GitLab的權限管理及Merge Request

目錄

1、前言

2、角色權限

3、強制代碼審查

一、設置受保護分支

二、創建及批覈Merge Request

三、歷史查詢

---

1、前言

團隊目前在日常開發工作中都是在線下進行代碼審查，但是這樣的模式根本無法做到過程留痕。因此，需要使用GitLab的Merge Request或者Gerrit這樣的工具進行過程管理。這裏詳述一下如何通過Merge Request進行線上的代碼審查。

2、角色權限

首先，在GitLab中的角色分爲以下5種：Guest、Reporter、Developer、Maintainer、Owner。具體權限可以參考官方文檔

https://docs.gitlab.com/ee/user/permissions.html

具體的權限可以參考以下：

Action	Guest	Reporter	Developer	Maintainer	Owner
Create new issue	✓ 1	✓	✓	✓	✓
Create confidential issue	✓ 1	✓	✓	✓	✓
View confidential issues	(✓) 2	✓	✓	✓	✓
Leave comments	✓ 1	✓	✓	✓	✓
See related issues	✓	✓	✓	✓	✓
See a list of jobs	✓ 3	✓	✓	✓	✓
See a job log	✓ 3	✓	✓	✓	✓
Download and browse job artifacts	✓ 3	✓	✓	✓	✓
View wiki pages	✓ 1	✓	✓	✓	✓
Create and edit wiki pages			✓	✓	✓
Delete wiki pages				✓	✓
View license management reports	✓ 1	✓	✓	✓	✓
View Security reports	✓ 1	✓	✓	✓	✓
View project code	1	✓	✓	✓	✓
Pull project code	1	✓	✓	✓	✓
Download project	1	✓	✓	✓	✓
Assign issues		✓	✓	✓	✓
Assign merge requests			✓	✓	✓
Label issues		✓	✓	✓	✓
Label merge requests			✓	✓	✓
Create code snippets		✓	✓	✓	✓
Manage issue tracker		✓	✓	✓	✓
Manage labels		✓	✓	✓	✓
See a commit status		✓	✓	✓	✓
See a container registry		✓	✓	✓	✓
See environments		✓	✓	✓	✓
See a list of merge requests		✓	✓	✓	✓
Manage related issues		✓	✓	✓	✓
Lock issue discussions		✓	✓	✓	✓
Create issue from vulnerability		✓	✓	✓	✓
View Error Tracking list		✓	✓	✓	✓
Pull from Maven repository or NPM registry		✓	✓	✓	✓
Publish to Maven repository or NPM registry			✓	✓	✓
Lock merge request discussions			✓	✓	✓
Create new environments			✓	✓	✓
Stop environments			✓	✓	✓
Manage/Accept merge requests			✓	✓	✓
Create new merge request			✓	✓	✓
Create new branches			✓	✓	✓
Push to non-protected branches			✓	✓	✓
Force push to non-protected branches			✓	✓	✓
Remove non-protected branches			✓	✓	✓
Add tags			✓	✓	✓
Cancel and retry jobs			✓	✓	✓
Create or update commit status			✓	✓	✓
Update a container registry			✓	✓	✓
Remove a container registry image			✓	✓	✓
Create/edit/delete project milestones			✓	✓	✓
View approved/blacklisted licenses	✓	✓	✓	✓	✓
Use security dashboard			✓	✓	✓
Dismiss vulnerability			✓	✓	✓
Apply code change suggestions			✓	✓	✓
Use environment terminals				✓	✓
Run Web IDE’s Interactive Web Terminals				✓	✓
Add new team members				✓	✓
Push to protected branches				✓	✓
Enable/disable branch protection				✓	✓
Turn on/off protected branch push for devs				✓	✓
Enable/disable tag protections				✓	✓
Rewrite/remove Git tags				✓	✓
Edit project				✓	✓
Add deploy keys to project				✓	✓
Configure project hooks				✓	✓
Manage Runners				✓	✓
Manage job triggers				✓	✓
Manage variables				✓	✓
Manage GitLab Pages				✓	✓
Manage GitLab Pages domains and certificates				✓	✓
Remove GitLab Pages				✓	✓
View GitLab Pages protected by access control	✓	✓	✓	✓	✓
Manage clusters				✓	✓
Manage license policy				✓	✓
Edit comments (posted by any user)				✓	✓
Manage Error Tracking				✓	✓
Switch visibility level					✓
Transfer project to another namespace					✓
Remove project					✓
Delete issues					✓
Force push to protected branches 4
Remove protected branches 4
View project Audit Events				✓	✓
View project statistics		✓	✓	✓	✓
View Insights charts	✓	✓	✓	✓	✓

       從上圖可以看出來，Maintainer能夠push代碼到受保護分支，而Developer只能創建Merge Request，這就爲團隊推行強制代碼審查並做到有跡可循提供了技術保證。

3、強制代碼審查

一、設置受保護分支

通過菜單 Project -> Settings -> Repository -> Protected Branches，然後按照下圖步驟設置，最終可以得到第十步的結果：

二、創建及批覈Merge Request

我們把本地修改的代碼提交到個人遠程分支上，並想把個人分支合併到某個Dev分支上用於SIT提測即可參考以下步驟。這裏用從dev_sp16_man 合併到 Dev_Sprint16_Kid 作爲例子。

第一步：Team1_Dev（開發人員）創建MR並提交，MR主要填寫以下5個參數：（同步你可以根據團隊情況選擇勾選【remove source branch when merge request is accepted】）

• Title
• Description
• Assignee
• Source branch
• Target branch

第二步：Team1_Leader登錄，在【Merge Request】的角標已經提醒有一個request需要審覈。

然後，在點擊該merge request後，可以通過GitLab自帶的Web IDE或者下載到本地IDE進行查看。

第三步：在代碼審覈無誤後，可以添加comment並點擊【Merge】進行代碼合併，可以看到這時候的左上角狀態仍然是【Open】。

第四步：在點擊【Merge】後，可以看到代碼合併已經成功，這時候左上角狀態變爲【Merged】。

三、歷史查詢

通過菜單 Project 選擇你想進入的項目，然後點擊【Merge Request】，然後再點擊【All】即可展示所有的代碼審查歷史，這樣就能在流程層面保證所有的代碼合併是經過審覈的，並可以做到有跡可循。