GitLab Workflow Best Practices

Core Principles

• Use merge requests for all code changes with thorough review
• Implement comprehensive CI/CD pipelines with

  .gitlab-ci.yml

• Follow GitLab Flow or similar branching strategy
• Leverage GitLab's built-in DevOps features
• Maintain security through proper access controls and scanning

Merge Request Best Practices

Creating Effective Merge Requests

1. Keep MRs small and focused
   • One feature or fix per MR
   • Split large changes into smaller, reviewable chunks
2. MR Title Convention
   • Use conventional commits:

     feat: add user authentication

   • Include issue reference:

     feat: add login page (#123)

3. MR Description Template
   markdown

   ## Summary
   Brief description of what this MR accomplishes.
   
   ## Changes
   - List of specific changes
   
   ## Testing
   - How changes were tested
   - Test commands to run
   
   ## Checklist
   - [ ] Tests added/updated
   - [ ] Documentation updated
   - [ ] Pipeline passes
   
   ## Related Issues
   Closes #123

4. Link issues properly
   • Use

     Closes #123

     to auto-close issues on merge
   • Use

     Related to #123

     for references without closing

Draft Merge Requests

• Prefix title with

  Draft:

  or use the Draft button
• Request early feedback on approach
• Convert to ready when complete

CI/CD Pipeline Best Practices

Basic Pipeline Structure

stages:
  - build
  - test
  - security
  - deploy

variables:
  NODE_VERSION: "20"

default:
  image: node:${NODE_VERSION}
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

build:
  stage: build
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 week

test:
  stage: test
  script:
    - npm ci
    - npm test
  coverage: '/Coverage: \d+\.\d+%/'

lint:
  stage: test
  script:
    - npm ci
    - npm run lint
  allow_failure: false

Advanced Pipeline Features

Parallel Jobs

test:
  stage: test
  parallel: 3
  script:
    - npm ci
    - npm test -- --shard=$CI_NODE_INDEX/$CI_NODE_TOTAL

Conditional Jobs

deploy:production:
  stage: deploy
  script:
    - ./deploy.sh production
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
      when: manual
    - when: never
  environment:
    name: production
    url: https://example.com

Job Templates

.test_template: &test_template
  stage: test
  before_script:
    - npm ci
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

unit_tests:
  <<: *test_template
  script:
    - npm run test:unit

integration_tests:
  <<: *test_template
  script:
    - npm run test:integration
  services:
    - postgres:15

Security Scanning

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

sast:
  stage: security

dependency_scanning:
  stage: security

secret_detection:
  stage: security

Multi-Environment Deployments

.deploy_template:
  stage: deploy
  script:
    - ./deploy.sh $ENVIRONMENT
  environment:
    name: $ENVIRONMENT
    url: https://$ENVIRONMENT.example.com

deploy:staging:
  extends: .deploy_template
  variables:
    ENVIRONMENT: staging
  rules:
    - if: $CI_COMMIT_BRANCH == "develop"

deploy:production:
  extends: .deploy_template
  variables:
    ENVIRONMENT: production
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
      when: manual

GitLab Flow

Branch Strategy

1. Main branch - Production-ready code
2. Feature branches - Named

   feature/description

3. Environment branches (optional) -

   staging

   ,

   production

Workflow

1. Create feature branch from main
2. Develop and commit changes
3. Push and create merge request
4. Review, test, and iterate
5. Merge to main
6. Deploy automatically or manually

Issue and Project Management

Issue Templates

.gitlab/issue_templates/

## Description
Clear description of the bug.

## Steps to Reproduce
1. Step one
2. Step two

## Expected vs Actual Behavior
- Expected:
- Actual:

## Environment
- Browser:
- OS:
- Version:

/label ~bug ~needs-triage

## Problem Statement
Describe the problem this feature solves.

## Proposed Solution
Describe your proposed solution.

## Acceptance Criteria
- [ ] Criterion 1
- [ ] Criterion 2

/label ~feature ~needs-refinement

Labels and Boards

• Type:

  ~bug

  ,

  ~feature

  ,

  ~documentation

• Priority:

  ~priority::high

  ,

  ~priority::medium

  ,

  ~priority::low

• Status:

  ~workflow::ready

  ,

  ~workflow::in-progress

  ,

  ~workflow::review

• Team:

  ~team::backend

  ,

  ~team::frontend

Milestones

• Use milestones for sprints or releases
• Track progress with burndown charts
• Close milestones when complete

Repository Settings

Protected Branches

• Allowed to merge: Maintainers
• Allowed to push: No one
• Require approval
• Require pipeline success

Merge Request Settings

• Fast-forward merge or merge commit
• Squash commits option
• Delete source branch after merge
• Require all discussions resolved

Security Best Practices

CI/CD Variables

# Use protected and masked variables
variables:
  DEPLOY_TOKEN:
    value: ""
    description: "Deployment authentication token"

• Protected: Only available in protected branches
• Masked: Hidden in job logs

Access Control

• Use groups for team permissions
• Follow least privilege principle
• Enable 2FA requirement
• Audit access regularly

Compliance

• Merge request approvals
• Push rules
• Audit events
• Compliance frameworks

Auto DevOps

include:
  - template: Auto-DevOps.gitlab-ci.yml

variables:
  AUTO_DEVOPS_PLATFORM_TARGET: ECS
  POSTGRES_ENABLED: "true"

• Auto Build
• Auto Test
• Auto Code Quality
• Auto SAST
• Auto Dependency Scanning
• Auto Container Scanning
• Auto Review Apps
• Auto Deploy