From version 7.12, GitLab CI uses a YAML file ( .gitlab-ci.yml ) for the project configuration. It is placed in the root of your repository and contains definitions of how your project should be built.

The YAML file defines a set of jobs with constraints stating when they should be run. The jobs are defined as top-level elements with a name and always have to contain at least the script clause:

job1:
  script: "execute-script-for-job1"
job2:
  script: "execute-script-for-job2"

The above example is the simplest possible CI configuration with two separate jobs, where each of the jobs executes a different command.

Of course a command can execute code directly ( ./configure;make;make install ) or run a script ( test.sh ) in the repository.

Jobs are used to create builds, which are then picked up by Runners and executed within the environment of the Runner. What is important, is that each job is run independently from each other.

The YAML syntax allows for using more complex job specifications than in the above example:

image: ruby:2.1
services:
  - postgres
before_script:
  - bundle install
after_script:
  - rm secrets
stages:
  - build
  - test
  - deploy
job1:
  stage: build
  script:
    - execute-script-for-job1
  only:
    - master
  tags:
    - docker

There are a few reserved keywords that cannot be used as job names:

image and services

This allows to specify a custom Docker image and a list of services that can be used for time of the build. The configuration of this feature is covered in a separate document .

before_script

before_script is used to define the command that should be run before all builds, including deploy builds. This can be an array or a multi-line string.

after_script

Note: Introduced in GitSwarm 2016.2 and requires Gitlab Runner v1.2

after_script is used to define the command that will be run after for all builds. This has to be an array or a multi-line string.

stages

stages is used to define build stages that can be used by jobs. The specification of stages allows for having flexible multi stage pipelines.

The ordering of elements in stages defines the ordering of builds' execution:

Builds of the same stage are run in parallel.

Builds of the next stage are run after the jobs from the previous stage complete successfully.

Let's consider the following example, which defines 3 stages:

stages:
  - build
  - test
  - deploy

First all jobs of


    build

are executed in parallel.

If all jobs of


    build

succeed, the


    test

jobs are executed in parallel.

If all jobs of


    test

succeed, the


    deploy

jobs are executed in parallel.

If all jobs of


    deploy

succeed, the commit is marked as


    success

If any of the previous jobs fails, the commit is marked as


    failed

and no jobs of further stage are executed.

There are also two edge cases worth mentioning:

If no


    stages

are defined in


    .gitlab-ci.yml

, then by default the


    build


    test

and


    deploy

are allowed to be used as job's stage by default.

If a job doesn't specify a


    stage

, the job is assigned the


    test

stage.

types

Alias for stages .

variables

Note: Introduced in GitLab Runner v0.5.0.

GitLab CI allows you to add variables to .gitlab-ci.yml that are set in the build environment. The variables are stored in the git repository and are meant to store non-sensitive project configuration, for example:

variables:
  DATABASE_URL: "postgres://postgres@postgres/my_database"

These variables can be later used in all executed commands and scripts.

The YAML-defined variables are also set to all created service containers, thus allowing to fine tune them.

Variables can be also defined on job level .

cache

Note: Introduced in GitLab Runner v0.7.0.

cache is used to specify a list of files and directories which should be cached between builds.

By default the caching is enabled per-job and per-branch.

If cache is defined outside the scope of the jobs, it means it is set globally and all jobs will use its definition.

Cache all files in binaries and .config :

rspec:
  script: test
  cache:
    paths:
    - binaries/
    - .config

Cache all Git untracked files:

rspec:
  script: test
  cache:
    untracked: true

Cache all Git untracked files and files in binaries :

rspec:
  script: test
  cache:
    untracked: true
    paths:
    - binaries/

Locally defined cache overwrites globally defined options. This will cache only binaries/ :

cache:
  paths:
  - my/files
rspec:
  script: test
  cache:
    paths:
    - binaries/

The cache is provided on a best-effort basis, so don't expect that the cache will be always present. For implementation details, please check GitLab Runner.

cache:key

Note: Introduced in GitLab Runner v1.0.0.

The key directive allows you to define the affinity of caching between jobs, allowing to have a single cache for all jobs, cache per-job, cache per-branch or any other way you deem proper.

This allows you to fine tune caching, allowing you to cache data between different jobs or even different branches.

The cache:key variable can use any of the predefined variables .

Example configurations

To enable per-job caching:

cache:
  key: "$CI_BUILD_NAME"
  untracked: true

To enable per-branch caching:

cache:
  key: "$CI_BUILD_REF_NAME"
  untracked: true

To enable per-job and per-branch caching:

cache:
  key: "$CI_BUILD_NAME/$CI_BUILD_REF_NAME"
  untracked: true

To enable per-branch and per-stage caching:

cache:
  key: "$CI_BUILD_STAGE/$CI_BUILD_REF_NAME"
  untracked: true

If you use Windows Batch to run your shell scripts you need to replace $ with % :

cache:
  key: "%CI_BUILD_STAGE%/%CI_BUILD_REF_NAME%"
  untracked: true

.gitlab-ci.yml allows you to specify an unlimited number of jobs. Each job must have a unique name, which is not one of the Keywords mentioned above. A job is defined by a list of parameters that define the build behavior.

job_name:
  script:
    - rake spec
    - coverage
  stage: test
  only:
    - master
  except:
    - develop
  tags:
    - ruby
    - postgres
  allow_failure: true

dependencies Define other builds that a build depends on so that you can pass artifacts between them artifacts Define list of build artifacts cache Define list of files that should be cached between subsequent runs before_script Override a set of commands that are executed before build after_script Override a set of commands that are executed after build environment Defines a name of environment to which deployment is done by this build

script

script is a shell script which is executed by the Runner. For example:

script: "bundle exec rspec"

This parameter can also contain several commands using an array:

script: - uname -a - bundle exec rspec

stage

stage allows to group build into different stages. Builds of the same stage are executed in parallel . For more info about the use of stage please check stages .

only and except

only and except are two parameters that set a refs policy to limit when jobs are built:


    only

defines the names of branches and tags for which the job will be built.


    except

defines the names of branches and tags for which the job will not be built.

There are a few rules that apply to the usage of refs policy:


    only

and


    except

are inclusive. If both


    only

and


    except

are defined in a job specification, the ref is filtered by


    only

and


    except


    only

and


    except

allow the use of regular expressions.


    only

and


    except

allow the use of special keywords:


    branches


    tags

, and


    triggers


    only

and


    except

allow to specify a repository path to filter jobs for forks.

In the example below, job will run only for refs that start with issue- , whereas all branches will be skipped.

# use regexp only: - /^issue-.*$/ # use special keyword except: - branches

In this example, job will run only for refs that are tagged, or if a build is explicitly requested via an API trigger.

# use special keywords only: - tags - triggers

The repository path can be used to have jobs executed only for the parent repository and not forks:

only: - branches@gitlab-org/gitlab-ce except: - master@gitlab-org/gitlab-ce

The above example will run job for all branches on gitlab-org/gitlab-ce , except master.

job variables

It is possible to define build variables using a variables keyword on a job level. It works basically the same way as its global-level equivalent but allows you to define job-specific build variables.

When the variables keyword is used on a job level, it overrides global YAML build variables and predefined variables.

Build variables priority is defined in variables documentation .

tags is used to select specific Runners from the list of all Runners that are allowed to run this project.

During the registration of a Runner, you can specify the Runner's tags, for example ruby , postgres , development .

tags allow you to run builds with Runners that have the specified tags assigned to them:

tags: - ruby - postgres

The specification above, will make sure that job is built by a Runner that has both ruby AND postgres tags defined.

when is used to implement jobs that are run in case of failure or despite the failure.

when can be set to one of the following values:


    on_success

- execute build only when all builds from prior stages succeed. This is the default.


    on_failure

- execute build only when at least one build from prior stages fails.


    always

- execute build regardless of the status of builds from prior stages.


    manual

- execute build manually (added in GitSwarm 2016.10). Read about manual actions below.

For example:

stages:
- build
- cleanup_build
- test
- deploy
- cleanup
build_job:
  stage: build
  script:
  - make build
cleanup_build_job:
  stage: cleanup_build
  script:
  - cleanup build when failed
  when: on_failure
test_job:
  stage: test
  script:
  - make test
deploy_job:
  stage: deploy
  script:
  - make deploy
  when: manual
cleanup_job:
  stage: cleanup
  script:
  - cleanup after builds
  when: always

The above script will:

Execute


    cleanup_build_job

only when


    build_job

fails.

Always execute


    cleanup_job

as the last step in pipeline regardless of success or failure.

Allow you to manually execute


    deploy_job

from GitSwarm's UI.

Manual actions

Note: Introduced in GitSwarm 2016.10.

Manual actions are a special type of job that are not executed automatically; they need to be explicitly started by a user. Manual actions can be started from pipeline, build, environment, and deployment views. You can execute the same manual action multiple times.

An example usage of manual actions is deployment to production.

environment

Note: Introduced in GitLab 8.9.

environment is used to define that a job deploys to a specific environment. This allows easy tracking of all deployments to your environments straight from GitSwarm.

If environment is specified and no environment under that name exists, a new one will be created automatically.

The environment name must contain only letters, digits, '-' and '_'. Common names are qa , staging , and production , but you can use whatever name works with your workflow.

Example configurations

deploy to production:
  stage: deploy
  script: git push production HEAD:master
  environment: production

The deploy to production job will be marked as doing deployment to production environment.

artifacts

** Notes:**

Introduced in GitLab Runner v0.7.0 for non-Windows platforms.

Windows support was added in GitLab Runner v.1.0.0.

Currently not all executors are supported.

Build artifacts are only collected for successful builds by default.

artifacts is used to specify a list of files and directories which should be attached to the build after success. To pass artifacts between different builds, see dependencies .

Below are some examples.

Send all files in binaries and .config :

artifacts:
  paths:
  - binaries/
  - .config

Send all Git untracked files:

artifacts:
  untracked: true

Send all Git untracked files and files in binaries :

artifacts:
  untracked: true
  paths:
  - binaries/

You may want to create artifacts only for tagged releases to avoid filling the build server storage with temporary build artifacts.

Create artifacts only for tags ( default-job will not create artifacts):

default-job:
  script:
    - mvn test -U
  except:
    - tags
release-job:
  script:
    - mvn package -U
  artifacts:
    paths:
    - target/*.war
  only:
    - tags

The artifacts will be sent to GitSwarm after a successful build and will be available for download in the GitSwarm UI.

artifacts:name

Note: Introduced in GitSwarm 2016.2 and GitLab Runner v1.1.0.

The name directive allows you to define the name of the created artifacts archive. That way, you can have a unique name for every archive which could be useful when you'd like to download the archive from GitSwarm. The artifacts:name variable can make use of any of the predefined variables . The default name is artifacts , which becomes artifacts.zip when downloaded.

Example configurations

To create an archive with a name of the current build:

artifacts: name: "$CI_BUILD_NAME"

To create an archive with a name of the current branch or tag including only the files that are untracked by Git:

artifacts: name: "$CI_BUILD_REF_NAME" untracked: true

To create an archive with a name of the current build and the current branch or tag including only the files that are untracked by Git:

artifacts: name: "${CI_BUILD_NAME}_${CI_BUILD_REF_NAME}" untracked: true

To create an archive with a name of the current stage and branch name:

artifacts: name: "${CI_BUILD_STAGE}_${CI_BUILD_REF_NAME}" untracked: true

If you use Windows Batch to run your shell scripts you need to replace $ with % :

artifacts: name: "%CI_BUILD_STAGE%_%CI_BUILD_REF_NAME%" untracked: true

artifacts:when

Note: Introduced in GitLab 8.9 and GitLab Runner v1.3.0.

artifacts:when is used to upload artifacts on build failure or despite the failure.

artifacts:when can be set to one of the following values:


    on_success

- upload artifacts only when the build succeeds. This is the default.


    on_failure

- upload artifacts only when the build fails.


    always

- upload artifacts regardless of the build status.

Example configurations

To upload artifacts only when build fails.

artifacts: when: on_failure

artifacts:expire_in

Note: Introduced in GitLab 8.9 and GitLab Runner v1.3.0.

artifacts:expire_in is used to delete uploaded artifacts after the specified time. By default, artifacts are stored on GitSwarm forever. expire_in allows you to specify how long artifacts should live before they expire, counting from the time they are uploaded and stored on GitSwarm.

You can use the Keep button on the build page to override expiration and keep artifacts forever.

After expiry, artifacts are actually deleted hourly by default (via a cron job), but they are not accessible after expiry.

The value of expire_in is an elapsed time. Examples of parseable values:

'3 mins 4 sec'

'2 hrs 20 min'

'2h20min'

'6 mos 1 day'

'47 yrs 6 mos and 4d'

'3 weeks and 2 days'

Example configurations

To expire artifacts 1 week after being uploaded:

artifacts: expire_in: 1 week

dependencies

Note: Introduced in GitSwarm 2016.2 and GitLab Runner v1.1.1.

This feature should be used in conjunction with artifacts and allows you to define the artifacts to pass between different builds.

Note that artifacts from all previous stages are passed by default.

To use this feature, define dependencies in context of the job and pass a list of all previous builds from which the artifacts should be downloaded. You can only define builds from stages that are executed before the current one. An error will be shown if you define builds from the current stage or next ones. Defining an empty array will skip downloading any artifacts for that job.

In the following example, we define two jobs with artifacts, build:osx and build:linux . When the test:osx is executed, the artifacts from build:osx will be downloaded and extracted in the context of the build. The same happens for test:linux and artifacts from build:linux .

The job deploy will download artifacts from all previous builds because of the stage precedence:

build:osx:
  stage: build
  script: make build:osx
  artifacts:
    paths:
    - binaries/
build:linux:
  stage: build
  script: make build:linux
  artifacts:
    paths:
    - binaries/
test:osx:
  stage: test
  script: make test:osx
  dependencies:
  - build:osx
test:linux:
  stage: test
  script: make test:linux
  dependencies:
  - build:linux
deploy:
  stage: deploy
  script: make deploy

before_script and after_script

It's possible to overwrite globally defined before_script and after_script :

before_script:
- global before script
  before_script:
  - execute this instead of global before script
  script:
  - my command
  after_script:
  - execute this after my script

Git Strategy

Note: Introduced in GitLab 8.9 as an experimental feature. May change in future releases or be removed completely.

You can set the GIT_STRATEGY used for getting recent application code. clone is slower, but makes sure you have a clean directory before every build. fetch is faster. GIT_STRATEGY can be specified in the global variables section or in the variables section for individual jobs. If it's not specified, then the default from project settings will be used.

variables:
  GIT_STRATEGY: clone

variables:
  GIT_STRATEGY: fetch

Shallow cloning

Note: Introduced in GitLab 8.9 as an experimental feature. May change in future releases or be removed completely.

You can specify the depth of fetching and cloning using GIT_DEPTH . This allows shallow cloning of the repository which can significantly speed up cloning for repositories with a large number of commits or old, large binaries. The value is passed to git fetch and git clone .

Note: If you use a depth of 1 and have a queue of builds or retry builds, jobs may fail.

Since Git fetching and cloning is based on a ref, such as a branch name, runners can't clone a specific commit SHA. If there are multiple builds in the queue, or you are retrying an old build, the commit to be tested needs to be within the git history that is cloned. Setting too small a value for GIT_DEPTH can make it impossible to run these old commits. You will see unresolved reference in build logs. You should then reconsider changing GIT_DEPTH to a higher value.

Builds that rely on git describe may not work correctly when GIT_DEPTH is set since only part of the git history is present.

To fetch or clone only the last 3 commits:

variables:
  GIT_DEPTH: "3"

Hidden jobs

Note: Introduced in GitSwarm 2016.2 and GitLab Runner v1.1.1.

Jobs that start with a dot ( . ) will be not processed by GitLab CI. You can use this feature to ignore jobs, or use the special YAML features and transform the hidden jobs into templates.

In the following example, .job_name will be ignored:

.job_name:
  script:
    - rake spec

Special YAML features

It's possible to use special YAML features like anchors ( & ), aliases ( * ) and map merging ( << ), which will allow you to greatly reduce the complexity of .gitlab-ci.yml .

Read more about the various YAML features .

Anchors

Note: Introduced in GitSwarm 2016.2 and GitLab Runner v1.1.1.

YAML also has a handy feature called 'anchors', which let you easily duplicate content across your document. Anchors can be used to duplicate/inherit properties, and is a perfect example to be used with hidden jobs to provide templates for your jobs.

The following example uses anchors and map merging. It will create two jobs, test1 and test2 , that will inherit the parameters of .job_template , each having their own custom script defined:

.job_template: &job_definition  # Hidden job that defines an anchor named 'job_definition'
  image: ruby:2.1
  services:
    - postgres
    - redis
test1:
  <<: *job_definition           # Merge the contents of the 'job_definition' alias
  script:
    - test1 project
test2:
  <<: *job_definition           # Merge the contents of the 'job_definition' alias
  script:
    - test2 project

& sets up the name of the anchor ( job_definition ), << means "merge the given hash into the current one", and * includes the named anchor ( job_definition again). The expanded version looks like this:

.job_template:
  image: ruby:2.1
  services:
    - postgres
    - redis
test1:
  image: ruby:2.1
  services:
    - postgres
    - redis
  script:
    - test1 project
test2:
  image: ruby:2.1
  services:
    - postgres
    - redis
  script:
    - test2 project

Let's see another one example. This time we will use anchors to define two sets of services. This will create two jobs, test:postgres and test:mysql , that will share the script directive defined in .job_template , and the services directive defined in .postgres_services and .mysql_services respectively:

.job_template: &job_definition
  script:
    - test project
.postgres_services:
  services: &postgres_definition
    - postgres
    - ruby
.mysql_services:
  services: &mysql_definition
    - mysql
    - ruby
test:postgres:
  <<: *job_definition
  services: *postgres_definition
test:mysql:
  <<: *job_definition
  services: *mysql_definition

The expanded version looks like this:

.job_template:
  script:
    - test project
.postgres_services:
  services:
    - postgres
    - ruby
.mysql_services:
  services:
    - mysql
    - ruby
test:postgres:
  script:
    - test project
  services:
    - postgres
    - ruby
test:mysql:
  script:
    - test project
  services:
    - mysql
    - ruby

You can see that the hidden jobs are conveniently used as templates.

Validate the .gitlab-ci.yml

Each instance of GitLab CI has an embedded debug tool called Lint. You can find the link under /ci/lint of your gitlab instance.