GitLab CI/CD: Architecting, Deploying, and Optimizing Pipelines
Auto DevOps
AutoDevOps Customization
In this guide, learn how to tailor your GitLab Auto DevOps pipeline to implement a timed incremental rollout deployment strategy. You’ll enable this strategy, override default jobs, and customize which tests and scans run to streamline your CI/CD process.
Timed Incremental Rollout Strategy
A timed incremental rollout gradually shifts traffic in phases:
- Step 1: 10% traffic
- Step 2: 25% traffic
- Step 3: 50% traffic
- Step 4: 100% traffic
Each phase pauses for 5 minutes by default, giving you time to validate stability and, if necessary, roll back.
To enable the timed rollout:
- Go to Settings > CI/CD > Auto DevOps
- Select Continuous deployment to production using timed incremental rollout
- Click Save changes
Note
Adjust the interval between rollout steps by setting the AUTO_DEPLOY_WAIT_TIME
variable in your .gitlab-ci.yml
or project settings.
Reviewing Current Pipelines
Out of the box, Auto DevOps runs up to 17 jobs across multiple stages. You can disable unused jobs—like certain tests or scans—to speed up your pipeline while retaining essential checks like secret detection.
Adding Your Own .gitlab-ci.yml
Override or extend Auto DevOps by adding a custom CI configuration file at your repository root:
- In Files, click + and name the file
.gitlab-ci.yml
. - Choose Apply a template or start from scratch.
Including the Auto DevOps Template
Pull in the default Auto DevOps jobs without copying the full configuration:
include:
template: Auto-DevOps.gitlab-ci.yml
Open CI/CD > Editor, paste the snippet, then click Visualize to inspect all jobs and stages.
Auto DevOps Variables
The default template defines many variables you can override:
Variable | Purpose | Example Default |
---|---|---|
AUTO_BUILD_IMAGE_VERSION | Build image version | v1.51.0 |
AUTO_DEPLOY_IMAGE_VERSION | Deploy image version | v2.80.1 |
DAST_VERSION | Version of DAST scans | 4 |
SECURE_ANALYZERS_PREFIX | Registry prefix for security analyzers | $CI_TEMPLATE_REGISTRY_HOST |
POSTGRES_USER | Username for review app database | user |
POSTGRES_PASSWORD | Password for review app database | testing-password |
Override these under Settings > CI/CD > Variables or in your .gitlab-ci.yml
.
Disabling Unneeded Jobs
Disable specific Auto DevOps jobs by setting their variables to "true"
:
variables:
TEST_DISABLED: "true"
CODE_QUALITY_DISABLED: "true"
DEPENDENCY_SCANNING_DISABLED: "true"
LICENSE_MANAGEMENT_DISABLED: "true"
SAST_DISABLED: "true"
PERFORMANCE_DISABLED: "true"
BROWSER_PERFORMANCE_DISABLED: "true"
REVIEW_DISABLED: "true"
CONTAINER_SCANNING_DISABLED: "true"
See the Auto DevOps variables documentation for a complete list:
Full Example .gitlab-ci.yml
Combine the include and disabling variables to simplify your pipeline:
include:
template: Auto-DevOps.gitlab-ci.yml
variables:
DAST_DISABLED: "true"
CODE_QUALITY_DISABLED: "true"
DEPENDENCY_SCANNING_DISABLED: "true"
LICENSE_MANAGEMENT_DISABLED: "true"
SAST_DISABLED: "true"
PERFORMANCE_DISABLED: "true"
BROWSER_PERFORMANCE_DISABLED: "true"
REVIEW_DISABLED: "true"
CONTAINER_SCANNING_DISABLED: "true"
Commit and push to trigger a streamlined set of jobs:
Running the Timed Rollout
After build and test, the pipeline moves through timed rollout steps (10%, 25%, 50%, 100%). Each step waits for the configured interval before proceeding.
Before the 10% rollout, protected environments require manual approval:
Click Run job to start, and track progress:
Once complete, the next step (25%) begins automatically after the timer expires:
Under the hood, Auto DevOps runs:
auto-deploy deploy canary $ROLLOUT_PERCENTAGE
Inspecting the Deployment
Verify canary and stable pods using the Kubernetes CLI:
kubectl -n production get pods
# Example output:
# production-canary-77cbf87488-2x5jm 1/1 Running
# production-defd6d64cf-4qgl7 1/1 Running
Traffic splits according to ingress weights configured in each rollout step.
Approving Protected Deployments
Protected environments halt deployments until manual approval:
Click Approve in the confirmation dialog:
Then trigger any manual rollout jobs if required:
Or use an unscheduled manual action:
Monitoring Environments
View all deployments and their statuses under Operations > Environments:
For more details, see the Auto DevOps documentation or explore these resources:
Watch Video
Watch video content