Open-Source Wikis

/

GitLab

/

How to contribute

/

Tooling

gitlab-org/gitlab

Tooling

The build, lint, and quality tooling that backs every MR.

Linters and formatters

Tool What it lints Config
RuboCop Ruby style + ~150 GitLab cops .rubocop.yml, rubocop/cop/, .rubocop_todo/
HAML-Lint HAML views .haml-lint.yml
ESLint JS / Vue eslint.config.mjs (~28K LoC), .eslint_todo/
Stylelint SCSS .stylelintrc
Prettier JS / Vue / Markdown formatting .prettierrc
markdownlint Markdown style .markdownlint-cli2.yaml
Vale Documentation prose .vale.ini
yamllint YAML .yamllint
gettext-lint i18n strings invoked from scripts/i18n_*
golangci-lint Workhorse Go workhorse/.golangci.yml
Gitleaks secret scanning .gitleaks.toml

The "todo" subdirectories (.rubocop_todo/, .eslint_todo/) hold per-rule allowlists that gradually shrink as code is fixed.

Custom GitLab RuboCop cops

rubocop/cop/gitlab/ defines GitLab-specific cops, including:

  • BoundedContexts — enforces namespace registration.
  • FeatureCategory — requires a category on every controller, service, worker.
  • MissingFeatureCategory — same, for Gemfile entries.
  • ChangeTimezone — bans Time.now; use Time.zone.now.
  • PolicyRuleBoolean — guards declarative_policy idioms.
  • BulkInsert — flags non-bulk insert patterns in migrations.
  • Many more under rubocop/cop/.

The cop list is curated; if you find yourself adding # rubocop:disable, justify it with a reference to a follow-up issue.

Lefthook

Local pre-push and pre-commit hooks are managed by Lefthook (lefthook.yml). It runs only on changed files for fast feedback. The config (~17K LoC) covers all linters above plus migration validators.

Install: lefthook install Bypass: LEFTHOOK=0 git push (discouraged).

Danger

The Danger bot runs in CI and posts MR comments. Rules live in danger/ (~58 subdirectories, one per rule). Examples:

  • danger/changelog/ — warns when a user-visible change has no changelog trailer.
  • danger/database/ — flags migration risk.
  • danger/feature_flag/ — verifies feature flag YAML hygiene.
  • danger/code_review/ — suggests reviewers and maintainers.
  • danger/sidekiq_queues/ — flags untagged or new queues.
  • danger/specs/ — warns about feature category metadata, ee/foss split, etc.

The Dangerfile at the repo root composes all rules.

Housekeeper

gems/gitlab-housekeeper/ and keeps/ are an automated MR generator. A "keep" describes a code transformation; the housekeeper runs them on a schedule and opens MRs for human review. Examples in keeps/:

  • Removing rolled-out feature flags.
  • Migrating tables to bigint.
  • Refreshing dependency lists.

Build tools

Asset Tool Config
Main JS bundle Webpack config/webpack.config.js
Frontend islands Vite vite.config.js, config/vite.json
Tailwind PostCSS + Tailwind config/tailwind.config.js, postcss.config.js
GraphQL schema graphql-ruby rake task bin/rake gitlab:graphql:schema:dump
OpenAPI for some APIs Grape OpenAPI gem config/open_api.yml
Migration regeneration scripts/regenerate-schema

CI templates

.gitlab/ci/ holds dozens of reusable templates split by stage and concern. Top-level template files include:

  • lint.gitlab-ci.yml
  • frontend.gitlab-ci.yml
  • rspec.gitlab-ci.yml
  • qa.gitlab-ci.yml
  • pages.gitlab-ci.yml
  • setup-test-env.gitlab-ci.yml

The root .gitlab-ci.yml includes them. Pipelines branch by:

  • MR type (community vs internal).
  • Ruby version (default vs rails-next).
  • AIGW-triggered runs (TRIGGERED_BY_AI_GATEWAY_PROJECT).
  • Stable branches and security mirror sync.

Generators

generator_templates/ and lib/generators/ hold custom Rails generators:

  • bin/rails generate migration ...
  • bin/rails generate event ... for EventStore events.
  • bin/rails generate gitlab:internal_event ... for product analytics.

Gemfile.next pattern

The repo dual-tracks Ruby/Rails upgrades:

  • Gemfile — pinned to the current shipping Ruby/Rails.
  • Gemfile.next — symlinks to Gemfile but is loaded with BUNDLE_GEMFILE=Gemfile.next and next? switches in the Gemfile DSL pick alternate versions.

CI runs both pipelines so upgrades land without a long-lived branch.

Schema and data validators

Several scripts run in CI to keep the database safe:

  • scripts/validate_migration_checksum
  • scripts/validate_migration_schema
  • scripts/validate_migration_timestamps
  • scripts/validate_name_collisions_between_migrations
  • scripts/validate_loose_foreign_keys_ordering
  • scripts/validate_schema_changes
  • scripts/i18n_lint_doc.sh — Vale + Markdown lint pass on docs.
  • scripts/lint-docs-redirects.rb — keeps docs redirects coherent.
  • scripts/lint-docs-link-check.sh — broken link detector.

Where to add new tooling

  • A new RuboCop cop: rubocop/cop/gitlab/<your_cop>.rb plus rubocop/cop/gitlab.rb registration.
  • A new Danger rule: danger/<your_rule>/Dangerfile.
  • A new keep: keeps/<your_keep>.rb.
  • A new linter: a stage in .gitlab/ci/lint.gitlab-ci.yml plus a Lefthook entry.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Tooling – GitLab wiki | Factory