What is GitLab Auto DevOps and Why You Should Use It?
GitLab DevOps is a platform that enables enterprises to increase the total return on software development by delivering software more quickly and effectively while also enhancing security and compliance.
A giant leap in the improvement of its’ capabilities occur when GitLab 11 introduced a new idea built on fully automated Auto DevOps processes. GitLab Auto DevOps is a vast group of integrations and features that could make your software delivery process much smoother and more efficient. It enhances business productivity by streamlining the software delivery process.
What is Auto DevOps GitLab?
Auto DevOps is a collection of twelve features in one script that work together intuitively. It is a pipeline that starts with an automated build and then runs the application through a series of scans, including container scanning, dependency scanning, open-source license detection, and more. It also does code quality checks and unit tests. With Auto DevOps, you can build your app, test it, make a deployment, monitor your app, and finally secure it in one go.
Moreover, with Auto DevOps, teams can streamline their application deployment and maintenance, reducing manual setup and complexity. The feature is ideal for teams needing a fully automated CI/CD solution for application deployment, supporting various application types, including Node.js and Python. By leveraging GitLab Auto DevOps, you can enhance your software delivery process, ensuring that your applications are built, tested, and deployed efficiently and reliably.
How to get started with Auto DevOps
Once you decide to work with Auto DevOps, navigate to Project Settings in GitLab and click on the “Enable Auto DevOps” button to activate the feature. Thus, GitLab will automatically detect the application type (e.g., Node.js, Python) and generate a full CI/CD pipeline.
The Auto DevOps pipeline will be triggered automatically after enabling the feature. It will require no manual configuration of the CI/CD pipeline. Hovewer, pay attention that users must have the necessary permissions to access Project Settings to use Auto DevOps.
Summing up, we can say that enabling Auto DevOps is a straightforward process, requiring minimal user input, and is designed to simplify the CI/CD process. This ease of use allows teams to quickly set up and benefit from a robust CI/CD pipeline without the need for extensive configuration.
How does GitLab Auto DevOps work?
Fundamentally, Auto DevOps is a pre-configured CI/CD pipeline. Auto DevOps is a collection of best practices that serve as a healthy foundation for software development, and it’s free to use for anybody who uses GitHub.The major goal of Auto DevOps is not only to make CI/CD easier for everyone but also to encourage people to write higher-quality code and create better products by automating best practices.
The shift left movement, which is a strategy for software testing and software development, in which testing is done earlier in the app lifecycle, influenced DevOps at GitLab. Auto DevOps started as an Auto Deployment.
The auto devops template may include job definitions for tasks such as deploying to staging or canary environments, providing a structured way to customize the deployment process after the default branch pipeline runs successfully. It could only do automatic deployments to production and staging on OpenShift, as the name implied. It’s now developed into a complicated script with twelve separate tasks to complete in a single pipeline. The application is deployed to a Kubernetes cluster after the building and testing stages are complete, emphasizing the automation of this process during production and in the creation of temporary Review Apps for code changes. Here we describe some of them.
Building
If you already have a Dockerfile, Auto DevOps will only construct it. If no Dockerfile is present, the pipeline will recognize the code language and build it accordingly using Heroku buildpacks. Auto Test will analyze the project to identify the language and framework, running existing tests if available, while emphasizing that not all buildpacks support this feature yet. It will produce a Docker image at the end of this section.
Testing
During tests also Heroku buildpacks are also being used. It’s important to mention that not all languages are supported in this stage. The supported buildpacks are: multi, Ruby, node.js, Clojure, Python, Java, Gradle, Scala, Play, php, Go, and NGINX.
Code Quality Analysis
This stage includes code quality analysis, based on the open-source version of code climate. Metrics will be available for you to see in the form of tables and charts to help you better understand the data.
Static Application Security Testing (SAST)
SAST does static analysis of the existing code and looks for security flaws. GitLab Runner 11.5 or above is required for the Auto SAST part.
Auto Secret Detection
Secret Detection runs Secret Detection on the current code and looks for leaked secrets using the Secret Detection Docker image. GitLab Runner 11.5 or above is required for Auto Secret Detection.
Review app
In the auto review part, which is helpful when the user is creating merge requests, GitLab DevOps automatically deploys that change to a different environment for you to be able to review how it looks live. The URL for the Review App is:
13083-review-project-branch-123456.example.com
It combines the project ID, the branch or tag name, a unique number, and the Auto DevOps base domain. For easier finding, the merging request widget includes a link to the Review App. The Review App is also erased when the branch or tag is deleted, such as after merging a merge request.
The auto-deploy-app chart in Helm is used to deploy review applications, which you may modify. The application is deployed into the environment’s Kubernetes namespace.
Dynamic Application Security Testing
After creating a review app Auto DevOps run DAST to detect security vulnerabilities and other issues in your running application. Dynamic Application Security Testing (DAST) analyzes existing code and checks for possible security flaws using the famous open-source tool OWASP ZAProxy.
After DAST is completed, the app gets erased. DAST scans the review app on feature branches. Any security warnings are presented on the Security Dashboard and the merge request widget when the DAST scan is completed.
Deploy
After merging the branch back to the master, Auto DevOps automatically deploys that to production (by default) or to staging, depending on the configuration.
Browser Performance Testing
When the application is in the production or staging pipeline, run browser performance testing. The test simulates how the speed of your application increases or decreases from previous versions using benchmarking with other versions.
Auto Monitoring
Right out of the box, Auto Monitoring allows you to monitor your application’s server and response metrics. Auto Monitoring leverages Prometheus to receive system metrics from Kubernetes, such as CPU and memory use, as well as response metrics from the NGINX server, such as HTTP error rates, latency, and throughput.
Deployment options to look at
We shouldn’t forget that Auto DevOps provides various deployment options. They may include deployment to a Kubernetes cluster, Google Kubernetes Engine (GKE), or Amazon Elastic Container Service for Kubernetes (EKS).
Thus, it’s up to users to choose the deployment option that best suits their needs, and Auto DevOps will handle the deployment process automatically.
What’s more, the feature supports review apps. In turn, it allows developers to preview changes on a per-branch basis and provides a live environment for testing and validation. Such flexibility ensures that your application deployment strategy can be tailored to your specific requirements, whether you’re deploying to a cloud-based Kubernetes service or an on-premises cluster.
Kubernetes integration
We’ve already mentioned Kubernetes. And it’s worth saying once again – Auto DevOps integrates seamlessly with Kubernetes, providing a pre-configured pipeline for deploying applications to a Kubernetes cluster.
This GitLab’s feature supports various Kubernetes platforms, including GKE and EKS, and provides automated deployment, scaling, and management of applications. Auto DevOps can help teams focus on developing and delivering applications, rather than managing the underlying infrastructure.
What’s more, the feature also provides real-time monitoring and logging. It allows teams to quickly identify and resolve issues. This integration ensures that your applications are not only deployed efficiently but also monitored and managed effectively, providing a robust solution for modern application development and deployment.
Customizing Auto DevOps
While Auto DevOps comes with some nice defaults to get you started, practically everything can be customized to match your needs. Custom buildpacks, Dockerfiles, and Helm charts are all available using Auto DevOps. To enable staging and canary deployments, control Auto DevOps using GitLab APIs, and more, you can transfer the whole CI/CD setup into your project. Though, you need to ensure the Auto DevOps feature is properly set up to allow for efficient continuous deployment strategies by following the necessary steps to expand Auto DevOps options for project settings.
Select Expand from Settings > CI/CD > Auto DevOps. Enabling Auto DevOps reveals more options in the settings for configuring pipelines, allowing users to access additional features and strategies for deploying their applications effectively. To see more choices, choose Default to Auto DevOps pipeline. Select your chosen continuous deployment strategy in the Deployment strategy field to deploy the application to production when the pipeline runs successfully on the default branch. Save any changes you’ve made.
[FREE TRIAL] Ensure compliant DevOps backup and recovery with a 14-day trial 🚀
[CUSTOM DEMO] Let’s talk about how backup & DR software for DevOps can help you mitigate the risks
