Get the FREE Ultimate OpenClaw Setup Guide →

gitlab-ci-patterns

npx machina-cli add skill wshobson/agents/gitlab-ci-patterns --openclaw
Files (1)
SKILL.md
5.4 KB

GitLab CI Patterns

Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.

Purpose

Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.

When to Use

  • Automate GitLab-based CI/CD
  • Implement multi-stage pipelines
  • Configure GitLab Runners
  • Deploy to Kubernetes from GitLab
  • Implement GitOps workflows

Basic Pipeline Structure

stages:
  - build
  - test
  - deploy

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: "/certs"

build:
  stage: build
  image: node:20
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 hour
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

test:
  stage: test
  image: node:20
  script:
    - npm ci
    - npm run lint
    - npm test
  coverage: '/Lines\s*:\s*(\d+\.\d+)%/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage/cobertura-coverage.xml

deploy:
  stage: deploy
  image: bitnami/kubectl:latest
  script:
    - kubectl apply -f k8s/
    - kubectl rollout status deployment/my-app
  only:
    - main
  environment:
    name: production
    url: https://app.example.com

Docker Build and Push

build-docker:
  stage: build
  image: docker:24
  services:
    - docker:24-dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
    - docker build -t $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker push $CI_REGISTRY_IMAGE:latest
  only:
    - main
    - tags

Multi-Environment Deployment

.deploy_template: &deploy_template
  image: bitnami/kubectl:latest
  before_script:
    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
    - kubectl config set-credentials admin --token="$KUBE_TOKEN"
    - kubectl config set-context default --cluster=k8s --user=admin
    - kubectl config use-context default

deploy:staging:
  <<: *deploy_template
  stage: deploy
  script:
    - kubectl apply -f k8s/ -n staging
    - kubectl rollout status deployment/my-app -n staging
  environment:
    name: staging
    url: https://staging.example.com
  only:
    - develop

deploy:production:
  <<: *deploy_template
  stage: deploy
  script:
    - kubectl apply -f k8s/ -n production
    - kubectl rollout status deployment/my-app -n production
  environment:
    name: production
    url: https://app.example.com
  when: manual
  only:
    - main

Terraform Pipeline

stages:
  - validate
  - plan
  - apply

variables:
  TF_ROOT: ${CI_PROJECT_DIR}/terraform
  TF_VERSION: "1.6.0"

before_script:
  - cd ${TF_ROOT}
  - terraform --version

validate:
  stage: validate
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init -backend=false
    - terraform validate
    - terraform fmt -check

plan:
  stage: plan
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init
    - terraform plan -out=tfplan
  artifacts:
    paths:
      - ${TF_ROOT}/tfplan
    expire_in: 1 day

apply:
  stage: apply
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init
    - terraform apply -auto-approve tfplan
  dependencies:
    - plan
  when: manual
  only:
    - main

Security Scanning

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

trivy-scan:
  stage: test
  image: aquasec/trivy:latest
  script:
    - trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
  allow_failure: true

Caching Strategies

# Cache node_modules
build:
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
    policy: pull-push

# Global cache
cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - .cache/
    - vendor/

# Separate cache per job
job1:
  cache:
    key: job1-cache
    paths:
      - build/

job2:
  cache:
    key: job2-cache
    paths:
      - dist/

Dynamic Child Pipelines

generate-pipeline:
  stage: build
  script:
    - python generate_pipeline.py > child-pipeline.yml
  artifacts:
    paths:
      - child-pipeline.yml

trigger-child:
  stage: deploy
  trigger:
    include:
      - artifact: child-pipeline.yml
        job: generate-pipeline
    strategy: depend

Reference Files

  • assets/gitlab-ci.yml.template - Complete pipeline template
  • references/pipeline-stages.md - Stage organization patterns

Best Practices

  1. Use specific image tags (node:20, not node:latest)
  2. Cache dependencies appropriately
  3. Use artifacts for build outputs
  4. Implement manual gates for production
  5. Use environments for deployment tracking
  6. Enable merge request pipelines
  7. Use pipeline schedules for recurring jobs
  8. Implement security scanning
  9. Use CI/CD variables for secrets
  10. Monitor pipeline performance

Related Skills

  • github-actions-templates - For GitHub Actions
  • deployment-pipeline-design - For architecture
  • secrets-management - For secrets handling

Source

git clone https://github.com/wshobson/agents/blob/main/plugins/cicd-automation/skills/gitlab-ci-patterns/SKILL.mdView on GitHub

Overview

GitLab CI Patterns provide reusable templates for building efficient pipelines with clearly defined stages, caching, and deployment strategies. They cover multi-environment deployments, Docker builds and pushes, Terraform automation, and security scanning templates to streamline automated testing and delivery.

How This Skill Works

Define stages (build, test, deploy) in .gitlab-ci.yml and assign jobs with specific images, scripts, and artifacts. Use cache sections to speed up repeated installs (e.g., node_modules) and leverage templates for multi-environment deployments and Kubernetes rollouts. The patterns showcase Docker build/push, Terraform pipelines, and security scanning integrations to standardize automation.

When to Use It

  • Automate GitLab-based CI/CD workflows.
  • Implement multi-stage pipelines with dedicated build, test, and deploy stages.
  • Configure GitLab Runners for scalable distributed execution.
  • Deploy to Kubernetes directly from GitLab.
  • Implement GitOps workflows.

Quick Start

  1. Step 1: Create a basic .gitlab-ci.yml with stages: build, test, deploy.
  2. Step 2: Add a build job using node:20, npm ci, npm run build, and cache node_modules.
  3. Step 3: Add a deploy job using a Kubernetes-capable image (e.g., bitnami/kubectl) and define a production environment.

Best Practices

  • Organize stages clearly and keep jobs focused to minimize churn.
  • Use a stable cache key (e.g., ${CI_COMMIT_REF_SLUG}) to speed up repeated installs.
  • Publish artifacts and, when possible, include coverage reports to monitor quality.
  • Restrict deploy jobs to protected branches and use when: manual for safety.
  • Leverage reusable templates for consistent security scans, Terraform steps, and deployments.

Example Use Cases

  • Build a Node.js app by running npm ci and npm run build, then store dist/ as an artifact and cache node_modules for faster subsequent runs.
  • Docker Build and Push: authenticate with the registry, build images with docker:24, push both commit SHA and latest tags.
  • Multi-Environment Deployment: use a deploy_template anchor to manage staging and production with environment blocks and kubectl commands.
  • Terraform Pipeline: validate, plan, and apply using Terraform Docker images with artifacts for the plan output.
  • Security Scanning: integrate templates for SAST, Dependency-Scanning, and Container-Scanning, and run a Trivy-based image scan.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers