Disclaimer, this is meant to mimic what GitLab already does with Jira.

The goal is to be able to automatically change an artifact to Done when a commit with a message containing "Closes TULEAP-1234" is merged into the main GitLab branch.

There are 3 keywords that are supported:

• Resolves TULEAP-1234
• Closes TULEAP-1234
• Fixes TULEAP-1234

Commit made in GitLab

The artifact is closes when the commit message match the defined format and the commit is made in the GitLab defined main branch (might not be master).

When the provided ID (1234 in TULEAP-1234 for instance) matches an artifact in the same project than the integrated repository:

• if the tracker have a Done semantic, the corresponding value is used.
  • As Done semantic is provided by Agile Dashboard, we should first investigate if it's possible to transfer to Tracker. If not possible to transfer, the Done part will not be implemented
• if there is no Done semantic, the first value of Closed semantic is used.
• otherwise, no attempt to transition is made but a comment is added to follow-up "User XXX attempt to close this artifact from GitLab but neither Done or Closed semantic defined".

If the target value exists and the workflow authorize the transition, the artifact is updated to the "Closed" value with a follow-up comment made by Workflow_Aritfact_Useron the behalf of the user:

• Resolves => solved by @user with gitlab_commit #....
• Closes => closed by @user with gitlab_commit #....
• Fixes => <tracker_shortname> fixed by @user with gitlab_commit #....

Matching for @user is made with email address if there is only one address that corresponds in Tuleap database. If more than one user match or if no user matches at all, the "author" name is used.

(the message is in English, regardless of the lang used by the commit author)

Edge cases

• If target artifact is already closed, no update is done (neither artifact change nor comment) but something is logged for admin troubleshooting.

Security implication

As always cross boundaries features that involve permissions are tricky to get right. Esp. with git that allows arbitrary email and user name. Closing an artifact is a very sensitive action hence it should not be open wild.

At the integration level (repository), there is a checkbox (disabled by default) [] allows commit on GitLab to close Tuleap artifacts in this project.

• By default, existing integrations will have the feature disabled (but they can edit the integration to activate)
• It's limited to artifacts within the associated project.
• but it applies to all artifacts of the project.