Skip to content

Generate a commit SHA-specific chain of custody report

Problem to solve

When organizations use GitLab they often utilize change control systems such as JIRA, ServiceNOW, or others to comply with their change management policy. These change control systems articulate the business case and integrate with other systems to determine if a change is approved, compliant, and acceptable to merge into a production environment. Currently, there's no way for organizations to formally associate a GitLab MR (change) with these change control systems (JIRA, SNOW, etc) to provide a clear, documented chain of custody for the change that occurred.

Intended users

User experience goal

An administrator or group owner input a specific commimt SHA into a chain of custody download prompt and receive a CSV report in the same format, but which shows the MR, pipeline, author, approver, etc for that specific commit SHA.

Proposal

Update the chain of custody report to filter the criteria to show only data points related to the specific commit SHA provided by a user.

  1. An admin or group owner clicks on the export button and sees a prompt
  2. Their options could be: [List of all merge requests] or [ Search Commit SHA]
  3. Using the second option, they input 1a2bc3 to find a commit sha report
  4. They receive the same report as we've built in #213364 (closed), but it would show only data related to the specific commit SHA
Empty State Error Long hash
Empty_state Error Long_Commit_SHA

Implementation outline

frontend - 2

  1. Change the List all merge commits button to a button with dropdown with the new input form.
  2. On input done, check if the hash is valid with a simple regular expression.
  3. On export click, submit the commit hash to the mergeCommitsCsvExportPath.

backend - 3

  1. Update MergeCommitReportsController to accept an optional commit hash paramater.
  2. Check if the merge commit exists, if it does not then flash an error message.
  3. Update MergeRequestsFinder to find by a commit hash (merge_commit_sha || squash_commit_sha || diff_head_sha).

Milestone Goals

Edited by Jiaan Louw