Blog DevSecOps CI/CD automation: Maximize 'deploy freeze' impact across GitLab groups
Published on: February 8, 2024
6 min read

CI/CD automation: Maximize 'deploy freeze' impact across GitLab groups

Learn the benefits of managing deploy freezes at the group level and follow step-by-step guidance on implementation.

clocks.jpg

In the dynamic landscape of continuous integration and continuous deployment (CI/CD), maintaining system stability during critical periods such as holidays, product launches, or maintenance windows can be challenging. Introducing new code during peak activity times raises the risk of issues affecting user experience. To strike a balance between innovation and stability, organizations may require a group-level deploy freeze — a strategic pause in deploying new code changes across groups to certain branches or environments.

Given that GitLab can be used for both continuous integration and continuous deployment efforts, GitLab's Deploy Freeze capability aims to address this exact need.

Scoped at the project level, deploy freezes can prevent unintended production releases during a period of time you specify by setting a deploy freeze period. Deploy freezes help reduce uncertainty and risk when continuously deploying changes for a single project.

Most teams, however, do not have a single project that represents all of their production environment. Given that deploy freezes are set at the project level, managing and enforcing deploy freezes across many projects can be an arduous and error-prone task, leading to unpredictability and disruption. The need for an automated cross-project solution to ensure stability is obvious.

What is a group deploy freeze?

The Group Deploy Freeze project takes the concept of individual project deploy freezes to the next level. It enables you to enforce the same deployment restrictions across one or many projects within a GitLab group from the GitLab UI.

Whether you're managing a large suite of microservices or a collection of related projects, a group-managed deploy freeze solution provides a centralized mechanism to maintain stability.

Benefits of group deploy freeze

1. Centralized control

Adherence to your deployment strategy by allowing you to manage deploy freezes for multiple projects from a single location. This simplifies the process and reduces human errors.

2. Group-wide synchronization

Enforcing deploy freezes across an entire GitLab group ensures that all projects receive the same schedule at the same time. This maintains uniformity across your projects.

3. Streamlined collaboration

Visibility of changes to your development and operations teams can align their efforts effectively.

How to use GitLab Group Deploy Freeze

With Group Deploy Freeze, GitLab CI becomes a general-purpose automation tool for ops-related changes, like setting deploy freezes on many projects.

In the following steps, you will successfully set up the Group Deploy Freeze feature. Remember to test thoroughly and consider any specific nuances of your team's deployment process.

Prerequisites

  • GitLab account - You need an active GitLab account with the necessary permissions to access and manage the projects within the target GitLab group.
  • GitLab Personal Access Token (PAT) - Generate a GitLab PAT with the permissions to read and write to the projects within the target GitLab group via the GitLab API. This token will be used by the Python script to authenticate API requests.
  • Python environment - Ensure that you have a Python environment set up on your machine or the environment where you plan to run the Python script. The script is written in Python, so you need a compatible Python interpreter.
  • Python libraries - Install the required Python libraries used by the script. These include requests, envparse, and python-gitlab. You can use pip to install these libraries.
  • GitLab Group details - Identify the GitLab group for which you want to manage deploy freezes. You'll need the group's slug (path) to specify which group the script will operate on.
  • Time zone selection - Decide on the time zone in which you want to schedule the deploy freezes. The time zone selection ensures that freeze periods are accurately timed based on your organization's preferred time zone.

Getting started

To use GitLab CI to author and automate the process of batch updating deploy freezes for all projects, fork the Deploy Freeze project, which will then create a CI/CD pipeline that iterates through your projects and applies the desired deploy freeze schedule. You can customize this project to fit your organization's workflow.

The provided project contains a .gitlab-ci.yml file and a Python script designed to automate the management of deploy freezes for multiple projects within a GitLab group. It uses the GitLab API and various Python libraries to create and delete deploy freeze periods, and is designed to be run as part of a CI/CD pipeline to ensure code stability during deployments within a GitLab group.

Commit and push changes

Commit and push the changes to your repository to trigger the CI/CD pipeline.

Pipeline execution

  • In the Group Deploy Freeze project on the GitLab UI, go to Pipelines.
  • Select the "Run Pipeline" option on the top right corner of the page.
  • You should see the variables defined in the .gitlab-ci.yml file like: Set variables
  • Define the values of the variables FREEZE_START, FREEZE_END, CRON_TIME_ZONE and GROUP_SLUG, then run the pipeline. You can define multiple freeze periods by skipping to the next line within the FREEZE_START and FREEZE_END variables.
  • Once the pipeline is successful, the freeze period should be populated in all projects within the defined groups.

Monitor and verify

  • Verify that these deploy freeze periods are being created and managed as intended.
  • Check your GitLab group's projects for deploy freezes during the specified periods. Monitor and verify

Customization and iteration

  • If needed, iterate on the configuration, script, or pipeline based on your organization's requirements.
  • Make adjustments to freeze periods, time zones, project details, or other settings as needed.

You can optimize the group deploy feature by following the Deploy freeze documentation, which outlines the steps to set up a .freezedeployment job that can conditionally block deployment jobs upon the presence of the CI_DEPLOY_FREEZE variable. By including the .freezedeployment template and extending it in your project's .gitlab-ci.yml file, you can prevent deployments during freeze periods, ensuring code stability. Manual deployment intervention is possible once the freeze period ends, allowing for controlled and predictable deployment processes across the group's projects.

Results

By extending deploy freezes to the group level, teams can easily streamline and enhance their deployment strategies to ensure consistency in preventing unintended production release during a period of time specified by you, whether it is a large company event or holiday. With the power of GitLab's API, CI/CD pipelines, and the flexibility of Python scripting, Group Deploy Freeze is your ally in maintaining code stability and predictability across diverse projects.

Get started with group deploy freezes today by visiting the Group Deploy Freeze project.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

Find out which plan works best for your team

Learn about pricing

Learn about what GitLab can do for your team

Talk to an expert