Security versus usability: This is a tradeoff we’re all familiar with in software development, and even applies to hosting your code. Part of the challenge of enterprise-grade repository management is the ability to keep your intellectual property secure, while safely exposing the public-facing parts of your code to the people who need to access it.
Recently we’ve given more flexibility and granularity in the way that your code is exposed: 2.0 introduced the ability to protect certain branches with branch permissions, and 2.4 allowed you to expose individual repositories outside of your core development team with repository permissions. Today, we are pleased to announce Stash 2.5, the final piece of the puzzle: public access to projects and repositories.
Public access to projects and repositories
Public access provides users with read-only access to select projects and repositories without having to log in or have an account in Stash. Opening up access to Stash allows you to:
- Broadcast your code to a wider audience who generally don’t have access to your source.
- Simplify setup of build servers and automated systems without requiring a log in.
- Link from other systems like JIRA or Confluence, to give users access to code without requiring authentication.
- Create open-source projects or repositories.
In Stash, public access increases cross-project, cross-team, and cross-tool collaboration and visibility. Administrators can easily open up access to single repositories or entire projects, allowing anonymous users to browse code via the web UI, or clone it using any Git client. Internal or external anonymous users (or tools) will have read-only access to public assets in Stash. This lowers the barrier to discovering, collaborating on, and contributing code in Stash – for everyone.
Broadcast your code to a wider audience
These days, enterprises are constantly trying to encourage developers to collaborate, and suggest enhancements or fixes. Most core development teams can already view everything in their project in Stash; this is about opening up access to a larger group of developers. This allows external users to get visibility into your project’s source code, while still ensuring that only core team members have write access to the repository.
Simplify access from build servers and automated systems
By turning public access on, you can simplify the configuration of your IT infrastructure. Build systems such as Bamboo or Jenkins need to clone Stash repositories. Git submodules reference other repositories in Stash. Scripts update Git repositories on several servers at a time to get the latest code just before a test run. All these scenarios can now access Stash without requiring a login.
Link from other systems
Linking to code assets from other internal systems is common – wikis, issue trackers, project management tools, documents, and more. Stash 2.5 allows you to link to your code assets from any system, without requiring non-developers to have an account on Stash. Nowadays, code bases contain documentation, images, human-readable configuration files, and BDD specifications. It’s great to be able to point your product managers, designers, quality assurance staff, testers, and documentation teams to those assets without requiring them to know Git, or have an account on your Stash instances.
For JIRA issue tracker users, Stash commits appear in the source tab of JIRA issues, regardless of who the user is or whether or not they’re logged in. Now, if a repository or project has public access enabled, when you click on the “view full commit” button, you can see the full source behind those commits in Stash.
Go open source, but keep the code on your own infrastructure
Many businesses ship source code to the public as part of their releases. APIs, connectors, client libraries, and integration code examples can all make up part of the deliverables provided to your customers – so why host them on an external service that you don’t control? Public Stash projects and repositories allow you to deliver code straight from your servers, using the same infrastructure you use for hosting your internal source.
Refined collaboration with pull request improvements
On the Stash team, we’re constantly looking for ways to improve the experience of existing features. In Stash 2.5 our development team found ways to refine pull requests and keep teams in the flow of development during code reviews.
Edit an active pull request’s destination branch
When creating a pull request in Stash, you define the destination (or target) branch you want to merge your code changes into. It’s easy to accidentally create a pull request with the wrong target branch, and then you have no choice but to decline and recreate it. This is not ideal. In Stash 2.5, you can change the target branch for an active pull request. This can be useful after a cut of a release branch, or if a mistake was made when the pull request was first opened.
Get more context in diffs
Context is king. We know instinctively that bug fixes are 90 percent about fact finding, context, and discovery, and only 10 percent about actual code changes.
Seeing more relevant content when you need it is highly beneficial, so we’ve added a seamless way for you to expand the lines of code you see around the diff in a pull request or commit. This allows you to see up to the whole file, if you want. The goal is to simplify the code review aspect of pull requests.
Over time, Git repositories evolve, committers change, their emails change; everything is in constant flux. Starting today, Stash understands the directives in the .mailmap configuration file (see Mapping Authors for the format). With this, Stash can properly track users – even when they commit from multiple email addresses, or with different names (provided they record the changes in the .mailmap file).
Go public with Stash 2.5
Foster external participation and enjoy even more streamlined code collaboration with Stash 2.5. Start a free trial and get up and running in a matter of minutes.
Already using Stash? Your upgrade to 2.5 is just a click away. Check out our full release notes to get started.