Skip to content

Release Version v4.25.0-gitlab

What's New in this Version

4.25.0 (2025-07-17)

Features

  • add dual cache interface (b2fa37d)
  • api/gitlab/v1: enable DLB for List Repository Tags API endpoint (7698d73)
  • custom GCRA rate limiting implementation (cef7e0f)
  • enable integrity checks for gcs next storage driver (295397a)
  • handlers: expose import stats to v1 stats endpoint (e2419a9)
  • registry: import-command: add import-statistics option (ca99dd7)
  • storage middleware for caching URLs (bd4ec81)

🐛 Bug Fixes 🐛

  • change not implemented status code of rename api (cb457a1)
  • improve retries handling in gcs next storage driver (1e4ea3e)
  • validate subject field in manifest database not blob storage (a3dad3a)

Performance Improvements

  • add metrics for gcs storage retries (f793100)

⚙️ Build ⚙️

  • deps: update module github.com/aws/aws-sdk-go-v2/service/s3 to v1.84.0 (3a398c5)
  • deps: update module github.com/azure/azure-sdk-for-go/sdk/azcore to v1.18.1 (69bc416)
  • deps: update module github.com/getsentry/sentry-go to v0.34.1 (e7b17b2)
  • deps: update module github.com/olekukonko/tablewriter to v1.0.8 (e220c7e)
  • deps: update module github.com/testcontainers/testcontainers-go to v0.38.0 (51dcd31)
  • deps: update module gitlab.com/gitlab-org/api/client-go to v0.133.0 (4880e94)
  • deps: update module gitlab.com/gitlab-org/api/client-go to v0.134.0 (6dd2b83)
  • deps: update module golang.org/x/net to v0.42.0 (bce0d75)
  • deps: update module golang.org/x/sync to v0.16.0 (340e4cf)
  • deps: update module google.golang.org/api to v0.240.0 (721b768)
  • deps: update module google.golang.org/api to v0.241.0 (996be04)

Tasks

All tasks must be completed (in order) for the release to be considered workflowproduction.

1. Prepare

  1. Set the milestone of this issue to the target GitLab release.
  2. Set the due date of this issue to 10 days before the date of the target GitLab release
Documentation/resources

The due date is set to 10 days before the targeted GitLab release date to create a buffer of 5 days before the merge deadline. See Product Development Timeline for more information about the GitLab release timings.

2. Release

  1. Run the make release-dry-run command.
  2. Review each MR in the new release and check if the cannot-rollback or the high-risk-change label has been applied. If any MR contains the label:
    1. Ensure that no code changes that rely on the cannot-rollback MRg are included in this release. These should be separated into two consecutive releases.
  3. Run the make release command. A new tag should have been created and pushed.
Documentation/resources

The release documentation can be found here.

3. Update

  1. The version bump for CNG is automatically created by the renovate bot, which is triggered every 15-30 minutes.
    1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue.
      2. Either request a review from @gitlab-org/maintainers/container-registry to speed up the process, or just let the bot pick a Distribution reviewer. If reviewing the MR, make sure:
        • The MR is targeting the master branch.
        • The MR has a green pipeline on GitLab.com.
  2. The version bump for GDK needs to be done manually (example) as the CI job is currently not functioning.
    • Assign to the reviewer suggested by reviewer roulette
  3. The version bump for Omnibus is automatically created by the renovate bot, which is triggered every 15-30 minutes.
    1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue;
      2. Let the bot pick a Distribution reviewer.
  4. The version bump for Charts is automatically created by the renovate bot, which is triggered every 15-30 minutes.
    1. Check for the renovate MR here. Once the MR is created:
      1. Mark it as related to this release issue;
      2. Let the bot pick a Distribution reviewer.
  5. Version bumps in K8s Workloads need to be done manually for now as CI is broken. The MR title should be "Bump Container Registry to [version] ([environment(s)])".
    1. Wait for the CNG version bump to be merged.
    2. Check MRs included in the release for the labels high-risk-change, cannot-rollback.
    3. Each environment needs to be deployed and confirmed working in the order listed below, before merging the next MR. To see the version deployed in each environment, look at the versions chart in Grafana
      1. Version bump for Pre-Production and Staging.
      2. Version bump for Production Canary.
      3. Version bump for Production Main Stage.
  6. If this is the final registry release for the milestone, create an MR to update REGISTRY_SELF_MANAGED_RELEASE_VERSION. Merge this MR after the milestone is complete, and the version has been added to the self-managed release for that milestone. This ensures we can detect breaking changes in registry pre-deploy/post-deploy database migrations between consecutive GitLab releases. You can verify the registry versions for the last GitLab milestone self-managed release by checking Omnibus (update branch to last milestone) and Charts, with Charts milestone mappings available in the documentation.

Potentially risky deployments

Instructions
  1. Add the following instructions to each deployment MR.

    • Version bump for Pre-Production and Staging.
      • Check the #qa-staging Slack channel for staging end-to-end tests passed!. Make sure the corresponding pipeline started after the registry deployment completed. Otherwise, wait for the next one.
      • Check logs for errors.
      • Check metrics dashboard.
    • Version bump for Production Canary.
    • Version bump for Production Main Stage.
      • Check the #qa-production Slack channel for production end-to-end tests passed!. Make sure the corresponding pipeline started after the registry deployment completed. Otherwise, wait for the next one.
      • Check logs for errors.
      • Check metrics dashboard.
  2. Let the assignee SRE know about these changes.

4. Complete

  1. Assign label workflowverification once all changes have been merged.
  2. Assign label workflowproduction once all changes have been deployed.
  3. Close this issue.
Edited by Hayley Swimelar