← back
Enedis GitLab CI forge 450+ projects share 40+ versioned CI templates, run on auto-scaled K8s runners with Vault / Nexus / SonarQube as central services.
// 01 · GITLAB PROJECTS 450+ GitLab projects · Java · Node · Python · Terraform · … .gitlab-ci.yml just `include`s shared templates — no copy-paste pipelines → 40+ versioned, composable templates (build · test · scan · docker · deploy) git push // 02 · CI ORCHESTRATOR GitLab CI resolves templates, schedules each job onto a runner spawns // 03 · EPHEMERAL RUNNER ON KUBERNETES K8s runner pod auto-scaled (HPA) · scale-to-zero between pipelines · automated DRP build · test · package · sign · scan runs the steps composed by the .gitlab-ci.yml + included templates security scans wired in by default at the template level no opt-out, no per-team config to forget // 04 · CENTRAL SERVICES HashiCorp Vault dynamic secret injection at job start Sonatype Nexus artifact pull / push (Maven, npm, Docker) SonarQube quality / security scans, gates set by templates produces // 05 · STANDARD DEPLOYMENT TARGETS Docker registry signed, scanned images promoted Terraform plan / apply infra-as-code, gated by review Helm deploy standardized release templates → a new project gets a full DevOps lifecycle by including 5 lines of YAML Enedis forge — every PR on any of the 450+ projects resolves the shared templates, spawns an ephemeral K8s runner that consumes Vault / Nexus / SonarQube as side services, then produces Docker images, Terraform plans and Helm deploys.