gitlab-ci-patterns
wshobson/agents
Build scalable GitLab CI/CD pipelines with multi-stage workflows, caching, and Kubernetes deployment patterns.
What is gitlab-ci-patterns?
Comprehensive patterns for GitLab CI/CD pipeline automation including multi-stage workflows, Docker builds, Kubernetes deployments, and security scanning. Use when setting up or optimizing GitLab-based CI/CD, configuring runners, or implementing automated testing and deployment strategies.
- Define multi-stage pipelines with build, test, and deploy stages
- Build and push Docker images to GitLab Container Registry
- Deploy to Kubernetes with environment tracking and rollout status
- Configure caching strategies for dependencies and build artifacts
- Implement Terraform infrastructure-as-code pipelines with plan/apply workflows
- Integrate security scanning (SAST, dependency scanning, container scanning, Trivy)
How to install gitlab-ci-patterns
npx skills add https://github.com/wshobson/agents --skill gitlab-ci-patterns- GitLab repository with CI/CD enabled
- GitLab Runner configured (shared or specific)
- Docker registry credentials for image pushes (if using Docker builds)
- Kubernetes cluster access and credentials (if deploying to K8s)
- Terraform configuration files (if using Terraform patterns)
How to use gitlab-ci-patterns
- 1.Create or edit .gitlab-ci.yml in your repository root
- 2.Choose relevant pipeline patterns (basic structure, Docker build, Kubernetes deploy, Terraform, or security scanning)
- 3.Define stages and jobs matching your workflow (build → test → deploy)
- 4.Configure CI/CD variables in GitLab project settings for secrets and environment-specific values
- 5.Set up GitLab Runners if using specific runners instead of shared runners
- 6.Test the pipeline by pushing to a branch and monitoring the pipeline execution in GitLab UI
- 7.Adjust caching, artifacts, and deployment strategies based on pipeline performance and requirements
Use cases
- Automating Node.js application builds, testing, and Docker image pushes to production
- Deploying microservices to Kubernetes clusters with staging and production environments
- Running Terraform infrastructure provisioning with plan review and manual approval gates
- Scanning container images and dependencies for security vulnerabilities in CI pipelines
- Caching npm dependencies and build artifacts to reduce pipeline execution time
- DevOps engineers setting up GitLab CI/CD infrastructure
- Backend and full-stack developers automating testing and deployment
- Platform engineers implementing multi-environment deployment strategies
- Infrastructure teams managing Terraform-based infrastructure provisioning
gitlab-ci-patterns FAQ
Use the cache key with paths pointing to dependency directories (e.g., node_modules/). Set policy to pull-push for read-write or pull for read-only. Use CI_COMMIT_REF_SLUG as the key to cache per branch.
Use YAML anchors (&deploy_template) to define a base deployment job, then extend it for each environment. Use when: manual for production deployments and only: main to restrict which branches trigger production.
Use docker:24-dind service, login with CI_REGISTRY credentials, build with docker build, and push with docker push. Tag images with CI_COMMIT_SHA and latest for version tracking.
Include GitLab security templates (SAST, Dependency-Scanning, Container-Scanning) or use Trivy for container image scanning. Set allow_failure: true if you want pipelines to continue despite security warnings.
Generate a child pipeline YAML file in an artifact, then use trigger with include pointing to that artifact. Use strategy: depend to wait for child pipeline completion.
Full instructions (SKILL.md)
Source of truth, from wshobson/agents.
name: gitlab-ci-patterns description: Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.
GitLab CI Patterns
Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.
Purpose
Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.
When to Use
- Automate GitLab-based CI/CD
- Implement multi-stage pipelines
- Configure GitLab Runners
- Deploy to Kubernetes from GitLab
- Implement GitOps workflows
Basic Pipeline Structure
stages:
- build
- test
- deploy
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
build:
stage: build
image: node:20
script:
- npm ci
- npm run build
artifacts:
paths:
- dist/
expire_in: 1 hour
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
test:
stage: test
image: node:20
script:
- npm ci
- npm run lint
- npm test
coverage: '/Lines\s*:\s*(\d+\.\d+)%/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage/cobertura-coverage.xml
deploy:
stage: deploy
image: bitnami/kubectl:1.31
script:
- kubectl apply -f k8s/
- kubectl rollout status deployment/my-app
only:
- main
environment:
name: production
url: https://app.example.com
Docker Build and Push
build-docker:
stage: build
image: docker:24
services:
- docker:24-dind
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
- docker build -t $CI_REGISTRY_IMAGE:latest .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker push $CI_REGISTRY_IMAGE:latest
only:
- main
- tags
Multi-Environment Deployment
.deploy_template: &deploy_template
image: bitnami/kubectl:1.31
before_script:
- kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true
- kubectl config set-credentials admin --token="$KUBE_TOKEN"
- kubectl config set-context default --cluster=k8s --user=admin
- kubectl config use-context default
deploy:staging:
<<: *deploy_template
stage: deploy
script:
- kubectl apply -f k8s/ -n staging
- kubectl rollout status deployment/my-app -n staging
environment:
name: staging
url: https://staging.example.com
only:
- develop
deploy:production:
<<: *deploy_template
stage: deploy
script:
- kubectl apply -f k8s/ -n production
- kubectl rollout status deployment/my-app -n production
environment:
name: production
url: https://app.example.com
when: manual
only:
- main
Terraform Pipeline
stages:
- validate
- plan
- apply
variables:
TF_ROOT: ${CI_PROJECT_DIR}/terraform
TF_VERSION: "1.6.0"
before_script:
- cd ${TF_ROOT}
- terraform --version
validate:
stage: validate
image: hashicorp/terraform:${TF_VERSION}
script:
- terraform init -backend=false
- terraform validate
- terraform fmt -check
plan:
stage: plan
image: hashicorp/terraform:${TF_VERSION}
script:
- terraform init
- terraform plan -out=tfplan
artifacts:
paths:
- ${TF_ROOT}/tfplan
expire_in: 1 day
apply:
stage: apply
image: hashicorp/terraform:${TF_VERSION}
script:
- terraform init
- terraform apply -auto-approve tfplan
dependencies:
- plan
when: manual
only:
- main
Security Scanning
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
trivy-scan:
stage: test
image: aquasec/trivy:0.58.0
script:
- trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
allow_failure: true
Caching Strategies
# Cache node_modules
build:
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
policy: pull-push
# Global cache
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- .cache/
- vendor/
# Separate cache per job
job1:
cache:
key: job1-cache
paths:
- build/
job2:
cache:
key: job2-cache
paths:
- dist/
Dynamic Child Pipelines
generate-pipeline:
stage: build
script:
- python generate_pipeline.py > child-pipeline.yml
artifacts:
paths:
- child-pipeline.yml
trigger-child:
stage: deploy
trigger:
include:
- artifact: child-pipeline.yml
job: generate-pipeline
strategy: depend
Best Practices
- Use specific image tags (node:20, not node:latest)
- Cache dependencies appropriately
- Use artifacts for build outputs
- Implement manual gates for production
- Use environments for deployment tracking
- Enable merge request pipelines
- Use pipeline schedules for recurring jobs
- Implement security scanning
- Use CI/CD variables for secrets
- Monitor pipeline performance
Related Skills
github-actions-templates- For GitHub Actionsdeployment-pipeline-design- For architecturesecrets-management- For secrets handling
Related skills
More from wshobson/agents and the wider catalog.
tailwind-design-system
Build production-ready design systems with Tailwind CSS v4, design tokens, and component libraries.
typescript-advanced-types
Master TypeScript's advanced type system: generics, conditional types, mapped types, and utility types for type-safe applications.
nodejs-backend-patterns
Build production-ready Node.js backends with Express/Fastify, middleware patterns, auth, and database integration.
python-performance-optimization
Profile and optimize Python code using cProfile, memory profilers, and performance best practices.
brand-landingpage
Brand-first landing page designer with guided interviews and Stitch-powered iteration.
python-testing-patterns
Implement comprehensive testing strategies with pytest, fixtures, mocking, and test-driven development.