Merge request workflows

Tier: Free, Premium, Ultimate Offering: GitLab.com, Self-managed, GitLab Dedicated

There are two main ways to have a merge request flow with GitLab:

  1. Working with protected branches in a single repository.
  2. Working with forks of an authoritative project.

Protected branch flow

With the protected branch flow everybody works within the same GitLab project.

The project maintainers get the Maintainer role and the regular developers get the Developer role.

Maintainers mark the authoritative branches as ‘Protected’.

Developers push feature branches to the project and create merge requests to have their feature branches reviewed and merged into one of the protected branches.

By default, only users with the Maintainer role can merge changes into a protected branch.

Advantages

  • Fewer projects means less clutter.
  • Developers need to consider only one remote repository.

Disadvantages

  • Manual setup of protected branch required for each new project

To set up a protected branch flow:

  1. Start with ensuring that your default branch is protected with default branch protections.
  2. If your team has multiple branches, and you would like to manage who can merge changes and who explicitly has the option to push or force push, consider making those branches protected:

  3. Each change to the code comes through as a commit. You can specify the format and security measures such as requiring SSH key signing for changes coming into your code base with push rules:

  4. To ensure that the code is reviewed and checked by the right people in your team, use:

Also available in the Ultimate tier:

Forking workflow

With the forking workflow, maintainers get the Maintainer role and regular developers get the Reporter role on the authoritative repository, which prohibits them from pushing any changes to it.

Developers create forks of the authoritative project and push their feature branches to their own forks.

To get their changes into the default branch, they need to create a merge request across forks.

Advantages

  • In an appropriately configured GitLab group, new projects automatically get the required access restrictions for regular developers: fewer manual steps to configure authorization for new projects.

Disadvantages

  • The project need to keep their forks up to date, which requires more advanced Git skills (managing multiple remotes).