Mando CI/CD
GitLab CI/CD pipeline and deployment configuration for the Mando workspace.
Pipeline Stages
graph LR SEC["Security<br/>(Snyk)"] --> CONT["Pipeline<br/>Container"] CONT --> SETUP["Setup"] SETUP --> BUILD["Build &<br/>Test"] BUILD --> PUB["Publish"] PUB --> REL["Release"] REL --> PAGES["Pages"]
- Security — Snyk vulnerability scanning
- Pipeline Container — Build Docker base/build images
- Setup — Environment preparation
- Build & Test — Compilation and test suite
- Publish — Artifact/package publication
- Release — Release tagging
- Pages — Documentation deployment
Branch Strategy
| Branch Pattern | Target | ECR |
|---|---|---|
feature/*, bugfix/*, rc/*, develop | Dev | Dev ECR |
release/* | Production | Prod ECR |
Container Images
Production Image (Dockerfile)
FROM debian:13.1-slim
# Installs: ca-certificates, libssl3, samba-libs, libsmbclient
# Copies: certs, libduckdb.so
EXPOSE 8080
CMD ["mando_bess"]Build Image (container.linux.Dockerfile)
Base: rust:1.88.0-bookworm
Tools installed:
- Docker, jq, AWS CLI
- CMake, Go
- Poetry, pipx
- pkg-config, samba dev libs
- Maturin 1.9.2
Windows Variants
container.win.base.Dockerfile— Windows base imagecontainer.win.chef.build.Dockerfile— Chef-based dependency caching
Pipeline Triggers
Container images rebuild when any of these change:
rust-toolchain.tomlcontainer.*.DockerfileCargo.toml/Cargo.lockpy-mando/pyproject.toml/poetry.lock
System Dependencies (Linux Runtime)
| Package | Purpose |
|---|---|
ca-certificates | TLS certificate store |
libc6 | C standard library |
libssl3 | OpenSSL / TLS |
samba-libs / libsmbclient | SMB/CIFS file access |
Build Requirements
| Tool | Version | Purpose |
|---|---|---|
| Rust | 1.88.0 | Compiler |
| Python | 3.12 | py-mando build |
| Maturin | 1.9.2 | PyO3 wheel builder |
| Poetry | 2.1.3 | Python dependency management |
| CMake | — | Native dependency builds |
| Go | — | Tool compilation |
| AWS CLI | — | ECR push, deployment |