Thoughts on Gitlab Pipelines - Documenting Life

The past couple of months I have been working with Gitlab pipelines. I was building a proof of concept at work, and with that means there was a lot of things that I possibly didn't have a human person to talk to about best practices. Let's start at the top and then I'll dig in... ## What is Gitlab Gitlab is a platform that allows you to slim down your code tooling environment. Well that's my definition atleast. Go check them out [here](https://about.gitlab.com/), but you can store code, build pipelines, and store artifacts. ## What Makes Gitlab So Good Honestly I think the fact that you can slim down the number of things you login to is what people love. As you know I use gitea in my homelab. I could have ran gitlab but I didn't. If things were more enterprise level I think I would. I also love that gitlab allows you to use just their runners for pipelining, and has some pretty solid security tooling. Now when I look into self hosting tools I rarely see gitlab, but I will say if you just want something that runs out the box gitlab is for you. If you are looking to move into devops I definitely recommend you run gitlab on a homelab or digital ocean droplet that you can show off. ## TLDR Thoughts Well I already mentioned that gitlab for new devops people is kinda key, but I want to nerd out on pipelines a bit. I promise to also talk general views at the end. Most devops tools are go under the hood and yml/yaml to make calls. Jenkins has lead in pipeling for years but it uses groovy which isn't always friendly. Once you know it your good, but the learning curve can feel pretty steep. Gitlab learning curve isn't steep at all. Yml is something you should already be using and simple. The biggest thing to learn is how to get your jobs or stages to flow. After you have an idea there I highly suggest you use gitlab docker runners with a custom tooling image. Why? It give everyone who onboards a starting point. If they need something a bit more custom they can save it to their container registry and then override the image for their pipeline. For me devops is closely related to developer experience. As a developer I never wanted to care about what is under the hood but I did want to feel like I could make the changes I needed without a bunch of change request. That's essentially what docker runners allow. Developers can still move quick while allowing the devops/sre/platform teams to still control things at a lower level. --- All that stuff aside on a high level gitlab seems to be positioned to take over Jenkins in the pipelining space. For scanning gitlab offers a lot of common tools that I believe your security team can easily get behind. Things like generating SBOMs, container scanning, and gitleaks can get you pretty far. Lastly I don't think having a built in registry will take away from using artifactory or nexus. I think what having the registry allows is a real dev spot to drop coding artifacts so that other repositories can stay public and production level only. ## Conclusion These are just some of my thoughts after working in gitlab basically every day these past few months. I don't think I'll add it to my homelab, but I would like to understand the difference in installs and the trade-offs. Nothing I need to explore now, just something to add to my ever growing list of things to try.