【DevOps】GitLab的权限管理及Merge Request

目录

1、前言

2、角色权限

3、强制代码审查

一、设置受保护分支

二、创建及批核Merge Request

三、历史查询

---

1、前言

团队目前在日常开发工作中都是在线下进行代码审查，但是这样的模式根本无法做到过程留痕。因此，需要使用GitLab的Merge Request或者Gerrit这样的工具进行过程管理。这里详述一下如何通过Merge Request进行线上的代码审查。

2、角色权限

首先，在GitLab中的角色分为以下5种：Guest、Reporter、Developer、Maintainer、Owner。具体权限可以参考官方文档

https://docs.gitlab.com/ee/user/permissions.html

具体的权限可以参考以下：

Action	Guest	Reporter	Developer	Maintainer	Owner
Create new issue	✓ 1	✓	✓	✓	✓
Create confidential issue	✓ 1	✓	✓	✓	✓
View confidential issues	(✓) 2	✓	✓	✓	✓
Leave comments	✓ 1	✓	✓	✓	✓
See related issues	✓	✓	✓	✓	✓
See a list of jobs	✓ 3	✓	✓	✓	✓
See a job log	✓ 3	✓	✓	✓	✓
Download and browse job artifacts	✓ 3	✓	✓	✓	✓
View wiki pages	✓ 1	✓	✓	✓	✓
Create and edit wiki pages			✓	✓	✓
Delete wiki pages				✓	✓
View license management reports	✓ 1	✓	✓	✓	✓
View Security reports	✓ 1	✓	✓	✓	✓
View project code	1	✓	✓	✓	✓
Pull project code	1	✓	✓	✓	✓
Download project	1	✓	✓	✓	✓
Assign issues		✓	✓	✓	✓
Assign merge requests			✓	✓	✓
Label issues		✓	✓	✓	✓
Label merge requests			✓	✓	✓
Create code snippets		✓	✓	✓	✓
Manage issue tracker		✓	✓	✓	✓
Manage labels		✓	✓	✓	✓
See a commit status		✓	✓	✓	✓
See a container registry		✓	✓	✓	✓
See environments		✓	✓	✓	✓
See a list of merge requests		✓	✓	✓	✓
Manage related issues		✓	✓	✓	✓
Lock issue discussions		✓	✓	✓	✓
Create issue from vulnerability		✓	✓	✓	✓
View Error Tracking list		✓	✓	✓	✓
Pull from Maven repository or NPM registry		✓	✓	✓	✓
Publish to Maven repository or NPM registry			✓	✓	✓
Lock merge request discussions			✓	✓	✓
Create new environments			✓	✓	✓
Stop environments			✓	✓	✓
Manage/Accept merge requests			✓	✓	✓
Create new merge request			✓	✓	✓
Create new branches			✓	✓	✓
Push to non-protected branches			✓	✓	✓
Force push to non-protected branches			✓	✓	✓
Remove non-protected branches			✓	✓	✓
Add tags			✓	✓	✓
Cancel and retry jobs			✓	✓	✓
Create or update commit status			✓	✓	✓
Update a container registry			✓	✓	✓
Remove a container registry image			✓	✓	✓
Create/edit/delete project milestones			✓	✓	✓
View approved/blacklisted licenses	✓	✓	✓	✓	✓
Use security dashboard			✓	✓	✓
Dismiss vulnerability			✓	✓	✓
Apply code change suggestions			✓	✓	✓
Use environment terminals				✓	✓
Run Web IDE’s Interactive Web Terminals				✓	✓
Add new team members				✓	✓
Push to protected branches				✓	✓
Enable/disable branch protection				✓	✓
Turn on/off protected branch push for devs				✓	✓
Enable/disable tag protections				✓	✓
Rewrite/remove Git tags				✓	✓
Edit project				✓	✓
Add deploy keys to project				✓	✓
Configure project hooks				✓	✓
Manage Runners				✓	✓
Manage job triggers				✓	✓
Manage variables				✓	✓
Manage GitLab Pages				✓	✓
Manage GitLab Pages domains and certificates				✓	✓
Remove GitLab Pages				✓	✓
View GitLab Pages protected by access control	✓	✓	✓	✓	✓
Manage clusters				✓	✓
Manage license policy				✓	✓
Edit comments (posted by any user)				✓	✓
Manage Error Tracking				✓	✓
Switch visibility level					✓
Transfer project to another namespace					✓
Remove project					✓
Delete issues					✓
Force push to protected branches 4
Remove protected branches 4
View project Audit Events				✓	✓
View project statistics		✓	✓	✓	✓
View Insights charts	✓	✓	✓	✓	✓

       从上图可以看出来，Maintainer能够push代码到受保护分支，而Developer只能创建Merge Request，这就为团队推行强制代码审查并做到有迹可循提供了技术保证。

3、强制代码审查

一、设置受保护分支

通过菜单 Project -> Settings -> Repository -> Protected Branches，然后按照下图步骤设置，最终可以得到第十步的结果：

二、创建及批核Merge Request

我们把本地修改的代码提交到个人远程分支上，并想把个人分支合并到某个Dev分支上用于SIT提测即可参考以下步骤。这里用从dev_sp16_man 合并到 Dev_Sprint16_Kid 作为例子。

第一步：Team1_Dev（开发人员）创建MR并提交，MR主要填写以下5个参数：（同步你可以根据团队情况选择勾选【remove source branch when merge request is accepted】）

• Title
• Description
• Assignee
• Source branch
• Target branch

第二步：Team1_Leader登录，在【Merge Request】的角标已经提醒有一个request需要审核。

然后，在点击该merge request后，可以通过GitLab自带的Web IDE或者下载到本地IDE进行查看。

第三步：在代码审核无误后，可以添加comment并点击【Merge】进行代码合并，可以看到这时候的左上角状态仍然是【Open】。

第四步：在点击【Merge】后，可以看到代码合并已经成功，这时候左上角状态变为【Merged】。

三、历史查询

通过菜单 Project 选择你想进入的项目，然后点击【Merge Request】，然后再点击【All】即可展示所有的代码审查历史，这样就能在流程层面保证所有的代码合并是经过审核的，并可以做到有迹可循。