GitLab Settings

This section provides an overview of configurable settings within the GitLab for groups and projects. These settings allow to tailor project and group-level behaviours, optimise pipeline performance, manage security protocols and enhance software development processes.

The following tables categorise settings as either Mandatory (Non-Negotiable), Best Practice (Optional), or provide a Recommended State for each setting. This format aims to guide the alignment of project’s configuration with SKAO standards and best practices, ensuring optimal setup for development and operational needs.

All other settings not presented here as Mandatory are considered “Optional” and are pre-configured to align with SKAO principles as Best Practice. This ensures that even default configurations adhere to our standards, simplifying the setup process and maintaining consistency across projects and groups.

For further insights and a brief overview directly within the platform, you can also refer to the settings section on the GitLab interface. This can provide practical context and help with navigating the settings in your own projects.

Group Variables

This section discusses the settings for variables that are applicable at the group level. Group variables are shared across all projects under a group in GitLab, providing a convenient way to manage and apply configurations uniformly. These variables can significantly streamline the setup of pipelines across multiple projects, ensuring consistency in environmental settings, credentials, and other configurations that are common across the group.

Understanding and correctly configuring these variables is crucial for maintaining efficiency and security at the group level.

General Settings

These settings apply to the overall configuration of GitLab groups, impacting the fundamental operations and access controls.

General Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Visibility Level	Mandatory	Public	Public
Members cannot invite groups outside of SKAO and its subgroups	Mandatory	Enabled	Enabled
Email notifications	Mandatory	Disabled	Enabled
Wiki	Mandatory	Disabled	Enabled
Large File Storage	Mandatory	Enabled	Enabled
Roles allowed to create projects	Mandatory	No one	No one
Roles allowed to create subgroups	Mandatory	Owners	Owners
Users can request access (if visibility is public or internal)	Mandatory	Disabled	Disabled
Users cannot be added to projects in this group	Mandatory	Disabled	Disabled
Customer relations is enabled	Mandatory	Disabled	Disabled

Merge Request Settings

These settings are specific to managing and configuring merge requests within GitLab groups, ensuring proper workflow and review processes.

Merge Request Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Pipelines must succeed	Mandatory	Enabled	Disabled
Skipped pipelines are considered successful	Mandatory	Disabled	Disabled
Best Practice Settings
All threads must be resolved	Best Practice	Enabled	Disabled

Repository Settings

These settings pertain to the configuration and management of repositories in GitLab groups, affecting how code is stored, accessed, and managed.

Repository Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Initial default branch name	Mandatory	main	main
Initial default branch protection	Mandatory	Protected	Protected
Best Practice Settings
Allowed to push to initial branch	Best Practice	No one	Maintainers
Allowed to force push	Best Practice	Disabled	Disabled
Require approval from code owners	Best Practice	Enabled	Disabled
Allow developers to push to the initial commit	Best Practice	Disabled	Disabled
Do not allow users to remove Git tags with git push	Best Practice	Enabled	Disabled

CI/CD Settings

These settings are specific to managing and configuring CI/CD pipelines within GitLab groups, ensuring consistent and efficient workflows across multiple projects.

CI/CD Variables: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Variables	Mandatory	Passwords: Masked	Disabled
Enable instance runners for this group	Mandatory	Enabled	Enabled
Allow projects and subgroups to override the group setting	Mandatory	Disabled	Disabled
Auto DevOps	Mandatory	Disabled	Disabled
Best Practice Settings
Protected environments	Best Practice	production; Allowed to deploy: Maintainers	Disabled
Enable stale runner cleanup	Best Practice	Enabled	Disabled

Project Variables

Project variables are specific to each project in GitLab, providing a way to manage and apply configurations tailored to the needs of individual projects. These variables can significantly streamline the setup of pipelines within a project, ensuring consistency in environmental settings, credentials, and other configurations that are specific to the project.

Understanding and correctly configuring these variables is crucial for maintaining efficiency and security at the project level.

General Settings

These settings apply to the overall configuration of GitLab projects, impacting the fundamental operations and access controls.

General Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Visibility Level	Mandatory	Public	Public
Users can request access	Mandatory	Disabled	Disabled
Issues	Mandatory	Disabled	Disabled
Security and compliance	Mandatory	Only Project Members	Only Project Members
Best Practice Settings
Enable CVE ID requests in the issue sidebar	Best Practice	Disabled	Enabled
Model experiments	Best Practice	Disabled	Enabled

Repository Settings

These settings pertain to the configuration and management of the repository, affecting how code is stored, accessed, and managed.

Repository Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Initial default branch name	Mandatory	main	main
Best Practice Settings
Do not allow users to remove Git tags with git push	Best Practice	Enabled	Disabled

Merge Request Settings

These settings are specific to managing and configuring merge requests within GitLab projects, ensuring proper workflow and review processes.

Merge Request Settings: Requirements and States
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Merge commit	Mandatory	Enabled	Enabled
Squash commits when merging	Mandatory	Do not Allow	Allow
Enable “Delete source branch” option by default	Mandatory	Enabled	Enabled
Pipelines must succeed	Mandatory	Enabled	Enabled
Skipped pipelines are considered successful	Mandatory	Disabled	Disabled
Prevent editing approval rules in merge requests	Mandatory	Enabled	Disabled
Status checks must succeed	Mandatory	Enabled	Enabled
Status checks	Mandatory	Service name: Marvin	Service name: Marvin
Best Practice Settings
Automatically resolve merge request diff threads when they become outdated	Mandatory	Enabled	Disabled
Show link to create or view a merge request when pushing from the command line	Best Practice	Enabled	Enabled
All threads must be resolved	Best Practice	Enabled	Enabled
Require an associated issue from Jira	Best Practice	Enabled	Disabled
Prevent approvals by users who add commits	Best Practice	Enabled	Disabled
Enable suggested reviewers	Best Practice	Enabled	Disabled

CI/CD Settings

These settings are specific to managing and configuring CI/CD pipelines within individual GitLab projects.

CI/CD Settings: Requirements, States, and Defaults
Setting	Requirement	SKAO Required State	Default State
Mandatory Settings
Public Pipelines	Mandatory	Enabled	Enabled
Auto-cancel Redundant Pipelines	Mandatory	Enabled	Enabled
CI/CD Configuration File	Mandatory	Default	Default
Git Strategy	Mandatory	git fetch	git fetch
Default to Auto DevOps pipeline	Mandatory	Disabled	Disabled
Keep artifacts from most recent successful jobs	Mandatory	Enabled	Enabled
Variables	Mandatory	Passwords: Masked	Disabled
Job token permissions	Mandatory	Only this project and any groups and projects in the allowlist	Only this project and any groups and projects in the allowlist
Best Practice Settings
Protected environments	Best Practice	production; Allowed to deploy: Maintainers	Disabled
Git Shallow Clone	Best Practice	50	20
Timeout	Best Practice	2h	1h