gitlab-ci-patterns

# Skill: GitLab CI Patterns > **Expertise:** GitLab CI YAML, include/extends, environments, DAST, protected runners, Kubernetes deploy. ## When to load When creating or reviewing `.gitlab-ci.yml` files for build, test, or deployment pipelines. ## Standard Pipeline Structure ```yaml # .gitlab-ci.yml stages: - validate - build - scan - deploy-staging - smoke-test - deploy-production variables: IMAGE_NAME: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA DOCKER_BUILDKIT: "1" # ── Validate ─────────────────────────────────────────── lint: stage: validate image: python:3.12-slim cache: key: pip-$CI_COMMIT_REF_SLUG paths: [.cache/pip] script: - pip install ruff mypy --cache-dir .cache/pip - ruff check src/ tests/ - mypy src/ --strict test: stage: validate image: python:3.12-slim cache: key: pip-$CI_COMMIT_REF_SLUG paths: [.cache/pip] script: - pip install -r requirements.txt -r requirements-dev.txt --cache-dir .cache/pip - pytest tests/ --cov=src --cov-report=xml --cov-fail-under=80 coverage: '/TOTAL.*\s+(\d+%)$/' artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml # ── Build ────────────────────────────────────────────── build-image: stage: build image: docker:24 services: [docker:24-dind] before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY script: - docker build --cache-from $CI_REGISTRY_IMAGE:cache ...