CI/CD
GitLab CI & Git Integration
Understanding how GitLab CI/CD integrates with Git, including pipeline triggers, CI_JOB_TOKEN, Git strategy, and workflow rules based on Git data.
- Developers using Git in CI/CD pipelines
- Readers who want to understand Git operation boundaries in automation
- Basic understanding of branch, commit, and push
- Basic CI/CD concepts
- Misusing GITHUB_TOKEN causing security issues
- Not understanding the trade-off between shallow and partial clone
One-Sentence Understanding
GitLab CI/CD treats Git as the single source of truth for your entire DevOps lifecycle, from pipeline triggers triggered by pushes to automatic deployment triggered by tags.
Pipeline Triggers
GitLab CI can be triggered by various Git events:
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "push"
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_PIPELINE_SOURCE == "tag"
- if: $CI_COMMIT_TAG
Branch-Specific Rules
stages:
- test
- deploy
test:
stage: test
script: npm test
deploy:
stage: deploy
script: npm run deploy
rules:
- if: $CI_COMMIT_BRANCH == "main"
- if: $CI_COMMIT_TAG
Git Strategy in CI
GIT_STRATEGY Options
| Strategy | Behavior | Use Case |
|---|---|---|
clone | Full clone each time | Clean builds |
fetch | Fetch + reset from cache | Faster, use for small changes |
none | Don't fetch | Reuse previous workspace |
variables:
GIT_STRATEGY: fetch
GIT_DEPTH: "50" # Shallow clone for speed
GIT_SUBMODULE_STRATEGY: recursive
GitLab CI Variables from Git
GitLab provides rich CI/CD variables derived from Git:
script:
# Commit info
- echo "Commit: $CI_COMMIT_SHA"
- echo "Short SHA: $CI_COMMIT_SHORT_SHA"
- echo "Branch: $CI_COMMIT_BRANCH"
- echo "Tag: $CI_COMMIT_TAG"
- echo "Message: $CI_COMMIT_MESSAGE"
# Author info
- echo "Author: $GITLAB_USER_NAME"
- echo "Email: $GITLAB_USER_EMAIL"
# Merge request info
- echo "MR: $CI_MERGE_REQUEST_IID"
- echo "Source branch: $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME"
Running Git Commands
before_script:
- git config user.name "gitlab-ci"
- git config user.email "ci@gitlab.com"
script:
- git fetch --tags origin
- VERSION=$(git describe --tags --abbrev=0 2>/dev/null || echo "v0.0.0")
- echo "Current version: $VERSION"
CI_JOB_TOKEN
GitLab provides CI_JOB_TOKEN for authenticating Git operations:
# Push to a different repository
script:
- git remote add target https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/org/target.git
- git push target main
Token Scope
| Scope | Permission |
|---|---|
| Same project | Read + write |
| Same group | Configurable |
| Cross-project | Must configure |
Workflow Rules
Control pipeline execution based on Git context:
workflow:
rules:
- if: $CI_COMMIT_TAG
variables:
PIPELINE_TYPE: "release"
- if: $CI_COMMIT_BRANCH == "main"
variables:
PIPELINE_TYPE: "deploy"
- if: $CI_MERGE_REQUEST_ID
variables:
PIPELINE_TYPE: "merge_request"
- when: always
Environment Management
GitLab Maps Git branches and tags to environments:
deploy_staging:
stage: deploy
script: deploy-to-staging
environment:
name: staging
url: https://staging.example.com
deployment_tier: staging
rules:
- if: $CI_COMMIT_BRANCH == "develop"
deploy_production:
stage: deploy
script: deploy-to-prod
environment:
name: production
url: https://example.com
deployment_tier: production
rules:
- if: $CI_COMMIT_TAG
Continue Learning
github/github-actions-basics— GitHub Actions basicssecurity/ssh-key-management— SSH key managementmigration/svn-to-git— SVN to Git migration
Previous / Next
PreviousGit Actions & CI/CD BasicsCommands
NextNo more reads in this direction