We’re trying to get Gitlab setup so that we can enforce some code quality but hitting a few troubles. I was wondering if someone could give me a few pointers for areas to improve.
The developers here use something like Github-flow for working. They take a feature branch, work on that branch, submit a MR for code review, that goes into the live code base. But the trouble was that developers were pushing their own code straight into master without much thought. No matter how many times we said “Don’t do that”, someone always did.
So we’ve locked down the permissions so nearly everyone is a developer & there’s a few masters. Now as master is a protected branch by default, they can only get code into master via a merge request. As they aren’t master, they also can’t accept this merge request themselves.
Trouble is now that developer’s can’t create projects themselves. A master has to setup a project before they can merge any code into it. Is there a way around this? Once Gitlab 8.9 is out, people shouldn’t be able to approve their own MR’s, so there’s a chance I can put everyone back to master. But that hardly seems right either.
What does everyone else do? Any tips for a secure workflow that let’s developers get on with things but ensures their code is given the one over before pushing live?