GH GambleHub

iGaming taslamalary üçin GitLab CI/CD

(Bölüm: Tehnologiýalar we infrastruktura)

Gysgaça gysgaça

GitLab CI/CD - iGaming programmalary, analitikleri we ML-hyzmatlary üçin "konweýer" üpjünçiligi. Ol: repozitory, kod hökmünde paýlaýynlary, daşky gurşawy we howpsuzlygy dolandyrmagy, konteýnerleriň/paketleriň öz sanawyny, Kubernetes we Terraform bilen integrasiýany, şeýle hem gowşaklygy we ygtyýarnamalary skanirlemegi birleşdirýär. Üstünligiň açary - şol bir paýpline şablonlary, awto-skeýli efemer rannerleri, hukuklaryň we syrlaryň berk modeli, GitOps-prosesleri we çykdajylara gözegçilik.

1) Binagärlik we rollar

GitLab (SaaS ýa-da Öz-özüňi dolandyrýan): toparlar/taslamalar, Goralýan bölümler/bellikler, Merge Request Approvals.
Runners: Docker/Kubernetes/Virtual Machine executors. K8s efemer podlary gurşawyň süýşmegini azaldýar.
Registrler: Container/Package/Dependency Proxy - esasy şekilleri we garaşlylygy kesmek.
Observability: job logs, job artifacts, pipeline insights, eksport metrikleri monitoring.

Rollar: işläp düzüjiler (MR), mainteynerler (approve/release), SecOps (skaner syýasaty), Platform/DevOps (rannerler, şablonlar, GitOps).

2) Esaslar '.gitlab-ci. yml ': basgançaklar, düzgünler, garaşlylyk

yaml stages: [lint, test, build, security, package, deploy]

variables:
DOCKER_DRIVER: overlay2
IMAGE: "$CI_REGISTRY_IMAGE/app:$CI_COMMIT_SHA"

workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

.default:
image: alpine:3. 20 before_script: [ 'apk add --no-cache bash curl jq' ]

lint:
stage: lint script: [ "make lint" ]
rules: [ { if: '$CI_PIPELINE_SOURCE == "merge_request_event"' } ]

unit:
stage: test script: [ "make test" ]
artifacts:
when: always reports: { junit: "reports/junit. xml" }
needs: [ "lint" ]

build_image:
stage: build image: docker:27 services: [ 'docker:27-dind' ]
variables: { DOCKER_TLS_CERTDIR: "" }
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build -t $IMAGE.
- docker push $IMAGE cache:
key: "docker-${CI_COMMIT_REF_SLUG}"
paths: [ "/var/lib/docker" ]
policy: pull-push needs: [ "unit" ]
Amallar:
  • Şahalar/MR/taglar üçin 'rules'; DAG-paralellik üçin 'needs'; JUnit/coverage üçin 'artifacts: reports'; goşmaça paýlaýnlary açmazlyk üçin 'workflow'.

3) Rannerler we awto-skeýl

Kubernetes executor (maslahat berilýär)

Efemer podlary, CPU/RAM kwotalary, nodeSelector/taints, syrlaryň izolýasiýasy.
Keş/artefaktlar: obýekt saklaýyş; dependency proxy для NPM/Maven/PyPI/Docker.

Docker executor

Başlangyç; artykmaçlyksyz ýygnamak üçin DinD ýa-da Kaniko/BuildKit ulanyň.

Maslahatlar:
  • Ýükleriň görnüşleri boýunça aýratyn ranner howuzlary (Build/Test/Security/ML); topara/taslama concurrency çäkleri; ranner bellikleri ('k8s', 'gpu', 'security').

4) Keşler, artefaktlar we matrisalar

yaml cache:
key: "pip-${CI_COMMIT_REF_SLUG}"
paths: [ "venv/", ".cache/pip/" ]
policy: pull-push

test:py:
stage: test parallel:
matrix:
- PY: ["3. 10", "3. 12"]
image: python:${PY}
script:
- python -m venv venv &&. venv/bin/activate
- pip install -r requirements. txt
- pytest -q

Traffigi we wagty tygşytlamak üçin global dependency proxy, matrisa boýunça split-tests, arassaçylyk üçin artifacts:expire_in.

5) Howpsuzlyk we laýyklyk (Shift-Left)

"security-stage" görnüşi: 
yaml sast:
stage: security image: registry. gitlab. com/security-products/sast:latest script: [ "analyzer run" ]
artifacts: { reports: { sast: "gl-sast-report. json" } }
rules: [ { if: '$CI_PIPELINE_SOURCE == "merge_request_event"' } ]

secret_detection:
stage: security image: registry. gitlab. com/security-products/secret-detection:latest script: [ "analyzer run" ]
artifacts: { reports: { secret_detection: "gl-secret-report. json" } }

sbom:
stage: security image: alpine:3. 20 script:
- apk add syft cosign
- syft $IMAGE -o cyclonedx-json > sbom. json
- cosign sign --key $COSIGN_KEY $IMAGE artifacts:
reports: { cyclonedx: "sbom. json" }

Şeýle hem: Stendler üçin DAST, Dependency/License Compliance, möhüm gözleglerde hökmany MR-approvals, üýtgeýjileri gizlemek.

6) Gurşaw, syn Programmalary we neşirler

yaml review:
stage: deploy image: bitnami/kubectl environment:
name: review/$CI_COMMIT_REF_SLUG url: https://$CI_COMMIT_REF_SLUG. apps. example. com on_stop: stop_review script:
-./deploy. sh --env=review --image=$IMAGE rules: [ { if: '$CI_PIPELINE_SOURCE == "merge_request_event"' } ]

stop_review:
stage: deploy when: manual environment:
name: review/$CI_COMMIT_REF_SLUG action: stop script: [ "./deploy. sh --env=review --delete" ]

Release/Tag paypline: Helm-çarty/artefaktlary çap etmek, goýberiş belliklerini döretmek, şekillere gol çekmek.

7) Progressive delivery: canary/blue-green

yaml deploy_canary:
stage: deploy script: [ "./helm_upgrade. sh --set canary. weight=10 --image=$IMAGE" ]
environment: { name: production }
rules: [ { if: '$CI_COMMIT_TAG' } ]

promote_100:
stage: deploy when: manual script: [ "./helm_upgrade. sh --set canary. weight=100" ]
needs: [ "deploy_canary" ]

Gözegçilikden quality gates: SLO latency/error-rate → rugsat/yza gaýdyň.

8) Parent/Child we multiproekt paýlaýynlary

Parent/Child: uly monorepo çaltlaşdyrýar (her komponent - child pipeline).

yaml trigger_components:
stage: build trigger:
include: [ "ci/component-a. yml", "ci/component-b. yml" ]
strategy: depend

Multi-Project: "Release" taslamasy CD-ni manifest-repoda (GitOps) iterýär.

9) GitOps и Terraform/IaC

GitOps MR arkaly manifest-repozitoriýa

yaml gitops_bump:
stage: deploy image: alpine/git script:
- git clone $MANIFESTS_REPO manifests
- yq -i '.image = env(IMAGE)' manifests/apps/app/values. yaml
- cd manifests && git commit -am "bump $CI_COMMIT_SHA" && git push origin HEAD:$TARGET_BRANCH

Terraform в CI

yaml terraform:
stage: deploy image: hashicorp/terraform:1. 9 script:
- terraform init -backend-config="bucket=$TF_BUCKET"
- terraform plan -out tfplan
- terraform apply -auto-approve tfplan rules: [ { if: '$CI_COMMIT_BRANCH == "infra"'} ]

10) Syrlar we elýeterlilik

CI Variables: masked/protected; gurşawlara/toparlara bölüň.
Protected branches/tags: deploy v prod - diňe goralýan şahalardan we el bilen tassyklanan.
Daşarky syrlar: Secrets Manager/HashiCorp Vault (JWT/OIDC) bilen integrasiýa, diňe job.

11) Paýlaýynlaryň we SLO-laryň syn edilmegi

Pipeline DORA/KPI: lead time, deployment frequency, change fail rate, MTTR.
Gurallar: retrailer/wagtlar, blokirlemeýän meseleler üçin 'allow _ failure', kody ýapmak hasabaty.
Metrikleri eksport etmek: tapgyrlaryň dowamlylygy, rannerleriň nobaty, success ratio; ChatOps-daky alertler.

12) FinOps: bahasy we öndürijiligi

Dependency Proxy + Docker endikleriniň we gatlaklarynyň keşi.
Ranner howuzlaryny (prod/security/ML) concurrency çäkleri bilen bölmek.
Awto-arakesme Syny Apps we hereketsiz gurşaw; 'artifacts: expire _ in'.
Uly gurnamalar - spot/çydamly howuzlarda; esasy şekilleri gyzdyrmazdan öň.

13) iGaming-mysallar üçin şablonlar

Backend/API hyzmaty

yaml include: [ "ci/includes/security. yml", "ci/includes/docker. yml" ]
deploy_prod:
stage: deploy environment: { name: production, url: https://api. example. com }
script: [ "./helm_upgrade. sh --env=prod --image=$IMAGE" ]
rules: [ { if: '$CI_COMMIT_TAG' } ]

ETL/DBT modeli

yaml dbt_run:
stage: build image: ghcr. io/dbt-labs/dbt-snowflake:latest script: [ "dbt deps", "dbt run --profiles-dir. ", "dbt test" ]
artifacts: { paths: [ "target/" ], expire_in: 3 days }

ML/LLM artefakt

yaml ml_pack:
stage: package image: nvidia/cuda:12. 1. 0-runtime-ubuntu22. 04 tags: [ "gpu" ]
script:
- python export_onnx. py
- trtexec --onnx=model. onnx --saveEngine=model. plan artifacts: { paths: [ "model. plan", "model. onnx" ] }

14) Girizmegiň çek-sanawy

1. "Lint/test/build/security/deploy" buýruklary üçin "paypline" we "Shared Includes" şablonlaryny kesgitläň.
2. Efemer K8s-rannerlerini açyň, dependency proxy, obýekt storage artefaktlary/kesh.
3. Rules/needs/DAG, matrisa we paralelligi giriziň.
4. SAST/DAST/Secret/SBOM/License we MR-approvals syýasatlaryny sazlaň.
5. Environments/Review Apps, awtomatiki örtük we arassa URL-leri guraň.
6. GitOps-y açyň: aýratyn manifest-repo, MR-bamply şekiller/diagrammalar.
7. Gizlin dolandyryşy üpjün ediň (masked/protected, Vault/OIDC), protected branches/tags.
8. Terraform/IaC we "kod hökmünde gözegçilik" birikdiriň.
9. FinOps-praktikalary giriziň: rannerleriň çäkleri, keş/proxy, artefaktlaryň ekspirasy, stendleriň awtopauzasy.
10. Yzygiderli game-day: ranneriň düşmegi, kesiň doldurylmagy, sanawyň elýeterli däldigi.

15) Antipatternler

Izolýasiýa we kwotalar bolmazdan bir "ähliumumy" ranner.
Payplaynlar 'rules' (hemişe "), 'needs' (haýal).
Prod-rannerlerde DinD artykmaç ýygnaklary çäklendirmesiz.
Syrlary repozitoriýada/job.
Howpsuzlyk tapgyrynyň we MR-approvals-yň ýoklugy.
Tükeniksiz gözden geçirmek Apps 'on _ stop' we 'expire _ in'.
Protected tags bolmazdan prod-da el bilen çykarylýar.

Netijeler

GitLab CI/CD iGaming buýruklaryna çalt we öňünden aýdyp boljak neşirleri berýär: ýeke-täk şablonlar, rannerleriň awto-skaýly, ýokary hilli howpsuzlyk geýtleri, gurşaw we progressiw deploiler, GitOps we Terraform-integrasiýa. "FinOps" -y hem syn ediň - programmalaryňyz, ETL we ML-hyzmatlaryňyz yzygiderli, howpsuz we gözegçilik edilýän baha bilen çykarylar.

Contact

Biziň bilen habarlaşyň

Islendik sorag ýa-da goldaw boýunça bize ýazyp bilersiňiz.Biz hemişe kömek etmäge taýýar.

Integrasiýany başlamak

Email — hökmany. Telegram ýa-da WhatsApp — islege görä.

Adyňyz obýýektiw däl / islege görä
Email obýýektiw däl / islege görä
Tema obýýektiw däl / islege görä
Habar obýýektiw däl / islege görä
Telegram obýýektiw däl / islege görä
@
Eger Telegram görkezen bolsaňyz — Email-den daşary şol ýerden hem jogap bereris.
WhatsApp obýýektiw däl / islege görä
Format: ýurduň kody we belgi (meselem, +993XXXXXXXX).

Düwmäni basmak bilen siz maglumatlaryňyzyň işlenmegine razylyk berýärsiňiz.