Gitlab CI

Debug mode

Include this in the job definition inside gitlab-ci.yml:

variables:
  CI_DEBUG_TRACE: "true"

Lint .gitlab-ci.yaml

Local only linters

These don't use the /api/v4/ci/lint API endpoint

check-jsonschema

see ../../json.md

Linters that use the Gitlab API

These use the /api/v4/ci/lint API endpoint. One major blocker: CI Lint API support for passing included files in working tree is still open, until this gets solved we can't use the Gitlab CI API with local includes. See also pre-commit check_yaml hook fails on gitlab-ci files for more details.

Pre-commit-gitlabci-lint

• GitHub
• Last commit 2024-01
• Can deal with includes!
• No Arch/Mise package

Install:

pipx install pre-commit-gitlabci-lint

Setup:

1. Create an access token with api scope.
2. Set access token value in an environment variable named GITLAB_TOKEN or GITLABCI_LINT_TOKEN.
3. Add the projectId for your gitlab project as a command line argument, or set it in the config file.
4. Adjust the configuration in ~/.config/.gitlabci-lint/config.toml

Usage:

gitlabci-lint -p <project_id>

pre-commit:

repos:
  - repo: https://github.com/bjd2385/pre-commit-gitlabci-lint
    rev: v1.4.0
    hooks:
      - id: gitlabci-lint
      # args: [-b, 'https://custom.gitlab.host.com', '-p', '12345678']

Stale / not working

• orobardet/gitlab-ci-linter
  • Last commit 2023-01
  • Go
  • Can be used with pre-commit
  • Issue: gitlab-ci-linter prints "KO" with no details
• devopshq/gitlab-ci-linter
  • Python
  • Works as a pre-commit hook
  • Last commit 2023-09, worked fine with Gitlab API \< v16, but broke with v16
• FalcoSuessgott/lint-gitlab-ci
  • Bash
  • Works as a pre-commit hook
  • Last commit 2023-09
• kadrach/pre-commit-gitlabci-lint
  • Python
  • Last commit 2021-02
• smop/pre-commit-hooks
  • Bash
  • Last commit 2019

other pre-commit integrations

Gitlab cli

https://narkoz.github.io/gitlab/

Usage:

gitlab projects '{per_page: 70}' | grep platf

gitlab merge_requests 128162 --json

gitlab merge_request 128162 230544 --json

gitlab create_merge_request 128195 \
  "Don't remove nfs client tools on vagrant" \
  "{source_branch: 'dont_remove_nfs_client_on_vagrant', \
    target_branch: 'develop', target_project_id: 128162}"

Gitlab "Auto Devops"

Auto Devops gitlab-ci.yml

Teraform integration

• Terraform integration in merge requests
• https://gitlab.com/gitlab-org/terraform-images
• https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Terraform/Base.latest.gitlab-ci.yml

Golang cacheing

https://docs.gitlab.com/ee/ci/caching/#caching-go-dependencies

Run CI locally

• github

Matrix builds

• parallel:matrix docs
• Efficient pipelines in GitLab CI/CD: Parallel Matrix Builds + !reference

Issues:

• FR: dependencies for matrix artifacts
  • Ugly workaround

Run job only if artifact exists

• Run job only if artifact exists

Build container images

• Docker-in-Docker
• Kaniko

Buildah

• Buildah

Issues:

Fails to build with vfs driver on kubernets executor, see this failed job example

Multi arch builds

• Possible with Docker-in-docker, but requires privileged mode
• Also possible with buildah, but also requires privileged mode
• Kaniko can't do multi arch builds

Podman / Buildah

In order to run Buildah in a custom gitlab-runner on Kubernetes, the scheduled runner pods need to run in privileged mode, unfortunately.

First install prerequisites (also on K8s nodes which gitlab-runner schedule pods on):

Debian:

apt install -y podman buildah qemu-user-static

Arch:

sudo pacman -S qemu-user-static qemu-user-static-binfmt

RedHat flavors:

sudo yum install -y podman buildah qemu-user-static

Then you can use the --platform parameter in Gitlab CI:

buildah build --platform linux/arm64/v8,linux/amd64 -t multiarch:latest