Gitlab Duo
GitLab Duo Integration
GitLab Duo is GitLab's AI-powered suite of features that enhance the software development lifecycle. OSSA provides seamless integration with GitLab Duo, enabling you to standardize and orchestrate AI-powered workflows across your GitLab projects.
Overview
GitLab Duo combines multiple AI capabilities including:
- Code Suggestions: AI-powered code completion and generation
- Chat: Conversational AI assistance for development tasks
- Code Review: Automated code review and security scanning
- Vulnerability Explanation: AI-powered security vulnerability analysis
- Test Generation: Automated test case creation
- Merge Request Summaries: AI-generated MR descriptions
OSSA enables you to define GitLab Duo agents as standardized manifests, making them portable, version-controlled, and reproducible across teams and projects.
Key Benefits
- Standardized Agent Definitions: Define GitLab Duo workflows using OSSA manifests
- Version Control: Track agent configurations alongside your code
- CI/CD Integration: Trigger agents automatically in GitLab pipelines
- Multi-Project Orchestration: Coordinate agents across multiple repositories
- Compliance & Governance: Apply consistent policies to AI-powered workflows
Getting Started
Prerequisites
- GitLab account with Duo access (Ultimate tier or trial)
- GitLab project with CI/CD enabled
- OSSA-compatible runtime or GitLab Runner
Basic Setup
- Create an OSSA manifest for your GitLab Duo agent:
# .gitlab/agents/code-reviewer/manifest.ossa.yaml ossa_version: "1.0" agent: name: "GitLab Duo Code Reviewer" version: "1.0.0" description: "Automated code review agent using GitLab Duo" capabilities: - name: "code_review" type: "analysis" provider: "gitlab_duo" tasks: - id: "review_merge_request" name: "Review Merge Request" trigger: event: "merge_request_created" actions: - type: "gitlab_duo_chat" prompt: "Review this merge request for code quality, security issues, and best practices" context: - type: "merge_request_diff" - type: "create_comment" target: "merge_request" - id: "suggest_improvements" name: "Suggest Code Improvements" actions: - type: "gitlab_duo_code_suggestions" scope: "changed_files" - type: "create_commit" message: "Apply GitLab Duo suggestions"
- Configure GitLab CI/CD to run your agent:
# .gitlab-ci.yml include: - local: '.gitlab/agents/code-reviewer/manifest.ossa.yaml' code_review: stage: test script: - ossa run .gitlab/agents/code-reviewer/manifest.ossa.yaml rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- Enable GitLab Duo in your project settings:
- Navigate to Settings > General > Visibility
- Enable "GitLab Duo features"
- Configure access permissions
Use Cases
1. Automated Code Review Agent
Create an agent that automatically reviews merge requests using GitLab Duo's AI capabilities:
ossa_version: "1.0" agent: name: "MR Review Assistant" version: "1.0.0" tasks: - id: "comprehensive_review" name: "Comprehensive MR Review" trigger: event: "merge_request_opened" actions: - type: "gitlab_duo_review" checks: - security_vulnerabilities - code_quality - test_coverage - performance_issues - type: "post_review_comment" template: | ## GitLab Duo Review Results **Security**: {{security_score}}/10 **Quality**: {{quality_score}}/10 **Coverage**: {{coverage_percentage}}% ### Recommendations {{recommendations}}
2. Security Vulnerability Scanner
Leverage GitLab Duo's vulnerability detection with OSSA orchestration:
ossa_version: "1.0" agent: name: "Security Scanner" version: "1.0.0" tasks: - id: "scan_vulnerabilities" name: "Scan for Security Issues" schedule: "0 2 * * *" # Daily at 2 AM actions: - type: "gitlab_duo_vulnerability_scan" scope: "full_project" - type: "gitlab_duo_explain_vulnerability" for_each: "{{vulnerabilities}}" - type: "create_issue" if: "{{vulnerability_count}} > 0" title: "Security vulnerabilities detected" labels: ["security", "gitlab-duo"]
3. Test Generation Agent
Automatically generate tests for new code using GitLab Duo:
ossa_version: "1.0" agent: name: "Test Generator" version: "1.0.0" tasks: - id: "generate_tests" name: "Generate Unit Tests" trigger: event: "merge_request_created" conditions: - "{{changed_files}} contains '.py' or '.js'" actions: - type: "gitlab_duo_generate_tests" files: "{{changed_files}}" framework: "auto_detect" - type: "create_commit" branch: "{{source_branch}}" message: "Add AI-generated tests" files: "{{generated_test_files}}"
4. Documentation Assistant
Use GitLab Duo to maintain up-to-date documentation:
ossa_version: "1.0" agent: name: "Docs Assistant" version: "1.0.0" tasks: - id: "update_docs" name: "Update Documentation" trigger: event: "push" conditions: - "{{changed_files}} contains 'src/'" actions: - type: "gitlab_duo_chat" prompt: "Analyze the code changes and suggest documentation updates" context: - type: "diff" - type: "existing_docs" - type: "create_merge_request" title: "Update documentation for recent changes" description: "{{duo_suggestions}}"
Advanced Configuration
Multi-Agent Coordination
Coordinate multiple GitLab Duo agents for complex workflows:
ossa_version: "1.0" agent: name: "CI/CD Orchestrator" version: "1.0.0" agents: - ref: ".gitlab/agents/code-reviewer/manifest.ossa.yaml" - ref: ".gitlab/agents/test-generator/manifest.ossa.yaml" - ref: ".gitlab/agents/security-scanner/manifest.ossa.yaml" workflow: - step: "code_review" agent: "code-reviewer" wait_for_completion: true - step: "generate_tests" agent: "test-generator" condition: "{{code_review.approved}}" - step: "security_scan" agent: "security-scanner" parallel: true
Custom Prompts and Context
Customize GitLab Duo interactions with specific prompts:
tasks: - id: "custom_review" name: "Custom Code Review" actions: - type: "gitlab_duo_chat" prompt: | Review this code with focus on: 1. Adherence to our coding standards (see CONTRIBUTING.md) 2. Performance implications for high-traffic endpoints 3. Database query optimization 4. Error handling and logging context: - type: "merge_request_diff" - type: "file" path: "CONTRIBUTING.md" - type: "file" path: "docs/architecture.md" temperature: 0.3 # More deterministic responses
Integration with GitLab Features
Issue Management
Create and manage GitLab issues from agent actions:
tasks: - id: "create_improvement_issues" name: "Create Improvement Issues" actions: - type: "gitlab_duo_code_suggestions" scope: "full_project" - type: "create_issue" for_each: "{{suggestions}}" title: "Code improvement: {{suggestion.title}}" description: "{{suggestion.description}}" labels: ["improvement", "gitlab-duo"] assignee: "{{suggestion.file_owner}}"
Pipeline Integration
Integrate agents into GitLab CI/CD pipelines:
# .gitlab-ci.yml stages: - review - test - deploy duo_review: stage: review script: - ossa run .gitlab/agents/code-reviewer/manifest.ossa.yaml artifacts: reports: ossa_review: review-results.json rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' duo_test_generation: stage: test script: - ossa run .gitlab/agents/test-generator/manifest.ossa.yaml dependencies: - duo_review rules: - if: '$CI_MERGE_REQUEST_APPROVED == "true"'
Best Practices
- Version Control Agent Manifests: Store OSSA manifests in
.gitlab/agents/directory - Use Descriptive Names: Name agents clearly to indicate their purpose
- Implement Error Handling: Add fallback actions for API failures
- Monitor Agent Activity: Track agent executions in GitLab CI/CD logs
- Secure Credentials: Use GitLab CI/CD variables for API tokens
- Test Locally: Validate manifests before committing to repository
- Document Custom Prompts: Maintain prompt templates in version control
Troubleshooting
Common Issues
Agent not triggering on merge requests:
- Verify GitLab Duo is enabled in project settings
- Check CI/CD pipeline rules and conditions
- Ensure OSSA runtime has necessary permissions
GitLab Duo API errors:
- Confirm your GitLab tier includes Duo features
- Check API rate limits and quotas
- Verify authentication tokens are valid
Inconsistent results:
- Adjust temperature parameter for more deterministic outputs
- Provide more specific context in prompts
- Use structured output formats
Resources
Next Steps
- Explore GitLab Duo examples
- Read the migration guide
- Join the OSSA community
- Check out advanced orchestration patterns