🚀 Mastering GitLab CI/CD Essentials
ABHISHEK WAGHMARE
GitLab has become a go-to DevOps platform because it offers powerful CI/CD automation straight out of the box. If you're new to GitLab pipelines, it's important to understand a few key building blocks: Runners, Variables & Secrets, and Artifacts.
In this blog, we’ll explain these terms simply with examples and use cases so that you can build secure, automated, and efficient pipelines. Let’s dive in! 👇
🛠️ Runner’s :
1. 🏃♂️ What is a GitLab Runner?
🔹 Definition:
A GitLab Runner is a lightweight agent that runs your CI/CD pipeline jobs. It reads your .gitlab-ci.yml file and executes steps like build, test, or deploy.
🔹 Meaning:
A GitLab Runner is a lightweight, highly scalable agent that runs CI/CD (Continuous Integration/Continuous Deployment) jobs from GitLab. It executes pipelines defined in .gitlab-ci.yml and sends the results back to GitLab.
• Key Functions of GitLab Runner
Executes Jobs – Runs tasks like building, testing, and deploying code.
Works with Pipelines – Processes stages defined in
.gitlab-ci.yml.Scalable – Can be installed on multiple machines (local, cloud, or containers) for parallel job execution.
Supports Multiple Executors – Can run jobs in:
Docker
Kubernetes
Shell (directly on the host machine)
Virtual Machines (VM)
SSH (remote servers)
• Types of GitLab Runners
Instance Runners/Shared Runners – Managed by GitLab (available on GitLab.com for public projects or self-managed instances).
Group Runners – Available to all projects within a GitLab group.
Project-specific Runners – Dedicated to a single project.
• How It Works
GitLab detects a pipeline trigger (e.g., code push, merge request).
GitLab assigns jobs to available Runners.
The Runner fetches the code and executes the job based on
.gitlab-ci.yml.Results are reported back to GitLab (success/failure logs).
• Example Use Cases
Automated Testing – Run unit/integration tests on every commit.
Docker Image Building – Automatically build and push containers.
Deployment – Deploy to staging/production when tests pass.
• Installation & Setup
- Goto project → Settings → CI/CD → Runners ( you can choose your priority )
🔹 GitLab Runner Types:
Project Runner, Group Runner and Shared Runner/Instance Runners
🧱 1. Project Runner
🔹 Definition:
A Project Runner is registered and used only for a specific GitLab project. It cannot be used by other projects unless manually assigned.
🎯 Use Case:
When a project has custom requirements, like specific dependencies or a custom Docker image.
Useful for isolation and security.
📍 Where to Find:
Project → Settings → CI/CD → Runners → Specific Runners
👪 2. Group Runner
🔹 Definition:
A Group Runner is assigned at the GitLab group level and is available to all projects within that group.
🎯 Use Case:
When you manage multiple related projects (e.g., microservices) and want to reuse the same runner.
Ensures consistency across pipelines in the group.
📍 Where to Find:
Group → Settings → CI/CD → Runners
🌍 3. Instance Runner (Shared Runner)
🔹 Definition:
An Instance Runner is registered at the GitLab instance level (admin level) and is available to every project on that GitLab server (self-managed or GitLab.com).
🎯 Use Case:
Shared infrastructure across all teams.
For organizations using self-hosted GitLab with centralized build servers.
📍 Where to Find (Self-managed GitLab only):
Admin Area → CI/CD → Runners
✅ Comparison Table
| Runner Type | Scope | Best For | Setup By |
| 🧱 Project Runner | One project only | Isolation, custom envs | Project Maintainer |
| 👪 Group Runner | All group projects | Reuse across related projects | Group Owner |
| 🌍 Instance Runner | All GitLab projects | Large orgs, shared build infra | GitLab Admin |
Now, How to Create a GitLab Project Runner ( Name: runner-1)
🪜 Step-by-Step Setup
🔹 Step 1: Install GitLab Runner (if not installed)
On the machine where you want to run the jobs (e.g., Ubuntu server):
sudo apt-get update
sudo apt-get install -y curl
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
sudo apt-get install gitlab-runner
🔹 Step 2: Go to Your Project Settings
Navigate to your GitLab project
Go to Settings → CI/CD
Expand the Runners section
Click on Create project runner
give tag
runner-1& Create runner
You’ll find:
Select Platform ( I'll go with Linux )
click on How do I install GitLab Runner ? & Follow Steps ( in Your Ubuntu )
Follow the Register Runner steps ( in Your Ubuntu )
🔹 Step 3: Verify the Runner in Ubuntu & GitLab UI
Ubuntu :
gitlab-runner status- gitlab-runner: Service is runninggitlab-runner start- Starts the runner servicegitlab-runner stop- Stops the runner servicegitlab-runner restart- Restarts the runner servicegitlab-runner run• For debugging runner issues (you see logs directly in console)
• During initial setup and verification
GitLab
Go back to the Project → Settings → CI/CD → Runners
You’ll now see
runner-1listed under "Available specific runners"
🔹 Step 5: Use the Runner in Your .gitlab-ci.yml
To ensure your pipeline uses runner-1, you can assign its tags:
build-job:
stage: build
script:
- echo "Hello from runner-1 "
tags:
- runner-1
🎉 Done!
Your Project Runner runner-1 is now active and will run your pipeline jobs only for this project.
some time your pipeline is failed because runner remove old runners ( Instance runners ) you can try again 3,4 times otherwise :
Go to Ubuntu → home → gitla-runner → ls -a → edit file [ .bash_logout ] Add #️⃣ comment before all lines → wq + enter
Now your pipeline will run smoothly.
🆚 Self-Hosted vs SaaS (GitLab.com) Runners
CI/CD runners are the engines that execute your pipelines—but which type should you use? Let’s break it down.
🏠 1. Self-Hosted Runners
🔹 What Are They?
Runners that you install and manage on your own machine, server, or cloud VM. They can be assigned as project, group, or instance runners.
🛠️ Examples:
A Linux VM with Docker
AWS EC2, GCP Compute Engine
On-premises physical server
✅ Pros:
🔒 Full control over environment
📦 Customize tools, images, and security
💸 No limit on usage (cost-effective for large teams)
🧰 Supports custom executors (Docker, Kubernetes, shell, etc.)
❌ Cons:
⚙️ You manage installation, scaling, and updates
🧯 Responsible for security and failure recovery
🧠 More DevOps knowledge required
The Project Runner runner-1 is also called as Self Hosted runner
☁️ 2. SaaS Runners ( GitLab-hosted )
🔹 What Are They?
Runners provided and maintained by GitLab.com. These are available out-of-the-box when using GitLab SaaS (https://gitlab.com).
🛠️ Examples:
- GitLab's own Docker-based runners (shared runners)
✅ Pros:
🚀 Quick setup (zero config)
🧑💻 No maintenance burden
☁️ Scales automatically
❌ Cons:
⛔️ Limited minutes in free plan (400 CI/CD mins/month)
🚫 No access to private networks or on-prem resources
🧩 Less control over environment and caching
🧪 Real-World Example:
| Small open-source project : | Saas Runner ( free and easy ) |
| Enterprise with private code : | 🏠 Self-Hosted Runner ( secure and customizable ) |
| Running pipelines in Kubernetes : | 🏠 Self-Hosted Runner with K8s executor |
| Need GitLab to manage everything : | ☁️ SaaS Runner |
📊 Summary Table
| Feature | 🏠 Self-Hosted Runner | ☁️ SaaS (GitLab) Runner |
| Who manages it? | You | GitLab |
| Access to infra | Full (can run private tools) | Limited (public-only) |
| Setup time | Manual | Instant |
| Custom environment | ✅ Yes | ❌ No |
| Cost on large scale | Cost-effective | Expensive (if minutes used) |
| Performance | Faster with caching possible | Slower for heavy jobs |
| Ideal for | Private orgs, enterprises | Small teams, open-source |
a single GitLab Runner can execute multiple pipelines, even across different projects. It picks up jobs based on tags and availability. This makes it efficient for handling parallel or queued CI/CD workloads.
⚙️ Choosing Between Self-Hosted and SaaS Runners: What's Right for You?
Self-Hosted Project Runner:
If you've manually installed and registered a runner like
runner-1on your own server or machine, you're using a Self-Hosted Project Runner. This gives you full control over the environment, lets you install custom tools, and is ideal for secure, high-performance pipelines—especially when working within private networks or enterprise setups.SaaS Shared Runner :
On the other hand, if you're simply pushing code to GitLab and pipelines run automatically without you setting up anything, you're using a GitLab SaaS Shared Runner. These are fully managed by GitLab, require no setup or maintenance, and are great for quick starts, small projects, or open-source contributions—as long as you're okay with usage limits like the 400 CI/CD minutes per month on the free plan.
🔐 Variables & Secrets :
1. Variables
✅ What are Variables in GitLab?
Definition:
GitLab Variables are key-value pairs that you can use to pass dynamic data into your CI/CD pipelines.
They help you:
Avoid hardcoding values
Reuse configuration across jobs
Safely inject secrets into your pipelines
🧰 Types of GitLab Variables
| Type | Meaning | Example |
| 🔧 Predefined (Built-in) | Created by GitLab automatically. | CI_COMMIT_BRANCH, CI_JOB_ID |
| 👤 User-defined | Custom variables you define | DEPLOY_ENV, API_KEY |
| 🔒 Secret Variables | Sensitive variables like tokens, passwords, stored securely | DOCKERHUB_PASSWORD |
1️⃣ Inbuilt Variables (Predefined Variables)
Meaning:
Automatically created by GitLab during pipeline execution. You don’t need to define them.
Automatically provided by GitLab.
Start with
CI_orGITLAB_Cannot be modified by users.
| Variable | Description | Example |
CI_COMMIT_BRANCH | Name of the branch | main, dev, feature-x |
CI_PIPELINE_ID | Unique ID for the pipeline | 1247 |
CI_PROJECT_NAME | Name of the project | my-app |
CI_JOB_STAGE | Current job’s stage (build, test) | test |
📌 Use case:
script:
- echo "Running on branch: $CI_COMMIT_BRANCH"
2️⃣ Custom Variables (User-Defined)
Meaning:
These are variables you create in GitLab (under Settings → CI/CD → Variables) to pass values like credentials or environment info.
Defined by users in
.gitlab-ci.ymlor GitLab UI.Any name allowed (e.g.,
DEPLOY_ENV,API_KEY).Can be masked/protected for secrets.
Example:
yaml
variables: DEPLOY_ENV: "production" # Custom SECRET_KEY: $SECRET_KEY # Defined in UI deploy: script: - echo "Env: $DEPLOY_ENV" # Custom
✅ How to Add Your Own Variables (User-defined/Secrets)
Steps:
Go to your GitLab project
Settings → CI/CD → Variables
Click Add Variable
Fill in: For DockerHub Password
Key: e.g.,DOCKERHUB_PASSWORDValue: e.g.,supersecret123Enable ✅ Mask (optional) – hides it in logs
Enable ✅ Protect (optional) – only available in protected branches
same process for DockerHub USER
✅ Using Variables in .gitlab-ci.yml
Using secrets securely:
script:
- echo "$DOCKERHUB_PASSWORD" | docker login -u "$DOCKERHUB_USER" --password-stdin
🔐 Secrets in GitLab CI/CD
| Feature | Purpose |
| ✅ Masked | Hides value, secret from CI logs |
| ✅ Protected | Only used in protected branches/tags |
| ✅ File | Store multi-line secrets (like JSON, PEM) |
Best Practice:
Never hardcode secrets in YAML.
Use masked + protected for credentials.
• Key Difference
| Type | Built-in | Custom | Secret |
| Source | GitLab (auto) | User-defined | User-defined (secure) |
| Prefix | CI_ or GITLAB_ | Any name | Any name |
| Example | $CI_PIPELINE_ID | $DEPLOY_ENV | $DB_PASSWORD (masked) |
| Security | Visible in logs | Optional masking | ✅ Masked + Protected |
Built-in: Pipeline metadata (e.g., branch, job ID).
Custom: Configs (e.g., env vars).
Secret: Credentials (always protect!).
📁 Artifacts :
📦 What Are Artifacts in GitLab?
✅ Definition:
In GitLab CI/CD, an artifact is a file or directory created during a job that you want to save and share between pipeline stages or download after the pipeline finishes.
🎯 Key Use Cases:
Pass build outputs (e.g., binaries, logs) between jobs
Store test reports (JUnit, coverage) for visualization
Preserve debug files (logs, screenshots)
In simple words :
Artifacts are like final results or outputs of a job that you preserve for:
Future stages (pass between jobs)
Team inspection (download later)
Debugging or analysis
🎯 Real-World Example:
Let’s say you have this pipeline:
A
buildjob that creates a.jarfile.A
testjob that runs tests on that.jar.You need to save and pass that
.jarbetween jobs — use artifacts!
🔧 GitLab CI/CD Example Script:
stages:
- build
- test
build_job:
stage: build
script:
- echo "This is build job for Artifacts"
- mkdir -p builds
- echo "This is Artifacts log" > builds/app.log
- echo "More logs..." >> builds/app.log
artifacts:
paths:
- builds
expire_in: 1 week
test_job:
stage: test
script:
- echo "This is test job using Artifacts"
- cat builds/app.log
artifacts:
paths:
- builds
expire_in: 1 hour
📘 Explanation:
build_jobcreates abuilds/folder with a log fileapp.log.artifacts:tells GitLab to save thebuilds/folder after the job.expire_in: 1 weekkeeps the artifact available for later jobs.test_jobdepends onbuild_joband uses the same artifact.test_jobruns afterbuild_joband automatically uses the saved artifact to readapp.log.
🛠️ Common Use Cases:
| Use Case | Artifact Type | Purpose |
| Save compiled code | .jar, .exe, .zip | Pass to test or deploy stages |
| Save test reports | junit.xml, coverage.html | Upload and view results in GitLab UI |
| Store logs or output files | .log, .txt | Debug failures or errors later |
| Share generated configs | .env, .yaml, .json | Reuse in another stage |
✅ Bonus: Download Artifacts
You can download artifacts from:
GitLab UI → CI/CD → Pipelines → Job → Download artifacts
Or use GitLab API (for automation)
🧾 Summary:
Artifacts = Output files saved from a job.
Used to pass data between pipeline stages or for download/debug.
Defined using
artifacts:in.gitlab-ci.yml.Useful for compiled files, logs, test reports, configs, etc.
✅ Conclusion:
Understanding Runners, Variables, and Artifacts is essential to building powerful, secure, and maintainable GitLab pipelines.
🏃♂️ Runners are the backbone of GitLab CI/CD — they execute your pipeline jobs. Choosing between Self-Hosted and SaaS Shared Runners depends on your project’s complexity, performance needs, and control over infrastructure.
🔐 Variables and Secrets help you securely manage environment-specific values and credentials. Use custom and masked variables for flexibility, and never hardcode secrets in your YAML.
📦 Artifacts are your job outputs — whether logs, reports, or builds. Use them to pass data between stages, enable debugging, or generate deployable assets.
💡 Pro Tip: Combine these features to build secure, efficient, and automated DevOps workflows!
🧩 Stay tuned for Part 3 where we’ll build a real-world CI/CD project using GitLab!
🚀 From code to deployment — everything automated!
Subscribe to my newsletter
Read articles from ABHISHEK WAGHMARE directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
ABHISHEK WAGHMARE
ABHISHEK WAGHMARE
An Introduction To DevOps: Where Development And Operations Meet 🔍 My DevOps learner journey has been inspired by a true passion for continual personal development and a genuine curiosity for cloud and automation technologies. With the practice of engaging in numerous online coursework and community threads, I have built a growing comprehension of what is necessary for everyday life in the tools offered from Docker, Jenkins, and Kubernetes, which are mandatories in the IT Society. 🛠 What sets me apart? A commitment to practical application. Through personal projects, I actively implement my learning to solve real-world problems, gaining hands-on experience. This proactive approach helps me not only understand technologies at a surface level but to deeply integrate them into effective solutions. My ultimate goal? To merge innovative DevOps practices with business objectives to streamline operations and boost productivity in any tech landscape. I am eager to bring my fresh perspective and evolving expertise to a vibrant team, where continuous learning is intertwined with company growth. 📨 Let’s connect and explore how we can drive progress together in the fascinating world of DevOps!