Skip to content
dockmesh

GitLab CI

Same pattern as GitHub Actions but for GitLab CI/CD.

Authentication

Section titled “Authentication”

Create an API token in dockmesh: Settings → API tokens → New token with a narrowly-scoped role (stacks.deploy, stacks.read on the target stacks only).

Save it in GitLab: Settings → CI/CD → Variables

  • DOCKMESH_URL — e.g. https://dockmesh.example.com
  • DOCKMESH_TOKEN — the token (mark as masked and protected)

.gitlab-ci.yml

Section titled “.gitlab-ci.yml”
stages:
  - build
  - deploy


build:
  stage: build
  image: docker:24
  services:
    - docker:24-dind
  variables:
    DOCKER_DRIVER: overlay2
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA .
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA


deploy:
  stage: deploy
  image: curlimages/curl:latest
  needs: [build]
  only:
    - main
  script:
    - |
      curl -fsSL -X POST \
        -H "Authorization: Bearer $DOCKMESH_TOKEN" \
        -H "Content-Type: application/json" \
        -d "{\"image_tag\":\"$CI_COMMIT_SHORT_SHA\"}" \
        "$DOCKMESH_URL/api/v1/stacks/analytics/image-tag"
    - |
      deploy=$(curl -fsSL -X POST \
        -H "Authorization: Bearer $DOCKMESH_TOKEN" \
        "$DOCKMESH_URL/api/v1/stacks/analytics/deploy")
      id=$(echo $deploy | jq -r .id)
      echo "Deploy started: $id"
    - |
      for i in $(seq 1 60); do
        status=$(curl -fsSL -H "Authorization: Bearer $DOCKMESH_TOKEN" \
          "$DOCKMESH_URL/api/v1/deploys/$id" | jq -r .status)
        echo "Status: $status"
        case "$status" in success) exit 0 ;; failed) exit 1 ;; esac
        sleep 2
      done
      exit 1

Manual approval

Section titled “Manual approval”

Add environment-based approvals via when: manual:

deploy-prod:
  stage: deploy
  when: manual
  only:
    - main
  script: ...

Only users with access to the main branch’s deploy-prod job can trigger it.

Using GitLab’s Container Registry

Section titled “Using GitLab’s Container Registry”

GitLab’s registry is a natural fit. dockmesh’s registry auth config:

Settings → Registries → New registry:

  • URL: registry.gitlab.com
  • Username: deploy token username (from GitLab project → Settings → Repository → Deploy tokens)
  • Password: deploy token value

Give the deploy token read_registry scope only.

See also

Section titled “See also”