Gitlab CI/CD is ❤️

inally, I got to check out GitLab's version of CI/CD in the scope of investigating ways to detach terraform applications from people. Specifically, I tried Terraform Cloud and Spacelift and it didn't feel like something solving a problem. It feels more like it's moving it to other spots.

To make it more fun, I started with the virtual goal of creating an IaC repository that's based on Opentofu and is applied automatically in a secure way. The repo is connected to GCP and applies on merge (no drift detection in PoC). It creates RDBMS, Kubernetes, and a few other small things. It should be complicated since service providers that automate this part of CI on your behalf are being paid, right?

The image at the bottom is the only thing you need to run Opentofu with authentication through workload federation (which is the way). Bravo GitLab. It's amazing how feature-dense you guys keep it while everything is straightforward to find information about. Here's the whole repository that has the defined goal fully reached in half a day: https://lnkd.in/eV4fbSkM.

But then why the specialized paid service? Of course, what I defined is nothing but the naive first step. We need drift detection and such. But it still doesn't seem like much of a debt, if CI itself supports the mechanical part. I didn't check thoroughly, but I wouldn't be surprised if GitLab already has higher-level helpers schedule it and, e.g. yell to Slack if the plan is non-empty outside of PRs.

Yes, that's still some functionality but services that are supposed to do that need to be integrated in a very similar way. What's the difference between triggering Spacelift execution (and supporting yet another new service with all problems like authentication federation, configuration, etc) and having it in Gitlab workflows?

I know one. GitLab doesn't charge you per resource :)