jramos/cve-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ops/records
cve-dashboard/.kiro/steering/gitlab-workflow.md
Jordan Ramos a61d254ff9 Sync .kiro/ from master — v2.2.0 release batch 
New specs: archer-template-library, ccp-metrics-view-restructure,
compliance-list-stale-after-sidebar-edit, compliance-metric-estimated-resolution-date,
compliance-remediation-display-fix, flexible-jira-ticket-creation,
forecast-burndown-chart, granite-loader-export, ivanti-queue-clear-completed-fix,
multi-item-jira-ticket, queue-collapsible-sections, vendor-issue-type-dropdown

New steering: archer-template-gen.md

Updated: migration-registration-check hook, remediation-plan-history spec,
gitlab-workflow, tech, versioning steering files
2026-06-04 11:27:31 -06:00

2.3 KiB
Raw Permalink Blame History

GitLab Issue Traceability

Commit Messages

When a commit fixes or resolves a GitLab issue:

  • Include Closes #N (or Fixes #N) on its own line at the end of the commit message body, where N is the GitLab issue number.
  • If the fix addresses multiple issues, include one Closes #N per issue, each on its own line.
  • The CI pipeline's after_script will auto-comment on the referenced issues with a link to the deploy pipeline.

Example:

Fix duplicate chart entries on compliance page

Aggregate /trends and /category-trend by report_date instead of per-upload row.

Closes #12

Issue References in Code

When working from a GitLab issue, reference the issue number in:

  • The commit message (required — Closes #N)
  • The spec's bugfix.md introduction (for traceability from spec to issue)
  • Test file header comments (optional — helps future developers find context)

Closing Issues

  • Prefer closing issues via commit message keywords (Closes, Fixes, Resolves) so GitLab auto-closes them when the pipeline succeeds on the default branch.
  • If a commit was pushed without the keyword, close the issue via the API after confirming the deploy succeeded.
  • Always post a brief summary comment on the issue when closing it. One or two sentences describing what was done is enough — the goal is that anyone reading the issue later understands the resolution without digging through commits. Post the comment via the GitLab API: 
    curl --silent --request POST \
  --header "PRIVATE-TOKEN: $GITLAB_PAT" \
  --header "Content-Type: application/json" \
  --data '{"body": "Fixed in <commit>. <1-2 sentence summary of what changed>."}' \
  "http://steam-gitlab.charterlab.com/api/v4/projects/13/issues/<N>/notes"

Pipeline Notifications

The deploy-staging and deploy-production jobs in .gitlab-ci.yml have after_script blocks that parse #N references from the commit message and post a comment on each referenced issue with a link to the pipeline. This requires GITLAB_PAT to be set as a CI/CD variable in the project settings.

Setup Required

  1. Go to Settings → CI/CD → Variables in the GitLab project
  2. Add variable: GITLAB_PAT = the project access token (already exists as glpat-... in backend/.env)
  3. Mark it as Protected and Masked
Reference in New Issue View Git Blame Copy Permalink