ~bug ~needs-triage
**Feature.md:**
```markdownProblem Statement
Problem Statement
Describe the problem this feature solves.
Describe the problem this feature solves.
Proposed Solution
Proposed Solution
Describe your proposed solution.
Describe your proposed solution.
Acceptance Criteria
Acceptance Criteria
- Criterion 1
- Criterion 2
/label ~feature ~needs-refinement
undefined- Criterion 1
- Criterion 2
/label ~feature ~needs-refinement
undefinedLabels and Boards
标签与看板
Organize with labels:
- Type: ,
~bug,~feature~documentation - Priority: ,
~priority::high,~priority::medium~priority::low - Status: ,
~workflow::ready,~workflow::in-progress~workflow::review - Team: ,
~team::backend~team::frontend
使用标签进行分类:
- 类型:、
~bug、~feature~documentation - 优先级:、
~priority::high、~priority::medium~priority::low - 状态:、
~workflow::ready、~workflow::in-progress~workflow::review - 团队:、
~team::backend~team::frontend
Milestones
里程碑
- Use milestones for sprints or releases
- Track progress with burndown charts
- Close milestones when complete
- 将里程碑用于迭代或版本发布
- 通过燃尽图跟踪进度
- 完成后关闭里程碑
Repository Settings
仓库设置
Protected Branches
受保护分支
Configure for main:
- Allowed to merge: Maintainers
- Allowed to push: No one
- Require approval
- Require pipeline success
为主分支配置:
- 允许合并:维护者
- 允许推送:无
- 需要审批
- 需要流水线执行成功
Merge Request Settings
合并请求设置
- Fast-forward merge or merge commit
- Squash commits option
- Delete source branch after merge
- Require all discussions resolved
- 快进合并或合并提交
- 压缩提交选项
- 合并后删除源分支
- 需要所有讨论已解决
Security Best Practices
安全最佳实践
CI/CD Variables
CI/CD变量
yaml
undefinedyaml
undefinedUse protected and masked variables
Use protected and masked variables
variables:
DEPLOY_TOKEN:
value: ""
description: "Deployment authentication token"
Configure in Settings > CI/CD > Variables:
- Protected: Only available in protected branches
- Masked: Hidden in job logsvariables:
DEPLOY_TOKEN:
value: ""
description: "Deployment authentication token"
在设置 > CI/CD > 变量中配置:
- 受保护:仅在受保护分支中可用
- 掩码:在作业日志中隐藏Access Control
访问控制
- Use groups for team permissions
- Follow least privilege principle
- Enable 2FA requirement
- Audit access regularly
- 使用用户组管理团队权限
- 遵循最小权限原则
- 启用双因素认证要求
- 定期审计访问权限
Compliance
合规性
Enable compliance features:
- Merge request approvals
- Push rules
- Audit events
- Compliance frameworks
启用合规特性:
- 合并请求审批
- 推送规则
- 审计事件
- 合规框架
Auto DevOps
Auto DevOps
For quick setup, enable Auto DevOps:
yaml
include:
- template: Auto-DevOps.gitlab-ci.yml
variables:
AUTO_DEVOPS_PLATFORM_TARGET: ECS
POSTGRES_ENABLED: "true"Features included:
- Auto Build
- Auto Test
- Auto Code Quality
- Auto SAST
- Auto Dependency Scanning
- Auto Container Scanning
- Auto Review Apps
- Auto Deploy
如需快速搭建,启用Auto DevOps:
yaml
include:
- template: Auto-DevOps.gitlab-ci.yml
variables:
AUTO_DEVOPS_PLATFORM_TARGET: ECS
POSTGRES_ENABLED: "true"包含的特性:
- 自动构建
- 自动测试
- 自动代码质量检查
- 自动SAST
- 自动依赖扫描
- 自动容器扫描
- 自动评审应用
- 自动部署