GitLab CI - Learnings

I have recently started to use GitLab's Build for CI and found it so easy to create a custom pipeline code with a self-hosted runner. Sharing some of my learnings.

On GitLab v16.x,

Add below workflow condition in your .gitlab-ci.yml to avoid triggering build un-intentionally, even if .gitlab-ci.yml itself is changed.

# workflow & rule combination stops unwanted triggers of pipeline
workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "web"'

Trigger pipeline using curl is super convenient

Generate project level access token in "Settings > CI/CD > Pipeline triggers" and use curl to trigger build. A webhook option is also available.

curl -X POST --fail \ 
-F token=[TOKEN] \
-F ref=[BRANCH_NAME] \
[GITLAB_URL]/[PROJECT_ID]/trigger/pipeline

PROJECT_ID = look up your project ID under "Settings > General > Project ID"

BRANCH_NAME = branch name

curl -x POST --fail \
-F token=wfw3423fwefw \
-F ref=master \
https://mygitlaburl.com/api/v4/projects/123/trigger/pipeline

💡

Restrict pipeline execution to web & pipeline trigger by adding $CI_PIPELINE_TRIGGER == "trigger" to workflow rules.

Basic CICD variable security

GitLab provides "masked" variables option to avoid exposure of tokens & other sensitive information in logs. This option avoided exposing tokens in .gitlab-ci.yml & made pipeline generic for multiple projects.

GitLab CI - Learnings

Table of contents

Trigger pipeline only from Web Login

Trigger pipeline using curl is super convenient

Basic CICD variable security