📝 Add GitLab CI/CD examples

* GitLab Pages
* npm deployment with rsync
* Multi-Arch-Images with Buildah

Author: veit

docs/productive/envs/uv/cicd.rst

@@ -6,8 +6,9 @@ CI/CD pipelines
 GitLab CI/CD
 ------------
 
-For :doc:`GitLab CI/CD pipelines </productive/git/advanced/gitlab/ci-cd>` there
-are various Docker images with pre-installed ``uv``: Available images
+For :doc:`GitLab CI/CD pipelines
+</productive/git/advanced/gitlab/ci-cd/index>`>` there are various Docker images
+with pre-installed ``uv``: Available images
 <https://docs.astral.sh/uv/guides/integration/docker/#available-images>`_.
 
 .. code-block:: yaml

docs/productive/git/advanced/gitlab/ci-cd/buildah.rst

@@ -0,0 +1,95 @@
+.. SPDX-FileCopyrightText: 2022–2025 Veit Schiele
+..
+.. SPDX-License-Identifier: BSD-3-Clause
+
+Multi-arch images with Buildah
+==============================
+
+`Buildah <https://buildah.io>`_ allows you to create container images without
+the need for a full container runtime. Buildah is an open-source Linux-based
+tool that can create `Docker <https://www.docker.com>`_ and
+`Kubernetes <https://kubernetes.io>`_-compatible images. In addition, Buildah
+can not only create working containers from scratch, but also from an existing
+Dockerfile. Finally, it can be easily integrated into scripts and build
+pipelines.
+
+First steps
+-----------
+
+#. Set up environment variables
+
+   ``DEPLOY_USER``
+       Name of the account.
+   ``DEPLOY_KEY_FILE``
+       Path to a private SSH key that is to be used for authentication against
+       the server.
+   ``DEPLOY_HOST``
+       Host name or IP address of the server to be deployed to.
+
+#. Setting up the CI/CD pipeline
+
+   .. code-block:: yaml
+      :caption: .gitlab-ci.yml
+      :linenos:
+
+      stages:
+        - build
+        - deploy
+
+      build_docker:
+        stage: build
+        variables:
+          DOCKER_STEM: $CI_REGISTRY_IMAGE
+        image: quay.io/buildah/stable:v1.27
+        script:
+          - apk add --no-cache openssh
+          - chmod 0600 "$DEPLOY_KEY_FILE"
+          - ./build.sh
+
+      deploy_app:
+        stage: deploy
+        image: alpine
+        environment:
+          name: app
+          deployment_tier: staging
+        when: manual
+        script:
+          - apk add --no-cache openssh
+          - chmod 0600 "$DEPLOY_KEY"
+          - ./deploy.sh
+
+#. Building the Docker container
+
+   .. code-block:: sh
+      :caption: build.sh
+      :linenos:
+      :emphasize-lines: 2, 5, 8
+
+      # Registry login
+      echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+      # Set docker tag
+      if [ "$CI_COMMIT_BRANCH" == main ]; then export DOCKER_TAG="latest"; else export DOCKER_TAG="${CI_COMMIT_TAG:-$CI_COMMIT_REF_SLUG}"; fi; export DOCKER_TAG_FULL="$DOCKER_STEM:$DOCKER_TAG"; echo "DOCKER_TAG_FULL=$DOCKER_TAG_FULL"
+
+      # Build and push
+      buildah build --isolation chroot --storage-driver vfs --jobs 2 --platform linux/amd64,linux/arm/v7 --manifest "$DOCKER_TAG_FULL" && buildah --storage-driver vfs images && buildah manifest push --storage-driver vfs --format v2s2 --all "$DOCKER_TAG_FULL" "docker://$DOCKER_TAG_FULL"
+
+   Line 2
+       logs in to the :doc:`../package-registry`.
+   Line 5
+       identifies the images by their branch or tag names with the exception of
+       ``main``, which is labelled with ``latest``.
+   Line 8
+       builds the images and deploys them with the `VFS
+       <https://docs.docker.com/engine/storage/drivers/vfs-driver/>`_ driver.
+
+#. Deploy
+
+   .. code-block:: sh
+      :caption: deploy.sh
+      :linenos:
+
+      # Set docker tag
+      if [ "$CI_COMMIT_BRANCH" == main ]; then export DOCKER_TAG="latest"; else export DOCKER_TAG="${CI_COMMIT_TAG:-$CI_COMMIT_REF_SLUG}"; fi; export DOCKER_TAG_FULL="$DOCKER_STEM:$DOCKER_TAG"; echo "DOCKER_TAG_FULL=$DOCKER_TAG_FULL"
+
+      echo "$CI_REGISTRY $DEPLOY_USER $DEPLOY_PASSWORD MYAPP $DOCKER_TAG" | ssh -o 'BatchMode yes' -o 'StrictHostKeyChecking accept-new' -i "$DEPLOY_KEY" root@$DEPLOY_HOST

docs/productive/git/advanced/gitlab/ci-cd-pipeline.png renamed to docs/productive/git/advanced/gitlab/ci-cd/ci-cd-pipeline.png

@@ -1,7 +1,11 @@
+.. SPDX-FileCopyrightText: 2024–2025 Veit Schiele
+..
+.. SPDX-License-Identifier: BSD-3-Clause
+
 Building Docker containers
 ==========================
 
-We use :doc:`ci-cd`, to create our Python Docker containers.
+We use :doc:`index`, to create our Python Docker containers.
 
 #. First, we define the Python version in our :ref:`pyproject-toml` file of the
    project:

docs/productive/git/advanced/gitlab/ci-cd-pipeline.png.license renamed to docs/productive/git/advanced/gitlab/ci-cd/ci-cd-pipeline.png.license

@@ -16,11 +16,11 @@ The three main approaches to this continuous development are:
 Continuous Integration
     runs a series of scripts sequentially or in parallel that your application
     automatically builds and tests, for example after each ``git pull`` in a
-    :doc:`feature branch <../../workflows/feature-branches>`. This is to make it
-    less likely that you will introduce bugs into your application.
+    :doc:`feature branch <../../../workflows/feature-branches>`. This is to make
+    it less likely that you will introduce bugs into your application.
 
     If the checks work as expected, you can make a :doc:`merge request
-    <merge-requests>`; if the checks fail, you can revert the changes if
+    <../merge-requests>`; if the checks fail, you can revert the changes if
     necessary.
 
     .. seealso::
@@ -151,7 +151,7 @@ Show pipelines
 
 You can find the current and historical pipeline runs on the
 :menuselection:`CI/CD --> Pipelines` page of your project. You can also access
-pipelines for a :doc:`merge request <merge-requests>` by navigating to their
+pipelines for a :doc:`merge request <../merge-requests>` by navigating to their
 :guilabel:`Pipelines` tab. Select a pipeline to open the *Pipeline Details* page
 and view the jobs that have been run for that pipeline. From here you can cancel
 a running pipeline, retry *jobs* in a failed pipeline or delete a pipeline.
@@ -170,3 +170,12 @@ a running pipeline, retry *jobs* in a failed pipeline or delete a pipeline.
      <https://docs.gitlab.com/ee/ci/variables/index.html>`_
    * `GitLab Docs: Predefined variables reference
      <https://docs.gitlab.com/ee/ci/variables/predefined_variables.html>`_
+
+.. toctree::
+   :hidden:
+
+   pages
+   npm
+   docker
+   buildah
+   github-migration

docs/productive/git/advanced/gitlab/docker.rst renamed to docs/productive/git/advanced/gitlab/ci-cd/docker.rst

@@ -0,0 +1,116 @@
+.. SPDX-FileCopyrightText: 2025 Veit Schiele
+..
+.. SPDX-License-Identifier: BSD-3-Clause
+
+npm deployment with rsync
+=========================
+
+`npm <https://www.npmjs.com>`_ is a package manager for the JavaScript runtime
+environment `Node.js <https://nodejs.org/en/>`_, and `rsync
+<https://rsync.samba.org>`_ can be used to synchronise the data with the remote
+server.
+
+First steps
+-----------
+
+#. Set up environment variables
+
+   ``DEPLOY_DIR``
+       Directory on the remote server to which data is to be distributed..
+   ``DEPLOY_HOST``
+       Host name or IP address of the server to be deployed to.
+   ``DEPLOY_KEY_FILE``
+       Path to a private SSH key that is to be used for authentication against
+       the server.
+   ``DEPLOY_USER``
+       Name of the SSH account.
+   ``KNOWN_HOSTS_FILE``
+       Path to a file with predefined :file:`known_hosts` entries with which
+       the connection is to be checked.
+
+#. Setting up the CI/CD pipeline
+
+   .. code-block:: yaml
+      :caption: .gitlab-ci.yml
+      :emphasize-lines: 13, 14, 15
+
+      stages:
+        - deploy
+
+      deploy-static-assets:
+        stage: deploy
+        rules:
+          - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+        environment:
+          name: prod
+          deployment_tier: production
+        image: node:alpine
+        script:
+          - apk add --no-cache git nodejs npm openssh-client-default rsync
+          - chmod 0600 "$DEPLOY_KEY_FILE"
+          - ./deploy.sh
+
+   Line 13
+       installs the packages required for building and uploading
+   Line 14
+       changes the access authorisations for the ssh key
+   Line 15
+       calls the :file:`deploy.sh` file
+
+#. Moves the static files to the server
+
+   .. code-block:: sh
+      :caption: deploy.sh
+      :linenos:
+      :emphasize-lines: 7-13, 18, 19, 24, 25-31
+
+      #!/bin/sh
+      set -e
+
+      # Deploy static assets to a server via rsync.
+
+      # Create SSH config.
+      cat >deploy.ssh_config <<-END
+          Host deploy
+              HostName $DEPLOY_HOST
+              User $DEPLOY_USER
+              IdentityFile $DEPLOY_KEY_FILE
+              UserKnownHostsFile $KNOWN_HOSTS_FILE
+      END
+
+
+      # Build the JavaScript application & related files.
+      cd vite-app
+      npm ci
+      npx vite build
+
+      # Deploy the application and GeoJSON data.
+      rsync \
+          -rtlv \
+          --rsh 'ssh -F ../deploy.ssh_config' \
+          --rsync-path "mkdir -p \"$DEPLOY_DIR\" && rsync" \
+          ../data/cusy.geojson \
+          cusy.html \
+          dist/cusy-map.css \
+          dist/cusy-map.js \
+          dist/cusy-map.js.map \
+          "deploy:$DEPLOY_DIR"
+
+   Line 7–13
+       creates the ssh configuration file.
+
+   Line 18
+       installs the dependencies of the project from the
+       :file:`vite-app/package.json` file.
+
+       .. seealso::
+          `npm-ci <https://docs.npmjs.com/cli/v9/commands/npm-ci>`_
+
+   Line 19
+       creates the `vite <https://vite.dev>`_ project for production.
+
+   Line 24
+       moves the ssh configuration to the server.
+
+   Lines 25–31
+       moves the application and GeoJSON data to the server.

docs/productive/git/advanced/gitlab/github-migration.rst renamed to docs/productive/git/advanced/gitlab/ci-cd/github-migration.rst

@@ -0,0 +1,65 @@
+.. SPDX-FileCopyrightText: 2025 Veit Schiele
+..
+.. SPDX-License-Identifier: BSD-3-Clause
+
+GitLab Pages
+============
+
+With GitLab Pages, static websites can be published directly from a repository
+in GitLab.
+
+These websites are automatically deployed with :doc:`index` pipelines and
+support static website generators such as
+:doc:`python-basics:document/sphinx/index` `Hugo <https://gohugo.io>`_, `Jekyll
+<https://jekyllrb.com>`_ or `Gatsby <https://www.gatsbyjs.com>`_. They can be
+connected to custom domains and SSL/TLS certificates.
+
+First steps
+-----------
+
+#. First create a :file:`.gitlab-ci.yml` file, for
+   :doc:`python-basics:document/sphinx/index` for example with the following
+   content:
+
+   .. code-block:: yaml
+      :caption: gitlab-ci.yml
+      :linenos:
+      :emphasize-lines: 6, 15, 18
+
+      image: python:latest
+
+      stages:
+        - deploy
+
+      pages:
+        stage: deploy
+        rules:
+          - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
+        before_script:
+          - python -m pip install furo sphinxext-opengraph sphinx-copybutton sphinx_inline_tabs
+        script:
+          - cd docs && make html
+        after_script:
+          - mv docs/_build/html/ ./public/
+        artifacts:
+          paths:
+            - public
+
+   Line 6
+       GitLab recognises from the job name ``pages`` that you want to provide a
+       GitLab Pages website.
+   Lines 15, 18
+       GitLab always makes your website available from a specific folder called
+       :file:`public` in your repository.
+
+#. GitLab Pages provides default domain names based on your account or group
+   name and project. Predictable URLs are generated from these. For the cusy
+   GitLab instance, this is ``pages.cusy.io``. If your project is accessible at
+   :samp:`https://ce.cusy.io/{GROUPNAME}/{PROJECTNAME}`, then the associated
+   GitLab Pages are accessible at
+   :samp:`https://{GROUPNAME}.pages.cusy.io/{PROJECTNAME}`.
+
+   .. seealso::
+      GitLab Pages also supports custom domains. You can find more information
+      at `GitLab Pages custom domains
+      <https://docs.gitlab.com/user/project/pages/custom_domains_ssl_tls_certification/>`_.

docs/productive/git/advanced/gitlab/ci-cd.rst renamed to docs/productive/git/advanced/gitlab/ci-cd/index.rst

@@ -13,8 +13,8 @@ as well as a Wiki and Snippets. The GitLab Community Edition (CE) is developed
 as open source software under the MIT licence and can be installed on-premises.
 
 The GitLab CI tools enable automated builds and deployments without the need for
-external integrations, for example building a Docker container with the Python
-version of the project.
+external integrations, for example :doc:`building a Docker container with the
+Python version of the project <ci-cd/docker>`.
 
 If a PaaS solution such as `Kubernetes
 <https://en.wikipedia.org/wiki/Kubernetes>`_ is already in use, GitLab-CI/CD can
@@ -34,7 +34,5 @@ integrated, for example with Asana, Jira, Microsoft Teams, Slack, etc.
 
    roles-permissions
    merge-requests
-   ci-cd
-   docker
-   github-migration
+   ci-cd/index
    package-registry

docs/productive/git/advanced/gitlab/ci-cd/npm.rst

@@ -11,7 +11,7 @@ work on them together. Merge requests contain:
 
 * A description of the request
 * Code changes and code reviews
-* Information about :doc:`CI/CD pipelines <ci-cd>`
+* Information about :doc:`CI/CD-Pipelines <ci-cd/index>`
 * discussion posts
 * the list of commits
 
@@ -38,11 +38,11 @@ Merge request workflows
    reports <https://docs.gitlab.com/ee/ci/testing/code_quality.html>`_.
 #. You verify your changes with `reports from unit tests
    <https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html>`_ in
-   :doc:`GitLab CI/CD <ci-cd>`.
+   :doc:`GitLab CI/CD <ci-cd/index>`.
 #. You avoid using dependencies whose licence is incompatible with your project
    with :ref:`licence compliance reports <reuse-in-gitlab-ci>`.
 #. You request `approval
    <https://docs.gitlab.com/ee/user/project/merge_requests/approvals/index.html>`_
    of your changes.
-#. When the merge request is approved, :doc:`GitLab CI/CD <ci-cd>` will deploy
-   the changes to the ``production`` environment.
+#. When the merge request is approved, :doc:`GitLab CI/CD <ci-cd/index>` will
+   deploy the changes to the ``production`` environment.

docs/productive/git/advanced/gitlab/ci-cd/pages.rst

@@ -42,8 +42,9 @@ Git glossary
 
     GitLab
         Web application for version management based on :term:`git`. Later,
-        :doc:`advanced/gitlab/ci-cd`, a system for continuous integration,
-        GitLab Runner, Container Registry and many other things were added.
+        :doc:`advanced/gitlab/ci-cd/index`, a system for continuous integration,
+        GitLab Runner, :doc:`advanced/gitlab/package-registry`,
+        :doc:`advanced/gitlab/ci-cd/pages` and many other things were added.
 
         .. seealso::
            * :doc:`advanced/gitlab/index`