GitLab CI CD Operations CheatSheet 1731972419
GitLab CI CD Operations CheatSheet 1731972419
2. Job Control
3. Environment Variables
4. Conditional Execution
5. Docker Operations
6. Kubernetes Operations
8. Caching
11. Deployment
12. Notifications
stages:
- prepare
- build
- test
- security
- deploy
- post-deploy
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
KUBERNETES_NAMESPACE: ${CI_PROJECT_PATH_SLUG}-${CI_COMMIT_REF_SLUG}
include:
- template: Auto-DevOps.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/DAST.gitlab-ci.yml
# Cache configuration
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
- .npm/
# Job templates
.build_template: &build_definition
stage: build
image: node:14
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
.test_template: &test_definition
stage: test
image: node:14
script:
- npm ci
# Jobs
prepare:
stage: prepare
image: alpine:latest
script:
- apk add --no-cache curl
- curl -o .env.$CI_COMMIT_REF_NAME
https://config-server.example.com/config/$CI_COMMIT_REF_NAME
artifacts:
paths:
- .env.$CI_COMMIT_REF_NAME
lint:
stage: test
image: node:14
script:
- npm ci
- npm run lint
allow_failure: true
unit_test:
<<: *test_definition
script:
- npm ci
- npm run test:unit
integration_test:
<<: *test_definition
script:
- npm ci
- npm run test:integration
build:
<<: *build_definition
container_build:
stage: build
image: docker:stable
services:
- docker:dind
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
dependency_scanning:
deploy_review:
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
- kubectl config set-cluster k8s --server="$KUBE_URL"
--insecure-skip-tls-verify=true
- kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=gitlab
- kubectl config use-context default
- sed -i "s~IMAGE_TAG~${CI_COMMIT_SHA}~g" k8s/deployment.yaml
- kubectl apply -f k8s/deployment.yaml -n $KUBERNETES_NAMESPACE
environment:
name: review/$CI_COMMIT_REF_NAME
url: https://$CI_ENVIRONMENT_SLUG.example.com
only:
- merge_requests
deploy_staging:
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
- kubectl config set-cluster k8s --server="$KUBE_URL"
--insecure-skip-tls-verify=true
- kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=gitlab
- kubectl config use-context default
- sed -i "s~IMAGE_TAG~${CI_COMMIT_SHA}~g" k8s/deployment.yaml
- kubectl apply -f k8s/deployment.yaml -n staging
environment:
name: staging
url: https://staging.example.com
only:
- develop
deploy_production:
stage: deploy
performance:
stage: post-deploy
image: docker:git
variables:
URL: https://$CI_ENVIRONMENT_SLUG.example.com
script:
- mkdir lighthouse
- docker run --rm -v $(pwd)/lighthouse:/home/chrome/reports
femtopixel/google-lighthouse $URL
- mv lighthouse/*.report.html performance.html
artifacts:
paths:
- performance.html
only:
- master
sentry_release:
stage: post-deploy
image: getsentry/sentry-cli
script:
- sentry-cli releases new -p $SENTRY_PROJECT $CI_COMMIT_SHA
- sentry-cli releases set-commits --auto $CI_COMMIT_SHA
- sentry-cli releases finalize $CI_COMMIT_SHA
only:
- master
notification:
stage: .post
script:
- 'curl -X POST -H "Content-type: application/json" --data