GitLab CI/CD Components Implementation Guide

Complete guide for implementing the enterprise GitLab CI/CD components across the LLM Platform ecosystem.

🚀 Quick Start

Basic Implementation

# .gitlab-ci.yml
include:
  # Security scanning
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/security/security-scan@0.1.0
    inputs:
      security_level: "cui"
      compliance_frameworks: ["NIST", "FISMA"]
      
  # Multi-platform build
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/build/multi-platform-build@0.1.0
    inputs:
      build_environment: "production"
      
  # Comprehensive testing
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/testing/comprehensive-testing@0.1.0
    inputs:
      coverage_threshold: 85
      
  # Production deployment
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/deployment/government-production@0.1.0
    inputs:
      security_level: "cui"
      tenant_isolation: true

📦 Available Components

1. Security Scanning Component

Path: components/ci-cd/security/security-scan@0.1.0

Key Features:

• SAST, DAST, container scanning, secret detection
• Government compliance verification (NIST, FISMA, SOC2, HIPAA)
• Executive security reporting

Usage:

security-scan:
  include:
    - component: .../security-scan@0.1.0
      inputs:
        security_level: "cui"              # public|cui|secret
        sast_enabled: true
        dast_enabled: true
        secret_detection_enabled: true
        container_scan_enabled: true
        compliance_frameworks: ["NIST", "FISMA"]
        fail_on_high: true
        target_url: "https://staging.example.com"

2. Multi-Platform Build Component

Path: components/ci-cd/build/multi-platform-build@0.1.0

Key Features:

• Drupal modules, Node.js services, Docker images, Helm charts
• Multi-architecture builds (AMD64/ARM64)
• Build optimization and caching

Usage:

build:
  include:
    - component: .../multi-platform-build@0.1.0
      inputs:
        php_version: "8.3"
        node_version: "20"
        drupal_version: "10"
        build_environment: "production"
        optimize_build: true
        multi_arch_build: true
        security_scan_enabled: true
        parallel_builds: 6

3. Comprehensive Testing Component

Path: components/ci-cd/testing/comprehensive-testing@0.1.0

Key Features:

• Unit, integration, E2E, and performance testing
• Coverage aggregation across platforms
• Quality scoring

Usage:

test:
  include:
    - component: .../comprehensive-testing@0.1.0
      inputs:
        coverage_threshold: 85
        performance_threshold: 2000
        browser_tests_enabled: true
        api_tests_enabled: true
        load_tests_enabled: true
        parallel_jobs: 8

4. Government Production Deployment

Path: components/ci-cd/deployment/government-production@0.1.0

Key Features:

• Government compliance deployment
• Multi-tenant architecture
• Vault integration
• Ollama cluster deployment

Usage:

deploy:
  include:
    - component: .../government-production@0.1.0
      inputs:
        environment: "production"
        security_level: "cui"
        tenant_isolation: true
        stig_compliance: true
        vault_enabled: true
        monitoring_enabled: true
        ollama_cluster_enabled: true

🏗️ Implementation Examples

Drupal Module Pipeline

# _DrupalSource/Modules/your-module/.gitlab-ci.yml
stages:
  - security-scan
  - build
  - test
  - deploy

variables:
  MODULE_NAME: "your_module"
  SECURITY_LEVEL: "cui"

# Use components
include:
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/security/security-scan@0.1.0
    inputs:
      security_level: $SECURITY_LEVEL
      compliance_frameworks: ["NIST", "FISMA"]
      
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/build/multi-platform-build@0.1.0
    inputs:
      php_version: "8.3"
      drupal_version: "10"
      
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/testing/comprehensive-testing@0.1.0
    inputs:
      coverage_threshold: 90
      browser_tests_enabled: true

# Module-specific jobs
module-specific-tests:
  stage: test
  script:
    - vendor/bin/phpunit tests/src/Integration/

Node.js Service Pipeline

# _CommonNPM/your-service/.gitlab-ci.yml
stages:
  - security-scan
  - build
  - test
  - containerize
  - deploy

variables:
  SERVICE_NAME: "your-service"
  NODE_VERSION: "20"

include:
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/security/security-scan@0.1.0
    inputs:
      security_level: "cui"
      container_scan_enabled: true
      
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/build/multi-platform-build@0.1.0
    inputs:
      node_version: $NODE_VERSION
      multi_arch_build: true
      
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/testing/comprehensive-testing@0.1.0
    inputs:
      coverage_threshold: 85
      api_tests_enabled: true
      performance_threshold: 1500

# Service-specific deployment
deploy-service:
  stage: deploy
  include:
    - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/deployment/government-production@0.1.0
      inputs:
        environment: "production"
        ollama_cluster_enabled: false  # Service doesn't need Ollama

Complete Platform Pipeline

# llm-platform/.gitlab-ci.yml
stages:
  - security-scan
  - build
  - test
  - integration
  - deploy
  - verify

variables:
  PLATFORM_NAME: "llm-platform"
  SECURITY_LEVEL: "cui"

# Platform-wide security scan
platform-security:
  include:
    - component: .../security-scan@0.1.0
      inputs:
        security_level: $SECURITY_LEVEL
        compliance_frameworks: ["NIST", "FISMA", "SOC2", "HIPAA"]
        fail_on_high: true

# Build all components
build-all:
  include:
    - component: .../multi-platform-build@0.1.0
      inputs:
        php_version: "8.3"
        node_version: "20"
        multi_arch_build: true
        parallel_builds: 8

# Test everything
test-all:
  include:
    - component: .../comprehensive-testing@0.1.0
      inputs:
        coverage_threshold: 85
        browser_tests_enabled: true
        api_tests_enabled: true
        load_tests_enabled: true

# Deploy to production
deploy-prod:
  include:
    - component: .../government-production@0.1.0
      inputs:
        environment: "production"
        security_level: $SECURITY_LEVEL
        tenant_isolation: true
        stig_compliance: true
        vault_enabled: true
        monitoring_enabled: true
        ollama_cluster_enabled: true
        backup_enabled: true

🔧 Configuration Options

Security Levels

Level	Description	Use Case
public	Basic security controls	Public-facing demo sites
cui	Controlled Unclassified Information	Government data processing
secret	Maximum security controls	Classified information

Compliance Frameworks

• NIST: NIST 800-53 security controls
• FISMA: Federal Information Security Management Act
• SOC2: Service Organization Control 2
• HIPAA: Health Insurance Portability and Accountability Act
• STIG: Security Technical Implementation Guide

Build Environments

• development: Fast builds, debugging enabled
• staging: Production-like, with test data
• production: Optimized, security hardened

📊 Output Artifacts

Security Component

• security-reports/ - All scan results
• final-reports/security-aggregated-report.json - Summary
• final-reports/executive-summary.json - Executive dashboard

Build Component

• build-artifacts/ - Compiled code
• helm-packages/ - Helm charts
• docker-build-metadata-*.json - Image metadata

Testing Component

• coverage/ - Coverage reports
• test-results/ - Test results
• performance-summary.json - Performance metrics

Deployment Component

• deployment-summary.json - Deployment status
• Network policies and configurations
• Health check results

🚦 Quality Gates

Components automatically enforce:

1. Security Gates

   • No critical vulnerabilities
   • No exposed secrets
   • Compliance validation passed

2. Quality Gates

   • Code coverage meets threshold
   • All tests passing
   • Performance within limits

3. Deployment Gates

   • Health checks passing
   • Security policies applied
   • Monitoring active

🔍 Troubleshooting

Common Issues

Component not found:

# Ensure correct path and version
include:
  - component: gitlab.bluefly.io/llm/bfcicomponents/components/ci-cd/security/security-scan@0.1.0

Security scan failures:

# Adjust security level for development
inputs:
  security_level: "public"
  fail_on_high: false

Build timeouts:

# Reduce parallel builds
inputs:
  parallel_builds: 2
  build_timeout: 60

🎯 Best Practices

1. Start with security - Always run security scans first
2. Use caching - Enable cache for faster builds
3. Parallel execution - Use parallel jobs where possible
4. Progressive deployment - Deploy to staging before production
5. Monitor everything - Enable monitoring in all environments

📈 Performance Tips

1. Cache dependencies:

   cache_enabled: true

2. Optimize builds:

   optimize_build: true
   parallel_builds: 6

3. Selective testing:

   browser_tests_enabled: false  # If not needed
   load_tests_enabled: false     # For faster feedback

🔗 Integration with Existing CI/CD

Gradual Migration

1. Start with one component:

   include:
     - component: .../security-scan@0.1.0

2. Keep existing jobs:

   my-custom-job:
     stage: test
     script:
       - echo "Existing job continues to work"

3. Gradually replace with components

Hybrid Approach

# Use components for standard tasks
include:
  - component: .../security-scan@0.1.0
  - component: .../build/multi-platform-build@0.1.0

# Custom jobs for specific needs
custom-integration-test:
  stage: test
  script:
    - ./run-custom-tests.sh

📚 Additional Resources

• GitLab CI/CD Components Documentation
• Government Compliance Guidelines
• LLM Platform Documentation

---

Ready to implement enterprise-grade CI/CD across your LLM Platform projects! 🚀