►
From YouTube: Dutch GitLab Meetup: From Idea to Production: Using GitLab for your whole development lifecycle
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
First,
thank
you
very
much.
Everyone
for
joining
this
workshop,
we'll
be
talking
about
using
gitlab
from
idea
to
production.
That
means
from
your
for
your
entire
development
lifecycle.
Right
from
you
having
an
idea
you
want
to
work
on
right
to
getting
your
idea
deployed
on
production
will
be
looking
at
the
different
workflows
you
can
use
within
gitlab
and
some
of
the
processes
that
you
can
leverage
on
gitlab.
A
A
A
Okay,
now
briefly,
gitlab
is
a
fully
remote
company.
I
think
we
are
currently
close
to
one
thousand
five
or
four
hundred
employees
working
in
different
parts
of
the
world
I
joined
from
nigeria,
I'm
originally
from
nigeria,
so
then
moved
to
the
netherlands
after
two
years,
working
with
gitlab-
and
I
I
joined
when
the
company
was
still
around
a
hundred
people-
that's
in
2016
and
now
I've
seen
the
company
grow
to
1300
and
we
are
scattered
all
over
the
globe.
A
We
only
meet
physically,
maybe
during
certain
offsides
or
when
the
company
as
a
whole
itself
organizes.
We
were
supposed
to
meet
in
prague
last
year,
but
kovid
happened
and
hopefully
we'll
meet
physically
soon,
maybe
in
the
netherlands,
so
that
we
can
meet
all
of
you.
Wonderful
people
in
our
community
yeah.
So
basically,
gitlab
are
pretty
light,
says
what
I
would
call
open
core.
We
have
open
source
version
which
anyone
can
contribute
to
and
see
how
the
code
works.
A
Then
we
have
the
enterprise
version
that
we
provide
to
companies,
enterprises
that
for
them
to
install
in
the
on-premise
within
their
own
private
network
and
those
who
don't
necessarily
want
to
maintain
their
own
infrastructure
can
use
our
sas
version,
which
is
on
gitlab.com.
So
those
are
the
two
versions.
A
There
are
new
versions,
we
always
call
it
the
best
release
ever
because
every
month,
new
features,
new
awesome
contributions
from
the
community
go
out
for
everyone
to
benefit
from
and
gitlab
promotes
what
we
call
a
single
source
of
truth.
Instead
of
as
a
company
to
have
different
tools,
for
you
have
a
different
tool
to
write
your
code,
you
have
a
different
tool
to
manage
your
issues,
to
submit
pull
requests.
A
A
Gitlab
has
grown
to
contain
almost
anything
you
need
within
different
stages
of
development
and
we've
broken
the
stages
into
manage
plan,
create
verify
package,
secure,
release,
configure,
monitor
and
protect,
we'll
be
seeing
some
of
this
in
you
know.
In
our
demo,
but
a
couple
of
them
are
much
more
advanced
and
things
that
you
might
necessarily,
you
might
only
need
in
an
enterprise
environment,
but
the
part
I
want
to
mention
is
the
verified
stage
and
the
package
stage.
A
If
you
look
at
the
very
first
teacher,
you
will
notice
right
from
we
talk
about
continuous
integration.
That
means
anytime.
You
need
to
test
your
code.
You
need
to
make
sure
area
all
the
pushes
that
we
had
done
by
your
team
or
you
yourself
is
tested,
and
you
have
adequate
test
storage
everything
necessary
down
to
running
security,
analysis
on
your
code
or
secrecy
detection.
A
Quite
a
lot
of
issues
that
happen
lately
is
where
you
see
employees
mistakenly,
pushing
secrets
to
they
get
repository
or
in
one
way
or
the
other
passwords
get
leaked
out
or
something
gitlab
helps
you
to
be
able
to
identify
when
someone
mistakenly
pushes
a
secret.
So
that
way
you
are
able
to
have
much
more
secure
and
robust
environment
I'll,
be
sharing
this
slide
so
that
you
can
subsequently
at
the
end,
so
that
you
can
be
able
to
go
through
every
part
of
this.
A
Subsequently,
then
I'll
be
moving
to
the
gitlab
flow,
now
git
itself,
it's
a
very
robust
platform
and
other
version
control
systems.
We
have
like
spn,
like
maya
mercuria.
Everyone
has
the
flow
that
people
can
use
to
be
able
to
work,
and
it
also
comes
with
its
own,
but
git's
method
of
working
is
kind
of
complicated.
A
A
Gitlab
takes
it
a
bit
further
because
that
flow
that
github
introduced
didn't
take
into
consideration.
The
fact
that
it's
not
necessarily
what
is
in
your
master
that
always
goes
straight
to
your
production
or
whichever
environment
you
have.
So.
Instead,
we
introduced
a
multi-branch
workflow,
where
you
can
have
a
specific
branch
that
anything
that
goes
into
that
branch
like
production.
A
Anything
going
into
that
branch
is
what
is
deployed
to
your
production,
so
you
might
end
up
having
a
different
set
of
code
or
different
set
of
work
in
your
master
branch
or
any
other
feature
that
you
have.
But
anytime,
you
are
ready
to
deploy
or
you
have
a
production
ready
code.
You
can
simply
merge
it
into
the
production
branch
and
it
gets
deployed
to
production.
A
Now,
then,
what?
If
you
have
different
environments?
You
have
staging?
You
have
probably
have
testing
you.
It
might
have
canary,
also
different
stages
completely
down
to
production,
so
gitlab,
one
of
the
flow
we
are
promoting
is
where
you
use
branches
for
different
environments
that
you
have.
It
might
be
branch
it
might
be
using
tags
so
that
any
time
code
is
written
and
probably
you
want
to
test
you
merge
what
is
in
your
master
into
a
pre-production
branch.
A
A
A
Release
base
flow,
where
you
can
tag
certain
parts
of
your
master
branch
for
certain
releases.
Probably
you,
you
are
not
pushing
to
produce
to
production.
You
are
releasing
your
software
as
a
specific
version,
so
you
can
have
the
from
the
same
code
base
be
able
to
tag
certain
parts
of
your
code
or
certain
branches,
as
this
is
version
two
stable.
This
is
version
three.
This
is
version
four,
and
probably
there
are
some
bugs
that
were
introduced
earlier
on
in
the
code,
and
it
affects
defense
branches.
A
I
everything
should
be.
Fine,
testing
should
be
done
on
almost
every
commit,
not
just
the
ones
that
are
going
to
master,
but
everyone
on
any
branch
that
is
created
then
code
reviews
before
margin
to
master.
Yes,
sometimes
you
can
trust
it's
not
just
enough
to
just
trust
code
written
by
anyone.
It
is
very
important
that
anytime,
a
new
feature
is
being
introduced
or
code.
A
A
team
member
has
created
a
commit
to
make
sure
it
is
probably
reviewed
by
a
teammate
or
someone
else.
That's
a
senior
to
make
sure
the
code
is
okay
and
intact,
and
you
you
can
also
do
deployments
automatically
either
based
on
a
branch
or
a
tag
or
if
you
are
not
doing
automatic
deployments,
you
can
do
delivery,
also
by
maybe
specific
branches
or
tags.
A
Then
it
should
be
that
you
set
the
tags,
your
team
members
or
the
or
you
as
a
company
should
set
the
tags
for
your
features
directly.
Not
the
ci,
automatically
tagging
and
releases
are
advisable
to
be
based
as
tags,
not
specific
branches.
So
that
way
you
can
be
able
to
tag
specific
sections
of
your
code
without
creating
the
branches
completely,
and
it
is
advisable
that
every
body
starts
from
the
master.
A
Like
I
said
earlier,
the
single
source
of
truth.
Now
it's
also
advisable
that
you
fix
bugs
in
your
master.
First
then
back
to
the
branches.
So
that
would
be,
since
master
is
your
single
source
of
truth?
You
can
easily
everyone
within
the
team
can
have
an
updated
code
piece,
and
most
of
us
are
fond
of
probably
just
writing
cryptic
or
commit
messages
that
we
just
want
to
just
commit
and
move
on.
But
it's
more
every
time,
it's
advisable
that
whenever
we
are
writing
commit
message,
you
should
reflect
the
interest.
A
Gitlab,
like
I
said
earlier,
is
a
system
that
encompasses
the
entire
development
life
cycle
right
from
you
coming
up
with
an
idea
of
what
you
want
to
do
to
completing
this,
to
releasing
it
to
your
users
or
deploy
into
production.
It
starts
from
the
gitlab
repository
itself.
You
write
your
code.
You
commit
then
to
gitlab
ci
gitlab
ci.
Is
that
stage
where
every
code
you've
you
write
or
you've
written
is
tested?
A
Now
it's
tested
not
just
for
against
your
test
streets,
but
the
different
test
requirements,
for
example,
license
compliance.
It
might
be
that
your
company,
due
to
certain
reasons
or
due
to
some
legal
reasons,
don't
work
with
certain
line
census,
maybe
mit
or
any
other
licenses
out
there.
So
it
can
be
implemented
that
your
company
don't
want
any
library
or
dependencies
that
are
using
certain
licenses
within
github
ci
or
your
test
stage.
You
can
be
able
to
identify
which
test
licenses
have
been
introduced
and
move
them
out
now.
A
You
can
also
implement
it
in
such
a
way
that
you
want
to
be
able
to
review
these
changes
that
made
before
it
actually
gets
to
probably
staging
or
production
itself.
Here's
what
we
call
review
app
review
app
gives
you
like
a
preview
of
your
application
itself,
so
that
you
can
see
the
change
that
has
been
made
before
you
as
a
superior
or
as
someone
that
has
much
permissions
clicks
on
the
match
button
to
to
access
the
changes
that
have
been
introduced.
A
Now
we
also
have
what
we
call
the
security
dashboard,
after
all,
the
for
your
security
team
or
quality
assurance
team.
After
all,
the
security
scanning
analysis
and
everything
that
has
been
done,
we
provide
a
dashboard
where
your
security
team
can
see.
Okay,
what
are
the
different
infringements
or
the
mystics,
or
these
secrets
that
were
exposed
and
so
on
within
this
particular
project,
and
issues
can
be
created
that
okay,
this
needs
to
be
fixed,
or
this
issue
has
been
detected.
A
That
way,
an
issue
can
easily
be
identified.
A
numeric
request
can
be
created
to
fix
it.
It
goes
to
trusting
again
if
it's
accepted
it
gets
merged
and
so
on
then,
at
this
stage,
gitlab
cd
can
either
be
continuous
delivery
or
continuous
deployment,
where
you
can
either
set
it
that
anytime,
all
tests
have
been
accepted.
A
The
code
should
just
be
deployed
automatically,
which
is
continuous
deployment,
or
you
need
to
manually
intervene
that
okay,
you
still
want
to
see
it,
even
if
everything
is
fine
before
a
deployment
is
done.
You
manually,
deploy
yourself.
This
is
like
a
30
000
feet
overview
of
the
workflow
itself.
Now.
A
A
An
issue
has
been
created.
Okay,
this
is
what
needs
to
be
done,
some
platform
called
tickets,
and
so
on
this.
This
is
what
needs
to
be
done.
These
are
the
requirements.
A
lot
of
discussions
happens,
comments
and
so
on
now,
once
a
decision
has
been
made
has
been
made.
Image
request
is
created,
github
calls
it
pull
requests
in
the
magic
quest.
The
developer
writes
his
code.
A
Does
everything
then
push
all
the
changes
that
have
been
made
to
the
code
can
be
reviewed
within
the
match?
Requests.
The
match.
Request
can
also
be
linked
to
the
issue
that
okay,
this
match
request
actually
resolves
or
closes
this
particular
issue
that
has
been
raised
now,
once
all
the
changes
has
been
accepted.
The
next
thing
is
for
ci
to
run
or
test
run,
all
the
necessary
test.
Suites
to
check
the
code
has
been
written
to
make
sure
it
meets
compliance,
and
everything
is
fine.
A
Now,
once
that
is
done,
like
I
explained
earlier,
there's
a
review
app
where
we
can
see
a
preview
of
the
application,
then,
within
the
review
app.
The
essence
of
the
review
app
is
for
teammates
or
team
members
or
you
as
a
person
to
be
able
to
see
what
the
application
looks
like
and
confirm.
Is
this
change
that
has
been
implemented
exactly
what
was
expected
or
there
are
still
some
changes
that
need
to
be
done.
Different
reviews
happening
once
that
is
completed
and
all
every
change
has
been
made
has
been
approved.
A
At
this
stage
now,
you
can
also
decide
to
implement
monitoring
at
the
last
stage,
where
gitlab
can
be
monitoring
your
application,
probably
for
load
of
for
performance
and
other
things,
and
if
there
are
certain
issues
or
certain
problems
that
arises,
an
issue
can
be
introduced.
That
is
why
the
line
goes
back
here
again
when
a
new
problem
is
discovered.
A
new
issue
is
created
straight
to
march
requests
all
over
again
and
the
circle
continues.
A
Okay,
awesome
now.
The
next
thing
I
want
to
talk
about
is
auto
develops
now,
most
times
almost
all
of
us
are
have
been
are
in
this
scenario,
where
you
have
a
new
project,
you
you're
writing,
probably
php
code.
You
have
to
write
your
test
suites,
you
have
to
write
your
ci
cd
pipeline,
specify
exactly
what
needs
to
be
done.
What
security
checks
need
to
be
done,
everything
you
have
to
make
sure
everything
is
prepared
beforehand,
but
gitlab
has
this
feature
called
ultra
devops?
What
other
devops
does
is?
A
We've
created
some
predefined
templates
of
jobs
using
our
gitlab
ci
scripts
to
automatically
be
just
help.
You
run
your
application
through
all
the
different
life
cycle,
right
from
testing
your
code
to
building
your
code.
If
it
needs
to
be
built,
probably
into
a
docker
image,
to
reviewing
it
to
doing
dynamic
analysis,
testing,
to
publishing
into
production,
to
testing
for
performance
and
everything
necessary,
you
don't
need
to
set
up
any
ci.
You
don't
need
to
do
anything.
All
you
need
to
do
is
just
to
push
your
code
and
it
does
everything
now
auto.
A
A
Libraries
that
can
analyze
your
code
to
understand
what
language
is
it
written
in
what
are
the
necessary
test,
suites
that
are
needed
to
test
the
application
and
what
is
needed
to
build
the
application,
so
we
use
build
packs
within
autodevops
to
test
your
application
to
identify
first
in
what
language
is
he
written?
Okay,
it's
in
ruby.
Okay,
definitely,
ruby
requires
a
atm
file;
it
requires
a
rig
file
and
so
on
it
looks
for
them.
It
checks.
If
there
is
a
tests
that
needs
to
be
run
against
your
code,
it
runs
the
test.
A
A
A
Every
single
thing
is
done
automatically
how
it
does.
This
is
like
I
mentioned
earlier,
the
templates
we've
created.
We
created
templates
for
each
of
this
stage
and
it
runs
a
suite
of
commands
against
your
code
based
on
the
type
of
code
you've
written
and
the
one
beautiful
thing
about
ultra
devops
is
the
templates
are
provided
publicly
for
you
to
be
able
to
customize
to
your
taste,
because,
no
matter
how
agnostic
a
bunch
of
scripts
are,
they
might
not
necessarily
meet
or
suit
your
environment.
A
A
A
Oh
okay,
probably
it
was
my
network
connection.
Google
just
showed
me.
I
was
offline
for
a
bit
yeah.
So
basically
I
was
asking
if
anyone
has
any
question
based
on
everything
I've
said
here
before
we
get
to
our
demo
and
in
the
demo,
I'm
looking
at
scenario
where
we
will
have
a
couple
of
labs
and
we'll
do
it
interactively
I'll.
Do
certain
parts
of
it
and
franciscan
mentioned
last
time.
We
wanted
to
be
like
a
workshop
format
where,
once
I
do
them,
you
all
can
also
experiment
do
it.
A
A
This
is
so
we
can
enable
github
to
automatically
create
communities
clusters
without
we
having
to
do
it
ourselves.
Then
we
install
the
different
components
that
gitlab
needs
to
be
able
to
deploy
applications
to
the
cluster
and
we'll
be
using
this
sample.
Ruby
application
to
see
how
you
can
use
auto
devops
to
deploy
an
application
straight
to
the
kubernetes
cluster.
Without
you
having
to
do
any
configuration,
then
the
last
thing
we'll
be
seeing
is
make
edits
to
the
application
and
see
how
the
deployment
is
done
using
the
gitlab
workflow
itself.
A
A
A
Emo
files,
mostly
it
comes
as
a
dot
gitlab
dash,
ci
dot,
yaml
file
and
instead
of
you
having
to
create
yours.
What
autodevops
does
is
it
automatically
includes
this
particular
one
into
your
environment,
and
it
already
has
almost
everything
you
need
to
deploy
your
application
see
for
each
of
the
stage.
A
It
includes
templates
for
each
of
the
stitch
that
you
require
within
your
job
and,
if
you
probably
need
to
tweak
or
to
edit
any
of
these
templates
any
stage
you
can
clone
this
particular
project
or
come
here
and
copy
any
of
the
ci
file
and
make
changes
to
it.
You
see,
let's
say,
for
example,
you
want
to
change
the.
A
A
Okay,
back
to
our
presentation,
we
have
a
simple
ruby
application
that
you
can
use
to
test
auto
devops
to
see
how
it
works,
and
it
has
it's
basically
a
docker
file
with
a
small
ruby
application
that
just
says
hello
about
the
hello.
Almost
all
of
us
are,
I
guess
all
of
us
are
used
to
what
I'll
be
doing
here
is.
Are
we
starting
a
new
project?
I
don't
have
it
already.
A
A
A
A
A
A
A
A
Then,
if
you
do
not
set
up
your
if
you've
not
used
google
cloud
before
you
can
use
the
link
here,
I
think
it's
attached
to.
I
don't
know
if
the
campaign
is
still
running
where
you
can
get
some
credits
towards
your
google
account
and
you
can
start
with
the
free
trial.
If
not,
I
doubt
if
any
of
us
have
a
free
trial,
since
probably
most
of
you
will
have
tried
google
cloud
before,
but
you
can
create
an
account
if
you
don't
have
one
already,
then
the
zone,
I
think
amsterdam
is
eu
west
form.
A
A
C
A
Specify
for
gitlab
to
manage
the
cluster
that
means
gitlab
will
create
all
the
namespaces.
All
the
service
accounts,
all
everything
that
is
necessary
for
your
applications
to
run
within
the
crosstalk.
So
this
is
also
useful
if
you
want.
You
have
a
group
within
your
company,
a
gitlab
group,
and
you
have
several
projects
and
probably
due
to
cost
or
whatever
reason
you
don't
want
to
create
a
lot
of
clusters.
A
A
Okay,
okay,
thank
you
yeah.
This
would
probably
take
a
few
a
few
minutes.
So
let
me
take
you
to
the
gitlab
templates
here
to
to
see
some
of
the
ways
we've
already
created.
That
can
make
it
much
more
easier
for
you
to
be
able
to
use
auto
devops.
Now.
One
of
the
ways
I
was
explaining
earlier
is
within
our
build
templates.
Here
we
use
cloud-native
build
packs.
Now
I
think
this
is
the
website
build
buildbox.I.
A
If
I'm
correct,
yes,
so
and
basically
what
this
does
is.
Basically,
it
uses
build
boxes,
phenomenal
oil
technology-
that's
heroku,
started
with
where
they
don't
want
to
worry
about
how
you
build
your
application
or
how
you
test
your
application.
You
should
just
write
your
code,
you
push
them
and
everything
should
be
deployed
automatically,
so
they
have
a
suite
of
libraries
that
can
enable
you
to
test
a
language.
A
Maybe
you
have
a
team
environment
where
people
write
different
services
or
a
service,
oriented
architecture
and
people
are
free
to
use
different
languages
to
write
their
applications,
but
you
want
to
have
like
a
central
place
where
all
these
deployments
are
done.
So
it's
going
to
be
hectic
for
you
to
have
to
provide
the
different,
tooling
and
different
resources
for
each
team
to
be
able
to
work
with
it,
but
when
using
build
packs,
vmpass
can
help
automatically
identify
in
which
language
a
particular
project
is
written.
A
If
it
has
any
test
that
needs
to
be
run,
it
does
it
and
it
can
help
you
build
images
of
your
applications
and
and
deploy.
Let
me
check
on
this
yup.
It
has
been
created
now.
This
has
automatically
created
the
gke
cluster
for
us,
and
here
we
can
still
specify
what
environment
scope
we
wanted
it
to
to
use,
and
we
here,
if
we
have
a
costume
domain,
probably
you
have
a
domain
you've
created
for
your
company
or
you
just
want
to
specify
it.
A
A
A
Gitlab
itself,
if
you
are
using
gitlab.com,
gives
you
certain
minutes
for
you
to
use
to
run
your
ci.
So
if
you've
run
out
of
it
or
you
just
want
to
have
your
own
runner
private
runner
for
it
that
you
want
to
use
to
run
all
the
jobs
for
you,
this
particular
project
or
your
group,
you
can
install
your
runner
also
in
your
cluster,
the
same
cluster.
A
You
click
install
here
to
take
a
few
seconds.
Then
it's
when
you
have
the
ip
generated
by
ingress
provided
by
google
automatically.
Now
you
can
either
go
to
your
dns
provider.
It
might
be
google
dns
itself
or
your
xerox,
router
53,
or
maybe
I
using
a
free
dns
service
like
nip,
which
I'll
be
using
here,
just
to
make
things
a
bit
easier
for
us
nip.
A
So
here
there
are,
it's
still
a
couple
of
other
things
that
you
can
deploy
to
your
cluster.
We
have
crossplane.
I
have
not
really
looked
into
crosstalk,
but
I
know
it's
probably
around
the
microservices.
We
have
jupiter
or
we
have
k
native.
So
we
have
elastic
stack.
You
can
install
it
directly
from
here.
We
have
fluent
d
and
a
lot
of
other
things.
So
let's
look
up.
Okay,
yep.
It
has
already
installed
ingress
in
the
cluster
and
we
have
an
endpoint.
A
A
A
I
will
not
be
using
the
github
run
as
itself,
then
I
think
that's
basically
I
don't
need
everything
else
here.
Basically,
but
if
your
application
needs
it,
you
can
just
install
them
straight
from
here.
So
mostly
one
caveat
here
is:
when
you
run
all
of
these
things,
you
can
still
go
into
the
cluster,
probably
if
you
are
familiar
with
kubernetes
itself,
to
probably
make
changes
to,
or
for
one
reason
or
the
other,
you
want
to
tweak
or
make
changes
to
how
some
of
these
things
are
behaving
in
your
cluster.
A
A
D
C
A
A
If
you
don't
gitlab
will
ask
you
to
go
and
probably
create
a
project.
Add
your
billing
information
and
everything
so
that
google
cloud
can
build
you.
So
we
are
just
serving
as
an
interface
to
make
it
easier
for
you
to
create
all
these
things.
But
google
cloud
builds
you
for
anything.
You
do
on
the
google
cloud
side.
A
A
Aws
accounts,
feed
them
feed
all
the
credentials
and
all
the
other
details
into
gitlab
as
necessary.
Once
you've
done
that
gitlab
now
have
access
to
be
able
to
create
the
cluster
yeah.
My
runner
has
been
installed.
I
think
everything
I
need
here
has
been
set.
The
next
thing
is
to
go
back
to
my
project.
A
Nothing
is
still
happening.
My
ci
is
not
running.
It
means
I
need
to
go
into
settings
then
ci,
cd
and
here
enable
auto
device
by
default.
It's
not
enabled
because
we
don't
want
suddenly
for
everybody's
projections,
just
started
running
and
crashing
the
around
us.
So
that's
why
it's
disabled
by
default.
Once
you
enabled
you
now
select
the
strategy
you
want
for
the
deployment,
should
it
be
continuous
deployment
street
production
or
you
want
to
time
it
incremental
rollout
or
you
want
to
do
continuous
delivery.
A
There
should
be
a
manual
process
to
actually
do
the
deployment
so
for
this
for
our
use
case
here
I'll
leave
it
at
the
default,
which
is
continuous
deployment
production.
Once
I
click
save
here,
gitlab
will
now
automatically
start
the
initial
pipeline
for
us
and
you'll
notice.
It
started
with
series
of
jobs.
So
if
I
click
on
running.
A
A
Let
me
see,
is
he
running?
Is
he
using
my
runner,
the
one
I
created
yep
yeah?
This
looks
like
it's
running
it's
using
the
run.
I
access
to
install
so
I'm
showing
you
this
job
blog,
to
show
an
example
of
where
it
uses
cloud
native,
build
packs
to
actually
build
our
application.
Let
me
see,
can
I
see
where
it
does
it
here.
A
A
Yeah,
I
think
it's
automatically
detected
it's
a
ruby
application
and
built
it
without
necessarily
going
to
the
effort,
but
basically
it
has
built
the
application
at
this
stage,
then
it's
running
code
quality,
it's
scanning
it
for
any
it's
scanning.
The
container
builds
at
this
stage
here
for
any
security,
vulnerability
or
anything,
and
the
one
I
like
most
in
this
stage
is
the
secret
detection.
Here,
probably
when
I'm
making
an
edit
to
it,
I
will
try
to
introduce
a
vulnerability
and
see
so
that
we
can
see
how
it
handles
that
particular
scenario.
A
Maybe
by
you
putting
a
password
within
your
your
code
or
you
forgot,
and
you
pushed
a
dot
emv
file,
the
secret
detection
state
will
automatically
check
and
let
you
know-
and
once
it's
done
with
the
code
quality
and
license
scanning
here
it
goes
to
setting
up
the
dust
environment
in
the
review
stage.
We
have
the
build
test,
review
dust,
production
and
performance
up
to
the
cleanup
stage.
A
D
C
D
A
C
A
I
think
there's
a
certain
security
scans
that
can
be
run.
Most
of
them
are
provided
in.
Let
me
grab
the
overview
of
our
entire
security
scanning
that
that
we
do
yeah
gitlab
secure
here.
So
there
are
certain
instances
where
you
can
configure
what
kind
of
test
you
should
run
and
what
it
should
use
depending
on
on
what
stage,
but
we've
tried
as
much
as
possible
to
cover
as
much
language
as
possible.
Let's
say
in
the
testing
here
we
support
several
languages
and
also
different
tools
that
can
be
useful
for
these
comings.
C
Yeah
one
more
sorry
for
that
the
the
scans
are
are
pretty
clear.
I
guess
like
the
type
of
scans
you
can
do
and
what
the
languages
are
supported
are
these
all
the
scanning
tools
are:
are
those
things
you
guys
gitlab
created
or
are
they
a
standalone
open
source
tooling
that
you
guys
integrate
into
gitlab.
A
Okay:
okay,
the
uv
stage
is
complete.
It's
doing
the
dynamic
application
security
tests
also,
and
I
think,
at
a
stage
what
it's
basically
testing,
instead
of
just
the
code
itself,
it
also
needs
to
test
how
it
responds
to
different
scenarios
of
dynamic
requests
or
other
attacks
like
csrf
and
other
things.
A
A
A
A
D
A
A
A
D
A
A
Okay,
it's
doing
all
the
necessary
communities
deployments,
creating
a
service
stateful
set
running
anything
necessary.
If
I
have
production
a
database.
Okay,
it's
creating
an
ingress
service
here
and
yep
application
should
be
accessible.
It
has
deployed
my
application
and
it's
telling
me
that
my
application
should
be
accessible
at
this
url.
A
We
have
the
hello
world
here,
so
our
application
is
live
running
then,
let's
see
which
stage
of
the
pipeline
okay,
everything
is,
has
run
now.
What
we,
the
next
thing
we
can
check
is
our
security
dashboard.
Was
there
any
vulnerability
that
was
that
was
seen?
None
then
we
can
also
go
to
operation
and
see
metrics
with
different
metrics
from
our
cluster.
D
A
A
A
A
A
A
A
A
C
B
A
B
A
A
A
A
Change,
basically,
let
me
remove
the
dot
energy
file,
so
I
don't
waste
too
much
time.
Remove
that
here
the
file
don't
create
a
new
mod
request.
We
already
have
one
commit
and
since
the
way
gitlab
ci
runs-
and
these
are
initial
pipeline
here-
because
everything
in
this
stage
has
to
pass
for
it
to
go
to
review.
This
will
no
longer
proceed.
So
I
think,
to
see
what
time
I
would
just
cancel
the
rest
of
it,
since
you
already
have
one
that
has
failed.
A
A
We'll
notice
the
difference
here
here
we
don't
have
production
it's
because
we
are
working
in
a
different
branch
and
not
master.
So
what
it
would
do
it
knows
that.
Okay,
we
are
testing
if
we
are
creating
a
feature
and
testing
it
out
and
if
everything
goes
fine
we
will
now
match
to
master.
So
it's
not
that's
why
the
production
stage
is
not
here.
A
B
A
It's
running
a
total
of
12
jobs
and
even
when
you
are
working
within
your
own
environment
or
using
your
own
ci
scripts
are
not
on
twitter
verbs.
It's
always
necessary,
like
we
mentioned
earlier,
for
every
change
for
everything,
because
you
can
take
a
single
change
to
break
your
code
or
to
introduce
something
that
will
be
disastrous
to
your
code.
Tests
are
always
necessary
for
every
commit
that
comes
before
it
goes
to
master.
A
And
one
of
the
benefits
of
the
security
testing
that
we
have
for
auto
devops
it's,
it
tries
as
much
as
possible
to
run
all
the
different
sorts
of
tests
at
the
ends.
I
think
I've
made
a
mystic
funds
where
I
was
writing
a
ruby
application
and
I
wouldn't
use
emv
file
in
gitlab
itself,
but
I
had
an
a.t.m.e
file
to
test
my
local
system
and
at
one
point
or
the
other,
I
think
I
forgot
and
I
pushed
I
added
it
to
my
dot.
A
It
get
it
no,
but
I
don't
know
why
it
still
went
probably
maybe
at
a
particular
stage
I
had
already
committed
before
doing.
Git
ignore
so
the
whole
emv
file
went
live
and
I
had
to
figure
out
exactly
how
to
clean
up
the
project,
because
the
project
was
public
so
that
other
people
wouldn't
wouldn't
have
asked
us
to
discrete.
A
Look
for
all
the
icons
that
I
have
the
secrets
there
go
change
or
recycle.
The
tokens
and
secrets
to
be
safe,
then
fully
implemented
secret
detection
on
the
project,
so
that
any
time
any
secrets
at
all
since
I'll
be
using
gitlab
ci
cd5
variables,
which
is,
if
you
don't
have
a
dedicated,
maybe
like
votes,
hashicorp,
vault
server,
to
manage
your
secrets
or
any
other
solution.
You
can
add
your
secrets
in
a
gitlab
ci
variable
here
and
it
will
be
provided
to
your
ci
cd
environment
whenever
it
wants
to
do
anyone.
A
Probably
I
once
worked
on
a
project
where,
after
all,
the
necessary
tests
are
done
on
a
php
project.
If
he
wants
to
deploy
it
to
a
server,
it
uses
scp
to
just
move
them,
but
we
need
to
configure
ssh.
We
need
to
configure
a
lot
of
other
things
to
do
that,
all
the
secrets
that
are
needed
for
the
ci
to
run
properly.
You
can
add
them
as
ci
variables
here.
A
A
D
A
So
once
you
click
on
the
link,
it
takes
you
to
the
comparison
page.
Okay,
you
have
this
new
branch
and
you
are.
You
want
to
merge
to
master
all
whichever
branch,
then
you
click
on
continue
and
it
presents
you
with
the
magiquest
page,
where
you
can
specify
the
title
description
and
every
other
thing.
So
you
will
see
a
link
in
your
command
line
to
click
on
to
automatically
create
a
match.
D
A
A
A
A
A
Sorry
for
the
confusion,
okay,
my
pipeline
is
still
running
actually,
since
it's
still
on
the
same
source
branch.
That's
the
that
the
pipeline
started
on
the
same
language
change
branch.
So
if
you
notice
something
here
in
my
mi,
this
is
my
match.
Request
from
within
the
match
request,
I
can
see
different
tests
and
checks
that
it's
doing
on
my
application
now
here,
you'll
notice
that
it
has
deployed
this
to
review
language.
This
is
an
environment.
It's
created
automatically
for
my
review
and
I
can
view
my
application
first
before
actually
deploying.
A
A
special
subdomain
just
for
my
review.
Let
me
go
back
to
my
mr
and
explain
further
at
this
stage
at
the
review
stage
of
my
application,
it
automatically
deployed
my
application
to
a
particular
port.
I
guess
just
for
me
to
review
and
created
the
necessary
services
and
url
just
for
me
to
be
able
to
review
the
application
and
see
what
the
application
looks
like
not
to
production
this
time.
So
I've.
D
A
A
We've
not
introduced
anything
that
will
make
up
the
application
break.
So
from
this
same
place,
I
can
see
all
the
necessary
reports
of
other
reports
like
to
manage
licenses
to
view
full
reports
or
to
see
any
potential
vulnerabilities
in
the
project.
As
you
can
see
here,
so
you
just
can
detected
two
potential
vulnerabilities.
A
I
can
expand
to
see.
What's
the
issue
os
command
injection
in
rake,
I
can
review
them
and
also
review
this
security,
one
that
is
specifying
their
potential
vulnerability
for
our
use
case
here.
We
don't
necessarily
need
to
just
proceed
to
merge
the
branch
and
remember
it
closes
my
issue,
the
issue
I
created
earlier
it
it
closes
it
because
I
mentioned
in
the
description
of
the
magic
that
you
should
close
the
issue
once
the
mad
request
is
matched
now.
Let
me
click
on.
A
A
A
So
if
we
go
back
to
the
merge
request
here,
we'll
see
our
pipeline
still
running
and
going
through.
If
you
notice
here,
we
have
there's
a
difference
in
the
pipeline.
Okay,
our
review
apps
here
has
been
deleted
because
we
are
done
with
it
and
we
are
now
deploying
our
application
to
production.
If
you
remember
earlier.
C
A
A
A
I
can't
think
I
think,
most
times,
probably
just
like
you
already
know,
you
specified
mysql
as
a
service
which
still
uses
docker
in
docker,
and
it
has
to
wait
for
the
service
to
be
ready
before
the
application
can
create.
I
can't
think
of
anything
at
the
moment,
but
probably
I
will
share
it
with
my
teammate
internally
and
get
back
to
you
within
the.
A
I
don't
know
if
you
can
share
your
email
address
somewhere
or
if
you
are
in
the
meetup
group.
I
can
share
your
response
with
you
and
let
me
answer.
Let
me
copy
the
question
site
then
answer
your
second
question
now
this.
Your
second
question
is
the
other
thing
I
try
to
do
to
call
a
third
party
api
to
run
additional
tests
on
an
app
that
api
is
ghosts.
Inspector
actually
needs
a
publicly
exposed
ip
address.
So
is
there
a
way
to
get
app
ip
from
runner?
That's
interesting.
A
A
A
Let
me
also
look
back
for
you
on
this,
but
of
the
top
of
my
head.
It's
using
gitlab
because
gitlab
is
built
to
just
gitlab
automatically
just
creates
the
machines
using
we
use
google
cloud,
a
google
cloud,
vm
is
automatically
created,
your
job
runs
and
the
machine
is
yeah
ephemeral.
So
it's
it's
lost
after
a
while.
So
I'm
not
sure
the
ip
address
are
in
any
way
provided
or
made
accessible
to
the
to
the.
A
I'll
help
you
investigate
and
share
more
details
with
you,
but
on
the
top
of
my
head.
I'm
thinking
that
if
you
there's
a
way
you
can
use
docker
machine.
If
that's
still
obtainable,
then
probably
here
when
the
images
you
use
to
run
your
jobs,
we
have
some
pots
exposed.
If
that
is
supported
by
supported
by
ghost
inspector
I
used
see
before
so
that
when
you
are
running
your
job,
you
can
call.
I
forgot
this
website
address,
you
call
to
get
the
ip
address
of
the
server
you
are
running
on
iconhazip.org.
A
It
tells
you
the
ipa
address
of
the
server
that
you
are
using.
Then
you
can
fit
that
ip
address
to
the
ghost
inspector,
or
maybe
for
your
specific
use
case
of
ghost
inspector.
You
can
have
a
dedicated
runner
that
will
allow
communication
from
outside,
but
I'll
definitely
investigate.
This
is
an
interesting
use
case.
I
will
investigate
and
share
more
details
with
you.
What's
the
best
way
to
get
information
to
you,
sharing
it
with
francisca
or
or
probably
sharing
it
in
the.