🥇Tinjauan kode ing Gitlab CE: yen ora ana persetujuan panyuwunan Gabung, nanging sampeyan pancene pengin

Salah sawijining fungsi sing paling penting, sing ora ana ing versi gratis GitLab, yaiku kemampuan kanggo milih nglawan pembatalan repositori lan ngontrol panjaluk Gabung (MR), nggunakake review kode wajib.

Ayo kita nindakake fungsi minimal dhewe - kita bakal nglarang Gabung nganti sawetara pangembang menehi jempol marang MR.

Apa iki malah perlu?

Organisasi kita bisa tuku lisensi GitLab kanthi gampang. Nanging, amarga pangembangan ditindakake ing daur ulang sing ditutup tanpa akses Internet, lan ana perencanaan anggaran sing ketat, tuku lisensi sing dikelola dhewe kanthi fungsi sing dibutuhake bisa nyeret nganti pirang-pirang wulan, nanging karya kudu ditindakake saiki.

Akibaté, sampeyan kudu:

utawa rampung nglarang Gabung ing cabang sing dilindhungi kanggo sawetara pangembang, nanging banjur pangembang sing duwe hak Gabung nampa konflik nalika nggabungake MR wong liya minangka bonus;
utawa menehi kesempatan kanggo nggawe merges uncontrolled karo cabang master tanpa review kode, malah yen iku Junior, sing direkrut mung wingi.

Babagan pisanan sing ditindakake yaiku Google, percaya yen ana wong sing wis nindakake perkara sing padha (tanpa ngowahi kode kasebut), nanging ternyata durung ana implementasine ing versi komunitas.

Skema kerja umum

Minangka conto, ayo ngatur persetujuan panyuwunan Gabung ing repositori tes myapp:

Ayo nggawe token kanggo akses menyang API GitLab (liwat kita bakal nampa informasi babagan jumlah swara "kanggo" lan "marang")
Ayo nambah token menyang variabel GitLab
Ayo mateni Gabung yen ana kesalahan ing pipa (yen ora ana upvotes cukup)
Ayo nyiyapake verifikasi voting minangka bagean saka pipa CI/CD
Kita nglarang nggawe komitmen kanggo cabang sing dilindhungi; kabeh owah-owahan mung digawe liwat MR
Ayo dipriksa apa sing kedadeyan ing pungkasan

1. Nggawe token kanggo ngakses API

Pindhah menyang Setelan Panganggo → Akses Token lan tulisake token kasebut:

Akun kanggo nampa token
Akses API ngidini sampeyan nindakake meh kabeh karo repositori sampeyan, mula aku nyaranake nggawe akun Gitlab sing kapisah, menehi hak minimal kanggo repositori sampeyan (eg Reporter) lan entuk token kanggo akun kasebut.

2. Tambah token menyang variabel Gitlab

Contone, ing langkah sadurunge kita nampa token QmN2Y0NOUFlfeXhvd21ZS01aQzgK

Buka Setelan → CI/CD → Variabel → Tambah variabel → GITLAB_TOKEN_FOR_CI

Akibaté, kita entuk:

Iki bisa ditindakake ing siji repositori utawa ing klompok repositori.

3. Kita nglarang Gabung yen persetujuan saka kolega ora ditampa sawise review kode.

Ing kasus kita, larangan ing Merge yaiku pipa perakitan bakal ngasilake kesalahan yen ora cukup swara.

Pindhah menyang Setelan → Umum → Gabung Panjaluk → Gabung Priksa lan aktifake pilihan Jalur perakitan kudu rampung kanthi sukses.

4. Nyetel pipa

Yen sampeyan durung nggawe pipa CI/CD kanggo aplikasi sampeyan
Nggawe file ing ROOT saka repositori .gitlab-ci.yml kanthi isi sing paling gampang:

stages:
  - build
  - test

variables:
  NEED_VOTES: 1

include:
  - remote: "https://gitlab.com/gitlab-ce-mr-approvals/ci/-/raw/master/check-approve.gitlab-ci.yml"

run-myapp:
  stage: build
  script: echo "Hello world"

Repositori kapisah kanggo konfigurasi CI / CD
Aku nyaranake nggawe gudang kapisah sing kudu nggawe file myapp.gitlab-ci.yml kanggo ngatur pipa. Kanthi cara iki sampeyan bisa ngontrol akses peserta sing bisa ngganti pipa mbangun lan nampa token akses.

Lokasi file pipeline anyar kudu kasebut kanthi pindhah menyang repositori myapp - Setelan - CI / CD - Jalur Majelis - Path konfigurasi CI Custom - nemtokake file anyar, f.eks. myapp.gitlab-ci.yml@gitlab-ce-mr-approvals/Ci

Tip: Gunakake linter kanggo ngowahi file GitLab CI
Sanajan sampeyan kerja dhewe, nggarap MR bakal dadi bantuan sing apik, nglakokake kabeh owah-owahan menyang file pipa liwat linter. Yen sampeyan nggawe kesalahan ing sintaks file YAML, ora bakal ngilangi pipa produksi, nanging mung bakal mblokir Gabung.

Conto kontainer kanthi linter sing bisa digawe ing pipa sampeyan:

hub.docker.com/r/gableroux/gitlab-ci-lint
hub.docker.com/r/sebiwi/gitlab-ci-validate

Lan conto tahap verifikasi:

stages:
  - lint

lint:
  stage: lint
  image: sebiwi/gitlab-ci-validate:1.3.0
  variables:
    GITLAB_HOST: https://gitlab.com
  script:
    - CI_FILES=(./*.yml)
    - for f in "${CI_FILES[@]}"; do
        gitlab-ci-validate $f;
      done;

Sampeyan kudu nambah sawetara paramèter menyang pipa supaya bisa digunakake:

stages: - test


variables:

NEED_VOTES: 1

include: - remote: "https://gitlab.com/gitlab-ce-mr-approvals/ci/-/raw/master/check-approve.gitlab-ci.yml"
Variabel NEED_VOTES nemtokake jumlah "jempol" sing kudu diduweni MR supaya Gabung kasedhiya. Nilai sing padha karo siji tegese sampeyan dhewe bisa nyetujoni MR kanthi "seneng".

kalebu kalebu tataran test, kang mriksa nomer "seneng".

Pipa paling gampang nggunakake conto myapp.gitlab-ci.yml
stages: - build - test


variables:

NEED_VOTES: 0
include:

- remote: "https://gitlab.com/gitlab-ce-mr-approvals/ci/-/raw/master/check-approve.gitlab-ci.yml"

run-myapp: stage: build image: openjdk script: - echo CI_MERGE_REQUEST_TARGET_BRANCH_NAME $CI_MERGE_REQUEST_TARGET_BRANCH_NAME - java HelloWorld.java

Isi check-approve.gitlab-ci.yml
ci-mr: stage: test script: - echo ${CI_API_V4_URL} - echo "CI_PROJECT_ID ${CI_PROJECT_ID}" - echo "CI_COMMIT_SHA ${CI_COMMIT_SHA}" - "export MR_ID=$(curl --silent --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN_FOR_CI" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests | jq ".[] | if .sha == \"${CI_COMMIT_SHA}\" then .id else {} end" | grep --invert-match {})" - "export MR_TITLE=$(curl --silent --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN_FOR_CI" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests | jq ".[] | if .sha == \"${CI_COMMIT_SHA}\" then .title else {} end" | grep --invert-match {})" - "export MR_WIP=$(curl --silent --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN_FOR_CI" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests | jq ".[] | if .sha == \"${CI_COMMIT_SHA}\" then .work_in_progress else {} end" | grep --invert-match {})" - "export MR_UPVOTES=$(curl --silent --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN_FOR_CI" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests | jq ".[] | if .sha == \"${CI_COMMIT_SHA}\" then .upvotes else {} end" | grep --invert-match {})" - "export MR_DOWNVOTES=$(curl --silent --request GET --header "PRIVATE-TOKEN: $GITLAB_TOKEN_FOR_CI" ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/merge_requests | jq ".[] | if .sha == \"${CI_COMMIT_SHA}\" then .downvotes else {} end" | grep --invert-match {})" - MR_VOTES=$(expr ${MR_UPVOTES} - ${MR_DOWNVOTES}) - NEED_VOTES_REAL=${NEED_VOTES:-1} - echo "MR_ID ${MR_ID} MR_TITLE ${MR_TITLE} MR_WIP ${MR_WIP} MR_UPVOTES ${MR_UPVOTES} MR_DOWNVOTES ${MR_DOWNVOTES}" - echo "MR_VOTES ${MR_VOTES} Up vote = 1, down vote = -1, MR OK if votes >=${NEED_VOTES_REAL}" - if [ "${MR_VOTES}" -ge "$(expr ${NEED_VOTES_REAL})" ]; then echo "MR OK"; else echo "MR ERROR Need more votes"; exit 1; fi image: laptevss/gitlab-api-util rules: - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^release/.*$/'

Informasi liyane babagan apa sing kedadeyan sajrone verifikasi:

ana watesan sing mriksa mung bakal rampung nalika nggawe MR ing master utawa release / * cabang
nggunakake API GitLab, kita entuk nomer "seneng" lan "ora seneng"
ngitung prabédan antarane respon positif lan negatif
yen prabédan kurang saka nilai kita nyetel ing NEED_VOTES, banjur kita mblokir kemampuan kanggo nggabung

5. Larang komitmen kanggo cabang sing dilindhungi

Kita nemtokake cabang sing kudu ditindakake review kode lan nuduhake yen mung bisa digarap liwat MR.

Kanggo nindakake iki, pindhah menyang Setelan → Repositori → Cabang sing Dilindungi:

6. Priksa

Setel NEED_VOTES: 0

Kita nggawe MR lan sijine "dislike".

Ing log mbangun:

Saiki sijine "kaya" lan miwiti mriksa maneh:

Source: www.habr.com

Review kode ing Gitlab CE: yen ora ana persetujuan panyuwunan Gabung, nanging aku pengin banget