0% found this document useful (0 votes)
317 views11 pages

GitLab CI CD Operations CheatSheet 1731972419

This document is a comprehensive cheat sheet for GitLab CI/CD operations, covering various aspects such as pipeline configuration, job control, environment variables, Docker and Kubernetes operations, testing, deployment strategies, and advanced techniques. It includes code snippets and examples for defining stages, jobs, artifacts, caching, notifications, and security compliance. The document serves as a quick reference for implementing CI/CD workflows in GitLab, with a complete pipeline example provided at the end.

Uploaded by

vamsitarak55
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
317 views11 pages

GitLab CI CD Operations CheatSheet 1731972419

This document is a comprehensive cheat sheet for GitLab CI/CD operations, covering various aspects such as pipeline configuration, job control, environment variables, Docker and Kubernetes operations, testing, deployment strategies, and advanced techniques. It includes code snippets and examples for defining stages, jobs, artifacts, caching, notifications, and security compliance. The document serves as a quick reference for implementing CI/CD workflows in GitLab, with a complete pipeline example provided at the end.

Uploaded by

vamsitarak55
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

# [ GitLab CI/CD Operations ] ( CheatSheet )

1. Basic Pipeline Configuration

● Define stages: stages: [build, test, deploy]


● Define a job: job_name: {script: ["command1", "command2"]}
● Set job stage: job_name: {stage: build}
● Set job image: job_name: {image: alpine:latest}
● Set job tags: job_name: {tags: [docker, linux]}

2. Job Control

● Manual job trigger: job_name: {when: manual}


● Allow job failure: job_name: {allow_failure: true}
● Set job timeout: job_name: {timeout: 1 hour}
● Set job dependencies: job_name: {dependencies: [other_job]}
● Set job artifacts: job_name: {artifacts: {paths: [path/to/artifact]}}
● Set job cache: job_name: {cache: {paths: [path/to/cache]}}

3. Environment Variables

● Define variable: variables: {VAR_NAME: "value"}


● Use predefined variable: script: ["echo $CI_COMMIT_SHA"]
● Use GitLab UI variable: script: ["echo $UI_DEFINED_VARIABLE"]
● Mask a variable: variables: {MASKED_VAR: {value: "secret", masked: true}}

4. Conditional Execution

● Run on specific branch: job_name: {only: [master]}


● Exclude specific branch: job_name: {except: [develop]}
● Run on tags: job_name: {only: {refs: [tags]}}
● Run on merge requests: job_name: {only: {refs: [merge_requests]}}
● Use complex rules: job_name: {rules: [{if: '$CI_COMMIT_BRANCH ==
"master"', when: always}]}

5. Docker Operations

● Use Docker image: image: docker:latest


● Build Docker image: script: ["docker build -t myimage:$CI_COMMIT_SHA ."]

By: Waleed Mousa


● Push Docker image: script: ["docker push
myregistry/myimage:$CI_COMMIT_SHA"]
● Login to Docker registry: script: ["echo $CI_REGISTRY_PASSWORD | docker
login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY"]
● Use Docker-in-Docker: services: [docker:dind]

6. Kubernetes Operations

● Deploy to Kubernetes: script: ["kubectl apply -f deployment.yaml"]


● Set Kubernetes namespace: script: ["kubectl config set-context --current
--namespace=myapp"]
● Rollout Kubernetes deployment: script: ["kubectl rollout restart
deployment/myapp"]
● Get Kubernetes pods: script: ["kubectl get pods"]
● Use Kubernetes executor: job_name: {kubernetes: {namespace: myapp}}

7. Artifacts and Dependencies

● Define artifacts: artifacts: {paths: [path/to/artifact]}


● Set artifacts expiry: artifacts: {expire_in: 1 week}
● Define reports artifact: artifacts: {reports: {junit: path/to/report.xml}}
● Download artifacts: dependencies: [job_name]
● Use artifacts between stages: needs: [{job: job_name, artifacts: true}]

8. Caching

● Define cache: cache: {paths: [path/to/cache]}


● Set cache key: cache: {key: ${CI_COMMIT_REF_SLUG}}
● Use per-job cache: job_name: {cache: {key: {files: [Gemfile.lock]}}}
● Clear cache: cache: {}
● Use multiple caches: cache: [{key: cache1, paths: [path1]}, {key: cache2,
paths: [path2]}]

9. Pages and Static Site Deployment

● Deploy GitLab Pages: pages: {script: [mkdir public, cp index.html


public/], artifacts: {paths: [public]}}
● Set custom domain for Pages: pages: {script: ["echo mysite.com >
public/CNAME"]}
● Use Hugo for Pages: script: ["hugo", "mv public public_html"]

By: Waleed Mousa


● Use Jekyll for Pages: script: ["bundle exec jekyll build -d public"]

10. Testing and Code Quality

● Run unit tests: script: ["npm test"]


● Run integration tests: script: ["npm run test:integration"]
● Generate code coverage: script: ["npm run test:coverage"]
● Run linter: script: ["npm run lint"]
● Use GitLab Code Quality: include: {template: Code-Quality.gitlab-ci.yml}
● Use GitLab SAST: include: {template: SAST.gitlab-ci.yml}

11. Deployment

● Deploy to staging: script: ["ansible-playbook deploy-staging.yml"]


● Deploy to production: script: ["ansible-playbook deploy-prod.yml"]
● Use continuous deployment: script: ["cap production deploy"]
● Use blue-green deployment: script: ["kubectl apply -f
blue-green-deploy.yaml"]
● Canary deployment: script: ["kubectl apply -f canary-deploy.yaml"]

12. Notifications

● Slack notification: script: ["curl -X POST -H 'Content-type:


application/json' --data '{\"text\":\"Deployment successful\"}'
$SLACK_WEBHOOK"]
● Email notification: script: ["echo 'Deployment done' | mail -s 'CI/CD
Notification' [email protected]"]
● Use GitLab ChatOps: chatops: {command: /deploy}

13. Environment Management

● Define environment: environment: {name: production, url:


https://prod.example.com}
● Stop environment: environment: {name: production, action: stop}
● Use dynamic environment: environment: {name: review/$CI_COMMIT_REF_NAME}
● Deploy to multiple environments: parallel: {matrix: [{ENVIRONMENT:
[staging, production]}]}

14. Parallel and Matrix Jobs

● Run jobs in parallel: parallel: 5


By: Waleed Mousa
● Use matrix strategy: parallel: {matrix: [{RUBY: ['2.5', '2.6']},
{DATABASE: [mysql, postgres]}]}
● Include matrix variables: script: ["bundle install
--gemfile=Gemfile.$RUBY"]

15. Includes and Templates

● Include local file: include: path/to/local.yml


● Include remote file: include: 'https://company.com/gitlab-ci-template.yml'
● Include template: include: {template: Auto-DevOps.gitlab-ci.yml}
● Use extends keyword: job_name: {extends: .base_job}

16. Workflow Control

● Define workflow rules: workflow: {rules: [{if: '$CI_COMMIT_BRANCH ==


"master"'}]}
● Skip pipeline creation: workflow: {rules: [{when: never}]}
● Create merge request pipelines: workflow: {rules: [{if:
$CI_MERGE_REQUEST_ID}]}

17. Job Control Flow

● Run job after failure: job_name: {when: on_failure}


● Run job always: job_name: {when: always}
● Define job prerequisites: needs: [job1, job2]
● Use parallel needs: needs: {job: test-job, parallel: {matrix: [{BROWSER:
[firefox, chrome]}]}}

18. GitLab Runners

● Use specific runner: job_name: {tags: [specific-runner]}


● Use shared runners: job_name: {tags: [shared-runner]}
● Disable shared runners: job_name: {tags: []} (in project settings)
● Set concurrent jobs limit: concurrent = 5 (in gitlab-runner config)

19. Pipeline Triggers

● Trigger child pipeline: trigger: {include: child-pipeline.yml}


● Use parent-child pipelines: job_name: {trigger: {include:
child-pipeline.yml}}

By: Waleed Mousa


● Trigger downstream pipeline: script: ["curl -X POST -F
token=$CI_JOB_TOKEN -F ref=master
https://gitlab.example.com/api/v4/projects/9/trigger/pipeline"]

20. Advanced Techniques

● Use anchors: job_name: {<<: *job_template}


● Define hidden jobs: .hidden_job: {script: ["echo 'This job is hidden']}
● Use default configuration: default: {image: ruby:2.7}
● Override default: job_name: {image: {name: ruby:2.7, entrypoint:
["/bin/bash"]}}
● Use retry on failure: job_name: {retry: {max: 2, when:
[runner_system_failure, stuck_or_timeout_failure]}}
● Set global variables: variables: {GLOBAL_VAR: "value"}
● Use dotenv files: script: ["source .env.${CI_COMMIT_REF_NAME}"]
● Use CI/CD dashboard: status_page: {enabled: true}
● Set pipeline-level timeout: default: {timeout: 2 hours}
● Use multi-project pipelines: trigger: {project: group/project, branch:
master}
● Schedule pipelines: schedule: {cron: "0 1 * * *"}
● Use GitLab Auto Deploy: include: {template: Auto-Deploy.gitlab-ci.yml}
● Use GitLab Release jobs: include: {template: Release.gitlab-ci.yml}
● Use GitLab Review Apps: include: {template: Review-Apps.gitlab-ci.yml}
● Set pipeline variables: script: ["gitlab-ci-multi-runner exec shell --env
CI_DEBUG_TRACE=true job_name"]
● Use GitLab Container Registry: script: ["docker push
${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}"]
● Implement feature flags: script:
["feature_flag_client.enable('new_feature')"]
● Use GitLab Environments Dashboard: environment: {name: production,
deployment_tier: production}
● Implement Progressive Delivery: script: ["kubectl apply -f
progressive-delivery.yaml"]

21. Advanced Security and Compliance

● Implement Container Scanning: include: {template:


Container-Scanning.gitlab-ci.yml}
● Use Dependency Scanning: include: {template:
Dependency-Scanning.gitlab-ci.yml}

By: Waleed Mousa


● Implement License Compliance: include: {template:
License-Scanning.gitlab-ci.yml}
● Use Secret Detection: include: {template: Secret-Detection.gitlab-ci.yml}
● Implement API Fuzzing: include: {template: API-Fuzzing.gitlab-ci.yml}

22. Advanced Monitoring and Observability

● Integrate Prometheus metrics: script: ["push_metrics_to_prometheus"]


● Use GitLab Error Tracking: script:
["gitlab_error_tracking.capture_exception(e)"]
● Implement Distributed Tracing: script: ["jaeger_client.init_tracer()"]
● Use GitLab Incident Management: script: ["trigger_incident_if_error"]

23. Infrastructure as Code

● Use Terraform in pipeline: script: ["terraform init", "terraform apply


-auto-approve"]
● Implement GitOps with ArgoCD: script: ["argocd app sync myapp"]
● Use CloudFormation: script: ["aws cloudformation deploy --template-file
template.yaml --stack-name mystack"]

24. Advanced Deployment Strategies

● Implement Feature Flags: script:


["feature_flag_service.enable('new_feature', percentage: 10)"]
● Use A/B Testing: script:
["ab_test_service.create_experiment('button_color', variants: ['blue',
'green'])"]
● Implement Shadow Deployment: script: ["deploy_shadow_service"]

25. Performance and Load Testing

● Implement Load Testing: script: ["k6 run loadtest.js"]


● Use Performance Testing: script: ["apache_bench -n 1000 -c 100
https://myapp.com/"]
● Implement Stress Testing: script: ["stress-ng --cpu 8 --io 4 --vm 2
--vm-bytes 128M --timeout 60s"]

By: Waleed Mousa


26. A complete Pipeline

# Complete GitLab CI/CD Pipeline

stages:
- prepare
- build
- test
- security
- deploy
- post-deploy

variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: ""
KUBERNETES_NAMESPACE: ${CI_PROJECT_PATH_SLUG}-${CI_COMMIT_REF_SLUG}

include:
- template: Auto-DevOps.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/DAST.gitlab-ci.yml

# Cache configuration
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
- .npm/

# Job templates
.build_template: &build_definition
stage: build
image: node:14
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/

.test_template: &test_definition
stage: test
image: node:14
script:
- npm ci

By: Waleed Mousa


- npm run test:coverage
coverage: '/Lines\s*:\s*(\d+\.?\d*)%/'

# Jobs
prepare:
stage: prepare
image: alpine:latest
script:
- apk add --no-cache curl
- curl -o .env.$CI_COMMIT_REF_NAME
https://config-server.example.com/config/$CI_COMMIT_REF_NAME
artifacts:
paths:
- .env.$CI_COMMIT_REF_NAME

lint:
stage: test
image: node:14
script:
- npm ci
- npm run lint
allow_failure: true

unit_test:
<<: *test_definition
script:
- npm ci
- npm run test:unit

integration_test:
<<: *test_definition
script:
- npm ci
- npm run test:integration

build:
<<: *build_definition

container_build:
stage: build
image: docker:stable
services:
- docker:dind
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

dependency_scanning:

By: Waleed Mousa


stage: security
script:
- npm audit --json | ./node_modules/.bin/npm-audit-html -o
dependency-report.html
artifacts:
paths:
- dependency-report.html

deploy_review:
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
- kubectl config set-cluster k8s --server="$KUBE_URL"
--insecure-skip-tls-verify=true
- kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=gitlab
- kubectl config use-context default
- sed -i "s~IMAGE_TAG~${CI_COMMIT_SHA}~g" k8s/deployment.yaml
- kubectl apply -f k8s/deployment.yaml -n $KUBERNETES_NAMESPACE
environment:
name: review/$CI_COMMIT_REF_NAME
url: https://$CI_ENVIRONMENT_SLUG.example.com
only:
- merge_requests

deploy_staging:
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
- kubectl config set-cluster k8s --server="$KUBE_URL"
--insecure-skip-tls-verify=true
- kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=gitlab
- kubectl config use-context default
- sed -i "s~IMAGE_TAG~${CI_COMMIT_SHA}~g" k8s/deployment.yaml
- kubectl apply -f k8s/deployment.yaml -n staging
environment:
name: staging
url: https://staging.example.com
only:
- develop

deploy_production:
stage: deploy

By: Waleed Mousa


image:
name: bitnami/kubectl:latest
entrypoint: ['']
script:
- kubectl config set-cluster k8s --server="$KUBE_URL"
--insecure-skip-tls-verify=true
- kubectl config set-credentials gitlab --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=gitlab
- kubectl config use-context default
- sed -i "s~IMAGE_TAG~${CI_COMMIT_SHA}~g" k8s/deployment.yaml
- kubectl apply -f k8s/deployment.yaml -n production
environment:
name: production
url: https://www.example.com
when: manual
only:
- master

performance:
stage: post-deploy
image: docker:git
variables:
URL: https://$CI_ENVIRONMENT_SLUG.example.com
script:
- mkdir lighthouse
- docker run --rm -v $(pwd)/lighthouse:/home/chrome/reports
femtopixel/google-lighthouse $URL
- mv lighthouse/*.report.html performance.html
artifacts:
paths:
- performance.html
only:
- master

sentry_release:
stage: post-deploy
image: getsentry/sentry-cli
script:
- sentry-cli releases new -p $SENTRY_PROJECT $CI_COMMIT_SHA
- sentry-cli releases set-commits --auto $CI_COMMIT_SHA
- sentry-cli releases finalize $CI_COMMIT_SHA
only:
- master

notification:
stage: .post
script:
- 'curl -X POST -H "Content-type: application/json" --data

By: Waleed Mousa


"{\"text\":\"Application deployed to production\"}" $SLACK_WEBHOOK'
only:
- master

This pipeline includes:

● Multiple stages for a complete CI/CD workflow


● Inclusion of GitLab Auto-DevOps and security templates
● Caching for faster builds
● Job templates for reusability
● Linting and different types of testing (unit, integration)
● Docker image building and pushing
● Security scanning (SAST, Secret Detection, Container Scanning, DAST)
● Dependency scanning and reporting
● Deployment to review, staging, and production environments
● Kubernetes deployment
● Performance testing with Google Lighthouse
● Sentry release tracking
● Slack notification on successful deployment

This pipeline demonstrates many best practices, including:

● Separation of concerns with distinct stages and jobs


● Use of templates and includes for reusability and maintainability
● Comprehensive testing and security scanning
● Environment-specific deployments
● Manual approval for production deployment
● Performance testing and monitoring
● Error tracking integration
● Notification system

By: Waleed Mousa

You might also like