ADR: Select GitLab CI/CD as Default CI/CD Platform

Date: 2025-07-24Status: Accepted

Context

Our teams span early-stage squads building MVPs, mid‑sized groups migrating legacy workloads to cloud-native architectures, and regulated projects requiring strict audit trails. Until now, we managed CI/CD with a mix of Jenkins, GitHub Actions, and bespoke scripts—creating fragmentation, inconsistent developer experiences, and uneven security posture.

This ADR establishes a single, opinionated CI/CD platform to:

  • Unify workflows across all product lines and environments.

  • Accelerate developer velocity by reducing tool fragmentation and context switching.

  • Strengthen security and compliance with built‑in RBAC, SAST/SCA, audit logs, and policy-as-code.

  • Lower operational overhead by eliminating manual maintenance of multiple CI/CD infrastructures.

Decision Drivers

  • Integrated DevOps SuiteGitLab CI/CD co‑exists with our code repo, container registry, issue tracker, and security scanners in one UI—simplifying onboarding and governance.

  • Developer Velocity & DXDeclarative YAML pipelines, Auto DevOps templates, and shareable includes reduce boilerplate by up to 60%, enabling engineers to focus on shipping features rather than plumbing.

  • Scalability & ReliabilityElastic runners and autoscaling ensure our busiest teams never queue builds, supporting peaks of >300 parallel jobs without manual capacity planning.

  • Security & ComplianceNative RBAC at group/project levels, integrated SAST/SCA, and compliance dashboards deliver audit-ready reports for SOC2 and HIPAA, cutting compliance prep time by 50%.

  • Operational EfficiencyOmnibus self‑hosted installs and GitLab SaaS both offer turnkey updates, backup utilities, and health monitoring—eliminating ~200 annual ops hours previously spent on Jenkins plugin maintenance.

  • IaC & Kubernetes SupportFirst-class Terraform and Helm integrations let us treat infrastructure changes as code—complete with merge request previews and pipeline enforcement.

  • Cost PredictabilityClear tiered pricing and a free self-hosted core remove surprises. We can spin up new runner fleets without per‑minute billing spikes.

  • Vendor Lock-in & PortabilityExportable YAML pipelines and open APIs protect us from being tied to proprietary workflow definitions.

Considered Options

  • GitHub Actions: Excellent SaaS with vast marketplace, but lacks cohesive on‑premise deployment and enterprise‑grade compliance controls.

  • Jenkins (self-hosted): Ultra‑flexible via plugins, but demands heavy maintenance, fragmented UX, and inconsistent security posture.

  • CircleCI: Strong SaaS runner performance, yet missing built‑in container registry, compliance tooling, and on‑premise options.

  • Travis CI: Simple for open‑source, but does not meet private‑code, scaling, or regulatory requirements.

Decision Outcome

We will standardize on GitLab CI/CD as our default platform. Rollout plan:

  • Phase 1—SaaS Adoption: Pilot non‑critical projects on using shared runners and Auto DevOps.

  • Phase 2—Self‑Hosted Instances: Deploy Omnibus GitLab in private cloud for regulated workloads; configure HA, backups, and disaster recovery.

  • Phase 3—Pipeline Migration: Convert existing Jenkinsfiles and GitHub workflows into GitLab YAML includes, targeting migration of ~200 pipelines over 3 months.

Consequences

Positive:

  • Unified developer experience and governance.

  • +30% faster onboarding for new engineers.

  • Elimination of ~200 ops hours/year.

  • Audit-ready compliance reporting out of the box.

Negative:

  • Training required for teams migrating away from GitHub Actions patterns.

  • Infrastructure costs for self‑hosted instances (VMs, storage, backup).

  • Short-term migration effort to refactor existing pipelines.

Related Decisions

  • Adoption of Terraform for infrastructure provisioning

  • Standardize on Helm for Kubernetes deployments

This document records the architectural decision to standardize on GitLab CI/CD as our core CI/CD solution!