Date: 2025-07-24Status: Accepted
Our teams span early-stage squads building MVPs, mid‑sized groups migrating legacy workloads to cloud-native architectures, and regulated projects requiring strict audit trails. Until now, we managed CI/CD with a mix of Jenkins, GitHub Actions, and bespoke scripts—creating fragmentation, inconsistent developer experiences, and uneven security posture.
This ADR establishes a single, opinionated CI/CD platform to:
Unify workflows across all product lines and environments.
Accelerate developer velocity by reducing tool fragmentation and context switching.
Strengthen security and compliance with built‑in RBAC, SAST/SCA, audit logs, and policy-as-code.
Lower operational overhead by eliminating manual maintenance of multiple CI/CD infrastructures.
Integrated DevOps SuiteGitLab CI/CD co‑exists with our code repo, container registry, issue tracker, and security scanners in one UI—simplifying onboarding and governance.
Developer Velocity & DXDeclarative YAML pipelines, Auto DevOps templates, and shareable includes reduce boilerplate by up to 60%, enabling engineers to focus on shipping features rather than plumbing.
Scalability & ReliabilityElastic runners and autoscaling ensure our busiest teams never queue builds, supporting peaks of >300 parallel jobs without manual capacity planning.
Security & ComplianceNative RBAC at group/project levels, integrated SAST/SCA, and compliance dashboards deliver audit-ready reports for SOC2 and HIPAA, cutting compliance prep time by 50%.
Operational EfficiencyOmnibus self‑hosted installs and GitLab SaaS both offer turnkey updates, backup utilities, and health monitoring—eliminating ~200 annual ops hours previously spent on Jenkins plugin maintenance.
IaC & Kubernetes SupportFirst-class Terraform and Helm integrations let us treat infrastructure changes as code—complete with merge request previews and pipeline enforcement.
Cost PredictabilityClear tiered pricing and a free self-hosted core remove surprises. We can spin up new runner fleets without per‑minute billing spikes.
Vendor Lock-in & PortabilityExportable YAML pipelines and open APIs protect us from being tied to proprietary workflow definitions.
GitHub Actions: Excellent SaaS with vast marketplace, but lacks cohesive on‑premise deployment and enterprise‑grade compliance controls.
Jenkins (self-hosted): Ultra‑flexible via plugins, but demands heavy maintenance, fragmented UX, and inconsistent security posture.
CircleCI: Strong SaaS runner performance, yet missing built‑in container registry, compliance tooling, and on‑premise options.
Travis CI: Simple for open‑source, but does not meet private‑code, scaling, or regulatory requirements.
We will standardize on GitLab CI/CD as our default platform. Rollout plan:
Phase 1—SaaS Adoption: Pilot non‑critical projects on using shared runners and Auto DevOps.
Phase 2—Self‑Hosted Instances: Deploy Omnibus GitLab in private cloud for regulated workloads; configure HA, backups, and disaster recovery.
Phase 3—Pipeline Migration: Convert existing Jenkinsfiles and GitHub workflows into GitLab YAML includes, targeting migration of ~200 pipelines over 3 months.
Positive:
Unified developer experience and governance.
+30% faster onboarding for new engineers.
Elimination of ~200 ops hours/year.
Audit-ready compliance reporting out of the box.
Negative:
Training required for teams migrating away from GitHub Actions patterns.
Infrastructure costs for self‑hosted instances (VMs, storage, backup).
Short-term migration effort to refactor existing pipelines.
Adoption of Terraform for infrastructure provisioning
Standardize on Helm for Kubernetes deployments
This document records the architectural decision to standardize on GitLab CI/CD as our core CI/CD solution!