๐Ÿ“—
smiley book
  • Smiley Books
  • AI
    • Readme
    • openai-whisper
      • ์ƒ˜ํ”Œ ์‹คํ–‰ํ•ด๋ณด๊ธฐ
      • GPU ์„œ๋ฒ„ ์ค€๋น„ํ•˜๊ธฐ
      • API๋กœ whisper๋ฅผ ์™ธ๋ถ€์— ์˜คํ”ˆํ•˜๊ธฐ
      • ํ”„๋กฌํ”„ํŠธ ์ง€์›
      • ์‹ค์‹œ๊ฐ„ message chat
      • ํ™”๋ฉด ์ด์˜๊ฒŒ ๋งŒ๋“ค๊ธฐ์™€ ๋กœ๊ทธ์ธ
      • ํŒŒ์ด์ฌ ๊ฐ€์ƒํ™˜๊ฒฝ
      • ์‹ค์‹œ๊ฐ„ voice chat
      • fine tunning(๋ฏธ์„ธ ์กฐ์ •) ์œผ๋กœ ์„ฑ๋Šฅ ์˜ฌ๋ฆฌ๊ธฐ
      • app์—์„œ api๋ฅผ ํ˜ธ์ถœํ•˜์—ฌ ์‹ค์‹œ๊ฐ„์œผ๋กœ ํ…์ŠคํŠธ๋กœ ๋ฐ”๊ฟ”๋ณด๊ธฐ
    • ollama - llm์„ ์‰ฝ๊ฒŒ ๋‚ด์ปด์—์„œ ์‹คํ–‰
      • ollama webui
      • ollama docker
    • stable diffusion
      • SDXL - text to image
      • SD-webui
    • ChatGPT
      • ๋‹ต๋ณ€์ด ๋Š๊ธธ๋•Œ
      • ์—ญํ• ์„ ์ •ํ•˜์ž
      • ๊ตฌ์ฒด์ ์ธ ์งˆ๋ฌธ
      • ๊ฒฐ๊ณผํ˜•ํƒœ๋ฅผ ์ง€์ •
      • ํ”„๋กฌํ”„ํŠธ๋ฅผ ์—ฌ๋Ÿฌ์ค„๋กœ ์‚ฌ์šฉํ•˜์ž.
      • ๋งˆํ‹ด ํŒŒ์šธ๋Ÿฌ ๊ธ€ ๋ฒˆ์—ญ๋ณธ
    • Prompt Engineering
    • Auto-GPT
    • Gemini
      • google ai studio
      • gemini-api
      • embedding guide
    • Huggingface
      • huggingface ์‚ฌ์šฉ๋ฒ•
      • huggingface nlp ๊ณต๋ถ€์ค‘
    • kaggle
      • download dataset
    • langchain
      • langchain์„ ๊ณต๋ถ€ํ•˜๋ฉฐ ์ •๋ฆฌ
      • basic
      • slackbot
      • rag
      • document-loader
      • website-loader
      • confluence
      • memory
      • function-call
      • langsmith
      • agent-toolkit
  • Ansible
    • templates vs files and jinja2
    • dynamic inventory
    • limit ์˜ต์…˜ ๊ฐ•์ œํ•˜๊ธฐ
    • limit ์‚ฌ์šฉํ›„ gather_fact ๋ฌธ์ œ
  • AWS
    • AWS CLI
    • EKS
      • cluster manage
      • ALB Controller
      • external-dns
      • fargate
    • ECR
    • S3
    • Certificate Manager
  • Azure
    • Azure AD OAuth Client Flow
  • Container
    • Registry
    • ๋นŒ๋“œ์‹œ์— env๊ฐ’ ์„ค์ •ํ•˜๊ธฐ
  • DB
    • PXC
      • Operator
      • PMM
      • ์‚ญ์ œ
      • GTID
      • Cross Site Replication
    • Mssql
    • Mysql
  • dotnet
    • Thread Pool
    • Connection Pool
    • Thread Pool2
  • Devops
    • Recommendation
  • GIT
    • Basic
    • Submodule
  • GitHub
    • Repository
    • GitHub Action
    • GitHub PR
    • Self Hosted Runner
    • GitHub Webhook
  • GitLab
    • CI/CD
    • CI/CD Advance
    • Ssl renew
    • CI/CD Pass env to other job
  • Go Lang
    • ๊ฐœ๋ฐœ ํ™˜๊ฒฝ ๊ตฌ์ถ•
    • multi os binary build
    • kubectl๊ฐ™์€ cli๋งŒ๋“ค๊ธฐ
    • azure ad cli
    • embed static file
    • go study
      • pointer
      • module and package
      • string
      • struct
      • goroutine
  • Kubernetes
    • Kubernetes๋Š” ๋ฌด์—‡์ธ๊ฐ€
    • Tools
    • Install with kubespray
    • Kubernetes hardening guidance
    • 11 ways not to get hacked
    • ArgoCD
      • Install
      • CLI
      • Repository
      • Apps
      • AWS ALB ์‚ฌ์šฉ
      • Notification slack
      • Backup / DR
      • Ingress
      • 2021-11-16 Github error
      • Server Config
      • auth0 ์ธ์ฆ ์ถ”๊ฐ€(oauth,OIDC)
    • Extension
      • Longhorn pvc
      • External dns
      • Ingress nginx
      • Cert Manager
      • Kube prometheus
    • Helm
      • Subchart
      • Tip
    • Loki
    • Persistent Volume
    • TIP
      • Job
      • Pod
      • Log
  • KAFKA
    • raft
  • KVM
    • kvm cpu model
  • Linux
    • DNS Bind9
      • Cert-Manager
      • Certbot
      • Dynamic Update
      • Log
    • Export and variable
    • Grep ์‚ฌ์šฉ๋ฒ•
  • Modeling
    • C4 model introduce
    • Mermaid
    • reference
  • Monitoring
    • Readme
    • 0. What is Monitoring
    • 1. install prometheus and grafana
    • 2. grafana provisioning
    • 3. grafana dashboard
    • 4. grafana portable dashboard
    • 5. prometheus ui
    • 6. prometheus oauth2
    • Prometheus
      • Metric type
      • basic
      • rate vs irate
      • k8s-prometheus
    • Grafana
      • Expolorer
    • Node Exporter
      • advance
      • textfile collector
  • Motivation
    • 3 Simple Rule
  • OPENNEBULA
    • Install(ansible)
    • Install
    • Tip
    • Windows vm
  • Reading
    • comfort zone
    • ๋ฐฐ๋ ค
    • elon musk 6 rule for insane productivity
    • Feynman Technique
    • how to interview - elon musk
    • ๊ฒฝ์ฒญ
    • Readme
  • Redis
    • Install
    • Master-slave Architecture
    • Sentinel
    • Redis Cluster
    • Client programming c#
  • SEO
    • Readme
  • Security
    • criminalip.io
      • criminalip.io
  • Stock
    • robinhood-python
  • Terraform
    • moved block
    • output
  • vault
    • Readme
  • VS Code
    • dev container
    • dev container on remote server
  • Old fashione trend
    • curity
    • MAAS
      • Install maas
      • Manage maas
      • Tip
Powered by GitBook
On this page
  • gitlab duo chat
  • start pipeline
  • script, before_script, and after_script
  • ์‹คํ–‰ ์ˆœ์œ„
  • GitLab Runners
  • type
  • tag
  • ์‹คํ–‰ ์ˆœ์„œ ์ˆ˜์ •
  • Directed Acyclic Graph
  • Stageless Pipelines
  • Caching Basics
  • Cache Execution Order
  • why cache?
  • Allowing Job Failure (job ์‹คํŒจ๋ฅผ ํ—ˆ์šฉ)
  • rules
  • rules์„ ์ถ”๊ฐ€
  • When is a Job NOT created in a Pipeline?
  • when: manual
  • when for delaying a job run
  • using changes and if
  • variables Processing Order
  • Stroing with artifacts
  • template
  • How to get SAST from GitLab
  • child process
  • Downstream Pipelines
  • Rules & Child Pipelines

Was this helpful?

  1. GitLab

CI/CD Advance

PreviousCI/CDNextSsl renew

Last updated 1 year ago

Was this helpful?

gitlab duo chat

์งˆ๋ฌธ์ด ์žˆ์œผ๋ฉด duo chat์„ ์ด์šฉํ•˜์ž. ๋ฉ”๋‰ด๊ฐ€ ์ฐพ๊ธฐ ์–ด๋ ต๋‹ค. ์„œ๋น„์Šค์— ๋”ฐ๋ผ์„œ ์—†์„์ˆ˜๋„ ์žˆ๋‹ค.

start pipeline

.gitlab-ci.yml ์ƒ์„ฑ (gitlab-ci.yaml์€ ๋™์ž‘ํ•˜์ง€์•Š์Œ)

  • stage

  • job

stage๋Š” tagging system๊ณผ ๋น„์Šทํ•˜๋‹ค. ๋ชจ๋“ ๊ฒƒ์€ Job์œผ๋กœ ์›€์ง์ด์ง€๋งŒ stage๋Š” job์„ ๊ทธ๋ฃนํ™” ์‹œํ‚ค๋Š” ์—ญํ• ์„ ํ•œ๋‹ค.

image: docker:latest
services:
  - docker:dind

variables:
  CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA
  DOCKER_DRIVER: overlay2
  RUNNER_GENERATE_ARTIFACTS_METADATA: 'true'

stages:
  - mybuild
  - mytest

build:
  stage: mybuild
  variables:
    IMAGE: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA
  before_script:
    - docker info
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - cd app
    - docker build -t $IMAGE .
  after_script:
    - docker push $IMAGE

test:
  stage: mytest
  image: alpine:latest
  script:
    - echo hello

script, before_script, and after_script

  • before_script: script์ „์— ์‹คํ–‰๋œ๋‹ค. ๊ทธ๋ฆฌ๊ณ  script์™€ ๊ฐ™์€ shell์—์„œ ์‹คํ–‰๋œ๋‹ค.

  • script : runner์— ์˜ํ•ด์„œ ์‹คํ–‰๋œ๋‹ค. exitcode๋Š” ์—ฌ๊ธฐ์—์„œ ๋ฆฌํ„ด๋œ๋‹ค.

  • after_script : Runs in a separate shell after the before_script / script statements. (๋‹ค๋ฅธ ์‰˜์—์„œ ์‹คํ–‰๋œ๋‹ค. ) , exitcode ์— ๋Œ€ํ•ด์„œ๋Š” ์ƒ๊ด€ํ•˜์ง€ ์•Š๋Š”๋‹ค.

test์— ์ฝ”๋“œ ์ถ”๊ฐ€

test:
  stage: mytest
  image: alpine:latest
  script:
    - echo hello
  after_script:
    - echo "Our race track has been tested!"

์‹คํ–‰ ์ˆœ์œ„

stage ์ˆœ์„œ๋Œ€๋กœ ์‹คํ–‰๋œ๋‹ค.

  • Jobs in the next stage will start after all jobs in the previous stage have completed successfully

  • ๋‹ค์Œ ๋‹จ๊ณ„์˜ ์ž‘์—…์€ ์ด์ „ ๋‹จ๊ณ„์˜ ๋ชจ๋“  ์ž‘์—…์ด ์„ฑ๊ณต์ ์œผ๋กœ ์™„๋ฃŒ๋œ ํ›„ ์‹œ์ž‘๋ฉ๋‹ˆ๋‹ค.

GitLab Runners

type

  • SSH

  • Shell

  • Virtual Box

  • Parallels

  • Docker

  • Docker Autoscaler (Beta)

  • Docker Machine

  • Kubernetes

  • Custom

tag

tag๋ฅผ ์ด์šฉํ•ด์„œ runner๋ฅผ ์„ ํƒํ•  ์ˆ˜ ์žˆ๋‹ค.

job:
  tags:
    - myrunner

์‹คํ–‰ ์ˆœ์„œ ์ˆ˜์ •

need๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ํŠน์ • ์ž‘์—… ๋‹ค์Œ์— ์‹คํ–‰์„ ํ• ์ˆ˜ ์žˆ๋‹ค.

๊ฒฝ์šฐ์— ๋”ฐ๋ผ์„œ stage๋ฅผ ๋™์‹œ์— ์‹คํ–‰ํ•˜๊ณ  ์‹ถ์„์ˆ˜ ์žˆ๋‹ค.

test:
  stage: mytest
  image: alpine:latest
  script:
    - echo hello
  after_script:
    - echo "Our race track has been tested!"
  needs: []

super_fast_test:
  stage: test
  script:
    - echo "If youre not first youre last"
    - return 0
  needs: []

๋‘๊ฐœ์˜ ์žก์ด ๋‹ค๋ฅธ์žก์„ ๊ธฐ๋‹ค๋ฆฌ์ง€ ์•Š๊ณ  ๋™์‹œ์— ์‹คํ–‰๋œ๋‹ค.

Directed Acyclic Graph

stage์ถ”๊ฐ€ํ•˜๊ณ  ๋‹ค์Œ ์ฝ”๋“œ๋ฅผ ์ถ”๊ฐ€ํ•ด๋ณด์ž.

stages:
  - race

build_car_a:
  stage: mybuild
  script:
    - echo "build_car_a"

build_car_b:
  stage: mybuild
  script:
    - echo "build_car_b"

build_car_c:
  stage: mybuild
  script:
    - echo "build_car_c"

build_car_d:
  stage: mybuild
  script:
    - echo "build_car_d"

build_car_e:
  stage: mybuild
  script:
    - echo "build_car_e"

build_car_f:
  stage: mybuild
  script:
    - echo "build_car_f"

test_car_a:
  stage: mytest
  needs: [build_car_a]
  script:
    - echo "test_car_a"

test_car_b:
  stage: mytest
  needs: [build_car_b]
  script:
    - echo "test_car_b"

test_car_c:
  stage: mytest
  needs: [build_car_c]
  script:
    - echo "test_car_c"

test_car_d:
  stage: mytest
  needs: [build_car_d]
  script:
    - echo "test_car_d"

test_car_e:
  stage: mytest
  needs: [build_car_e]
  script:
    - echo "test_car_e"

test_car_f:
  stage: mytest
  needs: [build_car_f]
  script:
    - echo "test_car_f"

race_car_a:
  stage: race
  needs: [test_car_a]
  script:
    - echo "race_car_a"

race_car_b:
  stage: race
  needs: [test_car_b]
  script:
    - echo "race_car_b"

race_car_c:
  stage: race
  needs: [test_car_c]
  script:
    - echo "race_car_c"

race_car_d:
  stage: race
  needs: [test_car_d]
  script:
    - echo "race_car_d"

race_car_e:
  stage: race
  needs: [test_car_e]
  script:
    - echo "race_car_e"

race_car_f:
  stage: race
  needs: [test_car_f]
  script:
    - echo "race_car_f"

์—ฌ๊ธฐ์—์„œ ๋ณด๋ฉด ๋ณผ์ˆ˜ ์ž‡๋‹ค.

์›๋ณตํ•˜์ž.

Stageless Pipelines

๋ฒ„์ „์— ๋”ฐ๋ผ์„œ ๋‹ค๋ฅด์ง€๋งŒ ๊ธฐ์กด์—๋Š” need๋Š” ๋‹ค๋ฅธ stage์— job์— ์ ์šฉํ• ์ˆ˜ ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

์ด์ œ๋Š” ๊ฐ™์€ stage์—์„œ๋„ need๊ฐ€ ์ ์šฉ๋จ. Allows โ€œneedsโ€ keyword to be used in the same stage

  • ํŒŒ์ดํ”„๋ผ์ธ์„ ์ข€๋” ํšจ๊ณผ์ ์œผ๋กœ ๋งŒ๋“ค์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

  • ์‹คํ–‰์ˆœ์„œ๋ฅผ ์ข€๋” ๋ช…ํ™•ํ•˜๊ฒŒ ์ •ํ• ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

Available in (All tiers; 14.2+)

Caching Basics

To cache, a GitLab Runner will take the content you cached and store it in GCP Cloud Storage

Cache Execution Order

  1. Pipeline starts.

  2. job A runs.

  3. before_script is executed.

  4. script is executed.

  5. after_script is executed.

  6. cache runs and the vendor/ directory is zipped into cache.zip. This file is then saved in the directory based on the runnerโ€™s setting and the cache: key.

  7. job B runs.

  8. The cache is extracted (if found).

  9. before_script is executed.

  10. script is executed.

  11. Pipeline finishes.

why cache?

์ž‘์—… ๊ฐ„์— ๋‹ค์šด๋กœ๋“œํ•œ ์ฝ˜ํ…์ธ  ๊ณต์œ : ์ฝ”๋“œ์˜ ์—ฌ๋Ÿฌ ๋ธŒ๋žœ์น˜์—์„œ ์ˆ˜ํ–‰ํ•  ์ˆ˜๋„ ์žˆ์Šต๋‹ˆ๋‹ค. ์ฝ”๋“œ ์ข…์†์„ฑ ์ €์žฅ(๋‹ค์Œ์— ๋‹ค์šด๋กœ๋“œํ•  ๋•Œ๊นŒ์ง€ ๊ธฐ๋‹ค๋ฆด ํ•„์š” ์—†์Œ) ํŒŒ์ดํ”„๋ผ์ธ ์†๋„ ํ–ฅ์ƒ

job A:
  stage: mybuild
  script:
    - mkdir vendor/
    - echo "Hello World" > vendor/hello.txt
  cache:
    key: build-cache
    paths:
      - vendor/
  after_script:
    - echo "world"

job B:
  stage: mytest
  script:
    - cat vendor/hello.txt
  cache:
    key: build-cache
    paths:
      - vendor/

hello.txt๋ฅผ ๋‹ค์Œ์ž‘์—…์ด ๋ฐ›์•„์„œ ์ฒ˜๋ฆฌํ• ์ˆ˜ ์žˆ๋‹ค.

hello world ๊ฐ€ ์ฐํžˆ๋Š”๊ฑธ ๋ณผ์ˆ˜ ์žˆ๋‹ค. ํŒŒ์ผ์„ ๊ฐ€์ ธ์™”๋‹ค๋Š” ๋œป์ด๋‹ค.

์ข€๋” ์˜๋ฏธ์ž‡๋Š” ์ƒ˜ํ”Œ์„ ํ•ด๋ณด์ž. ruby๋ฅผ ๋นŒ๋“œ๋ฅผ ๋จผ์ €ํ•ด์„œ ๊ทธ๊ฑธ ์บ์‹œํ•ด๋‘๊ณ  ๋‹ค์Œ์ž‘์—…์—์„œ ๊ฐ€์ ธ์™€์„œ ์‚ฌ์šฉํ• ์ˆ˜ ์žˆ๋‹ค.

์ข€๋” ์˜๋ฏธ์ž‡๋Š” ์ƒ˜ํ”Œ์„ ํ•ด๋ณด์ž. ruby๋ฅผ ๋นŒ๋“œ๋ฅผ ๋จผ์ €ํ•ด์„œ ๊ทธ๊ฑธ ์บ์‹œํ•ด๋‘๊ณ  ๋‹ค์Œ์ž‘์—…์—์„œ ๊ฐ€์ ธ์™€์„œ ์‚ฌ์šฉํ• ์ˆ˜ ์žˆ๋‹ค.

# Cache modules in between jobs
cache:
  - key: cache-$CI_COMMIT_REF_SLUG
    fallback_keys:
      - cache-$CI_DEFAULT_BRANCH
      - cache-default
    paths:
      - vendor/ruby
      - Gemfile.lock

npm๋„ ๋งˆ์ฐฌ๊ฐ€์ง€์ด๋‹ค. ์ฒ˜์Œ๋ถ€ํ„ฐ ๋‹ค ์„ค์น˜ํ•˜์ง€ ์•Š๊ณ  ์„ค์น˜๋œ ํŒŒ์ผ๋“ค์„ ๋‹ค์šด๋ฐ›์€ํ›„ ์‚ฌ์šฉํ•˜๋ฉด ๋นŒ๋“œ ์‹œ๊ฐ„์„ ์ค„์ผ์ˆ˜ ์ž‡๋‹ค.

Allowing Job Failure (job ์‹คํŒจ๋ฅผ ํ—ˆ์šฉ)

We need to find a way to configure the pipeline so that even when the unit test job fails, subsequent jobs still execute.

๋‹จ์œ„ ํ…Œ์ŠคํŠธ ์ž‘์—…์ด ์‹คํŒจํ•˜๋”๋ผ๋„ ํ›„์† ์ž‘์—…์ด ๊ณ„์† ์‹คํ–‰๋˜๋„๋ก ํŒŒ์ดํ”„๋ผ์ธ์„ ๊ตฌ์„ฑํ•˜๋Š” ๋ฐฉ๋ฒ•

allow_failure: true - failing job is logged in the pipeline as failed, but does not prevent subsequent jobs from executing

allow_failure ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด๋œ๋‹ค.

์Šคํฌ๋ฆฝํŠธ exit 1 ์„ ์‹คํŒจ๋ฅผ ๋ฆฌํ„ดํ•œ๋‹ค.

stage์— deploy๋ฅผ ์ถ”๊ฐ€ํ•œ๋‹ค.allow_failure: true ๊ฐ€ ์—†์œผ๋ฉด deploy๋Š” ์‹คํ–‰๋˜์ง€ ์•Š๋Š”๋‹ค.

stages:
  - deploy

super_fast_test:
  stage: mytest
  script:
    - exit 1
  needs: []
  allow_failure: true

deploy:
  stage: deploy
  script:
    - echo "Deploying"
  needs: [super_fast_test]

rules

rules์„ ์ถ”๊ฐ€

rules:
  - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

๋งž๋Š” ์กฐ๊ฑด์—๋งŒ ์‹คํ–‰์ด ๋œ๋‹ค.

When is a Job NOT created in a Pipeline?

When is a Job NOT created in a Pipeline?

A job is not included in a pipeline if:

  • None of the rules defined for the job evaluate to true

  • A rule evaluates to true, but has clause of when: never

  • No rules are defined but a when: never clause is specified

๋‹ค์Œ๊ณผ ๊ฐ™์€ ๊ฒฝ์šฐ ์ž‘์—…์€ ํŒŒ์ดํ”„๋ผ์ธ์— ํฌํ•จ๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค:

  • ์ž‘์—…์— ๋Œ€ํ•ด ์ •์˜๋œ ๊ทœ์น™ ์ค‘ ์–ด๋А ๊ฒƒ๋„ ์ฐธ์œผ๋กœ ํ‰๊ฐ€๋˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

  • ๊ทœ์น™์ด ์ฐธ์œผ๋กœ ํ‰๊ฐ€๋˜์ง€๋งŒ when: never ์ ˆ์ด ์žˆ์Šต๋‹ˆ๋‹ค.

  • ๊ทœ์น™์ด ์ •์˜๋˜์–ด ์žˆ์ง€ ์•Š์ง€๋งŒ when: never ์ ˆ์ด ์ง€์ •๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค.

job:
  script: echo "Hello, World!"
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      when: never
    - if: $CI_PIPELINE_SOURCE == "schedule"
      when: never
    - when: on_success

๋‘๊ฐœ์˜ ๊ฒฝ์šฐ์—๋Š” job์ด ์‹คํ–‰๋˜์ง€ ์•Š๋Š”๋‹ค.

when: on_success : ์ด์ „ ์ž‘์—…์ด ์„ฑ๊ณตํ–ˆ๋‹ค๊ณ  ๊ฐ€์ •ํ•˜์—ฌ ์ž‘์—…์„ ์‹คํ–‰ํ•˜๋„๋ก ์ง€์‹œํ•ฉ๋‹ˆ๋‹ค. ์ด์ค„์— ์˜ค๋ฉด ๊ธฐ์กด if๋Š” ์–ด๋А๊ฒƒ๋„ ๋งŒ์กฑํ•˜์ง€ ์•Š์„๋•Œ ์—ฌ๊ธฐ๊นŒ์ง€ ์˜ค๊ฒŒ ๋œ๋‹ค.

when: manual

์ˆ˜๋™์œผ๋กœ ์‹คํ–‰ํ•˜๊ณ  ์‹ถ์œผ๋ฉด when: manual ์„ ์ถ”๊ฐ€ํ•˜๋ฉด ๋œ๋‹ค.

ํ™”๋ฉด์—์„œ ์‹คํ–‰๋ฒ„ํŠผ์ด ๋‚˜์˜ค๋ฏ€๋กœ ๊ทธ๊ฑธ ๋ˆ„๋ฅด๋ฉด๋œ๋‹ค.

super_fast_test:
  stage: mytest
  script:
    - exit 1
  needs: []
  allow_failure: true

deploy:
  stage: deploy
  script:
    - echo "Deploying"
  needs: [super_fast_test]
  when: manual

If $CI_PIPELINE_SOURCE is set to merge_request_event or schedule, the job is executed

CI_PIPELINE_SOURCE๊ฐ€ merge_request_event ๋˜๋Š” ์Šค์ผ€์ค„๋กœ ์„ค์ •๋œ ๊ฒฝ์šฐ ์ž‘์—…์ด ์‹คํ–‰๋ฉ๋‹ˆ๋‹ค.

job:
  script: echo "Hello, World!"
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_PIPELINE_SOURCE == "schedule"

when for delaying a job run

If used as when: delayed, start_in is also required.

job:
  script: echo "Hello, World!"
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
      when: delayed
      start_in: 3 hours

using changes and if

job:
  script: docker build -t
  rules:
    - if: $VAR == "string value"
      changes:
        - Dockerfile
        - docker/scripts/*
      when: manual

๊ฒฝ๋กœ์ค‘์— ํŒŒ์ผ์ด ๋ฐ”๊ท€๋ฉด ์‹คํ–‰๋˜๋„๋ก ํ• ์ˆ˜ ์žˆ๋‹ค.

์œ„ ๋‚ด์šฉ์€ ๋‘๊ฐœ์˜ ๊ฒฝ๋กœ์˜ ํŒŒ์ผ์ด ํ•˜๋‚˜๋ผ๋” ๋ฐ”๊ท€๋ฉด ์‹คํ–‰๋œ๋‹ค. AND๋ฅผ ์‹คํ–‰ํ•˜๋ ค๋ฉด ์•„๋ž˜์™€ ๊ฐ™์ด ํ•˜๋ฉด๋œ๋‹ค.

changes:
  - Dockerfile AND docker/scripts/*

variables Processing Order

The order of precedence for variables is (from highest to lowest): ๋ณ€์ˆ˜์˜ ์šฐ์„  ์ˆœ์œ„๋Š” (๋†’์€ ๊ฒƒ๋ถ€ํ„ฐ ๋‚ฎ์€ ๊ฒƒ) ์ž…๋‹ˆ๋‹ค

  1. CICD pipeline Trigger variables, scheduled pipeline variables, and manual pipeline run variables.

  2. Project-level variables or protected variables.

  3. Group-level variables or protected variables.

  4. Instance-level variables or protected variables.

  5. Inherited environment variables.

  6. YAML-defined job-level variables.

  7. YAML-defined global variables.

  8. Deployment variables.

  9. Predefined environment variables.

Stroing with artifacts

build:
  stage: build
  script:
    - echo hi > test.txt
  artifacts:
    paths:
      - test.txt
    expire_in: 1 hour

artifacts์„ ๋‹ค์šด๋กœ๋“œํ• ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

template

How to get SAST from GitLab

SAST๋Š” Static Application Security Testing์˜ ์•ฝ์ž์ด๋‹ค.

include:
  - template: Security/SAST.gitlab-ci.yml
sast job: chosen stage does not exist; available stages are .pre, mytest, deploy, .post

add test stage

stages:
  - test

Now that we have SAST lets add a few more security templates to our project to confirm that our code is secure

include:
  - template: Code-Quality.gitlab-ci.yml

child process

SAST๋ฅผ ํ™œ์„ฑํ™”ํ•˜์—ฌ ํŒŒ์ดํ”„๋ผ์ธ์„ ๋ฐ๋ชจํ•œ ํ›„ ๋ณด์•ˆ ํŒ€์—์„œ ๋” ๋งŽ์€ ์Šค์บ๋„ˆ๋กœ ์ž์ฒด ํŒŒ์ดํ”„๋ผ์ธ์„ ์‹คํ–‰ํ•˜๊ณ  ์žˆ์œผ๋ฉฐ ์ด๋ฅผ ํŒŒ์ดํ”„๋ผ์ธ๊ณผ ํ†ตํ•ฉํ•˜๊ธฐ๋ฅผ ์›ํ•œ๋‹ค๋Š” ์‚ฌ์‹ค์„ ์•Œ๋ ค์ค๋‹ˆ๋‹ค. ์ด๋ฅผ ์œ„ํ•œ ๊ฐ€์žฅ ์ข‹์€ ๋ฐฉ๋ฒ•์€ ํ•˜์œ„ ํŒŒ์ดํ”„๋ผ์ธ์„ ์„ค์ •ํ•˜๋Š” ๊ฒƒ์ด๋ผ๊ณ  ๊ฒฐ์ •ํ•ฉ๋‹ˆ๋‹ค.

์ „์ฒด ์ฝ”๋“œ๋ฅผ ์—…๋ฐ์ดํŠธํ•˜์ž.

image: docker:latest

services:
  - docker:dind

stages:
  - build
  - test

build:
  stage: build
  script:
    - echo hello

new stage ์ถ”๊ฐ€

stages:
  - build
  - test
  - extra-security

extra-security ์ถ”๊ฐ€. trigger๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  include๋ฅผ ์‚ฌ์šฉํ•œ๋‹ค.

downstream_security:
  stage: extra-security
  trigger:
    include:
      - local: security-pipeline/security.gitlab-ci.yml

create folder and file

security-pipeline/security.gitlab-ci.yml

image: docker:latest

include:
  - template: Code-Quality.gitlab-ci.yml
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml
  - template: Jobs/SAST.gitlab-ci.yml
  - template: Jobs/Secret-Detection.gitlab-ci.yml

์–ด๋–ค ํŒŒ์ดํ”„๋ผ์ธ์ด๋ผ๋„ ์ถ”๊ฐ€ํ•ด์„œ ์‚ฌ์šฉํ• ์ˆ˜ ์žˆ๋‹ค.

Downstream Pipelines

Two types:

  • Parent-child

    • ํŒŒ์ดํ”„๋ผ์ธ์ด ๊ฐ™์€ ํ”„๋กœ์ ํŠธ์— ์กด์žฌ

    • ๋ถ€๋ชจ ํŒŒ์ดํ”„๋ผ์ธ๊ณผ ๋™์ผํ•œ ํ”„๋กœ์ ํŠธ, ์ฐธ์กฐ ๋ฐ ์ปค๋ฐ‹ SHA์—์„œ ์‹คํ–‰๋ฉ๋‹ˆ๋‹ค.

    • ๊ธฐ๋ณธ์ ์œผ๋กœ ํŒŒ์ดํ”„๋ผ์ธ์ด ์‹คํ–‰๋˜๋Š” ์ฐธ์กฐ์˜ ์ „์ฒด ์ƒํƒœ์— ์ง์ ‘์ ์ธ ์˜ํ–ฅ์„ ๋ฏธ์น˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค(์ž์‹ ํŒŒ์ดํ”„๋ผ์ธ์„ ํŠธ๋ฆฌ๊ฑฐํ•  ๋•Œ strategy:depend๋ฅผ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ํ•œ).

    • ์ค‘์ฒฉ๋œ ๋ ˆ๋ฒจ 2๊ฐœ๋กœ ์ œํ•œ

  • Multi-project

    • ํŒŒ์ดํ”„๋ผ์ธ์€ ์—ฌ๋Ÿฌ ํ”„๋กœ์ ํŠธ์— ์กด์žฌํ•ฉ๋‹ˆ๋‹ค.

    • ์—…์ŠคํŠธ๋ฆผ(ํŠธ๋ฆฌ๊ฑฐ๋ง) ํŒŒ์ดํ”„๋ผ์ธ์€ ๋‹ค์šด์ŠคํŠธ๋ฆผ(ํŠธ๋ฆฌ๊ฑฐ๋ง) ํŒŒ์ดํ”„๋ผ์ธ์— ๋Œ€ํ•œ ์ œ์–ด ๊ถŒํ•œ์ด ๋งŽ์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

    • ์‹คํ–‰ ์ค‘์ธ ํ”„๋กœ์ ํŠธ์˜ ์ „์ฒด ์ฐธ์กฐ ์ƒํƒœ์—๋Š” ์˜ํ–ฅ์„ ์ฃผ์ง€๋งŒ ํŠธ๋ฆฌ๊ฑฐ ํŒŒ์ดํ”„๋ผ์ธ์˜ ์ฐธ์กฐ ์ƒํƒœ์—๋Š” ์˜ํ–ฅ์„ ๋ฏธ์น˜์ง€ ์•Š์Šต๋‹ˆ๋‹ค.

    • ๋…๋ฆฝ์ ์ด๋ฏ€๋กœ ์ค‘์ฒฉ ์ œํ•œ์ด ์—†์Šต๋‹ˆ๋‹ค.

Rules & Child Pipelines

Allows you to get creative and make dynamic changes to the current results of your pipelines ์ฐฝ์˜๋ ฅ์„ ๋ฐœํœ˜ํ•˜์—ฌ ํŒŒ์ดํ”„๋ผ์ธ์˜ ํ˜„์žฌ ๊ฒฐ๊ณผ๋ฅผ ๋™์ ์œผ๋กœ ๋ณ€๊ฒฝํ•  ์ˆ˜ ์žˆ์Šต๋‹ˆ๋‹ค.

stage๊ฐ€ ์ƒ์„ฑ์ด ๋œ๋‹ค. ๊ทธ๋ฆฌ๊ณ  job์ด ์ƒ์„ฑ์ด ๋œ๋‹ค.

build๊ฐ€ ์•ˆ๋๋‚˜๋„ test๊ฐ€ ์‹คํ–‰๋œ๋‹ค. job dependencies๊ฐ€ ์ƒ๊ฒผ๊ณ  dependency๊ฐ€ ์—†๋Š”๊ฒƒ์„ ๋ณผ์ˆ˜ ์ž‡๋‹ค.

allow_failure: true ์—†๋Š” ๊ฒฝ์šฐ

allow_failure: true ์žˆ๋Š” ๊ฒฝ์šฐ

duo chat
Alt text
Alt text
Alt text
Alt text
Alt text
click
Alt text
Alt text
Alt text
Alt text