Build Developer Training Feature into GitLab
Problem to solve
One thing important to development teams is developer training. Specifically, the security team has recently been looking at different products for teaching security concepts and solutions related to vulnerabilities seen in GitLab. A lot of the existing solutions are generic and not very customizable, and those that are customizable can be expensive. It would be great to have a way to take existing issues and create training modules.
This would be aimed at Development Team leads and security analysts, as a group of users that might focus on creating training.
GitLab is in a unique position to build a training feature as part of the platform, as it already has a lot of information necessary to put together lessons.
- Issues track problems, so they could be used as a starting point for lesson creators
- Git tracks all of the code, so a snapshot of the code at the time the problem was identified can be built
- Review apps could be used to do an actual demonstration of the problem
- Interactive terminal or WebIDE can be used to interact with the code to have a hands-on solution to the problem
- GitLab pages could be used to present the static portion of the lesson
- Reading portions of lesson could be written in Markdown
- CI/CD can be used as glue to build static pages and deploy training environment
A basic flow for creating a training lesson would be:
- The trainer identifies an issue that has a problem to be used. The issue gives an button to create training.
- When create training is clicked
- The issue and associated merge requests are identified
- The code as of the date of the issue is checked out into another branch or repo
- Using the gathered information, the lesson creator can put together a lesson to demonstrate the problem and how it was fixed.
- The HTML pages could be written in Markdown and use an SSG to compile
- The lesson presentation could have the reading pane with the interactive terminal/webIDE next to it
- The lesson presentation could have multiple reading pages that step through the problem and solution
- Using review apps, an interactive terminal/webIDE, the trainee developer could read through the lesson and have an interactive experience demonstrating and correcting the problem.
Permissions and Security
If interactive web terminals were used for the interactive lesson, specials permissions would need to be updated to allow developers access for this purpose.
Maintainers or owners could be lesson creators.
Documentation would need to be written to document the workflow for lesson creators and lesson takers, as this would be a new feature of the product.
What does success look like, and how can we measure that?
Success would be the ability for development team leader to create training modules for their teams based on actual problems encountered in their code. This would keep the training close to the source, which allows developers to learn within a known context.