GitLab CI/CD Configuration Options

To enhance your GitLab pipeline and deployment job stability, we recommend setting the following configuration options.

Auto-cancel redundant pipelines:

Allow GitLab to automatically cancel any detected redundant pipelines on the same branch.

Steps to enable "Auto-cancel redundant pipelines"

1. On the left sidebar of your project page, select Settings > CI/CD
2. Expand General Pipelines
3. Select the Auto-cancel redundant pipelines checkbox
4. Select Save changes

Prevent outdated deployment jobs:

The execution time of a pipeline can vary from run to run, which could cause undesired behavior. A race condition could occur when a deployment job in a new pipeline finishes before a deployment job in an older pipeline. When the older pipeline finishes it would overwrite the newer deployment. Enabling this option ensures older deployment jobs are cancelled automatically when a newer deployment job is started. This option is especially useful when your repo has bursts of commits in a short amount of time, such as sites which utilize NetlifyCMS.

Steps to enable "Prevent outdated deployment jobs"

1. On the left sidebar of your project page, select Settings > CI/CD
2. Expand General pipelines
3. Select the Prevent outdated deployment jobs checkbox
4. Select Save changes

Any cancelled deployment job will show the following error message:

Enabling pipeline failures on dependency check issues

"Why would I want my pipeline to fail when a dependency check finds issues?"

A dependency check attempts to detect vulnerabilities contained within a project's dependencies. These vulnerabilities point to potential issues within your project dependencies which could be exploited, making your site less secure. By having your pipeline fail on a dependency check, this gives you the opportunity to address the vulnerabilities within your dependencies and ensure your site is as secure as possible. Padawan utilizes OWASP dependency check, which is a tool that detects vulnerabilities within a projects dependencies. It identifies vulnerabilities by checking if there is a common platform enumeration(CPE) for a given dependency, and if one is found it generates a report on the common vulnerability and exposure(CVE) entries. You can find out more information about OWASP dependency check here.

By default, your project's pipelines will not fail if the dependency check finds issues. To enable this feature, follow these steps:

1. On the left sidebar of your project page, select Settings > CI/CD > Variables
2. Set SKIP_DEPENDENCY_CHECK to false

You can provide additional arguments to your pipeline's dependency check in order to customize its configuration. Achieve this by modifying the DEPENDENCY_CHECK_EXTRA_ARGS variable under Settings > CI/CD > Variables. For example, adding the argument failOnCVSS=value will fail the dependency check if it identifies a vulnerability of a CVSS score equal to or higher than the set value. You can find some more examples of dependency check command line arguments here.

E2E testing options in Padawan pipeline

What are E2E (end to end) tests and why should I have them run in my pipeline?

E2E tests test code under production-like circumstances and data to ensure new and existing code behave as expected in production, an essential for pipeline management. Padawan pipelines by default run E2E tests before the build step, allowing users to catch any issues in the code base before a build is run. However, users can choose to run E2E tests after the staging step instead if they want E2E tests to run on the staging environment. Alternatively, users can skip running the E2E tests all together.

By default, E2E testing runs before the build step in the pipeline. To run the tests after the staging step instead, follow these steps:

1. On the left sidebar of your project page, select Settings > CI/CD > Variables
2. Set E2E_TARGET to staging
3. To change the E2E tests back to running before the build, set E2E_TARGET to source

By default, E2E testing is enabled in Padawan pipeline. To disable E2E test runs, follow these steps:

1. On the left sidebar of your project page, select Settings > CI/CD > Variables
2. Set SKIP_E2E_TEST to true