15. GitLab Workflow & Best Practices

To run a high-performance engineering organization, it is not enough to just use GitLab's tools; you must implement a structured, disciplined development workflow. This final chapter explores the official GitLab Flow branching strategy, secure credential setups, and essential team best practices.

GitLab Flow: Streamlined Branching

While *Git Flow* is often considered overly complex with its separate release, hotfix, and develop branches, and *GitHub Flow* is considered too simple (assuming direct deployment to production on every merge), GitLab Flow offers a pragmatic, environment-driven middle ground.

In GitLab Flow, all changes originate as feature branches that merge directly into the `main` branch. However, you use downstream environment branches to track deployments:

feature-1 ───╮
feature-2 ───┼──>  [main]  ──>  [pre-production]  ──>  [production]
feature-3 ───╯

• Feature Branches: Short-lived branches created for specific issues. Developers commit their code, run CI tests, and open Merge Requests.
• Main Branch: Represents code that is fully tested, reviewed, and ready to deploy. If you deploy to staging automatically, `main` points to your staging environment.
• Environment Branches: Branches like `pre-production` and `production`. To deploy to production, you create a Merge Request from `main` to `production`. This makes deployments completely auditable via standard merge history!

Setting Up Secure SSH Authentication

To push and pull code securely without entering your username and password, you should configure SSH.

Step 1: Generate an SSH Key Pair

Open your local command line terminal and generate a secure ED25519 key:

ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default file storage paths.

Step 2: Copy the Public Key

View the contents of your public key and copy the printed text:

cat ~/.ssh/id_ed25519.pub

Step 3: Add to GitLab

In GitLab, click your profile icon in the top right corner and navigate to Preferences > SSH Keys. Click Add New Key, paste your copied public key, set an expiration date, and save. You can now push and pull using the `git@gitlab.com:...` endpoints!

Five Critical GitLab Best Practices

1. Protect Your Primary Branches: Go to Settings > Repository > Protected Branches. Configure `main` so that developers CANNOT push directly or force-push. All code MUST go through a reviewed Merge Request.
2. Keep Pipelines Fast: Optimize Docker caching, split heavy jobs into parallel steps, and keep build artifacts small. A developer should not wait more than 10 minutes for pipeline feedback.
3. Enforce Secret Scanning: Never hardcode API keys or secrets in your repositories. Run GitLab's built-in Secret Detection in your default templates.
4. Use Scoped Labels for Workflows: Implement double-colon labels like `status::triaged`, `status::doing`, and `status::in-review` to create self-cleaning Kanban boards.
5. Minimize Repository Size: Keep large media assets out of your git history. Use Git LFS (Large File Storage) to track big binaries like images, PDFs, or compiled weights without bloating download times.