GitLab Workflow for VS Code now with more Official

Writing this blog post feels exciting as it’s marking the start of GitLab’s move into extending the ways to work with our ever-growing product. We're incredibly happy to bring you an official GitLab Workflow Extension for VS Code.

How did we get here?

Over two years ago, Fatih Acet started working on a VS Code extension to allow users to interact with GitLab from within their code editor. We encourage people who work at GitLab to build the things they want and need. Everything starts with a Merge Request and in this case that MR created something new. Fatih and more than 25 contributors continued to expand on the extension by adding new features and reaching over 160k installations. It’s truly remarkable to see the way the community worked and grew the extension to such a valuable tool in their work and showed how seamlessly GitLab could extend to where developers were doing their most meaningful work.

When Fatih decided to move on from GitLab, we had an opportunity to take over GitLab Workflow and make it something GitLab would officially maintain and support. We were excited about the opportunity and new challenges that maintaining a project outside of the main GitLab project would bring us and jumped at the chance. As we continue to move fast and create the best experiences possible for our users, we expect this extension to become a key component of our strategy.

Use the Extension today

If you want to start using the extension, you can install it from within VS Code directly by searching for GitLab Workflow which is now published through an official GitLab account.

If you were already using the extension, it automatically updated to the GitLab publisher, and you might have already seen a few updates coming in.

What have we already done?

When we took over the extension, we worked with other teams across GitLab to immediately perform an application security review. Along the path, we made sure to create a security release-process. We wanted to ensure that users were safe to continue using the extension and that we could fix any discovered issues. We also worked through some automation to help in publishing the extension and begin to lay a foundation for more testing in the future.

We also shipped version 3.0.0 which was spearheaded by our community and helped to resolve some long-standing bugs and issues. The extension has come a long way in just a few short weeks and we’re excited by the progress we’re making and the engagement we’re continuing to see, but there is still a lot that needs to be done.

What’s next?

We are aware of some shortcomings of the extension, some inconsistencies, and some long open feature requests. These all can be found in our issues list. For now, we’re focused on triaging the existing issues and making sure we capture any new bugs. You should see much more involvement from our team as we continue these efforts and we’re looking forward to engaging with the community on these items.

We’re also evaluating the best path forward for the future maintainability of the extension, by focusing on the test-suite and code-quality, so we won’t break things by accident. You can join us in our discussion on this issue. While this might slow down some new feature releases in the short term, we’re confident these are the right long term decisions to ensure you have an extension you can trust and make an integral part of your workflow.

Everyone can contribute

The extension is Open Source, and we’ll work on improving the “How to Contribute” guides alongside some other documentation. We want to have a space where everyone can contribute and make this extension better for all of us.



from GitLab https://ift.tt/2XdQOwt #GitLab #DevSecOps

Comments

Post a Comment

Popular posts from this blog

Efficient DevSecOps workflows: Hands-on python-gitlab API automation

Image
A friend once said in a conference presentation, “Manual work is a bug." When there are repetitive tasks in workflows, I tend to come back to this quote , and try to automate as much as possible. For example, by querying a REST API to do an inventory of settings, or calling API actions to create new comments in GitLab issues/merge requests. The interaction with the GitLab REST API can be done in different ways, using HTTP requests with curl (or hurl ) on the command line, or by writing a script in a programming language. The latter can become reinventing the wheel again with raw HTTP requests code, and parsing the JSON responses. Thanks to the wider GitLab community, many different languages are supported by API abstraction libraries. They provide support for all API attributes, add helper functions to get/create/delete objects, and generally aim to help developers focus. The python-gitlab library is a feature-rich and easy-to-use library written in Python. In this blog post, y...
Read more

Secure GitLab CI/CD workflows using OIDC JWT on a DevSecOps platform

Image
Securing CI/CD workflows can be challenging. This blog post walks you through the problem validation, explores the JWT token technology and how it can be used with OIDC authentication, and discusses implementation challenges with authorization realms. You will learn about the current possibilities and future plans with GitLab 16.0. Variables vs. secrets Variables are an efficient way to control and inject parameters into your jobs and pipelines, making managing and configuring the CI/CD workflows easier. You can read more about how to use CI/CD variables . An extra layer of security on top of variables to mask and protect, for now, is our “best-effort” to prevent sensitive variables from being accidentally revealed. However, variables are not a drop-in replacement for secrets. Securing secrets natively is a solution that GitLab aspires to provide. Meanwhile, we recommend storing sensitive information in a dedicated secrets management solution. As a company, we will provide you abili...
Read more

GitLab 13.11 released with Kubernetes Agent and Pipeline Compliance

Image
On this Earth Day we are thinking about growth. Our customers are scaling their DevOps practices and with growth comes the need for even greater efficiencies and automated controls. The GitLab Kubernetes Agent is now available on GitLab.com to help you benefit from fast, pull-based deployments to your cluster, while GitLab.com manages the necessary server-side components of the Agent. Compliant Pipeline Configurations let you define enforceable pipelines that will run for any project assigned a corresponding compliance framework, even custom ones . We also have a host of features to improve pipeline efficiency and measurement, to provide On-call Scheduling , and even more security enhancements. These are just a few of the 50+ significant new features and improvements in this release. Controls to help you grow safely and efficiently Controls can keep your automation on track as you grow and scale while simplifying compliance efforts. The GitLab Kubernetes Agent is core to GitLab...
Read more