Automated Software Delivery via GitLab CI/CD Pipeline Configuration and Docker Deployment

Published by TechMarmot Editorail Staff on | Category GitLab CI

The modern software development lifecycle (SDLC) has shifted from manual, error-prone release processes to highly automated, iterative workflows. At the center of this paradigm shift is Continuous Integration and Continuous Deployment (CI/CD). This method involves a continuous cycle where software is built, tested, deployed, and monitored through iterative code changes. By implementing a robust CI/CD pipeline, engineering teams can drastically reduce the probability of developing new features on top of buggy or failed previous versions. The primary benefit is the ability to catch defects early in the development cycle, ensuring that any code moving toward a production environment adheres strictly to established code standards and quality benchmarks.

GitLab provides a comprehensive suite of tools to facilitate this automation through its CI/CD offerings. These tools are available across several tiers, including Free, Premium, and Ultimate, catering to various organizational needs ranging from individual developers to massive enterprise ecosystems. GitLab offers these capabilities through multiple deployment models: GitLab.com (SaaS), GitLab Self-Managed (on-premises or private cloud), and GitLab Dedicated (a single-tenant managed service). The architecture of GitLab CI/CD is designed to integrate seamlessly into the developer workflow, transforming a simple code commit into a fully deployed application.

The Architecture of GitLab CI/CD Pipelines

A pipeline is the fundamental unit of execution in GitLab CI/CD. It is a structured sequence of operations triggered by specific events, such as code commits, merges, or even scheduled intervals. The execution of these pipelines is handled by Runners—specialized agents that execute the instructions defined in the configuration.

Pipelines are composed of two primary hierarchical components: stages and jobs.

  • Stages define the chronological order of execution. For a standard lifecycle, stages typically follow a progression such as build, test, and deploy. The order is critical because subsequent stages generally depend on the successful completion of preceding ones.
  • Jobs specify the discrete tasks to be performed within each stage. A job might involve compiling source code, running unit tests, building a container image, or pushing code to a remote server.

The core logic governing these operations resides in a specific configuration file. This file, named .gitlab-ci.yml, must be located at the root directory of the repository. While the filename is case-sensitive, GitLab allows for the configuration of a different filename if necessary, though the default is the industry standard. This YAML-based file uses a custom syntax to define the variables, dependencies, and execution parameters for the entire automation suite.

Configuring the .gitlab-ci.yml File

To initialize a pipeline, the .gitlab-ci.yml file must be present. Once the file is pushed to the repository, GitLab automatically detects its presence and initiates the first pipeline. The configuration defines the "what," "when," and "how" of the automation process.

Defining Stages and Variables

The structure of the configuration begins with defining the workflow order and the data used across different jobs.

  • stages: This section lists the execution phases. In a Docker-based deployment workflow, common stages include publish and deploy.
  • variables: This section allows for the declaration of global or job-specific variables. Using variables promotes the "Don't Repeat Yourself" (DRY) principle and makes the pipeline easier to maintain. For example, defining image tags allows for consistent versioning across different jobs.
Variable Type Example Purpose Impact
Image Tags TAG_LATEST or TAG_COMMIT Ensures version consistency between build and deploy stages.
Registry Variables $CI_REGISTRY_IMAGE Dynamically points to the project's container registry.
Authentication Tokens $CI_JOB_TOKEN Provides secure, temporary access to the registry.

The Publish Stage: Containerization

The publish stage is responsible for transforming source code into a deployable artifact, typically a Docker image. This stage often requires a specialized environment, such as a Docker-in-Docker (dind) service, to allow the runner to execute Docker commands.

The following configuration demonstrates a standard publish job:

yaml publish: image: docker:latest stage: publish services: - docker:dind script: - docker build -t $TAG_COMMIT -t $TAG_LATEST . - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST

In this specific implementation:
- The image: docker:latest directive specifies the environment for the job.
- The services: - docker:dind enables the ability to run Docker commands within the container.
- The script section contains the execution logic.
- docker build creates the image using the local Dockerfile and applies the predefined tags.
- docker login uses the $CI_JOB_TOKEN, a predefined variable generated by GitLab that remains valid only for the lifetime of the job, ensuring high security.
- docker push uploads the tagged images to the GitLab Container Registry.

The Deploy Stage: Remote Execution

The deploy stage moves the artifact from the registry to the target infrastructure. This often involves using a lightweight Linux distribution, such as Alpine, to minimize the footprint of the deployment job.

A common pattern for deploying to a remote Linux server via SSH is illustrated below:

yaml deploy: image: alpine:latest stage: deploy tags: - deployment script: - chmod og= $ID_RSA - apk update && apk add openssh-client - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY" - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:80 --name my-app $TAG_COMMIT" environment: name: production url: http://your_server_IP only: - master

Detailed breakdown of the deployment script:
- chmod og= $ID_RSA: Sets the correct permissions on the private SSH key to prevent connection rejection.
- apk update && apk add openssh-client: Updates the package manager and installs the necessary SSH tools.
- ssh ... "docker login ...": Commands the remote server to authenticate with the registry using the job token.
- ssh ... "docker pull ...": Instructs the remote server to download the specific image version created in the publish stage.
- ssh ... "docker container rm -f my-app || true": Forcefully removes any existing container named my-app. The || true ensures the pipeline does not fail if the container does not already exist.
- ssh ... "docker run -d -p 80:80 --name my-app $TAG_COMMIT": Starts the new container in detached mode, mapping port 80 and naming it my-app.

Environment Management and Deployment Control

GitLab provides advanced features to manage the lifecycle of deployments through the "Environments" functionality. This is accessible via the Operations > Environments menu in the GitLab interface.

The Role of the Environment Section

When a job includes an environment block, GitLab tracks the deployment. This creates a historical record of every time a specific environment was updated.

  • name: Identifies the environment (e.g., production, staging).
  • url: Provides a direct link to the application. When a deployment is successful, a "View deployment" button appears in GitLab, allowing users to navigate directly to the live service.

The ability to track environments provides a clear audit trail. Each deployment is linked to the specific commit and branch that triggered it. This traceability is vital for debugging and compliance.

Rollbacks and Error Recovery

One of the most powerful features of GitLab Environments is the ability to perform rollbacks. If a deployment is discovered to be defective, users can use a dedicated re-deployment button within the GitLab interface to roll back to a previous, stable version of the software. This capability minimizes downtime and provides a safety net for continuous deployment workflows.

Restricting Job Execution

To prevent accidental deployments, GitLab allows for job restriction through various mechanisms.

  • only: This section specifies the branches or tags for which a job is allowed to run. For example, only: - master ensures that deployment only occurs when changes are merged into the default branch (historically referred to as master, though many providers have transitioned to main).
  • rules: For more complex logic, the rules syntax offers granular control over when a job should be triggered, allowing for conditional execution based on variable values or branch names.

Monitoring and Validation

Once the pipeline is configured and executed, the user must monitor its progress and validate the results.

Pipeline Observation

Users can track the status of their automation through the Build > Pipelines menu. A successful pipeline is denoted by green checkmarks for each stage.

  • Pipeline Overview: Provides a high-level view of all jobs and their statuses.
  • Job Result Page: Clicking on a specific job opens a page displaying the shell output. This output is the primary resource for debugging; it contains the exact logs from the containerized environment, including any errors encountered during docker build or ssh commands.
  • Deployment Tags: In the right sidebar of the job result page, users can see the deployment tag, which identifies the specific runner used for execution.

Validation Workflow

A complete validation process involves checking the status in three distinct locations:
1. GitLab Pipeline Status: Confirming the jobs reached a "Passed" state.
2. GitLab Environments: Verifying the deployment is recorded and the version is correct.
3. The Target Server/Browser: Accessing the application via the provided URL or checking the container status on the remote server to ensure the application is running as expected.

Conclusion

The implementation of a GitLab CI/CD pipeline using Docker and SSH transforms software delivery from a manual task into a highly reliable, automated engine. By leveraging the .gitlab-ci.yml file, developers can define a strict sequence of build, publish, and deploy stages that ensure code consistency and rapid iteration. The integration of GitLab Environments provides the necessary oversight to manage production deployments, offering critical features like deployment traceability and rapid rollbacks. Ultimately, this automation reduces the feedback loop between code creation and user consumption, allowing organizations to deploy changes more frequently and with significantly higher confidence in the stability of their production environments.

Sources

  1. GitLab CI/CD Documentation
  2. How to set up a continuous deployment pipeline with GitLab on Ubuntu

Related Posts