Updated April 17, 2023
Introduction to GitLab CI
A tool built into Gitlab for continuous integration and continuous development of codes by developers where they can look for the changes and merge the changes continuously from different branches is called Gitlab CI. YAML file is used in Gitlab for project configuration so that this file helps in defining the constraints for a project running for a set of jobs and this file is placed in the repository of the project. This file is placed as .gitlab-ci.yml file and helps in compiling the codes for different environments based on the codes. We can define them in many projects.
What is Gitlab CI?
- Continuous integration and development in Gitlab help in finding the bugs in the codes and correcting it without consuming more time in development. CICD also ensures that the production code has all the code compliance with respect to our app development. Auto DevOps is also present in Gitlab that helps in automatically building and deploying any of our applications without our constant monitoring of the application’s running status.
- Pipelines should be created based on CICD process where key-value pairs can be used for resetting and reusing variables that helps in faster deployment. This CICD concept also helps us to deploy the files and codes into any environment of our choice because it is automatically deployed without much monitoring for deployment. Also, we can create artefacts where codes are stored so that we can reuse the same while doing deployment to different environments.
- All the dependencies can be cached into the folder that helps in reusing the dependencies while executing jobs. This helps in the faster execution of codes in any environment given the dependencies are saved in Gitlab. We can set Gitlab runners in the application which executes the scripts automatically and helps in faster deployment. We can also improve the pipeline efficiency by connecting it with various artefacts of certain requirements. This helps developers in choosing the pipelines for their purpose and making the process easier and efficient.
- We can create testing scenarios and test cases for various purposes making it productive for production deployment. This helps us to solve the bugs if any and find new issues if it is not figured out. We can schedule the pipelines and do the testing as per our requirements. Here we can set SSH keys in the pipelines for continuous integration in the system. Git submodules can be used to set up the job and configure it while doing the deployment. While scheduling pipelines, we can trigger the pipelines using API in the application making the process easier.
- If there are different pipelines and the process belongs to the same project and the same artefacts, we can do merge requests to combine the process and we can integrate the project with any Kubernetes cluster in the application. We can create a Google Kubernetes Engine as well to manage the clusters and projects in the same application.
How to Manage Secrets in GitLab CI?
- CI requires some secrets where sensitive information is stored to perform and complete the project deployment work. Any information ranging from API tokens, sas keys or database information that can be obtained from the service provider. These secrets are required by the job to complete the deployment and this step cannot be ignored.
- The first service provider of Gitlab is Vault by HashiCorp and the first secret engine is KV-V2. Vault by HashiCorp helps in securely storing the secrets and keys in the key vault either using User Interface or API. There are dedicated servers and IP addresses specifically meant for securing the static infrastructure in Vault by HashiCorp. Dynamic infrastructure’s security is provided by the software-based encryption in the system.
Steps to Manage Gitlab Secrets
Given below are the steps to manage GitLab secrets:
1. Note Down the Secrets
We should write the secrets on any notepad or we can use Secrethub to do the same. We should create a repository and directory in secrethub to start the process where we can store the secrets. Gitlab CI uses a yml file as discussed earlier and hence we should store the file .gitlab-ci.yml into the repository where secrets are stored. We should install secrethub in Gitlab that helps to store the secrets. Secret values are stored here that is wrapped in ./deploy.sh. while running this command, .run replaces the secret and places it in the repository. Access key and Key ID shows the path where the file is stored.
2. Gitlab CI Configuration
We can use environment files in the application to use it for the deployment of various environments. This helps in templating the files in the application and make the process easy. Setting up Gitlab configuration involves these steps of secrets provisioning in the application and wrapping the secrets in the system.
3. Secrethub Service Account
Service accounts should be created so that access can be granted to anyone to read the secrets. Init command should be run that displays the credential of the service account. We can set the permission in the next step to read the secrets based on the repository. Clip flag can also be used to store the command to the notepad and use it for secrets.
4. Add Credentials in Gitlab CI
In Gitlab project page, open settings where we can see CI/CD in the application. We can see variables on the page. Open the same where adding a variable is an option. Add secrets in the variable key and add the secret credential generated while using permission-read command in the value part. We should mask the value and we can set the environment scope based on our requirements in deployments. We should save variables on this page. Now the secrets are stored in Gitlab project with the help of secrethub.
Gitlab CI helps in any kind of testing as this helps the developers to make the process faster in the application. We can also link dockers and Kubernetes in the application to manage the process where we can use various repositories stored in the cloud and make the process more efficient and interactive.
This is a guide to GitLab CI. Here we discuss the introduction, how to manage secrets in GitLab CI? and steps to manage Gitlab secrets. You may also have a look at the following articles to learn more –