Category Direction - Source Code Management

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

Source Code Management

Source Code Management

Stage	Create
Maturity	Loveable
Content Last Reviewed	`2023-12-01`

Introduction and how you can help

The Source Code Management direction page belongs to the Source Code group of the Create stage, and is maintained by Derek Ferguson, who can be reached at [email protected].

This direction is a work in progress, and everyone can contribute. Sharing your feedback directly is the best way to contribute to our strategy and vision. Please, comment and contribute in the linked issues below, or to any other issues or epics, or raise an issue yourself in gitlab-org/gitlab if you don't find existing feedback that matches your thoughts.

Strategy and Themes

Source code management (SCM) is the foundation of an organization's software development practice.

Building great software depends on teams working well together. Teams can rarely be divided into areas of complete independence. As cross-functional security, compliance, and growth teams are formed, or new services and libraries are created, effective coordination and collaboration are essential.

To achieve this, teams need to protect production while making it easy for everyone to contribute. Source Code Management provides the controls to define the rules and workflows for this purpose:

Who has the rights to view or change the code (visibility; members; permissions; merge request approvals; forking and mirroring)
Who owns the code and is responsible for it and thus has the right to approve changes to it (codeowners; merge request approvals)
Which quality tests must be passed before changes can be applied (coverage checks; security checks)
Which branches need to be protected because they influence production (default branch; protected branches; push rules)

Themes

While the principles have been around for half a century, SCM is not without challenges. SCM needs to address a large set of requirements that are partly contradicting:

encourage sound development practices
but also, be flexible enough to adjust to varying workflows
be intuitive
but also, be secure and ensure compliance
be fast and reliable
but easy to manage

Git is the leading Version Control System (VCS) and is loved by developers. It excels at tracking changes in source code and makes it easy and transparent to merge changes from different developers into one code base. GitLab's source code management builds on top of Git adding functionality that aims to address the above requirements. For example, access control to code repositories or requiring code reviews before merging changes. Source code management and the create stage represent the most popular features in GitLab.

Yet, despite their appeal, neither Git nor GitLab SCM are perfect. Here are the current main shortcomings:

GitLab's SCM UX, has shown to be partly unintuitive or uninformative. For instance, controls to enforce rules are hard to discover and understand.
Git is not particularly good at working with binary files such as graphics or video content common in game development. With those media files, Git cannot interpret change on a granular level as it does with text files. So, it needs to store full copies of every new version of a media file.
While Git Large File Storage (LFS) aims to address this, the Git process - as helpful as it is for developers - appears complex from a content creator's perspective. Especially as they cannot benefit in the same way from Git as developers do for the lack of diffability of media files.
Finally, Git gets slow when repositories become exceptionally large (even if they do not contain binary files). While not common such so-called monorepos are used in several large tech companies. Partial clone addresses some of the issues.

Strategy

Therefore, the vision for Source Code Management at GitLab consists of three pillars:

Make it easy and intuitive to manage source code so that it is secure, compliant, and encourages best development practices.
Make it easy to work with large binary files in GitLab. And make it easy for content creators to contribute media files to GitLab to enable better collaboration with developers to support GitLab's mission: everyone can contribute!
Make it easy to work with monorepos in GitLab: &8262. (Note, this also touches other stages, especially the Verify stage).

Note: SCM is not only the most used function in GitLab but also the one with the longest history as it has been there from the beginning. As a result, we get a lot of feedback and have a long backlog of issues. Therefore, we need to spend a considerable share of our teams’ capacity on issues that are not at the center of this vision but address bugs, stability, security, and scalability to keep our users and customers happy.

1 year plan

Improve experience with branch protections, approval rules, security approvals and status checks in project settings: Edit source code rules organized by branches
Continue to improve experience with CODEOWNERS:
- Help users better understand CODEOWNERS
- Enhance CODEOWNERS to enable mapping of review processes of larger organizations and organizations that use a monorepo such as allowing larger organizations to manager their Codeowners via multiple Codeowner files for a better separation of responsibilities across their organization.
- Many CODEOWNERS files
- CODEOWNERS editor and validation tool
- Advanced CODEOWNERS validation
Additional repository statistics
- Number lines per language
UX improvements
Group-level snippets
Better support of large repositories

What is next for us

Provide support for internal projects with other teams:
- Disaster Recovery Working Group
- GitLab Cells
Continue to Improve the discoverability of branch rules: Enable E2E workflow for setting branch rules - from discovery to changing the rule
Signing of automated/web commits
Group-level MR approval rules for 'All Protected Branches'
Additional repository statistics
- Transparency on statistics for frequency of clones. This is especially helpful for understanding popularity of open source projects.

What we are currently working on

Improve the experience with CODEOWNERS by showing potential syntax errors in the file:
- Syntax highlighting for CODEOWNERS file in the Web IDE (VSCode)
Providing support for internal projects with other teams:
- Disaster Recovery Working Group
- GitLab Cells
Improving usability of blame functionality within the blob page: Render Blame file information within the Blob viewer frontend app

What we recently completed

Minimal forking - only include the default branch: In previous versions of GitLab, when forking a repository, the fork always included all branches within the repository. Now you can create a fork with only the default branch, reducing complexity and storage space.

CODEOWNERS file syntax and format validation: You can now see in the UI if your CODEOWNERS file has syntax or formatting errors. Being able to specify code owners offers great flexibility, allowing multiple file locations, sections, and rules to be configured by users.

With this new syntax validation, errors in your CODEOWNERS file will be surfaced in the GitLab UI, making it easy to spot and fix issues.

Improve Git LFS download performance: For instances which store LFS objects in object storage without proxy download enabled, GitLab now processes LFS requests in bulk. This dramatically improves the performance of downloading a large number of LFS objects.

What is Not Planned Right Now

The Source Code group is not investing in the following opportunities in the immediate future:

Branch read access controls

Limiting which branches a user can read in a Git repository is possible in a basic sense, by only advertising a subset of refs, but it is not possible to guarantee that unreachable objects will not be sent to the client. This means that branch read access controls would be very weak, since they could not prevent exfiltration of data they do not have permission to read.
Path-level read access controls

From a commit, Git expects all trees and blobs to be reachable. Although Git supports partial clone and spares checkout, which allow data to be excluded from fetch and checkout, Git expects to be able to fetch missing objects on demand. Deliberately excluding objects by path is likely to cause unexpected failures.
Report number of lines per contributor

Research has shown that reporting the lines of code contributed could hurt individual users as this has a tendency to be misused as a false measure of contribution.
Improvements to Project Templates

Due to other priorities, we won't be able to progress Project templates in 2023.

Best in Class Landscape

BIC (Best In Class) is an indicator of forecasted near-term market performance based on a combination of factors, including analyst views, market news, and feedback from the sales and product teams. It is critical that we understand where GitLab appears in the BIC landscape.

Key Capabilities

This information is maintained on this internal handbook page

Roadmap