Sample GitLab CI Pipeline: gitlab-ci.yml

.child-pipeline.yml

stages:
  - microservice_build

build_service_a:
  stage: microservice_build
  script:
    - echo "Building microservice A..."

build_service_b:
  stage: microservice_build
  script:
    - echo "Building microservice B..."

gitlab-ci.yml

stages:
  - lint
  - test
  - build
  - scan
  - deploy
  - notify

variables:
  NODE_ENV: "test"
  DOCKER_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
  KUBE_CONTEXT: "production"

default:
  image: node:18
  retry:
    max: 2
    when: runner_system_failure

before_script:
  - echo "Running as $CI_PIPELINE_SOURCE"
  - npm ci

# -------------------------
# Linting Stage
# -------------------------
lint:
  stage: lint
  script:
    - npm run lint
  tags: [docker]
  rules:
    - if: '$CI_PIPELINE_SOURCE == "push"'

# -------------------------
# Testing Stage
# -------------------------
unit_tests:
  stage: test
  script:
    - npm run test:unit
  artifacts:
    paths:
      - coverage/
    expire_in: 1 day
  coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)%/'
  rules:
    - if: '$CI_COMMIT_BRANCH'

integration_tests:
  stage: test
  script:
    - npm run test:integration
  allow_failure: true

# -------------------------
# Build Stage
# -------------------------
docker_build:
  stage: build
  image: docker:latest
  services:
    - docker:dind
  script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
    - docker build -t $DOCKER_IMAGE .
    - docker push $DOCKER_IMAGE
  only:
    - branches

# -------------------------
# Security Scan Stage
# -------------------------
sast_scan:
  stage: scan
  script:
    - echo "Run SAST (normally auto-included in GitLab Ultimate)"
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'

secret_detection:
  stage: scan
  script:
    - echo "Scanning for secrets..."
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'

# -------------------------
# Deploy Stage (Staging & Production)
# -------------------------
deploy_staging:
  stage: deploy
  environment:
    name: staging
    url: https://staging.example.com
  script:
    - echo "Deploying to staging"
    - kubectl --context=$KUBE_CONTEXT apply -f k8s/deployment.yaml
  rules:
    - if: '$CI_COMMIT_BRANCH == "develop"'

deploy_prod:
  stage: deploy
  environment:
    name: production
    url: https://example.com
  script:
    - echo "Deploying to production"
    - kubectl --context=$KUBE_CONTEXT apply -f k8s/production.yaml
  when: manual
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'

# -------------------------
# Notifications
# -------------------------
slack_notify:
  stage: notify
  script:
    - curl -X POST -H 'Content-type: application/json' --data '{"text":"Pipeline $CI_PIPELINE_ID completed."}' $SLACK_WEBHOOK
  when: always

# -------------------------
# Scheduled Scan (Nightly)
# -------------------------
scheduled_dependency_scan:
  stage: scan
  script:
    - echo "Run scheduled Dependency Scan"
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedule"'

# -------------------------
# Dynamic Child Pipeline
# -------------------------
generate-child-pipeline:
  stage: build
  trigger:
    include: .child-pipeline.yml
    strategy: depend
  rules:
    - if: '$CI_COMMIT_BRANCH == "main"'