Deployment
GitLab CI
Build, sign, and deploy from GitLab CI.
A reference .gitlab-ci.yml that mirrors the GitHub Actions pipeline.
stages:
- install
- build
- smoke
- deploy
variables:
PNPM_VERSION: "10.10.0"
install:
stage: install
image: node:22
script:
- npm install -g pnpm@${PNPM_VERSION}
- pnpm install --frozen-lockfile
cache:
key:
files:
- pnpm-lock.yaml
paths:
- node_modules
- .pnpm-store
build:
stage: build
image: node:22
needs: [install]
script:
- npm install -g pnpm@${PNPM_VERSION}
- pnpm install --offline
- pnpm build
- ./packages/cli/dist/bin/fabric-harness.js build --target docker
artifacts:
paths:
- .fabricharness/build/docker/
smoke:
stage: smoke
image: node:22
needs: [build]
script:
- npm install -g pnpm@${PNPM_VERSION}
- pnpm install --offline
- cd examples/issue-triage-ci
- ../../packages/cli/dist/bin/fabric-harness.js run triage \
--model mock/test-model \
--payload-file fixtures/issue.json
publish:
stage: deploy
image: docker:27
services:
- docker:27-dind
needs: [build]
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
- cd .fabricharness/build/docker
- docker build -t "$CI_REGISTRY_IMAGE/agents:$CI_COMMIT_SHA" .
- docker push "$CI_REGISTRY_IMAGE/agents:$CI_COMMIT_SHA"The same provenance and attestation flags work — wire COSIGN_PRIVATE_KEY into the GitLab masked variables and add the appropriate flags to the build stage.