Gitlab CI Automation: Nice Things to Know Before Starting - Aircall Blog

Gitlab CI Automation: Nice Things to Know Before Starting

Illustration of a women on the phone in front of a bar chart
by
Corentin Evanno

 

? Plan what the CI will do

Ready to build better conversations?
Simple to set up. Easy to use. Powerful integrations.

 

? Template your rules

 

 

 

? Don’t leak your sensitive data

  • Variables/Secrets: Try to put them as masked so they are not displayed when printed in CI logs and put them as protected if you only use them in protected branches or tags. Also, avoid hardcoding them in your .yml.
  • Files: The best way would be to store them on a protected remote service, such as a S3, behind credentials.
  • Artifacts: Your job can output artifacts that are then available for download in the Gitlab UI or with the API. Now let’s say in a job you are retrieving a sensitive file from your S3 and then you make it available for the next job with artifacts. This will make your sensitive file available for download. So always think carefully before passing artifacts.
  • Secret rotation: Think about changing your secrets on a regular basis or when someone leaves the company.
  • CI files: You should not be able to modify them without approval by your team. Always carefully review changes made on them. If you have any doubt ask other people or even better the security team of your company (if you have one).

 

? Tokens and Gitlab account

 

 

? Push and MR events

 

 

a detached pipeline

The phone system for modern business