GitLab的權限管理及Merge Request

原創塵世間一名迷途小碼農 發布於2019-06-09 12:40:30 閱讀數 2909  收藏

展開

目錄

1、前言

2、角色權限

3、強制代碼審查

一、設置受保護分支

二、創建及批核Merge Request

三、歷史查詢

---

1、前言

團隊目前在日常開發工作中都是在線下進行代碼審查，但是這樣的模式根本無法做到過程留痕。因此，需要使用GitLab的Merge Request或者Gerrit這樣的工具進行過程管理。這里詳述一下如何通過Merge Request進行線上的代碼審查。

2、角色權限

首先，在GitLab中的角色分為以下5種：Guest、Reporter、Developer、Maintainer、Owner。具體權限可以參考官方文檔

https://docs.gitlab.com/ee/user/permissions.html

具體的權限可以參考以下：

Action	Guest	Reporter	Developer	Maintainer	Owner
Create new issue	✓ 1	✓	✓	✓	✓
Create confidential issue	✓ 1	✓	✓	✓	✓
View confidential issues	(✓) 2	✓	✓	✓	✓
Leave comments	✓ 1	✓	✓	✓	✓
See related issues	✓	✓	✓	✓	✓
See a list of jobs	✓ 3	✓	✓	✓	✓
See a job log	✓ 3	✓	✓	✓	✓
Download and browse job artifacts	✓ 3	✓	✓	✓	✓
View wiki pages	✓ 1	✓	✓	✓	✓
Create and edit wiki pages			✓	✓	✓
Delete wiki pages				✓	✓
View license management reports	✓ 1	✓	✓	✓	✓
View Security reports	✓ 1	✓	✓	✓	✓
View project code	1	✓	✓	✓	✓
Pull project code	1	✓	✓	✓	✓
Download project	1	✓	✓	✓	✓
Assign issues		✓	✓	✓	✓
Assign merge requests			✓	✓	✓
Label issues		✓	✓	✓	✓
Label merge requests			✓	✓	✓
Create code snippets		✓	✓	✓	✓
Manage issue tracker		✓	✓	✓	✓
Manage labels		✓	✓	✓	✓
See a commit status		✓	✓	✓	✓
See a container registry		✓	✓	✓	✓
See environments		✓	✓	✓	✓
See a list of merge requests		✓	✓	✓	✓
Manage related issues		✓	✓	✓	✓
Lock issue discussions		✓	✓	✓	✓
Create issue from vulnerability		✓	✓	✓	✓
View Error Tracking list		✓	✓	✓	✓
Pull from Maven repository or NPM registry		✓	✓	✓	✓
Publish to Maven repository or NPM registry			✓	✓	✓
Lock merge request discussions			✓	✓	✓
Create new environments			✓	✓	✓
Stop environments			✓	✓	✓
Manage/Accept merge requests			✓	✓	✓
Create new merge request			✓	✓	✓
Create new branches			✓	✓	✓
Push to non-protected branches			✓	✓	✓
Force push to non-protected branches			✓	✓	✓
Remove non-protected branches			✓	✓	✓
Add tags			✓	✓	✓
Cancel and retry jobs			✓	✓	✓
Create or update commit status			✓	✓	✓
Update a container registry			✓	✓	✓
Remove a container registry image			✓	✓	✓
Create/edit/delete project milestones			✓	✓	✓
View approved/blacklisted licenses	✓	✓	✓	✓	✓
Use security dashboard			✓	✓	✓
Dismiss vulnerability			✓	✓	✓
Apply code change suggestions			✓	✓	✓
Use environment terminals				✓	✓
Run Web IDE’s Interactive Web Terminals				✓	✓
Add new team members				✓	✓
Push to protected branches				✓	✓
Enable/disable branch protection				✓	✓
Turn on/off protected branch push for devs				✓	✓
Enable/disable tag protections				✓	✓
Rewrite/remove Git tags				✓	✓
Edit project				✓	✓
Add deploy keys to project				✓	✓
Configure project hooks				✓	✓
Manage Runners				✓	✓
Manage job triggers				✓	✓
Manage variables				✓	✓
Manage GitLab Pages				✓	✓
Manage GitLab Pages domains and certificates				✓	✓
Remove GitLab Pages				✓	✓
View GitLab Pages protected by access control	✓	✓	✓	✓	✓
Manage clusters				✓	✓
Manage license policy				✓	✓
Edit comments (posted by any user)				✓	✓
Manage Error Tracking				✓	✓
Switch visibility level					✓
Transfer project to another namespace					✓
Remove project					✓
Delete issues					✓
Force push to protected branches 4
Remove protected branches 4
View project Audit Events				✓	✓
View project statistics		✓	✓	✓	✓
View Insights charts	✓	✓	✓	✓	✓

       從上圖可以看出來，Maintainer能夠push代碼到受保護分支，而Developer只能創建Merge Request，這就為團隊推行強制代碼審查並做到有跡可循提供了技術保證。

3、強制代碼審查

一、設置受保護分支

通過菜單 Project -> Settings -> Repository -> Protected Branches，然后按照下圖步驟設置，最終可以得到第十步的結果：

二、創建及批核Merge Request

我們把本地修改的代碼提交到個人遠程分支上，並想把個人分支合並到某個Dev分支上用於SIT提測即可參考以下步驟。這里用從dev_sp16_man 合並到 Dev_Sprint16_Kid 作為例子。

第一步：Team1_Dev（開發人員）創建MR並提交，MR主要填寫以下5個參數：（同步你可以根據團隊情況選擇勾選【remove source branch when merge request is accepted】）

• Title
• Description
• Assignee
• Source branch
• Target branch

第二步：Team1_Leader登錄，在【Merge Request】的角標已經提醒有一個request需要審核。

然后，在點擊該merge request后，可以通過GitLab自帶的Web IDE或者下載到本地IDE進行查看。

第三步：在代碼審核無誤后，可以添加comment並點擊【Merge】進行代碼合並，可以看到這時候的左上角狀態仍然是【Open】。

第四步：在點擊【Merge】后，可以看到代碼合並已經成功，這時候左上角狀態變為【Merged】。

三、歷史查詢

通過菜單 Project 選擇你想進入的項目，然后點擊【Merge Request】，然后再點擊【All】即可展示所有的代碼審查歷史，這樣就能在流程層面保證所有的代碼合並是經過審核的，並可以做到有跡可循。