PluginBench
Skill
Review
Audit score 70

gitlab-ci-patterns

wshobson/agents

Build scalable GitLab CI/CD pipelines with multi-stage workflows, caching, and Kubernetes deployment patterns.

What is gitlab-ci-patterns?

Comprehensive patterns for GitLab CI/CD pipeline automation including multi-stage workflows, Docker builds, Kubernetes deployments, and security scanning. Use when setting up or optimizing GitLab-based CI/CD, configuring runners, or implementing automated testing and deployment strategies.

  • Define multi-stage pipelines with build, test, and deploy stages
  • Build and push Docker images to GitLab Container Registry
  • Deploy to Kubernetes with environment tracking and rollout status
  • Configure caching strategies for dependencies and build artifacts
  • Implement Terraform infrastructure-as-code pipelines with plan/apply workflows
  • Integrate security scanning (SAST, dependency scanning, container scanning, Trivy)

How to install gitlab-ci-patterns

npx skills add https://github.com/wshobson/agents --skill gitlab-ci-patterns
Prerequisites
  • GitLab repository with CI/CD enabled
  • GitLab Runner configured (shared or specific)
  • Docker registry credentials for image pushes (if using Docker builds)
  • Kubernetes cluster access and credentials (if deploying to K8s)
  • Terraform configuration files (if using Terraform patterns)
Claude Code
Cursor
Windsurf
Cline

How to use gitlab-ci-patterns

  1. 1.Create or edit .gitlab-ci.yml in your repository root
  2. 2.Choose relevant pipeline patterns (basic structure, Docker build, Kubernetes deploy, Terraform, or security scanning)
  3. 3.Define stages and jobs matching your workflow (build → test → deploy)
  4. 4.Configure CI/CD variables in GitLab project settings for secrets and environment-specific values
  5. 5.Set up GitLab Runners if using specific runners instead of shared runners
  6. 6.Test the pipeline by pushing to a branch and monitoring the pipeline execution in GitLab UI
  7. 7.Adjust caching, artifacts, and deployment strategies based on pipeline performance and requirements

Use cases

Good for
  • Automating Node.js application builds, testing, and Docker image pushes to production
  • Deploying microservices to Kubernetes clusters with staging and production environments
  • Running Terraform infrastructure provisioning with plan review and manual approval gates
  • Scanning container images and dependencies for security vulnerabilities in CI pipelines
  • Caching npm dependencies and build artifacts to reduce pipeline execution time
Who it's for
  • DevOps engineers setting up GitLab CI/CD infrastructure
  • Backend and full-stack developers automating testing and deployment
  • Platform engineers implementing multi-environment deployment strategies
  • Infrastructure teams managing Terraform-based infrastructure provisioning

gitlab-ci-patterns FAQ

How do I cache dependencies to speed up pipelines?

Use the cache key with paths pointing to dependency directories (e.g., node_modules/). Set policy to pull-push for read-write or pull for read-only. Use CI_COMMIT_REF_SLUG as the key to cache per branch.

How do I deploy to multiple environments safely?

Use YAML anchors (&deploy_template) to define a base deployment job, then extend it for each environment. Use when: manual for production deployments and only: main to restrict which branches trigger production.

How do I build and push Docker images?

Use docker:24-dind service, login with CI_REGISTRY credentials, build with docker build, and push with docker push. Tag images with CI_COMMIT_SHA and latest for version tracking.

How do I integrate security scanning?

Include GitLab security templates (SAST, Dependency-Scanning, Container-Scanning) or use Trivy for container image scanning. Set allow_failure: true if you want pipelines to continue despite security warnings.

How do I trigger child pipelines dynamically?

Generate a child pipeline YAML file in an artifact, then use trigger with include pointing to that artifact. Use strategy: depend to wait for child pipeline completion.

Full instructions (SKILL.md)

Source of truth, from wshobson/agents.


name: gitlab-ci-patterns description: Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.

GitLab CI Patterns

Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.

Purpose

Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.

When to Use

  • Automate GitLab-based CI/CD
  • Implement multi-stage pipelines
  • Configure GitLab Runners
  • Deploy to Kubernetes from GitLab
  • Implement GitOps workflows

Basic Pipeline Structure

stages:
  - build
  - test
  - deploy

variables:
  DOCKER_DRIVER: overlay2
  DOCKER_TLS_CERTDIR: "/certs"

build:
  stage: build
  image: node:20
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 hour
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/

test:
  stage: test
  image: node:20
  script:
    - npm ci
    - npm run lint
    - npm test
  coverage: '/Lines\s*:\s*(\d+\.\d+)%/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage/cobertura-coverage.xml

deploy:
  stage: deploy
  image: bitnami/kubectl:1.31
  script:
    - kubectl apply -f k8s/
    - kubectl rollout status deployment/my-app
  only:
    - main
  environment:
    name: production
    url: https://app.example.com

Docker Build and Push

build-docker:
  stage: build
  image: docker:24
  services:
    - docker:24-dind
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
    - docker build -t $CI_REGISTRY_IMAGE:latest .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
    - docker push $CI_REGISTRY_IMAGE:latest
  only:
    - main
    - tags

Multi-Environment Deployment

.deploy_template: &deploy_template
  image: bitnami/kubectl:1.31
  before_script:
    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
    - kubectl config set-credentials admin --token="$KUBE_TOKEN"
    - kubectl config set-context default --cluster=k8s --user=admin
    - kubectl config use-context default

deploy:staging:
  <<: *deploy_template
  stage: deploy
  script:
    - kubectl apply -f k8s/ -n staging
    - kubectl rollout status deployment/my-app -n staging
  environment:
    name: staging
    url: https://staging.example.com
  only:
    - develop

deploy:production:
  <<: *deploy_template
  stage: deploy
  script:
    - kubectl apply -f k8s/ -n production
    - kubectl rollout status deployment/my-app -n production
  environment:
    name: production
    url: https://app.example.com
  when: manual
  only:
    - main

Terraform Pipeline

stages:
  - validate
  - plan
  - apply

variables:
  TF_ROOT: ${CI_PROJECT_DIR}/terraform
  TF_VERSION: "1.6.0"

before_script:
  - cd ${TF_ROOT}
  - terraform --version

validate:
  stage: validate
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init -backend=false
    - terraform validate
    - terraform fmt -check

plan:
  stage: plan
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init
    - terraform plan -out=tfplan
  artifacts:
    paths:
      - ${TF_ROOT}/tfplan
    expire_in: 1 day

apply:
  stage: apply
  image: hashicorp/terraform:${TF_VERSION}
  script:
    - terraform init
    - terraform apply -auto-approve tfplan
  dependencies:
    - plan
  when: manual
  only:
    - main

Security Scanning

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Container-Scanning.gitlab-ci.yml

trivy-scan:
  stage: test
  image: aquasec/trivy:0.58.0
  script:
    - trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
  allow_failure: true

Caching Strategies

# Cache node_modules
build:
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
    policy: pull-push

# Global cache
cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - .cache/
    - vendor/

# Separate cache per job
job1:
  cache:
    key: job1-cache
    paths:
      - build/

job2:
  cache:
    key: job2-cache
    paths:
      - dist/

Dynamic Child Pipelines

generate-pipeline:
  stage: build
  script:
    - python generate_pipeline.py > child-pipeline.yml
  artifacts:
    paths:
      - child-pipeline.yml

trigger-child:
  stage: deploy
  trigger:
    include:
      - artifact: child-pipeline.yml
        job: generate-pipeline
    strategy: depend

Best Practices

  1. Use specific image tags (node:20, not node:latest)
  2. Cache dependencies appropriately
  3. Use artifacts for build outputs
  4. Implement manual gates for production
  5. Use environments for deployment tracking
  6. Enable merge request pipelines
  7. Use pipeline schedules for recurring jobs
  8. Implement security scanning
  9. Use CI/CD variables for secrets
  10. Monitor pipeline performance

Related Skills

  • github-actions-templates - For GitHub Actions
  • deployment-pipeline-design - For architecture
  • secrets-management - For secrets handling