GitLab.org/GitLab: Release v10.6.0-ee

Name: GitLab

Released: 2020-04-03

License: MIT

Release Assets:

![25 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=25&style=for-the-badge "New features added in this release") ![292 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=292&style=for-the-badge "Total features") #### [Ultimate](https://about.gitlab.com/pricing/ultimate/) ![7 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=7&style=flat-square "New features added to this tier in this release") ![20 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=20&style=flat-square "Total features in this tier")

[Kubernetes cluster monitoring](https://docs.gitlab.com/ee/user/project/clusters/#monitoring-your-kubernetes-cluster)

> Kubernetes provides a great way for developers to easily deploy > and manage applications, without worrying about how or where > their software is running. It is still important however to > manage overall cluster capacity, to balance room for growth > versus underutilized compute costs. > > GitLab 10.6 makes this easy, by directly showing both the current > and available compute resources for a connected cluster. For example if > [deploy boards](https://gitlab.com/gitlab-org/gitlab-ee/issues/5029) > is showing a pod that is failing to start, a user can simply check the > cluster metrics to confirm if resources have been exhausted.

[SAST security report on pipelines view](https://docs.gitlab.com/ee/user/application_security/sast/#security-report-under-pipelines)

> A few releases ago, we shipped [Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/topics/autodevops/#auto-sast), > which automatically finds vulnerabilities in any new code changes in a merge request. > This allows you to fix them before merging, ensuring these security problems are not introduced > nto master and not released to production. > > With this release, this same information is available in a complete SAST security report > in the **CI/CD > Pipelines** page. This allows developers, production/systems engineers, and > any other security stakeholders to have even more visibility into any security risks as your code > progresses through CI/CD.

[SAST for Java-Maven apps](https://docs.gitlab.com/ee/topics/autodevops/#auto-sast)

> Prior to this release, GitLab already supported popular languages such as Ruby, Python, and JavaScript as part of > [Static Application Security Testing (SAST)](https://docs.gitlab.com/ee/topics/autodevops/#auto-sast) feature. > > In GitLab 10.6, we are adding Maven, a common build automation tool for Java. > If you are already using SAST, you don't need to change anything in your configuration to get the new checks; they will > be automatically available. > > See the [complete list of supported languages and frameworks](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks).

[Authentication support for DAST](https://docs.gitlab.com/ee/user/application_security/dast/)

> A few releases ago, we shipped [Dynamic Application Security Testing (DAST)](https://docs.gitlab.com/ee/user/application_security/dast/), > allowing you to check for security vulnerabilities dynamically and automatically in a [Review App](https://docs.gitlab.com/ee/ci/review_apps/index.html) > version of your work-in-progress code, before it is merged into master and released to production. > > Previously, this feature was limited to public pages. With this release, you can now specify credentials that DAST > will use to authenticate into your web app and to simulate an attacker that is able to access sections protected > with a login process.

[Labels in Epics](https://docs.gitlab.com/ee/user/group/epics/)

> GitLab issues and merge requests support labels to enable flexible and highly > customizable management of these objects. It's an effective design that we've > also brought to Epics in this release. > > You can now assign group labels to epics from the sidebar of an epic, exactly > the same as with issues and merge requests. And you can filter by labels on the epics > list page in a group, again like issues and merge requests. Users of GitLab > will thus find this feature immediately recognizable. This allows you easily > mix and match epics into different categories based on the powerful search and filter bar.

[GitLab ChatOps (alpha)](https://docs.gitlab.com/ee/ci/chatops/)

> For many organizations, much of their communication, including their > operations and troubleshooting discussions, is moving to chat. There > is also typically an "operations toolbox," containing frequently used > commands to check on the health of an environment or to perform routine actions. > > With GitLab 10.6 we wanted to make it easy to both automate these routine > actions, as well as bring them into Slack itself. Getting started is as > easy as adding a job to your GitLab CI YML, and enabling Slack > slash commands integration. Users will then be able to interact with it by typing > in the slash command, the CI job name, and then passing any relevant > arguments. The job will be executed on a runner, with the output being > sent right back to Slack.

[Epics API](https://docs.gitlab.com/ee/api/epics.html)

> Along with the labels support mentioned [above](#labels-in-epics), we have maintained > parity with API support for Epics. You can get a list of epics based on the same search > and filter parameters of the search and filter bar in the web UI of the epics page. This includes > searching by the epic title and description, filtering by the author and labels, and ordering > by "created at" and "updated at" timestamps.

#### [Premium](https://about.gitlab.com/pricing/premium/) ![6 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=6&style=flat-square "New features added to this tier in this release") ![60 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=60&style=flat-square "Total features in this tier")

[GitLab CI/CD for external repos](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos) (SaaS only)

> In 2011, GitLab started out as a code repo alone. Since then, we've built an application for the entire DevOps lifecycle that includes rich capabilities for testing, security, packaging, deployment, and monitoring. With this newest release, you can now use GitLab for CI, or even CD and monitoring, all while your application code is hosted in an external repo. > > To use [GitLab CI/CD with a GitHub repository](/solutions/github/) create a new GitLab project. On the **CI/CD for external repo** tab, click **GitHub** to sign in and select your GitHub repo. Once you add a `.gitlab-ci.yml` file to your repo (or enable Auto DevOps), GitLab will automatically run pipelines and update the commit status in GitHub. > > You can also connect to any Git repo via URL and configure status webhooks manually. For example, if you're using Bitbucket, read how to > [manually enable GitLab CI/CD](https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/bitbucket_integration.html). > > To celebrate this release, we're offering this feature promotionally as part of GitLab.com Free through March 2019.

[External Authorization Control](https://docs.gitlab.com/ee/administration/settings/external_authorization.html) (self-managed only)

> In some regulated environments, project classification systems are used > to control access to projects, and can now be used with GitLab. When > enabled, admins can set the classification of each project. In addition > to GitLab access controls, access to projects will also require > approval from the external authorization service.

[External CI/CD configuration in Starter and Bronze](https://docs.gitlab.com/ee/ci/yaml/#include)

> In GitLab 10.5 we added the ability to [include external CI/CD configuration files](https://about.gitlab.com/releases/2018/02/22/gitlab-10-5-released/#include-external-files-in-cicd-pipeline-definition) > into the main `.gitlab-ci.yml` for your project. This feature was available only to Premium users on self-managed Gitlab and Silver users on GitLab.com. > > We received a lot of feedback from customers asking us to move this to a lower tier and we are excited > to bring this feature to even more users in this release by making it now available to Starter users on self-managed Gitlab and Bronze users on GitLab.com. > The ability to have a centralized control over the pipeline configuration > and to reuse the same definition in multiple projects is something that is valuable for enterprises and smaller businesses as well. > > Note that as part of our commitment to open source, public projects on Free GitLab.com > have features equivalent to a Gold level subscription. So those public projects will continue to have this feature.

[Merge Request Approvals API](https://docs.gitlab.com/ee/api/merge_request_approvals.html)

> Prior to this release, the Merge Request Approvals API was limited to > approving and unapproving a merge request only. With this release, > you can now fully configure approvals at the project level and at the > merge request level, giving users feature parity with the GitLab web UI. > > With the Approvals API, teams can now create more elaborate code review > and approval workflows that are specific to their needs. You can use as much > or as little of the API as needed to customize which parts of your workflow > happen inside the GitLab web UI, and which parts happen outside.

[Business and other custom metrics](https://docs.gitlab.com/ee/user/project/integrations/prometheus.html#adding-additional-metrics)

> Since [GitLab 9.0](https://about.gitlab.com/releases/2017/03/22/gitlab-9-0-released/#environment-monitoring-ce-ees-eep), > developers have been able to monitor critical system and response > metrics of their deployed apps, like throughput, latency, and > CPU/memory utilization. > > This provided a great baseline understanding of both the user > experience your customers were receiving as well as resource > utilization, directly in the tool they use every day. > > With GitLab 10.6 we have added the ability to add your own metrics, > allowing deeper introspection of your application and business. For example > metrics from a credit card processing module can be added, tracking > not just success rates but also revenue and order size. This can help surface > failures that may not result in HTTP errors, as well as the ultimate impact > on business performance. > > To get started, simply provide the Prometheus [PromQL query](https://prometheus.io/docs/prometheus/latest/querying/basics/) and it > will begin to display in the dashboard.

[Cloud native GitLab Helm chart (alpha)](https://gitlab.com/charts/gitlab/blob/master/README.md) (self-managed only)

> We are excited to announce that the cloud native GitLab > [Helm](https://helm.sh) chart is now in alpha, and available > for testing. This chart features a more cloud native architecture, > with a container for each component of GitLab and no requirement > for shared storage. These changes result in increased resilience, > scalability, and performance of GitLab on Kubernetes. > > It is important to note that the chart and containers are still > in active development, contain > [known issues and limitations](https://gitlab.com/charts/gitlab/blob/master/doc/architecture/alpha.md#known-issues-and-limitations), > and should not be used for production. For this release > [GitLab Premium](https://about.gitlab.com/pricing/feature-comparison/) is required, while we work to bring > [Object Storage support to Core](https://gitlab.com/gitlab-org/gitlab-ce/issues/40781).

#### Core ![12 new features](https://img.shields.io/static/v1?color=108548&label=new+features&labelColor=525252&message=12&style=flat-square "New features added to this tier in this release") ![212 total badges](https://img.shields.io/static/v1?color=1F75CB&label=total+features&labelColor=525252&message=212&style=flat-square "Total features in this tier")

[Quick deploy of GitLab Runner to Kubernetes cluster](https://docs.gitlab.com/ee/user/project/clusters/#installing-applications)

> GitLab gives you the ability to interact with Kubernetes clusters, and it > also allows easy installation of applications that can be leveraged by your > project. > > In GitLab 10.6 we add the ability to deploy a GitLab Runner directly on > your cluster with a single click. It will be automatically available to run > jobs for your project, without any further configuration needed.

[Ingress IP address on Kubernetes cluster page](https://docs.gitlab.com/ee/user/project/clusters/#getting-the-external-ip-address)

> In GitLab 10.2 we released the ability to [install an Ingress](https://about.gitlab.com/releases/2017/11/22/gitlab-10-2-released/#one-click-install-for-helm-and-ingress-on-kubernetes) > in your Kubernetes cluster. Once installed, the Ingress provides a > public IP address that allows external access to your deployed applications. > > In GitLab 10.6, you can see the IP address assigned to your Ingress controller > directly from the Kubernetes page in the UI, and use it to configure a domain > name to access your applications from the internet.

[Maintainers can push to MR from fork](https://docs.gitlab.com/ee/user/project/merge_requests/allow_collaboration.html)

> Forking workflows are common in open source projects like GitLab, where > contributors submit merge requests from their fork of the project back > to the upstream project. > > When reviewing merge requests from forks, maintainers of the upstream > project can now make small fixes or rebase before merging, reducing the > back and forth of accepting community contributions. Of course, > maintainers aren't limited to small fixes and can help out by adding > large commits to the merge request too! > > Prior to this release, maintainers could not directly contribute > to a merge request from a fork since maintainers do not automatically > receive write permissions to forks. With this release, if the merge > request author has write access to the source branch of the merge > request, they can grant maintainers write access to the source branch > of the merge request by enabling **Allow edits from maintainers** on the > merge request. When enabled, users with merge permissions to the target > branch of the upstream project will be able to push to the source > branch of the merge request. By default, it is turned off.

[Single Group Issue Board in Core and Free](https://docs.gitlab.com/ee/user/project/issue_board.html)

> GitLab's Group Issue Board allows you to manage issues from multiple projects all at once. You can see issues from projects within the same group all within the same interface, and move them across workflow stages, all in one interface. > > This feature was previously available exclusively in the Premium and Ultimate tiers. And users in > these tiers have found it to be very useful. GitLab Core users have also asked for this feature, and > they have said providing one group issue board would be a great addition to their workflows. So that's what we have shipped > in this release. Core and Starter instances now have one group issue board per group, > and multiple group issue boards remain reserved for Premium and Ultimate. Correspondingly, > GitLab.com Free and Bronze also have one group issue board per group, with multiple group issue boards > continuing to be in GitLab.com Silver and Gold. We think this adds significant value to the Core and GitLab.com > Free tiers, and helps even more users better evaluate and provide > feedback on the feature itself.

[Branches overview](https://docs.gitlab.com/ee/user/project/repository/branches/index.html)

> As projects and teams grow, so do the number of branches. The new > branches overview and filtered branches lists make it easy to quickly > find the branch you're looking for. Branches with a commit added in > the last three months are shown as active. > > Thank you [Takuya Noguchi](https://gitlab.com/tnir) for the > [contribution](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/15402)!

[Navigate to external issue tracker](https://docs.gitlab.com/ee/integration/external-issue-tracker.html)

> Some teams use GitLab integrated with an external issue tracker. For example, > Jira issues integrated with GitLab merge requests is a popular workflow for many teams. > In this scenario, GitLab issues still function as normal, and teams are free > to use them, for example, in separate one-off scenarios where a team wants everything just in GitLab. > > To streamline this integration, we've added a new link to the project navigation. > If you have configured any external issue tracker (Redmine, Jira, Bugzilla, or the Custom Issue Tracker), > there will be a separate link in the project navigation that allows you to quickly navigate to that > external system. The GitLab issues link remains so that there's no confusion and also allows you to > use both issue trackers if you want.

[Project import/export API](https://docs.gitlab.com/ee/api/project_import_export.html)

> Projects are extremely important in GitLab, since they contain all the valuable > work (including the Git repo) and organization (including issues and merge requests) of your team. > Using the existing project export and import features of GitLab, > projects can easily be transferred within and between instances. > > Up to now, this was a manual process. With this release, project > exports and imports are now part of the GitLab API, allowing you even > more automated and flexible workflows when you need move your projects > within or between GitLab instances. > > Thank you [Travis Miller](https://gitlab.com/travismiller) for the > [contribution](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/15860)!

[Discussions API](https://docs.gitlab.com/ee/api/discussions.html)

> With this release, we have brought API support to discussions in issues, > snippets, and epics. This means that all comments and discussions (for issues) > are now accessible via the API. Teams can leverage this API for flexible, > customized, and specific workflows that are not necessarily in the main GitLab > web UI. > > API support for comments and discussions in merge requests will > also come [in a future release](https://gitlab.com/gitlab-org/gitlab-ce/issues/20901).

[Filipino, Indonesian, and Turkish language support](https://docs.gitlab.com/ee/development/i18n/index.html)

> As part of our ongoing effort to internationalize GitLab, we have now > added support for Filipino, Indonesian and Turkish translations. > > We have also externalised strings on the Repository Locked Files > (Premium and above) list page allowing our translation community to add > more languages and strings to GitLab. > > If you are interested in contributing to GitLab’s internationalization > efforts, we welcome you to join our > [translation community](https://docs.gitlab.com/ee/development/i18n/index.html).

[GitLab Runner 10.6](https://docs.gitlab.com/runner/)

> We're also releasing GitLab Runner 10.6 today! GitLab Runner is the > open source project that is used to run your CI/CD jobs and send > the results back to GitLab. > > ##### Most interesting changes: > > * [Add `CI_RUNNER_VERSION`, `CI_RUNNER_REVISION`, and `CI_RUNNER_EXECUTABLE_ARCH` job environment variables](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/788) > * [Always prefer creating new containers when running with Docker Executor](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/818) > * [Use IAM instance profile credentials for S3 caching](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/646) > * [exec command is no longer deprecated](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/834) > * [Print a notice when skipping cache operation due to empty cache key](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/842) > * [Switch to Go 1.9.4](https://gitlab.com/gitlab-org/gitlab-runner/merge_requests/827) > > List of all changes can be found in GitLab Runner's [CHANGELOG](https://gitlab.com/gitlab-org/gitlab-runner/blob/v10.6.0/CHANGELOG.md).

[Omnibus improvements](https://docs.gitlab.com/omnibus/README.html) (self-managed only)

> * GitLab [Mattermost 4.7](https://about.mattermost.com/releases/mattermost-4-7/) includes enhanced image preview and thumbnails, faster load times, upgraded desktop app, and [security updates](https://about.mattermost.com/security-updates/). Upgrading is recommended. > * Chef has been updated to 13.6.4 > * Omnibus has been updated to 5.6.10. > * PostgreSQL has been updated to 9.6.8. > * Python has been updated to 3.4.8. > * jemalloc has been updated to 5.0.1. > * `announce-ip` and `announce-port` are now configurable for Redis/Sentinel, to better support HA in Docker environments.

[Performance improvements](https://gitlab.com/groups/gitlab-org/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&label_name%5B%5D=performance&milestone_title=10.6)

> Some of the more noteworthy performance improvements in GitLab 10.6 > include: > > * [Project and group search results are restricted to 1,000 entries, to prevent database timeouts](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17452) > * [Fix a Gitaly N+1 when viewing a merge request](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17630) > * [Fix a Gitaly N+1 when viewing a merge request's diffs](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17659) > * [Cache conflicts resolvable status, to improve speed of merge request widget polling](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17589) > * [Improve response time for listing user activity](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/17454)