DiscordSign up
SKILLS.SH

gitlab-ci-patterns

Multi-stage GitLab CI/CD pipelines with Docker builds, Kubernetes deployments, and security scanning. Covers core pipeline patterns including build, test, and deploy stages with artifact caching and environment management Includes Docker image building and pushing to registries, multi-environment deployments (staging/production), and Terraform infrastructure automation Provides security scanning templates (SAST, dependency scanning, container scanning) and Trivy vulnerability checks Demonstrates caching strategies for dependencies, dynamic child pipelines, and manual approval gates for production deployments

INSTALLATION
npx skills add https://github.com/wshobson/agents --skill gitlab-ci-patterns
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

GitLab CI Patterns

Comprehensive GitLab CI/CD pipeline patterns for automated testing, building, and deployment.

Purpose

Create efficient GitLab CI pipelines with proper stage organization, caching, and deployment strategies.

When to Use

  • Automate GitLab-based CI/CD
  • Implement multi-stage pipelines
  • Configure GitLab Runners
  • Deploy to Kubernetes from GitLab
  • Implement GitOps workflows

Basic Pipeline Structure

stages:

  - build

  - test

  - deploy

variables:

  DOCKER_DRIVER: overlay2

  DOCKER_TLS_CERTDIR: "/certs"

build:

  stage: build

  image: node:20

  script:

    - npm ci

    - npm run build

  artifacts:

    paths:

      - dist/

    expire_in: 1 hour

  cache:

    key: ${CI_COMMIT_REF_SLUG}

    paths:

      - node_modules/

test:

  stage: test

  image: node:20

  script:

    - npm ci

    - npm run lint

    - npm test

  coverage: '/Lines\s*:\s*(\d+\.\d+)%/'

  artifacts:

    reports:

      coverage_report:

        coverage_format: cobertura

        path: coverage/cobertura-coverage.xml

deploy:

  stage: deploy

  image: bitnami/kubectl:1.31

  script:

    - kubectl apply -f k8s/

    - kubectl rollout status deployment/my-app

  only:

    - main

  environment:

    name: production

    url: https://app.example.com

Docker Build and Push

build-docker:

  stage: build

  image: docker:24

  services:

    - docker:24-dind

  before_script:

    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY

  script:

    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .

    - docker build -t $CI_REGISTRY_IMAGE:latest .

    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

    - docker push $CI_REGISTRY_IMAGE:latest

  only:

    - main

    - tags

Multi-Environment Deployment

.deploy_template: &deploy_template

  image: bitnami/kubectl:1.31

  before_script:

    - kubectl config set-cluster k8s --server="$KUBE_URL" --insecure-skip-tls-verify=true

    - kubectl config set-credentials admin --token="$KUBE_TOKEN"

    - kubectl config set-context default --cluster=k8s --user=admin

    - kubectl config use-context default

deploy:staging:

  <<: *deploy_template

  stage: deploy

  script:

    - kubectl apply -f k8s/ -n staging

    - kubectl rollout status deployment/my-app -n staging

  environment:

    name: staging

    url: https://staging.example.com

  only:

    - develop

deploy:production:

  <<: *deploy_template

  stage: deploy

  script:

    - kubectl apply -f k8s/ -n production

    - kubectl rollout status deployment/my-app -n production

  environment:

    name: production

    url: https://app.example.com

  when: manual

  only:

    - main

Terraform Pipeline

stages:

  - validate

  - plan

  - apply

variables:

  TF_ROOT: ${CI_PROJECT_DIR}/terraform

  TF_VERSION: "1.6.0"

before_script:

  - cd ${TF_ROOT}

  - terraform --version

validate:

  stage: validate

  image: hashicorp/terraform:${TF_VERSION}

  script:

    - terraform init -backend=false

    - terraform validate

    - terraform fmt -check

plan:

  stage: plan

  image: hashicorp/terraform:${TF_VERSION}

  script:

    - terraform init

    - terraform plan -out=tfplan

  artifacts:

    paths:

      - ${TF_ROOT}/tfplan

    expire_in: 1 day

apply:

  stage: apply

  image: hashicorp/terraform:${TF_VERSION}

  script:

    - terraform init

    - terraform apply -auto-approve tfplan

  dependencies:

    - plan

  when: manual

  only:

    - main

Security Scanning

include:

  - template: Security/SAST.gitlab-ci.yml

  - template: Security/Dependency-Scanning.gitlab-ci.yml

  - template: Security/Container-Scanning.gitlab-ci.yml

trivy-scan:

  stage: test

  image: aquasec/trivy:0.58.0

  script:

    - trivy image --exit-code 1 --severity HIGH,CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

  allow_failure: true

Caching Strategies

# Cache node_modules

build:

  cache:

    key: ${CI_COMMIT_REF_SLUG}

    paths:

      - node_modules/

    policy: pull-push

# Global cache

cache:

  key: ${CI_COMMIT_REF_SLUG}

  paths:

    - .cache/

    - vendor/

# Separate cache per job

job1:

  cache:

    key: job1-cache

    paths:

      - build/

job2:

  cache:

    key: job2-cache

    paths:

      - dist/

Dynamic Child Pipelines

generate-pipeline:

  stage: build

  script:

    - python generate_pipeline.py > child-pipeline.yml

  artifacts:

    paths:

      - child-pipeline.yml

trigger-child:

  stage: deploy

  trigger:

    include:

      - artifact: child-pipeline.yml

        job: generate-pipeline

    strategy: depend

Best Practices

  • Use specific image tags (node:20, not node:latest)
  • Cache dependencies appropriately
  • Use artifacts for build outputs
  • Implement manual gates for production
  • Use environments for deployment tracking
  • Enable merge request pipelines
  • Use pipeline schedules for recurring jobs
  • Implement security scanning
  • Use CI/CD variables for secrets
  • Monitor pipeline performance

Related Skills

  • github-actions-templates - For GitHub Actions
  • deployment-pipeline-design - For architecture
  • secrets-management - For secrets handling
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card