Status

Table of Contents

Phase 5: CI/CD Integration

Duration: 30-45 minutes
Purpose: Configure GitLab CI/CD and webhooks
Dependencies: Phase 4 complete, ArgoCD accessible

Overview

This phase integrates GitLab CI/CD with the Blueberry infrastructure, enabling automated builds, deployments, and notifications. It includes Workload Identity Federation setup for secure authentication.

📋 Setup Steps

  1. GitLab CI/CD Variables
  2. Configure GitLab project variables
  3. Set up webhook authentication tokens

  4. Configure environment-specific settings

  5. Webhook Setup

  6. Configure GitLab webhooks for pipeline notifications
  7. Set up Slack integration

  8. Test webhook delivery

  9. Workload Identity Federation

  10. Understand WIF authentication flow
  11. Configure GitLab CI/CD for GCP authentication

  12. Test service account permissions

  13. Pipeline Testing

  14. Run first CI/CD pipeline
  15. Verify image build and push
  16. Test deployment workflow

🎯 Success Criteria

After completing this phase, you should have:

  1. GitLab Variables - All required CI/CD variables configured
  2. Webhook Integration - Pipeline notifications working in Slack
  3. WIF Authentication - GitLab CI can authenticate with GCP
  4. Successful Pipeline - First build and deployment completed
  5. Artifact Registry - Docker images being pushed successfully

⏭️ Next Phase

Once CI/CD is working and pipelines are successful, proceed to Phase 6: Application Deployment

🔧 Key Commands

# Test GitLab CI/CD authentication
gcloud auth list
gcloud projects list

# Check webhook token in Secret Manager
gcloud secrets versions access latest --secret="gitlab-webhook-token"

# Test webhook endpoint
curl -X GET https://blueberry.florenciacomuzzi.com/api/webhooks/gitlab/test

# Monitor pipeline in GitLab
# Go to GitLab project → CI/CD → Pipelines

# Check ArgoCD for automatic updates
kubectl get applications -n argocd

📊 GitLab CI/CD Variables

Variable Purpose Type Example
GITLAB_WEBHOOK_TOKEN Webhook authentication Protected abc123...
BLUEBERRY_WEBHOOK_URL Webhook endpoint Protected https://blueberry.florenciacomuzzi.com/api/webhooks/gitlab/pipeline
GCP_PROJECT_ID GCP project identifier Public development-454916
GCP_SERVICE_ACCOUNT_EMAIL WIF service account Public gitlab-ci@development-454916.iam.gserviceaccount.com

🔄 CI/CD Pipeline Stages

  1. Lint - Code quality checks with pre-commit
  2. Test - Run unit and integration tests
  3. Build - Build Docker image for linux/amd64
  4. Deploy - Push to Artifact Registry, trigger ArgoCD sync

⏰ Timing Considerations

  • GitLab Variable Setup: 5-10 minutes
  • Webhook Configuration: 5-10 minutes
  • First Pipeline Run: 10-15 minutes
  • Image Build Time: 5-10 minutes per build

🚨 Common Issues

  • Authentication Failures: Verify WIF setup and service account roles
  • Image Push Errors: Check Artifact Registry permissions
  • Webhook Failures: Validate token and endpoint URL
  • Pipeline Timeouts: Increase timeout values or optimize builds

📚 Documentation

Document ID: setup/05-cicd/README