CI/CD example for GitLab
Before discussing the GitLab CI/CD setup, let's assume you already have a working DNSControl setup. Aren't you there yet? Then first check out the 'Getting Started' section.
DNSControl - Demo setup
For this tutorial, there is a GitLab repository ready with an example DNSControl setup/domain.
This is based on:
The domain
cafferata.dev
.The DNS provider TransIP.
The TransIP account
cafferatax
.
For convenience, both configuration files are shown below.
GitLab CI - Preparation
You may have noticed that the creds.json
file contains a variable $TRANSIP_PRIVATE_KEY
. This variable is populated from the GitLab CI variables and contain the TransIP API key.
Example of variable $TRANSIP_PRIVATE_KEY
contents.
GitLab CI - DNSControl preview
Now it's time to apply the power of DNSControl within GitLab CI merge requests. We'll start by adding the basic GitLab CI setup. You can view the git diff online in the GitLab merge request #1. The GitLab CI setup has also been added for convenience.
.gitlab-ci.yml
What does this YAML configuration mean?
The
dnscontrol preview
is run within the GitLab CI predefined stagetest
using the Docker image stackexchange/dnscontrol.A conscious decision has been made to always use the latest version so that no maintenance is required. Of course you can choose to include a Docker image version. You do this by choosing from the available versions, and including it in
image:
for example:name: 'stackexchange/dnscontrol:v3.20.0'
Because the choice was made not to adopt a version, it's nice to know from the GitLab CI jobs which version DNSControl is running. We check and validate the DNSControl set-up
dnsconfig.js
.Then we ask TransIP which DNS diff there is.
(!) This only happens in the context of a GitLab merge request and (very important) only when there is a change in the DNSControl configuration (
dnsconfig.js
).
Because the above GitLab CI configuration expects a diff, we apply this by (for example) adding the Google Workspace SPF include.
dnsconfig.js
From that moment everything comes together! Within the GitLab merge request #1, a GitLab pipeline with a GitLab job starts running containing the command dnscontrol preview
. The outcome of this job? The desired change that will be made within TransIP. Wow this is cool!
GitLab CI - DNSControl push
We just saw that we can view the DNSControl diff from the GitLab job. Now it's time to make GitLab CI responsible for the command dnscontrol push
.
From here several choices can be made. You can choose to have the dnscontrol push
run as soon as a merge request is pushed to default branch (e.g. main
), or from a GitLab pipeline trigger within the GitLab web interface. We have opted for the GitLab pipeline web interface so that it cannot happen that DNS changes are made from previous merge requests in default branch (e.g. main
).
It will probably not surprise you that the basis of this GitLab YAML configuration corresponds for 90% with the DNSControl preview. See the GitLab merge request #2 here.
.gitlab-ci.yml
What does this (new) YAML configuration mean?
The
dnscontrol push
is run within the GitLab CI predefined stagedeploy
.This only happens when you start a GitLab pipeline from the GitLab web interface for the default branch (e.g.
main
).
When we start the new GitLab pipeline from the GitLab web interface, we see the GitLab job dnscontrol-push which makes the changes within the DNS provider TransIP.
GitLab CI - Duplicate YAML configuration
We have a working setup at this point that includes a dnscontrol preview
and a dnscontrol push
command. Well done! You might consider cleaning up the duplicate GitLab YAML configuration. We can move the DNSControl image
name
and entrypoint
to a GitLab YAML extends
. Then we can also move the duplicate dnscontrol version
command to a GitLab before_script
. See the third (and also last) GitLab merge request #3.
This eventually brings us to the following GitLab CI setup.
.gitlab-ci.yml
If you are unexpectedly unable to set up this setup, feel free to ask questions about it.
Last updated