- Component project
- Use a component
- CI/CD Catalog
- Best practices
- Convert a CI/CD template to a component
- Troubleshooting
CI/CD components
- Introduced as an experimental feature in GitLab 16.0, with a flag named
ci_namespace_catalog_experimental
. Disabled by default. - Enabled on GitLab.com and self-managed in GitLab 16.2.
-
Feature flag
ci_namespace_catalog_experimental
removed in GitLab 16.3. - Moved to Beta status in GitLab 16.6.
A CI/CD component is a reusable single pipeline configuration unit. Use them to compose an entire pipeline configuration or a small part of a larger pipeline.
A component can take input parameters.
CI/CD components are similar to the other kinds of configuration added with the include
keyword, but have several advantages:
- Components can be released and used with a specific version.
- Multiple components can be defined in the same project and versioned together.
- Components are discoverable in the CI/CD Catalog.
Component project
A component project is a GitLab project with a repository that hosts one or more components. All components in the project are versioned together.
If a component requires different versioning from other components, the component should be moved to a dedicated component project.
One component repository can have a maximum of 10 components.
Create a component project
To create a component project, you must:
-
Create a new project with a
README.md
file. -
Add a YAML configuration file for each component, following the required directory structure.
For example:
spec: inputs: stage: default: test --- component-job: script: echo job 1 stage: $[[ inputs.stage ]]
Directory structure
The repository must contain:
- A
README.md
Markdown file documenting the details of all the components in the repository. - A top level
templates/
directory that contains all the component configurations. You can define components in this directory:- In single files ending in
.yml
for each component, liketemplates/secret-detection.yml
. - In sub-directories containing
template.yml
files as entry points, for components that bundle together multiple related files. For example,templates/secret-detection/template.yml
.
- In single files ending in
Configure the project’s .gitlab-ci.yml
to test the components
and release new versions.
For example, if the project contains a single component, the directory structure should be similar to:
├── templates/
│ └── secret-detection.yml
├── README.md
└── .gitlab-ci.yml
If the project contains multiple components, then the directory structure should be similar to:
├── templates/
│ ├── all-scans.yml
│ └── secret-detection/
│ ├── template.yml
│ ├── Dockerfile
│ └── test.sh
├── README.md
└── .gitlab-ci.yml
In this example:
- The
all-scans
component configuration is defined in a single file. - The
secret-detection
component configuration contains multiple files in a directory.
Component configurations saved in any directory (deprecated)
Components configurations can be saved through the following directory structure, containing:
-
template.yml
: The component configuration, one file per component. If there is only one component, this file can be in the root of the project. If there are multiple components, each file must be in a separate subdirectory. -
README.md
: A documentation file explaining the details of all the components in the repository.
For example, if the project is on GitLab.com, named my-project
, and in a personal
namespace named my-namespace
:
-
Containing a single component and a simple pipeline to test the component, then the file structure might be:
├── template.yml ├── README.md └── .gitlab-ci.yml
This component is referenced with the path
gitlab.com/my-namespace/my-project@<version>
. -
Containing one default component and multiple sub-components, then the file structure might be:
├── template.yml ├── README.md ├── .gitlab-ci.yml ├── unit/ │ └── template.yml └── integration/ └── template.yml
These components are identified by these paths:
gitlab.com/my-namespace/my-project
gitlab.com/my-namespace/my-project/unit
gitlab.com/my-namespace/my-project/integration
It is possible to have a components repository with no default component, by having
no template.yml
in the root directory.
Additional notes:
Nesting of components is not possible. For example:
├── unit/
│ └── template.yml
│ └── another_folder/
│ └── nested_template.yml
Use a component
You can use a component in a CI/CD configuration with the include: component
keyword.
The component is identified by a unique address formatted as <fully-qualified-domain-name>/<project-path>/<component-name>@<specific-version>
.
For example:
include:
- component: gitlab.example.com/my-org/security-components/secret-detection@1.0
inputs:
stage: build
In this example:
-
gitlab.example.com
is the Fully Qualified Domain Name (FQDN) matching the GitLab host. You can only reference components in the same GitLab instance as your project. -
my-org/security-components
is the full path of the project containing the component. -
secret-detection
is the component name that is defined as either a single filetemplates/secret-detection.yml
or as a directorytemplates/secret-detection/
containing atemplate.yml
. -
1.0
is the version of the component. In order of highest priority first, the version can be:- A branch name, for example
main
. - A commit SHA, for example
e3262fdd0914fa823210cdb79a8c421e2cef79d8
. - A tag, for example:
1.0
. If a tag and branch exist with the same name, the tag takes precedence over the branch. If a tag and commit SHA exist with the same name, the commit SHA takes precedence over the tag. -
~latest
, which is a special version that always points to the most recent release published in the CI/CD Catalog.
- A branch name, for example
~latest
version keyword always returns the most recent published release, not the release with
the latest semantic version. For example, if you first release 2.0.0
, and later release
a patch fix like 1.5.1
, then ~latest
returns the 1.5.1
release.
Issue #427286 proposes to
change this behavior.CI/CD Catalog
- Introduced in GitLab 16.1 as an experiment.
- Moved to beta in GitLab 16.7.
The CI/CD Catalog is a list of projects with published CI/CD components you can use to extend your CI/CD workflow.
Anyone can add a component project to the CI/CD Catalog, or contribute to an existing project to improve the available components.
View the CI/CD Catalog
To access the CI/CD Catalog and view the published components that are available to you:
- On the left sidebar, select Search or go to.
- Select Explore.
- Select CI/CD Catalog.
Alternatively, if you are already in the pipeline editor in your project, you can select Browse CI/CD Catalog.
Publish a component project
To publish a component project in the CI/CD catalog, you must:
- Set the project as a catalog resource.
- Publish a new release.
Set a component project as a catalog resource
To make published versions of a component project visible in the CI/CD catalog, you must set the project as a catalog resource:
- On the left sidebar, select Search or go to and find your project.
- On the left sidebar, select Settings > General.
- Expand Visibility, project features, permissions.
- Scroll down to CI/CD Catalog resource and select the toggle to mark the project as a catalog resource.
Publish a new release
Components defined in a component project can be used immediately and don’t require to be published in the CI/CD catalog. However, having the component project published in the catalog makes it discoverable to other users.
After the project is set as a catalog resource,
add a job to the project’s .gitlab-ci.yml
file that creates a release using the
release
keyword.
For example:
create-release:
stage: deploy
image: registry.gitlab.com/gitlab-org/release-cli:latest
script: echo "Creating release $CI_COMMIT_TAG"
release:
tag_name: $CI_COMMIT_TAG
description: "Release $CI_COMMIT_TAG of components in $CI_PROJECT_PATH"
The release fails if the project is missing:
- The project description, to display in the catalog list.
- A
README.md
file in the root directory for the commit SHA of the tag being released. - Any component in the
templates/
directory for the commit SHA of the tag being released.
Create a new tag for the release, which should trigger a tag pipeline that contains the job responsible that creates the release. You should configure the tag pipeline to test the components before running the release job.
The release is created and the new version is published to the CI/CD catalog only if:
- All jobs before the release job succeed.
- All component project requirements are satisfied.
- The component project is set as a catalog resource.
Best practices
This section describes some best practices for creating high quality component projects.
Test the component
Testing CI/CD components as part of the development workflow is strongly recommended and helps ensure consistent behavior.
Test changes in a CI/CD pipeline (like any other project) by creating a .gitlab-ci.yml
in the root directory. Make sure to test both the behavior and potential side-effects
of the component. You can use the GitLab API if needed.
For example:
include:
# include the component located in the current project from the current SHA
- component: gitlab.com/$CI_PROJECT_PATH/my-component@$CI_COMMIT_SHA
inputs:
stage: build
stages: [build, test, release]
# Expect `component-job` is added.
# This example tests that the included component works as expected.
# You can inspect data generated by the component, use GitLab API endpoints or third-party tools.
ensure-job-added:
stage: test
image: badouralix/curl-jq
script:
- |
route="https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs"
count=`curl --silent --header "PRIVATE-TOKEN: $API_TOKEN" $route | jq 'map(select(.name | contains("component-job"))) | length'`
if [ "$count" != "1" ]; then
exit 1
fi
# If we are tagging a release with a semantic version and all previous checks succeeded,
# we proceed with creating a release automatically.
create-release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
- if: $CI_COMMIT_TAG =~ /\d+/
script: echo "Creating release $CI_COMMIT_TAG"
release:
tag_name: $CI_COMMIT_TAG
description: "Release $CI_COMMIT_TAG of components repository $CI_PROJECT_PATH"
After committing and pushing changes, the pipeline tests the component, then releases the tag it if the test passes.
Avoid using global keywords
Avoid using global keywords in a component.
Using these keywords in a component affects all jobs in a pipeline, including jobs
directly defined in the main .gitlab-ci.yml
or in other included components.
As an alternative to global keywords, instead:
- Add the configuration directly to each job, even if it creates some duplication in the component configuration.
- Use the
extends
keyword in the component, but use unique names that reduce the risk of naming conflicts when the component is merged into the configuration.
For example, using the default
keyword is not recommended:
# Not recommended
default:
image: ruby:3.0
rspec-1:
script: bundle exec rspec dir1/
rspec-2:
script: bundle exec rspec dir2/
Instead, you can:
-
Add the configuration to each job:
rspec-1: image: ruby:3.0 script: bundle exec rspec dir1/ rspec-2: image: ruby:3.0 script: bundle exec rspec dir2/
-
Use
extends
to reuse configuration:.rspec-image: image: ruby:3.0 rspec-1: extends: - .rspec-image script: bundle exec rspec dir1/ rspec-2: extends: - .rspec-image script: bundle exec rspec dir2/
Replace hard-coded values with inputs
Avoid hard-coding values in CI/CD components. Hard-coded values might force component users to need to review the component’s internal details and adapt their pipeline to work with the component.
A common keyword with problematic hard-coded values is stage
. If a component job’s
stage is set to a specific value, the pipeline using the component must define
the exact same stage. Additionally, if the component user wants to use a different stage,
they must override the configuration.
The preferred method is to use the input
keyword.
The component user can specify the exact value they need.
For example:
-
In the component configuration:
spec: inputs: stage: default: test --- unit-test: stage: $[[ inputs.stage ]] script: echo unit tests integration-test: stage: $[[ inputs.stage ]] script: echo integration tests
-
In the project using the component:
include: - component: gitlab.com/gitlab-org/ruby-test@1.0 inputs: stage: verify stages: [verify, deploy]
Replace custom CI/CD variables with inputs
When using CI/CD variables in a component, evaluate if the inputs
keyword
should be used instead. Avoid requiring a user to define custom variables to change a component’s
behavior. You should try to use inputs
for any component customization.
Inputs are explicitly defined in the component’s specs, and are better validated than variables. For example, if a required input is not passed to the component, GitLab returns a pipeline error. By contrast, if a variable is not defined, its value is empty, and there is no error.
For example, use inputs
instead of variables to let users change a scanner’s output format:
-
In the component configuration:
spec: inputs: scanner-output: default: json --- my-scanner: script: my-scan --output $[[ inputs.scanner-output ]]
-
In the project using the component:
include: - component: gitlab.example.com/my-scanner@1.0 inputs: scanner-output: yaml
In other cases, CI/CD variables are still preferred, including:
- Using predefined variables to automatically configure a component to match a user’s project.
- Requiring tokens or other sensitive values to be stored as masked or protected variables in project settings.
Use semantic versioning
When tagging and releasing new versions of components, you should use semantic versioning. Semantic versioning is the standard for communicating that a change is a major, minor, patch, or other kind of change.
You should use at least the major.minor
format, as this is widely understood. For example,
2.0
or 2.1
.
Other examples of semantic versioning:
1.0.0
2.1.3
1.0.0-alpha
3.0.0-rc1
Convert a CI/CD template to a component
Any existing CI/CD template that you use in projects by using the include:
syntax
can be converted to a CI/CD component:
- Decide if you want the component to be part of an existing component project to be grouped with other components, or create a new component project.
- Create a YAML file in the component project according to the expected directory structure.
- Copy the content of the original template YAML file into the new component YAML file.
- Refactor the new component’s configuration to:
- Follow the best practices for components.
- Improve the configuration, for example by enabling merge request pipelines or making it more efficient.
- Leverage the
.gitlab-ci.yml
in the components repository to test changes to the component. - Tag and release the component.
Troubleshooting
content not found
message
You might receive an error message similar to the following when using the ~latest
version qualifier to reference a component hosted by a catalog resource:
This GitLab CI configuration is invalid: component 'gitlab.com/my-namespace/my-project/my-component@~latest' - content not found`
The ~latest
behavior was updated
in GitLab 16.7. It now refers to the latest published version of the catalog resource. To resolve this issue, create a new release.