Move away from GitLab CI to a different tool
Summary
We lost our GitLab Gold license due to terms and conditions. Right now we are using GitLab free. The only problem we've had so far with this tier is the fact that concurrent jobs cannot exceed 500. This is too little for us. Integrates already suffered from this due to old infrastructure being deployed caused by throttled pipelines:
Pipeline triggered several days ago: https://gitlab.com/fluidattacks/universe/-/pipelines/638194854
Associated job finished a few hours ago: https://gitlab.com/fluidattacks/universe/-/jobs/3017619495
We need to decide if we want to purchase GitLab just for its CI or move to a different stack.
Motivation
We need a reliable CI that covers our current use cases.
Detailed design
A different tool would have to directly support or allow implementations for the following use cases:
Non-negotiable:
-
When to allow merging a MR -
Triggering new pipelines after a rebase -
Product pipelines for monorepo -
Development pipelines for each push -
Job logs -
Provide workers with internal SSDs -
Provide workers of different sizes or a minimum of 8gb of ram -
Autoscale on demand -
Support containers or Nix directly -
Support pipelines as code -
Allow DAG pipelines and sequential ones using needs
Negotiable but very painful:
-
Traceability associating commits with pipelines -
Authenticating to AWS using OIDC -
Support a distributed artifact cache (for coverage as well) -
Comfortable GUI for developers
Negotiable:
-
GitLab CI secrets -
GitLab schedules -
Allow non privileged builds
Examples and Interactions
Not known yet.
Drawbacks
- Custom implementation for connecting GitLab and an external CI.
- Loss of centralization and seamlessness as today everything exists on GitLab.
Alternatives
- Hydra: https://github.com/NixOS/hydra
- Buildkite: https://buildkite.com/
- Jenkins: https://www.jenkins.io/
Unresolved questions
Not known yet.
Future work
Not known yet.