Steps
Systems
-
Intro into GitLab -
Intro into GitLab CI -
Explain architecture (GitLab, CI, Linux machine, Docker installed, nothing more)
Dry run
-
First dummy pipeline -
Intro into Docker ( Dockerfile
&docker-compose.yml
) -
Create Bob ( nginx
image,COPY
,Dockerfile
, Compose) -
Start Bob locally (intro into ports)
Proxy
-
Intro into Traefik (generics, ports, ACME, Dashboard, container detection, labels) -
Show Proxy project (configs, Docker, pipeline) -
Trigger proxy pipeline -
Show proxy dashboard
Portainer
-
Intro into Portainer -
Show Portainer project (pipeline, Docker, labels) -
Trigger portainer pipeline -
Setup portainer
Bob
-
Setup pipeline w/ static URL (deploy job) -
Add static GitLab environment -
Add undeploy job -
Replace inline script
with real bash script -
Create new branch (oopsy) -
Set dynamic environment (name, URL, compose project, traefik router) -
Trigger branch again -
Show MR
Niamh
-
Setup new CI repo -
Refactor CI pipeline out of bob -
Setup new repo for niamh -
MAGIC, BITCHES!
Blueprint
-
Explain / show shared CI files (convention over configuration, everything is alike, things depend on each other) -
Explain blueprints (runnable, show) -
Explain cloner -
Show local vulnerability checks (dj BP) -
Show local SAST -
Use BP cloner for dj BP -
Show pipeline (SAST, Test, Build, Deploy, etc.)
Verdict
- Simple review envs
- Also possible w/o Docker (e.g. local on shell, nginx site deploy, just
cp
config andsed
hostname) - Explain different domains
- Explain different hosts via tags, constraint registry
- Explain security, no namespaces, in theory privilege escalation via different GitLab CI runnners