(休息了一個上午,原來是感冒了,希望今天可以看完多一點資料。)
今天繼續回顧 2019 ~ 2020 GitLab 的歷史與功能發展。
- 2019/01 GitLab 11.7(新功能:Publish releases for your projects、Cross-project pipeline browsing、NPM registry、Skip CI builds during git push⋯⋯)
- 2019/02 GitLab 11.8(新功能:SAST support for JavaScript、Error tracking with Sentry、Create Pages sites in one click using bundled templates、Merge Request Approval Rules⋯⋯)
- 2019/03 GitLab 11.9(新功能:Detect secrets and credentials in the repository、Merge request approval rules、Auditing for feature flags、CI/CD templates for security jobs、Project templates for .NET, Go, iOS, and Pages、GitLab self-monitoring with Grafana、YouTrack integration、SAST for TypeScript、SAST for multi-module Maven projects⋯⋯)
- 2019/04 GitLab 11.10(新功能:Sign in to GitLab.com with your own SAML provider、SAST for Elixir、Show DAST results in the Group Security Dashboard⋯⋯)
- 2019/05 GitLab 11.11(新功能:Windows Container Executor for GitLab Runner、Full dynamic scans are now an option for DAST、SAML SSO now enforced on web access、Sign in with UltraAuth biometric authentication、Sign in with Salesforce user credentials⋯⋯)
- 2019/06 GitLab 12.0(新功能:Visual Reviews、Project dependency list、Restrict access by IP address、Git integration for JupyterHub、Multiple extends support in .gitlab-ci.yml、GitLab Insights、Link and access a Zoom meeting from an issue⋯⋯)(宣佈 GitLab 可以幫助客戶實踐 DevSecOps)
- 2019/07 GitLab 12.1(新功能:Automatic HTTPS for Pages with Let’s Encrypt、Extensible Runners、⋯⋯)(Remove support for MySQL)
- 2019/08 GitLab 12.2(新功能:Directed Acyclic Graphs (DAG) for GitLab Pipelines、Annotations for Designs、Security approval in Merge Requests、Version control for Designs⋯⋯)
- 2019/09 GitLab 12.3(新功能:Productivity Analytics、Analytics Workspace、Audit logs for Git Push events、Flexible ‘rules’ keyword for controlling pipeline behaviors⋯⋯)
- 2019/10 GitLab 12.4(新功能:Merge Request Dependencies、Use Jaeger in the GitLab UI、DAST for the Master Branch、Scatterplot for Productivity Analytics⋯⋯)
- 2019/11 GitLab 12.5(新功能:Easily create and deploy to an AWS EKS cluster、Code intelligence powered by Sourcegraph、Environments Dashboard、OpenFaas runtimes support in GitLab Serverless、SAST for React Framework⋯⋯)
- 2019/12 GitLab 12.6(新功能:Project Security Grades、ConvDev Index is now DevOps Score、Support for PHP added in License Compliance、Dependency Scanning for Java Gradle projects、SAST for Kubernetes manifests、好幾個 SAST 及 Dependency Scanning 更新⋯⋯)
- 2020/01 GitLab 12.7(新功能:Parent-Child Pipelines、Pipeline Resource Groups、Code Review Analytics、Audit Events for Releases、Install Kubernetes applications using CI templates⋯⋯)
- 2020/02 GitLab 12.8(新功能:Explore aggregated logs、Compliance Dashboard、Network Policies for Container Network Security、Issue Board Work In Progress Limits、Instance-level Security Dashboard、Automated accessibility scanning of Review Apps、New audit events、Drag-and-drop Design badges、Install more Kubernetes applications using CI/CD templates、Support Go Modules in Dependency Scanning⋯⋯)
- 2020/03 GitLab 12.9(新功能:HashiCorp Vault GitLab CI/CD Managed Application、Release Progress View、Dynamic child pipelines、GitLab CI/CD template for deploying to ECS、Web Application Firewall Controls、Customizable Value Stream analytics、View history of changes to issue, merge request and epic descriptions、Full Code Quality Report、Suggested solution for Container Scanning⋯⋯)
- 2020/04 GitLab 12.10(新功能:Create and view requirements in GitLab、Retrieve CI/CD secrets from HashiCorp Vault、Epic and Issue Health Tracking、Import Issues from Jira to GitLab、Autoscaling GitLab CI jobs on AWS Fargate、Enhanced Secure workflows for use in offline environments、Status Page、Build, publish, and share Python packages to the GitLab PyPI Repository、Container Network Policies Statistics Reporting、Tracking Wiki activity⋯⋯)
- 2020/05 GitLab 13.0(新功能:Auto Deploy to ECS、View Epic hierarchy on a Roadmap、Standalone Vulnerability Objects、SAST for .NET Framework、GitLab HTTP Terraform state backend、Group-level push rules、Value Stream Analytics 加上 Lead time 與 Cycle time metrics、View Milestones on the Roadmap、Use Cloud Native Buildpacks for Auto DevOps、Live Information about Vulnerability Database、View DAST Scanned Resources List、Secret Detection for the Full History of a Repository、⋯⋯)(Ending support for Internet Explorer 11)
- 2020/06 GitLab 收購了 Peach Tech(一間提供 Fuzz Testing 的公司)
- 2020/06 GitLab 13.1(新功能:Manage IT Alerts in GitLab、Code Intelligence、Control Feature Flags with User Lists、Satisfy requirements from a CI job、Instance-level CI/CD variables、Assign GitLab Alerts to team members、Policy Management for Container Network Policies、SAST Scanning for Helm Charts⋯⋯)(Default artifact expiration changed to 30 days on gitlab.com)(Kubernetes 1.12 no longer supported)
- 2020/07 GitLab 13.2(新功能:Assign issues to iterations、Container Host Monitoring and Blocking、Official GitLab-Figma Plugin、GitLab Runner support for Linux on IBM Z、View Jira issue list in GitLab、Load Performance Testing、Managed application logs available in GitLab UI、Create releases from .gitlab-ci.yml、Access Opsgenie from the GitLab user interface、Auto-grouping identical alerts to reduce noise、Search for plain text in the Alerts list⋯⋯)
- 2020/08 GitLab 13.3(新功能:Coverage-guided fuzz testing for Go and C/C++ applications、On-demand DAST scans、Kubernetes Pod health dashboard、Create and manage IT Incidents in GitLab、GitLab Workflow extension for Visual Studio Code now official、Visualization of Directed Acyclic Graph pipelines、Create multiple custom value streams、Merge Request Analytics、Audit logs for CI/CD group variables、Add runbooks to GitLab Alerts、DAST vulnerability evidence⋯⋯)
- 2020/09 GitLab 13.4(新功能:Use HashiCorp Vault secrets in CI jobs、GitLab Agent for Kubernetes、Security Center、API Fuzz Testing with OpenAPI specs or HAR files、New language support for coverage-guided fuzz testing、Show alerts in the environment index page、GitLab Managed Terraform State、Set and edit incident severity、On-demand DAST Scanner Profiles、Azure Blob storage support⋯⋯)
- 2020/10 GitLab 13.5(新功能:Group wikis、Mobile application security scanning、View cluster cost management data、Trigger downstream or child pipelines with manual jobs、Launch Gitpod Workspaces directly from GitLab、Feature Flags flexible rollout strategy、Template for Deploying to AWS EC2、Customizing SAST & Secret Detection rules、SAST support for iOS and Android mobile apps、Service Level Agreement countdown timer for incidents、View alert integrations list⋯⋯)
- 2020/11 GitLab 13.6(新功能:Auto Deploy to EC2、Postman collection support for API fuzz testing、Define test cases in GitLa、Milestone Burnup Charts and historically accurate reporting、Export merge requests as a CSV、Generate HTML reports for Code Quality、New fuzz engine for Java coverage-guided fuzz testing、New vulnerability trends chart、⋯⋯)(End of support for CentOS 6)
- 2020/12 GitLab 13.7(新功能:Reviewers for Merge Requests、Auto rollback in case of failure、GitLab Runner for Red Hat OpenShift、Integrate alerting tools with multiple HTTP endpoints、SAML Group Sync for GitLab.com、View Merge Request changes in VS Code、Avoid Docker rate limits and speed up your pipelines、Add support for Kubernetes versions 1.17, 1.18, 1.19、Special references for vulnerabilities、Support for encrypted LDAP credentials、⋯⋯)(Deprecate support for Kubernetes 1.14)
如下圖,從 11.6 開始,GitLab 原廠就改用這種方式來標示更新的功能是哪個付費等級,以及適用於 SaaS 或 Self-Managed,另外也會標示他是落在 DevOps Lifecycle 哪一個環節的功能。(這也提醒了我,我在整理這個歷史回顧時,也應該要幫功能分類才對,恐怕這只能留到鐵人賽之後再慢慢重新處理了。)
自從 GitLab 在 2018 收購了 Gemnasium 這間專門做 Security scanners 的公司之後,幾乎每一次的 Release 都會看到與 Security 相關的功能出現,像是又多支援哪一種程式語言可以做 SAST,或者是付費功能的 Security Dashboard 又能看到什麼 Reports 或變得更好用。甚至可以說 12.x 有大一部分是在衝刺讓 GitLab 能更名符其實不只是 DevOps 平台,而是 DevSecOps 平台。12.x 另外一個衝刺方向則是開始提供面向設計師的功能。而 13.x 基本上延續 12.x,應該是 DevSecOps 功能開發到了一個段落,於是初期有轉向開發較多 Ops 面向的功能,然後因為又收購新的 Security 公司,繼續推出相關功能;13.x 另一個進展就是功能開發擴大到包含 GitOps。
因此可以說原廠自從 2016 開始鎖定要提供完善的 DevOps Lifecycle 功能之後,也很明顯的有投入開發能量在讓 CI/CD Pipeline 可以整合更多第三方的服務,以及讓 Pipeline 可以因應更複雜的使用情境,像是跨 Project trigger;另外就是讓 Auto DevOps 變得更自動與完善,同時也更加擁抱 K8s 與更多雲端供應商,還有更多 Ops 面向的功能,像是 Monitor、Alerts、Logs 的資訊也都能彙整在 GitLab 上。至於專案管理面的功能,相較其他面向的功能,開發進度就比較慢一些,而且幾乎都是付費功能。
而自從改成 Free、Premium、Ultimate 三種付費等級之後,也更明確的出現「可以讓管理者更省力的功能一律要收錢」的傾向;雖然有時會將一些付費功能下放到免費等級,讓即便是免費的使用者也能盡可能體驗整條 DevOps Lifecycle,但下放的功能一定都是一些跟「管理 / 省力」無關的功能,也就是你想要讓使用體驗變得更好,那就付錢吧!
在連續幾天整理這些資料後,我覺得整理到一半時,有一點走偏了方向,我本來是打算要觀察與紀錄哪些「類型」的功能是在何時出現的,這樣有助於這次鐵人賽想要鎖定的主題「付費功能」,但在過程中自己有時候會不小心變成去整理那些自己有興趣的功能,導致沒有用同一個標準在整理資料。如果各位讀者在看這幾天的歷史回顧時,感到條列出來的功能有點沒有一個基準,那實在是我的問題,抱歉了各位。
這幾天在看這些資料,也有另一個感想,大公司要管理自己數量龐大的產品功能,以及掌控產品要往何處發展實在是一個大難題!
圖片來源 - 吉卜力工作室 https://www.ghibli.jp/works/totoro/#&gid=1&pid=35
參考資料