cve-dashboard/.kiro/steering/gitlab-workflow.md

GitLab Issue Traceability

Commit Messages

When a commit fixes or resolves a GitLab issue:

• Include Closes #N (or Fixes #N) on its own line at the end of the commit message body, where N is the GitLab issue number.
• If the fix addresses multiple issues, include one Closes #N per issue, each on its own line.
• The CI pipeline's after_script will auto-comment on the referenced issues with a link to the deploy pipeline.

Example:

Fix duplicate chart entries on compliance page

Aggregate /trends and /category-trend by report_date instead of per-upload row.

Closes #12

Issue References in Code

When working from a GitLab issue, reference the issue number in:

• The commit message (required — Closes #N)
• The spec's bugfix.md introduction (for traceability from spec to issue)
• Test file header comments (optional — helps future developers find context)

Closing Issues

• Prefer closing issues via commit message keywords (Closes, Fixes, Resolves) so GitLab auto-closes them when the pipeline succeeds on the default branch.
• If a commit was pushed without the keyword, close the issue via the API after confirming the deploy succeeded.

Pipeline Notifications

The deploy-staging and deploy-production jobs in .gitlab-ci.yml have after_script blocks that parse #N references from the commit message and post a comment on each referenced issue with a link to the pipeline. This requires GITLAB_PAT to be set as a CI/CD variable in the project settings.

Setup Required

1. Go to Settings → CI/CD → Variables in the GitLab project
2. Add variable: GITLAB_PAT = the project access token (already exists as glpat-... in backend/.env)
3. Mark it as Protected and Masked