gitlab-ci-best-practices
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseGitLab CI - Best Practices
GitLab CI - 最佳实践
Optimize GitLab CI/CD pipelines for performance, reliability, and maintainability.
针对性能、可靠性和可维护性优化GitLab CI/CD流水线。
Pipeline Optimization
流水线优化
Use DAG with Needs
结合Needs使用DAG
yaml
stages:
- build
- test
- deploy
build:frontend:
stage: build
script: npm run build:frontend
build:backend:
stage: build
script: npm run build:backend
test:frontend:
stage: test
needs: ["build:frontend"]
script: npm run test:frontend
test:backend:
stage: test
needs: ["build:backend"]
script: npm run test:backend
deploy:
stage: deploy
needs: ["test:frontend", "test:backend"]
script: ./deploy.shyaml
stages:
- build
- test
- deploy
build:frontend:
stage: build
script: npm run build:frontend
build:backend:
stage: build
script: npm run build:backend
test:frontend:
stage: test
needs: ["build:frontend"]
script: npm run test:frontend
test:backend:
stage: test
needs: ["build:backend"]
script: npm run test:backend
deploy:
stage: deploy
needs: ["test:frontend", "test:backend"]
script: ./deploy.shParallel Execution
并行执行
yaml
test:
parallel:
matrix:
- SUITE: [unit, integration, e2e]
script:
- npm run test:$SUITEyaml
test:
parallel:
matrix:
- SUITE: [unit, integration, e2e]
script:
- npm run test:$SUITEInterruptible Jobs
可中断任务
yaml
test:
interruptible: true
script:
- npm test
deploy:production:
interruptible: false # Never cancel
script:
- ./deploy.shyaml
test:
interruptible: true
script:
- npm test
deploy:production:
interruptible: false # Never cancel
script:
- ./deploy.shConfiguration Organization
配置组织
Split Configuration Files
拆分配置文件
yaml
undefinedyaml
undefined.gitlab-ci.yml
.gitlab-ci.yml
include:
- local: .gitlab/ci/build.yml
- local: .gitlab/ci/test.yml
- local: .gitlab/ci/deploy.yml
stages:
- build
- test
- deploy
undefinedinclude:
- local: .gitlab/ci/build.yml
- local: .gitlab/ci/test.yml
- local: .gitlab/ci/deploy.yml
stages:
- build
- test
- deploy
undefinedReusable Templates
可复用模板
yaml
.node_template: &node_template
image: node:20-alpine
before_script:
- npm ci
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
test:unit:
<<: *node_template
script:
- npm run test:unit
test:lint:
<<: *node_template
script:
- npm run lintyaml
.node_template: &node_template
image: node:20-alpine
before_script:
- npm ci
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
test:unit:
<<: *node_template
script:
- npm run test:unit
test:lint:
<<: *node_template
script:
- npm run lintExtends Keyword
Extends关键字
yaml
.base_job:
image: node:20-alpine
before_script:
- npm ci
test:
extends: .base_job
script:
- npm test
build:
extends: .base_job
script:
- npm run buildyaml
.base_job:
image: node:20-alpine
before_script:
- npm ci
test:
extends: .base_job
script:
- npm test
build:
extends: .base_job
script:
- npm run buildResource Management
资源管理
Resource Groups
资源组
yaml
deploy:staging:
resource_group: staging
script:
- ./deploy.sh staging
deploy:production:
resource_group: production
script:
- ./deploy.sh productionyaml
deploy:staging:
resource_group: staging
script:
- ./deploy.sh staging
deploy:production:
resource_group: production
script:
- ./deploy.sh productionRunner Tags
Runner标签
yaml
heavy_build:
tags:
- high-memory
- docker
script:
- ./build.shyaml
heavy_build:
tags:
- high-memory
- docker
script:
- ./build.shError Handling
错误处理
Retry Configuration
重试配置
yaml
test:flaky:
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- script_failureyaml
test:flaky:
retry:
max: 2
when:
- runner_system_failure
- stuck_or_timeout_failure
- script_failureAllow Failure
允许失败
yaml
test:experimental:
allow_failure: true
script:
- npm run test:experimental
test:experimental:soft:
allow_failure:
exit_codes: [42] # Only allow specific exit codeyaml
test:experimental:
allow_failure: true
script:
- npm run test:experimental
test:experimental:soft:
allow_failure:
exit_codes: [42] # Only allow specific exit codeSecurity Best Practices
安全最佳实践
Protected Pipelines
受保护流水线
yaml
deploy:production:
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
environment:
name: productionyaml
deploy:production:
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: manual
environment:
name: productionSecure Variables
安全变量
yaml
undefinedyaml
undefinedUse protected and masked variables
Use protected and masked variables
deploy:
script:
- echo "$API_KEY" # Masked in logs
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
undefineddeploy:
script:
- echo "$API_KEY" # Masked in logs
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
undefinedMonitoring & Debugging
监控与调试
Job Logging
任务日志
yaml
test:
script:
- set -x # Enable debug output
- npm test
after_script:
- echo "Job status: $CI_JOB_STATUS"yaml
test:
script:
- set -x # Enable debug output
- npm test
after_script:
- echo "Job status: $CI_JOB_STATUS"Pipeline Badges
流水线徽章
markdown
[](https://gitlab.com/group/project/-/pipelines)
[](https://gitlab.com/group/project/-/pipelines)markdown
[](https://gitlab.com/group/project/-/pipelines)
[](https://gitlab.com/group/project/-/pipelines)Common Anti-Patterns
常见反模式
-
Avoid: Running all jobs in sequence Do: Usefor parallel execution
needs -
Avoid: Downloading all artifacts Do: Useto limit downloads
dependencies -
Avoid: Rebuilding node_modules every job Do: Use cache with lock file keys
-
Avoid: Hardcoded secrets Do: Use CI/CD variables with protection
-
Avoid: Single monolithicDo: Split into multiple included files
.gitlab-ci.yml
-
避免:按顺序运行所有任务 建议:使用实现并行执行
needs -
避免:下载所有制品 建议:使用限制下载范围
dependencies -
避免:每个任务都重新构建node_modules 建议:结合锁文件关键字使用缓存
-
避免:硬编码密钥 建议:使用带保护的CI/CD变量
-
避免:单一庞大的文件 建议:拆分为多个可引入的文件
.gitlab-ci.yml