GitLab 13.4 released with Vault for CI variables, Kubernetes Agent, and Security Center… and we’re bringing feature flags to Starter!

At GitLab, we are always focusing on how to help your team reduce risk, increase their efficiency, and accelerate their delivery speed with a platform you love. This month, we’re bringing all sorts of goodness that expands visibility into security, lowers vulnerabilities, improves efficiency, makes the user experience better, and helps your team deploy even faster. We hope that you find these top features, and the 53 other new features packed in this release, useful.

Expanded security capabilities

True to form, this month’s release adds several capabilities to your GitLab DevSecOps kit. First, secrets stored in HashiCorp Vault can now be injected into CI/CD jobs as part of the build and deploy process. Next, organizations who want to maintain a separation of code deployment duties can promote specific users with Reporter access to the role of Deployer. The Deployer role follows the principle of least privilege access, allowing them to approve merge requests and deploy code to protected environments without requiring access to modify the code itself. Another way you can reduce risk is by using the new GitLab Kubernetes Agent. Operators can deploy to their Kubernetes clusters from GitLab without the need to open their cluster to the entire Internet. We are also introducing automatic versioning support for new Terraform state files with GitLab Managed Terraform state to support compliance and debugging needs. Last but not least, the Instance Security Dashboard has evolved into the GitLab Security Center featuring Vulnerability Reporting and Settings.

Better UX & efficiency

We’ve improved our global search capabilities with quick navigation from the search bar to quickly jump to recent issues, groups, projects, settings, and Help topics. We’re excited about GitLab Pages Redirects for redirecting individual pages and directories within a site, which makes users more efficient at deploying pages sites. And for those who have been wishing for enhanced deployment information, this release enables you to manage hundreds of supported project deployments from the Environments dashboard. Tada! 🎉

Open source contribution highlights

We’re introducing inline code coverage remarks inside MR diffs, (contributed by this month’s MVP, Fabio Huser!), providing developers a visual representation of code coverage in the Merge Request diff when doing a review. Knowing whether modified code is covered by a unit test helps speed up code reviews and time to merge and deploy a feature. We have moved feature flags to Starter and plan to move feature flags to Core in 13.5.

But wait, wait… there’s more!

As usual, we have way too little space, but still lots and lots of new things we packed into 13.4 to tell you about. Here are a few more of them:

If you’d like to preview what’s coming in next month’s release, be sure to check out our 13.5 kickoff video!

Deprecations

Debian Jessie and Raspbian Stretch no longer suppported

Debian Jessie and Raspbian Stretch reached end of life in June 2020 and are not supported in GitLab 13.4. GitLab 13.3
was the last supported version for these distributions. Please visit the
Deprecated OSes
page for more information.

Deprecation date:
September 22nd, 2020

Deprecate Container Registry log formatters

Currently, GitLab supports text/json/logstash log formatting for app logs and text/json/combined for access logs. We will deprecate both logstash and combined, unifying the formatters for both app and access logs with only two options, text (for development) and json.

Deprecation date:
January 22nd, 2021

Deprecate Container Registry logging hooks

The Container Registry supports logging hooks, which currently can only be used for email notifications.

These days, alerts based on log entries are commonly handled by separate tools. As far as we know, none of our users rely on this functionality and it is not used at GitLab either. The implementation of this feature is tightly coupled with the underlying logging library, which is a limitation for our ability to switch dependencies without affecting the available features.

In an effort to simplify the registry features and configurations, we will drop support for logging hooks.

Deprecation date:
January 22nd, 2021

Deprecate Container Registry maxidle and maxactive Redis pool settings

Some of the configuration settings that we currently expose for the Redis connection pool are tied to the underlying Redis client and do not have an equivalent in alternative libraries. As we start working on improving the Redis integration, such as adding support for Sentinel, we decided to start working towards replacing the current Redis client dependency with a more feature-rich and better-supported alternative. To do this we need to replace the current Redis pool configuration settings that are tied to the current client library.

We intend to remove the redis.pool.maxidle and redis.pool.maxactive settings and add redis.pool.size (maximum number of connections), redis.pool.minidle (minimum number of idle connections), and redis.pool.maxlifetime (maximum amount of time a connection may be reused).

Deprecation date:
January 22nd, 2021

Deprecate Container Registry proxy pull-through cache

There are Container Registry features that are outdated or no longer used (at least at GitLab). Supporting these features limits our ability to clean up the codebase and reduce the list of third-party dependencies.

The proxy section allows the Container Registry to be set up as a local mirror to an upstream repository. Doing this is less useful in the context of a registry for a deployment of GitLab–users will most likely colocate their registry deployment with their instance of GitLab, rather than using a registry service hosted on separate infrastructure, for example, on Docker Hub.

Deprecation date:
January 22nd, 2021

Deprecate Container Registry support for Bugsnag

Bugsnag is one of the error reporting services supported by the Container Registry. As far as we know, none of our users rely on this service, and at GitLab we use Sentry. In an effort to simplify and consolidate the supported error reporting services, we intend to add support for Sentry and remove support for Bugsnag.

Deprecation date:
January 22nd, 2021

Deprecate Container Registry support for NewRelic

NewRelic is one of the error reporting services supported by the Container Registry. As far as we know, none of our users rely on this service, and at GitLab we use Sentry. In an effort to simplify and consolidate the supported error reporting services, we intend to add support for Sentry and remove support for NewRelic.

Deprecation date:
January 22nd, 2021

Deprecate pulls that use v1 of the Docker registry API

GitLab is disabling pulls via the Docker registry v1 APIs on January 22nd, 2021. Deprecated by Docker in June, 2019, deprecating this feature allows the GitLab team to focus on features and fixes that target current registry use cases.

Deprecation date:
January 22nd, 2021

End of support for CentOS 6

CentOS 6 reaches end of life in November 2020. GitLab 13.6 will be the last supported version for deploying GitLab on CentOS 6. You are advised to upgrade to CentOS 7 or 8. Visit the deprecated OSes page for more information on the supported distributions.

Deprecation date:
November 22, 2020

Legacy Feature Flags made Read Only

Legacy Feature Flags will become read-only. They will still work, but cannot be edited through the UI, only via API. We recommend migrating your legacy feature flags to the Feature Flag strategies. You can do this by first taking a screenshot of the legacy flag for tracking. Then delete the flag via API/UI (you don’t need to alter the code) and create a new Feature Flag with the same name as the legacy flag that was deleted. Also, make sure the strategies and environments match flag that was deleted. We have created a video tutorial to help with this migration.

Deprecation date:
September 22, 2020

PowerShell as default for newly-registered Windows runners

In GitLab Runner 13.2, PowerShell Core support was added to the shell executor. In 14.0, pwsh will be the default shell for runners that are registered on Windows. The Windows Command shell will still be available as an option for Windows runners. Refer to issue #26419 for additional details.

Deprecation date:
Jun 22, 2021

In GitLab Runner 13.3, a symlink was added from /user/lib/gitlab-runner/gitlab-runner to /usr/bin/gitlab-runner. In 14.0, we will remove this symlink and GitLab Runner will be installed in /usr/bin/gitlab-runner. Refer to issue #26651 for additional details.

Deprecation date:
Jun 22, 2021

Remove FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL feature flag

In GitLab Runner 13.1, issue #3376, we began sending sigterm and then sigkill to a process in the Shell executor. We also introduced a new feature flag, FF_SHELL_EXECUTOR_USE_LEGACY_PROCESS_KILL, which allowed you to use the previous process termination method. In GitLab Runner 14.0, issue #6413, we will remove the feature flag.

Deprecation date:
Jun 22, 2021

Remove Ubuntu 19.10 (Eoan Ermine) package

Ubuntu 19.10 (Eoan Ermine) reached end of life on Friday, July 17, 2020. In GitLab Runner 14.0, we will remove Ubuntu 19.10 from our package distribution. Refer to issue #26036 for additional details.

Deprecation date:
Jun 22, 2021

Remove off peak time mode for Docker Machine autoscaling

In GitLab Runner 13.0, issue #5069, we introduced new configuration setting timing options for the GitLab Docker Machine executor. In GitLab Runner 14.0, we will remove the old configuration option, Off Peak time mode.

Deprecation date:
Jun 22, 2021

Remove success and failure build metric conversions

In GitLab Runner 13.5, we introduced failed and success states for a job. To support Prometheus rules, we chose to convert success and failure to finished for the metric. In 14.0, we will remove the conversion. Refer to issue #26900 for additional details.

Deprecation date:
Jun 22, 2021

Remove translation from step_script to build_script in custom executor

In GitLab Runner 13.2, a translation for step_script to build_script was added to the custom executor. In 14.0, the build_script stage will be replaced with step_script. Refer to issue #26426 for additional details.

Deprecation date:
Jun 22, 2021

Important notes on upgrading to GitLab 13.4

In GitLab 13.0, legacy storage was deprecated,
and we announced that all projects that were in legacy storage would be
automatically upgraded to the new hashed storage in GitLab 13.2. This background migration was
delayed to GitLab 13.4.

Upon upgrading to 13.4, all projects still in legacy storage will
be automatically migrated via a background migration.

Gitlab 13.4 released with Vault for CI variables and Kubernetes Agent

Source