- Get started
- Runners
- YAML configuration file
- Convert a declarative Jenkinsfile
- Secrets Management
- Additional resources
Migrating from Jenkins
If you’re migrating from Jenkins to GitLab CI/CD, you should be able to create CI/CD pipelines that do everything you need.
You can start by watching the Migrating from Jenkins to GitLab video for examples of:
- Converting a Jenkins pipeline into a GitLab CI/CD pipeline.
- Using Auto DevOps to test your code automatically.
Get started
The following list of recommended steps was created after observing organizations that were able to quickly complete this migration.
Before doing any migration work, you should start with a migration plan.
Engineers that need to migrate projects to GitLab CI/CD should:
- Read about some key GitLab CI/CD features.
- Follow tutorials to create:
- Your first GitLab pipeline.
- A more complex pipeline that builds, tests, and deploys a static site.
- Review the
.gitlab-ci.yml
keyword reference. - Ensure runners are available, either by using shared GitLab.com runners or installing new runners.
- Migrate build and CI jobs and configure them to show results directly in merge requests. You can use Auto DevOps as a starting point, and customize or decompose the configuration as needed.
- Migrate deployment jobs by using cloud deployment templates, environments, and the GitLab agent for Kubernetes.
- Check if any CI/CD configuration can be reused across different projects, then create and share templates.
- Check the pipeline efficiency documentation to learn how to make your GitLab CI/CD pipelines faster and more efficient.
If you have questions that are not answered here, the GitLab community forum can be a great resource.
Key GitLab CI/CD features
GitLab CI/CD key features might be different or not exist in Jenkins. For example, in GitLab:
- Pipelines can be triggered with:
- You can control which jobs run in which cases with the
rules
syntax. - You can reuse pipeline configurations:
- Use the
extends
keyword to reuse configuration in a single pipeline configuration. - Use the
include
keyword to reuse configuration across multiple pipelines and projects.
- Use the
- Jobs are grouped into stages, and jobs in the same stage can run at the same time.
Stages run in sequence. Jobs can be configured to run outside of the stage ordering with the
needs
keyword. - The
parallel
keyword can automatically parallelize tasks, especially tests that support parallelization. - Jobs run independently of each other and have a fresh environment for each job.
Passing artifacts between jobs is controlled using the
artifacts
anddependencies
keywords. - The
.gitlab-ci.yml
configuration file exists in your Git repository, like aJenkinsfile
, but is a YAML file, not Groovy. - GitLab comes with a container registry. You can build and store custom container images to run your jobs in.
Runners
Like Jenkins agents, GitLab runners are the hosts that run jobs. If you are using GitLab.com, you can use the shared runner fleet to run jobs without provisioning your own runners.
To convert a Jenkins agent for use with GitLab CI/CD, uninstall the agent and then install and register a runner. Runners do not require much overhead, so you might be able to use similar provisioning as the Jenkins agents you were using.
Some key details about runners:
- Runners can be configured to be shared across an instance, a group, or dedicated to a single project.
- You can use the
tags
keyword for finer control, and associate runners with specific jobs. For example, you can use a tag for jobs that require dedicated, more powerful, or specific hardware. - GitLab has autoscaling for runners. Use autoscaling to provision runners only when needed and scale down when not needed, similar to ephemeral agents in Jenkins.
YAML configuration file
GitLab pipeline configuration files use the YAML format instead of the Groovy format that Jenkins uses.
Using YAML is a strength of GitLab CI/CD, as it is a simple format to understand and start using. For example, a small configuration file with two jobs and some shared configuration in a hidden job:
.test-config:
tags:
- docker-runners
stage: test
test-job:
extends:
- .docker-config
script:
- bundle exec rake rspec
lint-job:
extends:
- .docker-config
script:
- yarn run prettier
In this example:
- The commands to run in jobs are added with the
script
keyword. - The
extends
keyword reduces duplication in the configuration by adding the sametags
andstage
configuration defined in.test-config
to both jobs.
Artifacts
In GitLab, any job can use the artifacts
keyword
to define a set of artifacts to be stored when a job completes.
Artifacts are files that can be used in later jobs, for example for testing or deployment.
For example:
pdf:
script: xelatex mycv.tex
artifacts:
paths:
- mycv.pdf
- output/
expire_in: 1 week
In this example:
- The
mycv.pdf
file and all the files inoutput/
are stored and could be used in later jobs. - To save resources, the artifacts expire and are deleted after one week.
Scanning features
You might have used plugins for things like code quality, security, or static application scanning in Jenkins. Tools like these are already available in GitLab and can be used in your pipeline.
GitLab features including code quality, security scanning, SAST, and many others generate reports when they complete. These reports can be displayed in merge requests and pipeline details pages.
Templates
For organizations with many CI/CD pipelines, you can use project templates to configure custom CI/CD configuration templates and reuse them across projects.
Group maintainers can configure a group to use as the source for custom project templates. These templates can be used by all projects in the group.
An instance administrator can set a group as the source for instance project templates, which can be used by all projects in that instance.
Convert a declarative Jenkinsfile
A declarative Jenkinsfile contains “Sections” and “Directives” which are used to control the behavior of your pipelines. Equivalents for all of these exist in GitLab, which we’ve documented below.
This section is based on the Jenkinsfile syntax documentation and is meant to be a mapping of concepts there to concepts in GitLab.
Sections
agent
The agent section is used to define how a pipeline executes. For GitLab, we use runners to provide this capability. You can configure your own runners in Kubernetes or on any host. You can also take advantage of our shared runner fleet (the shared runner fleet is only available for GitLab.com users). We also support using tags to direct different jobs to different runners (execution agents).
The agent
section also allows you to define which Docker images should be used for execution, for which we use
the image
keyword. The image
can be set on a single job or at the top level, in which
case it applies to all jobs in the pipeline:
my_job:
image: alpine
post
The post
section defines the actions that should be performed at the end of the pipeline. GitLab also supports
this through the use of stages. You can define your stages as follows, and any jobs assigned to the before_pipeline
or after_pipeline
stages run as expected. You can call these stages anything you like:
stages:
- before_pipeline
- build
- test
- deploy
- after_pipeline
Setting a step to be performed before and after any job can be done via the
before_script
and after_script
keywords:
default:
before_script:
- echo "I run before any jobs starts in the entire pipeline, and can be responsible for setting up the environment."
stages
GitLab CI/CD also lets you define stages, but is a little bit more free-form to configure. The GitLab stages
keyword
is a top level setting that enumerates the list of stages. You are not required to nest individual jobs underneath
the stages
section. Any job defined in the .gitlab-ci.yml
can be made a part of any stage through use of the
stage
keyword.
Unless otherwise specified, every pipeline is instantiated with a build
, test
, and deploy
stage
which are run in that order. Jobs that have no stage
defined are placed by default in the test
stage.
Of course, each job that refers to a stage must refer to a stage that exists in the pipeline configuration.
stages:
- build
- test
- deploy
my_job:
stage: build
steps
The steps
section is equivalent to the script
section of an individual job. The steps
section is a YAML array
with each line representing an individual command to be run:
my_job:
script:
- echo "hello! the current time is:"
- time
Directives
environment
In GitLab, we use the variables
keyword to define different variables at runtime.
These can also be set up through the GitLab UI, under CI/CD settings. See also our general documentation on variables,
including the section on protected variables. This can be used
to limit access to certain variables to certain environments or runners:
variables:
POSTGRES_USER: user
POSTGRES_PASSWORD: testing_password
options
Here, options for different things exist associated with the object in question itself. For example, options related to jobs are defined in relation to the job itself. If you’re looking for a certain option, you should be able to find where it’s located by searching our complete configuration reference page.
parameters
GitLab does not require you to define which variables you want to be available when starting a manual job. A user can provide any variables they like.
triggers
/ cron
Because GitLab is integrated tightly with Git, SCM polling options for triggers are not needed. We support a syntax for scheduling pipelines.
tools
GitLab does not support a separate tools
directive. Our best-practice recommendation is to use pre-built
container images. These images can be cached and can be built to already contain the tools you need for your pipelines. Pipelines can
be set up to automatically build these images as needed and deploy them to the container registry.
If you don’t use container images with Docker or Kubernetes, but use the shell
executor on your own system,
you must set up your environment. You can set up the environment in advance, or as part of the jobs
with a before_script
action that handles this for you.
input
Similar to the parameters
keyword, this is not needed because a manual job can always be provided runtime
variable entry.
when
GitLab does support a when
keyword which is used to indicate when a job should be
run in case of (or despite) failure. Most of the logic for controlling pipelines can be found in
our very powerful rules
system:
my_job:
script:
- echo
rules:
- if: $CI_COMMIT_BRANCH
Secrets Management
Privileged information, often referred to as “secrets”, is sensitive information or credentials you need in your CI/CD workflow. You might use secrets to unlock protected resources or sensitive information in tools, applications, containers, and cloud-native environments.
Secrets management in Jenkins is usually handled with the Secret
type field or the
Credentials Plugin. Credentials stored in the Jenkins settings can be exposed to
jobs as environment variables by using the Credentials Binding plugin.
For secrets management in GitLab, you can use one of the supported integrations for an external service. These services securely store secrets outside of your GitLab project, though you must have a subscription for the service:
GitLab also supports OIDC authentication for other third party services that support OIDC.
Additionally, you can make credentials available to jobs by storing them in CI/CD variables, though secrets stored in plain text are susceptible to accidental exposure, the same as in Jenkins. You should always store sensitive information in masked and protected variables, which mitigates some of the risk.
Also, never store secrets as variables in your .gitlab-ci.yml
file, which is public to all
users with access to the project. Storing sensitive information in variables should
only be done in the project, group, or instance settings.
Review the security guidelines to improve the safety of your CI/CD variables.
Additional resources
-
You can use the JenkinsFile Wrapper to run a complete Jenkins instance inside of a GitLab CI/CD job, including plugins. Use this tool to help ease the transition to GitLab CI/CD, by delaying the migration of less urgent pipelines.
The JenkinsFile Wrapper is not packaged with GitLab and falls outside of the scope of support. For more information, see the Statement of Support. - If your tooling outputs packages that you want to make accessible, you can store them in a package registry.
- Use review Apps to preview changes before merging them.