Skip to content

Instantly share code, notes, and snippets.

@devops-school
Created May 26, 2025 18:56
Show Gist options
  • Save devops-school/e4c53988902b491f05ea012524939c34 to your computer and use it in GitHub Desktop.
Save devops-school/e4c53988902b491f05ea012524939c34 to your computer and use it in GitHub Desktop.
Sample GitLab CI Pipeline: gitlab-ci.yml
stages:
- microservice_build
build_service_a:
stage: microservice_build
script:
- echo "Building microservice A..."
build_service_b:
stage: microservice_build
script:
- echo "Building microservice B..."
stages:
- lint
- test
- build
- scan
- deploy
- notify
variables:
NODE_ENV: "test"
DOCKER_IMAGE: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
KUBE_CONTEXT: "production"
default:
image: node:18
retry:
max: 2
when: runner_system_failure
before_script:
- echo "Running as $CI_PIPELINE_SOURCE"
- npm ci
# -------------------------
# Linting Stage
# -------------------------
lint:
stage: lint
script:
- npm run lint
tags: [docker]
rules:
- if: '$CI_PIPELINE_SOURCE == "push"'
# -------------------------
# Testing Stage
# -------------------------
unit_tests:
stage: test
script:
- npm run test:unit
artifacts:
paths:
- coverage/
expire_in: 1 day
coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)%/'
rules:
- if: '$CI_COMMIT_BRANCH'
integration_tests:
stage: test
script:
- npm run test:integration
allow_failure: true
# -------------------------
# Build Stage
# -------------------------
docker_build:
stage: build
image: docker:latest
services:
- docker:dind
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker build -t $DOCKER_IMAGE .
- docker push $DOCKER_IMAGE
only:
- branches
# -------------------------
# Security Scan Stage
# -------------------------
sast_scan:
stage: scan
script:
- echo "Run SAST (normally auto-included in GitLab Ultimate)"
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
secret_detection:
stage: scan
script:
- echo "Scanning for secrets..."
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
# -------------------------
# Deploy Stage (Staging & Production)
# -------------------------
deploy_staging:
stage: deploy
environment:
name: staging
url: https://staging.example.com
script:
- echo "Deploying to staging"
- kubectl --context=$KUBE_CONTEXT apply -f k8s/deployment.yaml
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
deploy_prod:
stage: deploy
environment:
name: production
url: https://example.com
script:
- echo "Deploying to production"
- kubectl --context=$KUBE_CONTEXT apply -f k8s/production.yaml
when: manual
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
# -------------------------
# Notifications
# -------------------------
slack_notify:
stage: notify
script:
- curl -X POST -H 'Content-type: application/json' --data '{"text":"Pipeline $CI_PIPELINE_ID completed."}' $SLACK_WEBHOOK
when: always
# -------------------------
# Scheduled Scan (Nightly)
# -------------------------
scheduled_dependency_scan:
stage: scan
script:
- echo "Run scheduled Dependency Scan"
rules:
- if: '$CI_PIPELINE_SOURCE == "schedule"'
# -------------------------
# Dynamic Child Pipeline
# -------------------------
generate-child-pipeline:
stage: build
trigger:
include: .child-pipeline.yml
strategy: depend
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment