scieee Science in your language
[en] (orig)

D1.6 DevOps methodology and CI/CD strategy for EMERALD- v2

Author: Benguria, Gorka; Etxaniz, Iñaki
Publisher: Zenodo
DOI: 10.5281/zenodo.17093127
Source: https://zenodo.org/records/17093127/files/EMERALD_D1.6_DevOps-methodology-and-CICD-strategy-for-EMERALD-v2_v1.0.pdf
Deli e able D1.6
De Ops me hodology and CI/CD s a egy o EMERALD-
2
Edi o (s):
Go ka Bengu ia, Iñaki E xaniz (TECNALIA)
Responsible Pa ne :
TECNALIA Resea ch and Inno a ion
S a us-Ve sion:
Final - 1.0
Da e:
30.04.2025
Type:
R
Dis ibu ion le el (SEN, PU):
PU
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 2 o 54
www.eme ald-he.eu
P ojec Numbe :
101120688
P ojec Ti le:
EMERALD
Ti le o Deli e able:
D1.6 De Ops me hodology and CI/CD s a egy o
EMERALD- 2
Due Da e o Deli e y o he EC
30.04.2025
Wo k package esponsible o he
Deli e able:
WP1 - Concep and me hodology o EMERALD
Edi o (s):
Go ka Bengu ia Elguezabal, Iñaki E xaniz (TECNALIA)
Con ibu o (s):
Go ka Bengu ia Elguezabal, Iñaki E xaniz (TECNALIA)
Re iewe (s):
F anz Deimling (FABA)
C is ina Ma ínez, Juncal Alonso (TECNALIA)
App o ed by:
All Pa ne s
Recommended/manda o y
eade s:
WP1, WP2, WP3, WP4, WP5
Abs ac :
Final e sion o he desc ip ion o he De Ops
me hodology and CI/CD s a egy ha p o ides de ails on
he in eg a ion p ocess ollowed o c ea e and deploy
he in eg a ed EMERALD CaaS (Compliance as a Se ice)
F amewo k. I also p o ides de ails on he s a egies
applied a in eg a ion and deploymen le el o help on
he achie emen o he EMERALD goal.
Keywo d Lis :
De Ops, CI/CD, In eg a ion, Con aine , En i onmen ,
Releases
Licensing in o ma ion:
This wo k is licensed unde C ea i e Commons
A ibu ion-Sha eAlike 4.0 In e na ional (CC BY-SA 4.0
DEED h ps://c ea i ecommons.o g/licenses/by-sa/4.0/)
Disclaime
Funded by he Eu opean Union. Views and opinions
exp essed a e howe e hose o he au ho (s) only and
do no necessa ily e lec hose o he Eu opean Union.
The Eu opean Union canno be held esponsible o
hem.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 3 o 54
www.eme ald-he.eu
Documen Desc ip ion
Ve sion
Da e
Modi ica ions In oduced
Modi ica ion Reason
Modi ied by
0.1
15.04.2025
Fi s d a e sion
TECNALIA
0.2
17.04.2025
Typos co ec ed and s yle polished.
Sen o in e nal QA e iew
TECNALIA
0.3
17.04.2025
QA Re iew
F anz Deimling (FABA)
0.4
26.04.2025
Add essed all commen s ecei ed in
he In e nal QA e iew
TECNALIA
0.5
28.04.2025
Final e iew
TECNALIA
1.0
30.04.2025
Submi ed o he Eu opean
Commission
TECNALIA
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 4 o 54
www.eme ald-he.eu
Table o con en s
Te ms and abb e ia ions ............................................................................................................... 7
Execu i e Summa y ....................................................................................................................... 8
1 In oduc ion ........................................................................................................................... 10
1.1 Abou his deli e able .................................................................................................. 10
1.2 Documen S uc u e .................................................................................................... 11
1.3 Upda es om D1.5....................................................................................................... 11
2 De Ops Me hodology ............................................................................................................ 14
2.1 Con ex ......................................................................................................................... 14
2.2 Goals ............................................................................................................................ 14
2.3 P ocesses ..................................................................................................................... 15
2.3.1 Plan .................................................................................................................... 16
2.3.2 Code ................................................................................................................... 17
2.3.3 Build ................................................................................................................... 18
2.3.4 Tes .................................................................................................................... 18
2.3.5 Release............................................................................................................... 19
2.3.6 Deploy ................................................................................................................ 20
2.3.7 Ope a e .............................................................................................................. 20
2.3.8 Moni o .............................................................................................................. 21
2.4 Li ecycle ....................................................................................................................... 21
3 CI/CD S a egy ........................................................................................................................ 24
3.1 CI S a egy .................................................................................................................... 24
3.1.1 Con aine -based ................................................................................................ 24
3.1.2 En i onmen s wi h IaC ...................................................................................... 25
3.1.3 In eg a ion guidelines ........................................................................................ 26
3.1.4 CI/CD Componen s ............................................................................................ 26
3.1.5 Componen -based Kus omize ........................................................................... 29
3.1.6 Manual deploymen suppo ............................................................................. 30
3.1.7 Ranche o debugging suppo ......................................................................... 32
3.1.8 Local en i onmen o es ing ........................................................................... 32
3.1.9 P og essi e Ve i ica ion ..................................................................................... 32
3.1.10 Au oma ion ........................................................................................................ 33
3.2 CD S a egy .................................................................................................................. 33
3.2.1 Releases ............................................................................................................. 34
3.2.2 Public Asse s Release ......................................................................................... 34
3.2.3 Keycloak con igu a ion ...................................................................................... 35
3.2.4 Demo pilo ......................................................................................................... 35
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 5 o 54
www.eme ald-he.eu
3.2.5 Documen a ion .................................................................................................. 35
3.2.6 En i onmen s wi h IaC ...................................................................................... 36
3.2.7 Au oma ion ........................................................................................................ 36
4 Conclusions ............................................................................................................................ 37
5 Re e ences.............................................................................................................................. 38
APPENDIX A: P ojec Risks and impac in he De Ops Me hodology ......................................... 40
APPENDIX B: P ojec Miles ones om he DoA .......................................................................... 42
APPENDIX C: In eg a ion iles ...................................................................................................... 43
C.1 – Reno a e mechanism ................................................................................................. 43
C.2 – Seman ic Ve sioning Con igu a ion ............................................................................ 44
C.3 – Kus omize app oach ................................................................................................... 45
C.4 – Docke compose app oach ......................................................................................... 48
C.5 – CI/CD Examples ........................................................................................................... 50
Lis o igu es
FIGURE 1. DEVOPS CYCLE ................................................................................................................. 16
FIGURE 2. LIST OF ISSUES RELATED TO CONCEPT & METHODOLOGY IN EMERALD ..................................... 22
FIGURE 3. A MERGE REQUEST RELATED TO CONCEPT & METHODOLOGY IN EMERALD .............................. 22
FIGURE 4. A MERGE REQUEST MECHANISM TO PRODUCE A NEW RELEASE IN EMERALD............................. 34
FIGURE 5. RENOVATE SCHEDULE ........................................................................................................ 44
FIGURE 6. KUSTOMIZE MAIN STRUCTURE OF THE INTEGRATED CAAS FRAMEWORK ...................................... 45
FIGURE 7. KUSTOMIZE COMPONENT ................................................................................................... 47
FIGURE 8. DOCKER COMPOSE FRAMEWORK ......................................................................................... 49
FIGURE 9. LOCAL ENVIRONMENT SERVICES ........................................................................................... 50
FIGURE 10. RCM CHANGE ................................................................................................................ 50
FIGURE 11. DOCKER CI/CD EXAMPLE ................................................................................................. 51
FIGURE 12. DOCKER CI/CD EXAMPLE PIPELINES .................................................................................... 52
FIGURE 13. DOCKER CI/CD STAGES DETAIL .......................................................................................... 52
FIGURE 14. SEMANTIC RELEASE CI/CD EXAMPLE .................................................................................. 53
FIGURE 15. SEMANTIC RELEASE CI/CD STAGES DETAIL ........................................................................... 54
Lis o ables
TABLE 1. OVERVIEW OF DELIVERABLE UPDATES WITH RESPECT TO D1.5 .................................................... 12
TABLE 2. RISK AND MITIGATION LIST ................................................................................................... 40
Lis o lis ings
LISTING 1. CI/CD FOR THE RCM COMPONENT ..................................................................................... 29
LISTING 2. CI/CD FOR SIDE-SERVICE ................................................................................................... 29
LISTING 3. EXAMPLE COMMANDS TO MANUALLY REDEPLOY A COMPONENT .............................................. 31
LISTING 4. RENOVATE PIPELINE (.GITLAB-CI.YML) .................................................................................. 43
LISTING 5. CONTENT OF THE FILE RENOVATE.JSON ................................................................................. 44

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 6 o 54
www.eme ald-he.eu
LISTING 6. CONTENT OF THE FILE .RELEASERC.YAML ............................................................................... 45
LISTING 7. KUSTOMIZE INTEGRATE OVERLAY ......................................................................................... 46
LISTING 8. KUSTOMIZE BASE .............................................................................................................. 46
LISTING 9. KUSTOMIZE RCM COMPONENT .......................................................................................... 48
LISTING 10. CI/CD FOR DOCKER GENERATION ...................................................................................... 51
LISTING 11. CI/CD FOR SEMANTIC RELEASE GENERATION ....................................................................... 54
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 7 o 54
www.eme ald-he.eu
Te ms and abb e ia ions
AI
A i icial In elligence
AI-SEC
AI Secu i y E idence Collec o
AMOE
Assessmen and Managemen o O ganiza ional E idence
API
Applica ion P og amming In e ace
CaaS
Compliance-as-a-Se ice1
CI/CD
Con inuous In eg a ion / Con inuous Deploymen
CLI
Command Line In e ace
CMMI
Capabili y Ma u i y Model In eg a ion
De Ops
De elopmen and Ope a ion
DIND
Docke in Docke
DoA
Desc ip ion o he Ac ion
EC
Eu opean Commission
EUCS
Eu opean Cybe secu i y Ce i ica ion Scheme o Cloud Se ices
GA
G an Ag eemen o he p ojec
HTTP
Hype ex T ans e P o ocol
IaC
In as uc u e as Code
IEC
In e na ional Elec o echnical Commission
ISO
In e na ional O ganiza ion o S anda diza ion
ITIL
In o ma ion Technology In as uc u e Lib a y
K8s
Kube ne es
K8so
Kube ne es on Opens ack
K8s
Kube ne es on Vsphe e
MARI
Mapping Assis an o Regula ions wi h In elligence
OSCAL
Open Secu i y Con ols Assessmen Language
RCM
Reposi o y o Con ols and Me ics
TWS
T us wo hiness Sys em
UI/UX
Use In e ace / Use Expe ience
WP
Wo k Package
1
Please no e ha in p e ious deli e ables and in he DoA, he e m Ce i ica ion-as-a-Se ice was used o
s and o CaaS. Compliance has now been in oduced o cla i y ha EMERALD can be used o assess bo h
no ma i e models and in e nal o ganiza ional models.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 8 o 54
www.eme ald-he.eu
Execu i e Summa y
The main objec i e o EMERALD p ojec is o p o ide a amewo k ha enables con inuous
compliance and ce i ica ion, and agile lean e-ce i ica ion o consume se ices ha adhe e o
a de ined le el o secu i y and us in a uni o m way ac oss he e ogeneous en i onmen s made
o combina ions o a ious esou ces.
In o de o achie e he de elopmen o he CaaS (Compliance-as-a-Se ice)
2
F amewo k, he
EMERALD p ojec agg ega es specialized componen s om di e en eams and in eg a es hem
in o a single amewo k ha is alida ed in di e en pilo s. This b ings some challenges ha
should be managed: on he p o ide side, he componen s a e de eloped by di e en eams
wi h di e en schedules and di e en de elopmen p ac ices; on he consume side, he CaaS
F amewo k will be consumed as a se ice o as an on-p emises con igu a ion.
This documen is he inal e sion o he De Ops (De elopmen and Ope a ions) Me hodology
and he CI/CD (Con inuous In eg a ion/Con inuous Deploymen ) s a egies. The p e ious
e sion, p esen ed a M6, ocused mainly on s ablishing he co esponding p ocesses and ools
o achie e he i s in eg a ed e sion o he CaaS F amewo k (M18). This inal e sion is he
esul o he expe ience and lessons lea n du ing he i s hal o he p ojec and ocuses on he
upcoming eleases o he CaaS F amewo k (M30 and M34) and he deploymen o he CaaS
F amewo k in he pilo s. The main changes ha ha e been in oduced ela e o he ollowing
aspec s:
• In eg a ion o new e sions o he CaaS F amewo k: Suppo ing, on he one hand, he
agile in eg a ion o componen s de eloped by he di e en eams and, on he o he
hand, he alida ion o he upcoming e sions o he CaaS F amewo k be o e being
deployed in he pilo s wi h a ce ain deg ee o con idence.
• Deli e y o new e sions o he Pilo s: Suppo ing he deploymen o he alida ed
e sions o he CaaS F amewo k in he pilo s and in oducing mechanisms o educe he
undesi able e ec s o deploymen in hei en i onmen s (such as da a loss, he need o
econ igu e he en i onmen o se ice down ime, o name a ew).
• Ge ing and p ocessing eedback: Suppo ing he collec ion o eedback om he pilo s
and he de elopmen eams, and he p ocessing o ha eedback o imp o e he CaaS
F amewo k.
The a ge audience o he documen a e he EMERALD pa icipan s in cha ge o coo dina ing
he de elopmen and ope a ion ac i i ies. In addi ion, he documen also aims o p o ide
in o ma ion o o he pa ne s and s akeholde s in unde s anding how he EMERALD CaaS
F amewo k is managed om a De Ops pe spec i e.
The documen also includes annexes ha p o ide addi ional in o ma ion abou he p ojec ,
which can help he eade g asp he p ojec con ex . In pa icula , hey include he isks and
miles ones de ined in he Desc ip ion o Ac ion (DoA) and de ails on he in eg a ion iles ha
a e no accessible in he public a ea o he Gi Lab eposi o y o he EMERALD p ojec .
This documen is he second and inal e sion o he de elopmen and ope a ion coo dina ion
app oach ha has been applied du ing he i s hal o he p ojec . Fu u e ela ed wo k will
in ol e applying he echniques de ined he e o de elop he 2 (M30) and 3 (M34) eleases o
he CaaS F amewo k, as well as o he deploymen s in he pilo s. Some changes o he
2
Please no e ha in p e ious deli e ables and in he DoA, he e m Ce i ica ion-as-a-Se ice was used o
s and o CaaS. Compliance has now been in oduced o cla i y ha EMERALD can be used o assess bo h
no ma i e models and in e nal o ganiza ional models.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 9 o 54
www.eme ald-he.eu
me hodology a e likely o be in oduced, bu he undamen al p ocesses a e al eady de ined
and in ope a ion.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 16 o 54
www.eme ald-he.eu
• Code: Du ing his p ocess, he in eg a ion o he di e en componen s is encoded as a
con aine o ches a ion code (aka cho eog aphy). In addi ion, code o he en i onmen
and side-se ices can be de eloped, when needed.
• Build: The building p ocess is au oma ed. I akes he cho eog aphy and deploys he
CaaS F amewo k in he de elopmen en i onmen .
• Tes : The es p ocess ocuses on he in eg a ion es ing. I co e s he de elopmen o
he necessa y es s o e i y he beha iou o he amewo k in he long e m.
• Release: We c ea e a o mal elease o he CaaS F amewo k o each elease miles one
planned, as well as when upda es in componen s equi e i .
• Deploy: The deploy p ocess is au oma ed. I akes he cho eog aphy and deploys he
agged CaaS F amewo k in he p oduc ion en i onmen , and he pilo en i onmen s a e
in o med abou he new e sion.
• Ope a e: Apa om he egula ope a ion, his p ocess is ocussed on he alida ion
managemen .
• Moni o : The moni o ing o he p oduc ion en i onmen is adap ed in his s age o
co e he p oduc ion and pilo s’ en i onmen s.
Figu e 1. De Ops Cycle
We ake hese p ocesses as a basis o ou De Ops Me hodology, adap ing hem o he
speci ici ies o he EMERALD p ojec . Fo each p ocess, we p o ide below a b ie desc ip ion and
he expec ed inpu s and ou pu s.
2.3.1 Plan
Du ing he planning p ocess, we collec he in eg a ion and deploymen needs o he p ojec ,
p io i ize he ac i i ies o be pe o med, and ack hei comple ion. This ac i i y is pe o med
on demand and pe iodically.
Whene e a need o e he in eg a ion is iden i ied o ecei ed, i is collec ed, and a quick
p io i isa ion is pe o med. In case he need is u gen , i is pu in o implemen a ion. O he wise,
i is pu in o he backlog o needs o be pe o med in he nex i e a ions.
Besides, e e y wo weeks, in a mee ing wi h he de elopmen eams and he pilo s, we collec
hei needs and p io i ise hem. Tha mee ing is also used o e iew he s a us o he asks ha
a e being wo ked ou in he De Ops eam.
The s a ing poin o he needs o he p ojec was he p ojec DoA [3], whe e he EMERALD
o e all needs we e desc ibed, and hen he equi emen s ga he ed in he p ojec a chi ec u e
deli e ables, D1.3 [5] and D1.4 [6]. In addi ion, we ha e collec ed he needs om di e en
sou ces:
• Mainly, he pe iodic mee ings wi h he de elopmen eams
• Messaging channels (e.g., Teams)

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 17 o 54
www.eme ald-he.eu
• The EMERALD WP1 mailing lis (WP1 is in cha ge o he in eg a ion)
• The issue mechanism in Gi Lab
The inpu s and ou pu s o his p ocess can be summa ised as ollows:
• Inpu s:
o Requi emen s
o Feedback om pilo s’ alida ion
o EMERALD A chi ec u e
o Ex e nal se ice equi emen s
• Ou pu s:
o Summa y o he ac i i ies pe o med in he las cycle
o Ac i i ies o be pe o med in he nex cycle
o Ac i i ies backlog
o Issues linked o he equi emen s.
2.3.2 Code
Du ing he coding p ocess, he in eg a ion o he di e en componen s is coded in a con aine
o ches a ion code (aka cho eog aphy). In addi ion, code o he en i onmen and side-se ices
can be de eloped when needed. Once he de elopmen eam has packaged o upda ed a
componen , a collabo a ion cycle wi h he De Ops eam s a s. Du ing his cycle, he De Ops
eam suppo s he de elopmen eam in di e en a eas:
• Reposi o y c ea ion: The De Ops eam c ea es a eposi o y o each componen in he
EMERALD Gi Lab eposi o y and p o ides he necessa y access o he de elopmen
eam o manage hei own componen g oup.
• Image c ea ion: The De Ops eam p o ides suppo o he de elopmen eam in he
c ea ion and publishing o he Docke image (o images) o he componen . On he one
hand, p o iding he EMERALD A i ac o y eposi o y (implemen ed in A i ac o y
3
) o
s o e he Docke image and, on he o he hand, p o iding suppo in he c ea ion o he
Docke ile using CI/CD Gi Lab componen s.
• O ches a ion c ea ion: A Kus omize
4
-based o ches a ion has been c ea ed o help he
de elopmen eams o c ea e he o ches a ion code. The baseline o ches a ion has
been c ea ed in a modula way o allow he de elopmen eams o add and es hei
componen s easily.
• Debugging suppo : Di e en esou ces a e p o ided by he De Ops eam o help he
de elopmen eams o debug hei componen s. We s a ed wi h he logging and he
console access o he Kube ne es clus e . La e , based on he eedback om he
de elopmen eams, we added mo e debugging esou ces o he de elopmen eams
such as he Keycloak es ing en i onmen , o he local es ing en i onmen based on
Docke Compose.
• Upda e Suppo : Guidelines and au oma ic upda e mechanisms a e p o ided o he
de elopmen eams o help hem upda e hei componen s in he CaaS F amewo k. The
guidelines a e p o ided in he EMERALD Gi Lab eposi o y, and he au oma ic upda e
mechanisms a e implemen ed wi h Reno a e
5
and Gi Lab CI/CD.
• Adding side-se ices: The De Ops eam helps wi h he c ea ion o side-se ices ha a e
needed o suppo he in eg a ion o he componen s. Fo example, adding
adminis a ion on ends o da abases o help he de elopmen eams in he analysis
3
h ps://j og.com/a i ac o y/
4
h ps://kus omize.io
5
h ps://gi hub.com/ eno a ebo / eno a e
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 18 o 54
www.eme ald-he.eu
o he da a con ained. On he o he side, he de elopmen eams a e esponsible o
applying he guidelines p o ided by he De Ops eam o in eg a e and upda e hei
componen s in he CaaS F amewo k. The main ou come o his p ocess is a Kus omize
componen o each o he componen s.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o Componen s om he di e en de elopmen eams in a package eposi o y (in
EMERALD, implemen ed in A i ac o y)
• Ou pu s:
o Cho eog aphy and con igu a ion code o he in eg a ion en i onmen .
o In as uc u e as code (IaC) o he en i onmen s.
2.3.3 Build
The building p ocess c ea es a me ged mani es o a speci ic Kus omize o e lay. On he one
hand, i can be done manually – by he De Ops o he de elopmen eam – o gene a e a
combined mani es o deploy he CaaS F amewo k. On he o he hand, i can be done
au oma ically as pa o he CI/CD pipelines.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o Packages om he componen s
o Cho eog aphy code and con igu a ion o he in eg a ion en i onmen
o In as uc u e as code (IaC) o he en i onmen s
• Ou pu s:
o In eg a ion en i onmen
o CaaS F amewo k in he in eg a ion en i onmen .
2.3.4 Tes
The es p ocess co e s se e al ac i i ies, such as he upda e o he candida e p oduc ion
en i onmen based on he de elopmen en i onmen , he c ea ion o he in eg a ion es s, and
he applica ion o he in eg a ion es s o e he candida e p oduc ion en i onmen .
Fi s , he deploymen o he candida e p oduc ion en i onmen is done au oma ically, oge he
wi h he build p ocess, in a CI/CD pipeline. Then, o he c ea ion o he in eg a ion es s, h ee
s eps a e pe o med:
• Fi s , he De Ops eam c ea es he in eg a ion es s ha a e needed o e i y he
unc ionali y o he e idence collec o componen s. These componen s a e no
deployed as pa o he CaaS F amewo k se ices. Ins ead, hey a e deployed on he
esou ces o be ce i ied, in o de o collec e idence o hei compliance. The e o e, we
need his mechanism o be able o e i y he compa ibili y o he collec o s wi h he
CaaS F amewo k.
• Second, he De Ops eam c ea es he in eg a ion es s co e ing he EMERALD
wo k lows, as de ined in D4.2 [20].
• Thi d, he De Ops eam implemen s pe sis ence es s o e i y ha he da a in he CaaS
F amewo k is no los du ing he deploymen o new e sions o he CaaS F amewo k.
Finally, he in eg a ion es s a e o be applied o e he candida e p oduc ion en i onmen . The
De Ops eam p o ides he necessa y esou ces o deploy he candida e p oduc ion
en i onmen and o un he in eg a ion es s. The objec i e o he es s is o p o ide some
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 19 o 54
www.eme ald-he.eu
con idence on he co ec ness o he in eg a ion o he componen s be o e deploying hem in o
he in ended pilo s.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o CaaS F amewo k in he in eg a ion en i onmen
o Lis o collec o componen s and hei usage p ocedu es
o Main wo k lows de ined as pa o he D4.2 [20]
• Ou pu s:
o In eg a ion es s
o In eg a ion es esul s.
2.3.5 Release
Du ing he planned elease miles ones, as well as when o he eleases equi e i , we will c ea e
a o mal elease o he CaaS F amewo k. The e a e wo kinds o eleases:
• Miles ones eleases: These a e planned and will ake place a M18, M30 and M34.
• Mino and ix eleases: These may ake place a any poin based on he e olu ion o he
componen s.
On he planned elease miles ones, he De Ops eam c ea es a elease commi o e he CaaS
F amewo k eposi o y. This commi igge s a Release CI/CD pipeline ha c ea es he candida e
p oduc ion en i onmen and uns he in eg a ion es s o e i . The esul s o he in eg a ion
es s a e used o decide i he elease is success ul o no . The EMERALD p ojec applies seman ic
e sioning [31] o he eleases o he CaaS F amewo k. The planned eleases apply a mayo
upg ade (e.g., 1.0.0 o 2.0.0) o he e sion o he CaaS F amewo k.
O he eleases a e igge ed by he de elopmen eams when hey upda e hei componen s. In
his case, we use an au oma ic app oach o in oduce he new e sion o he componen in he
CaaS F amewo k. The au oma ic app oach is based on he Reno a e ool. This ool scans
pe iodically (e e y week) changes in he images used in he mani es s ha compose he CaaS
F amewo k. When a new e sion o he image is de ec ed, i c ea es a me ge eques wi h he
new e sion o he componen . This me ge eques is au oma ically es ed agains he
in eg a ion es s. I he in eg a ion es s a e success ul, he me ge eques is au oma ically
me ged in o he CaaS F amewo k eposi o y and a pa ch upg ade (e.g., 1.0.0 o 1.0.1) is
applied o he e sion o he CaaS F amewo k.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o Release eques
o In eg a ion es s
• Ou pu s:
o In eg a ion es esul s
o CaaS F amewo k o mal elease.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 20 o 54
www.eme ald-he.eu
2.3.6 Deploy
This p ocess deploys he o mal elease o he CaaS F amewo k in he p oduc ion en i onmen s.
We suppo wo ypes o deploymen :
• SaaS (So wa e as a Se ice): The CaaS F amewo k is deployed in he EMERALD
in as uc u e and he pilo s consume i as a se ice. In his case, he deploymen is done
au oma ically as pa o he Release CI/CD pipeline.
• On-p emises: The CaaS F amewo k is deployed in a pilo in as uc u e and he pilo
consumes i as an on-p emises con igu a ion. In his case, he deploymen is done
manually.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o CaaS F amewo k o mal elease
• Ou pu s:
o P oduc ion en i onmen as SaaS
o Pilo en i onmen s, i equi ed.
2.3.7 Ope a e
Besides he egula ope a ion ac i i ies ha a e pe o med in he p oduc ion en i onmen , as
o example:
• Capaci y managemen
• Pe o mance managemen
• A ailabili y managemen
• Inciden managemen
• Backup managemen
We also include in his s age he alida ion p ocess, which is no pe o med by he De Ops eam,
bu by he pilo s and he de elopmen eams. Please no e ha he De Ops eam is esponsible
o he alida ion o he CaaS F amewo k.
Two main aspec s a e co e ed in he Ope a e p ocess:
• Ga he ing he eedback om he pilo s and he de elopmen eams.
• P ocessing he eedback o imp o e he CaaS F amewo k.
Feedback is ga he ed h ough he EMERALD p ojec communica ion channels. Mainly he
pe iodic mee ings wi h he de elopmen eams and he pilo s, and he messaging channels (e.g.,
Teams). Feedback is p ocessed by he De Ops eam and he de elopmen eams and
ans o med in o pending asks in he backlog o he De Ops eam. These asks a e p io i ised
and a gi en poin s hey become in o issues in he Gi Lab eposi o y. The issues a e hen planned
in he nex i e a ion o he De Ops by he de elopmen eams.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o Tagged CaaS F amewo k in he p oduc ion en i onmen (and pilo
en i onmen s, i equi ed)
• Ou pu s:
o Feedback om pilo s’ alida ion.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 21 o 54
www.eme ald-he.eu
2.3.8 Moni o
The moni o ing o he in eg a ion en i onmen is adap ed in his s age o co e he p oduc ion
and pilo s’ en i onmen s. Based on he eedback om he pilo s’ moni o ing, mechanisms a e
c ea ed o check he beha iou o he amewo k in he long e m.
The inpu s and ou pu s o his p ocess can be summa ised as:
• Inpu s:
o Tagged CaaS F amewo k in he p oduc ion and pilo en i onmen s, i equi ed
• Ou pu s:
o Moni o ing p ocedu es
o Moni o ing esul s.
2.4 Li ecycle
The e a e se e al applicable li ecycles in so wa e de elopmen [22], [23], bu conside ing he
ollowing cha ac e is ics o he EMERALD p ojec :
• The e a e di e en componen s wi h di e en se o equi emen , di e en eams, and
di e en agendas.
• The e a e ixed miles ones (see APPENDIX B: P ojec Miles ones om he DoA) a p ojec
le el ha should be achie ed.
We decided o apply an i e a i e p ocess, as s a ed in he De Ops li ecycle (see Figu e 1). The
De Ops i e a ions a e con inuous and a e pe o med whene e he De Ops eam ecei es
in eg a ion and elease eques s om he de elopmen eams. Besides hose eques s, he
De Ops eam also pe o ms i e a ions e e y wo weeks, ocussing on he en i onmen ’s se up,
in eg a ion es s, moni o ing mechanisms, and moni o ing esul s.
We use h ee mechanisms o documen he asks o be pe o med (e.g., implemen moni o ing
se ice in k8s ) in he con ex o he De Ops ac i i ies: asks, issues, and me ge eques s.
• Tasks a e used in he con ex o he pe iodic mee ings wi h he de elopmen eams and
he pilo s o documen he asks ha a e going o be pe o med in he nex i e a ion.
They a e also used o documen he asks ha will be pe o med a e wa ds, his is wha
we call he backlog o asks.
• Issues
6
a e used as he p ima y mechanism o documen ing asks ha in ol e some
e o on he pa o he De Ops eam. E e y ask is documen ed in an issue inside he
a ec ed epos unde he De Ops g oup in he p ojec Gi Lab eposi o y (see Figu e 2).
• Me ge eques s
7
a e used change he code in o de o suppo he comple ion o he
issues c ea ed (see Figu e 3).
6
h ps://docs.gi lab.com/ee/use /p ojec /issues/
7
h ps://docs.gi lab.com/ee/use /p ojec /me ge_ eques s/

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 22 o 54
www.eme ald-he.eu
Figu e 2. Lis o Issues ela ed o Concep & Me hodology in EMERALD
In he case o issues and me ge eques s, hey mus be ela ed wi h some equi emen (s) in
o de o keep ack o i s implemen a ion in he De Ops ac i i ies. Issues a e linked wi h he
equi emen s using he “linked equi emen s” mechanism p o ided by Gi Lab. In he case o
me ge eques s, i hey ha e no been c ea ed om an issue, hey will be ela ed wi h an issue
in he desc ip ion and ha issue will be ela ed wi h some equi emen (s).
Figu e 3. A Me ge Reques ela ed o Concep & Me hodology in EMERALD
Tasks a e managed in an agile app oach, wi h some lexibili y. Fo example, i he e is an u gen
need o quickly upda e componen s a he eques o he de elopmen eams hey will be done
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 23 o 54
www.eme ald-he.eu
di ec ly. Regula asks en e he De Ops li ecycle as eques s in he ask backlog (i.e., as issues
in he De Ops eposi o y).
A he end o each i e a ion (i.e., bi-weekly), we pe o m an in e nal mee ing in WP1 o:
• Re iew he s a us o comple ion o he asks wo ked ou du ing he i e a ion.
• Choose he new se o asks o be ca ied ou du ing he nex i e a ion.
The s a us o he De Ops asks is isible a he De Ops g oup le el in Gi Lab and is eco ded in
he minu es o he pe iodic WP1 mee ings wi h he de elopmen eams and he pilo s.
The execu ion o each ask may in ol e one o mo e planned p ocesses (excep o he
moni o ing p ocess ha is au oma ed and con inuous), such as Code, Build, Tes , Release,
Deploy, and Ope a e. These p ocesses a e no expec ed o be ca ied ou in e e y ask, i.e.,
depending on he na u e o he ask, i may in ol e all o some o hem, and he e o in each
ask a ies.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 24 o 54
www.eme ald-he.eu
3 CI/CD S a egy
This sec ion p o ides de ails on he s a egies and echnical app oach applied du ing he
de elopmen o he i s e sion o he CaaS F amewo k. Besides, we also ou line some
s a egies ha will be ma u ed du ing he nex s ages o he p ojec , such as hose ha will
suppo he upcoming eleases o he CaaS F amewo k, as well as he deploymen o he CaaS
F amewo k in he pilo s. The sec ion is di ided in o wo main pa s: CI S a egy and CD S a egy.
The desc ip ion con ains much in o ma ion in common wi h D1.5 [1] wi h he inal aim o
p o iding a sel -con ained sec ion ha acili a es he eade 's unde s anding.
3.1 CI S a egy
Fo he in eg a ion o he ou comes o he de elopmen eams in he CaaS F amewo k, we ha e
applied he ollowing echnological app oaches:
• Componen s packaged as con aine s
• En i onmen de ined wi h In as uc u e as Code (IaC)
• In eg a ion guidelines
• CI/CD Componen s
• Componen based Kus omize
• Manual deploymen suppo
• Ranche o debugging suppo
• Local en i onmen o es ing
• P og essi e e i ica ion
• In eg a ion au oma ion.
3.1.1 Con aine -based
Con aine echnology has p o ed o be a e y good app oach o agg ega e componen s om
di e en eams. Besides, i used app op ia ely, i also p o ides de ac o scalabili y and esilience
when we use con aine o ches a ion echnologies, such as Kube ne es
8
o Docke Swa m
9
. In
addi ion, he usage o he con aine echnology p omo es decoupling om he a chi ec u e
which p o ides some bene i s o e monoli hic a chi ec u es [24], [25].
EMERALD p io i ises con aine images as he de aul packaging echnology o i s componen s.
In case some componen s canno be deployed as con aine s, IaC and se ice app oaches a e
p io i ized as backup s a egies.
As a con aine echnology, we ha e used he Docke ecosys em o build and sha e images. Fo
image building we suppo bo h Docke and Docke Compose. A componen o he EMERALD
a chi ec u e may include one o mo e docke iles
10
o build he images ha a e used o deploy
he CaaS F amewo k. In some cases, he building p ocess may equi e some o ches a ion. In
hose cases, Docke Compose o Cus om Sc ip ing is used as well.
To suppo bo h scena ios as pa o he De Ops ac i i ies, we ha e p o ided esou ces and
suppo o he au oma ion o building such images. We ha e used di e en echnologies
including:
• Docke sha ed unne s ha suppo Docke in Docke (dind)
11
echnology
8
h ps://kube ne es.io/
9
h ps://docs.docke .com/engine/swa m/
10
h ps://docs.docke .com/build/concep s/docke ile/
11
h ps://www.docke .com/ esou ces/docke -in-docke -con aine ized-ci-wo k lows-docke con-2023/
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 25 o 54
www.eme ald-he.eu
• Kube ne es g oup unne s
• Docke machine sha ed unne s ha suppo dind echnology
As an IaC echnology, OpenTo u
12
and Ansible
13
ha e been a ou ed, since bo h echnologies a e
open-sou ce and acili a e knowledge sha ing and la e dis ibu ion o he esou ces.
Finally, in case he e a e some componen s ha canno be physically deployed in p oduc ion
and mus be consumed as a se ice, he OpenAPI
14
Speci ica ion is p omo ed.
Rega ding he s a egy wi h espec o he packaging on behal o he De Ops eam, i is planned
o wo k as ollows:
• P o ide example packaging app oaches s a ing om a Docke o a Docke Compose
speci ica ion. These examples a e speci ic o he Gi Lab amewo k used in he EMERALD
p ojec and include:
o .gi lab-ci.yml o Docke and gi lab-ci.yml o Docke Compose.
o Example o a docke ile.
o Example o a docke compose ile.
o Readme ile wi h indica ions on how o in eg a e he componen .
• Each example includes guides on how o in eg a e i on he componen s ha a e s o ed
in he Gi Lab amewo k used in he EMERALD p ojec .
• When necessa y, WP1 has p o ided suppo in he in eg a ion o he gi lab-ci, and in he
de elopmen o Docke and Docke Compose. This has been managed h ough a me ge
eques om he in e es ed pa y, which has been documen ed in an issue ela ed o a
p ojec equi emen .
3.1.2 En i onmen s wi h IaC
The en i onmen s ha suppo he CaaS F amewo k in eg a ion and alida ion we e de eloped
ollowing an IaC app oach wi h s a e o he p ac ice open-sou ce ools.
The in eg a ion en i onmen has been de eloped ollowing his app oach. Fo ha , a p ojec
has been c ea ed in he p i a e Gi Lab o EMERALD (eme ald/p i a e/de ops/open o u-
k8s ). This p ojec c ea es a h ee-node Kube ne es clus e o e Sphe e pla o m and includes
ins uc ions o eplica e he deploymen on ano he Sphe e pla o m i necessa y. In addi ion,
i uses a eusable se o Ansible playbooks o con igu e he EMERALD Kube ne es ha ha e been
applied in his case and could also be applied on o he nodes wi h li le o no cus omiza ion.
The IaC is con igu able h ough he modi ica ion o wo empla ed yaml iles:
• Base OpenTo u hos s: (/blob/mas e /base_open o u_hos s.yaml.e b), ha
con ols he ini ial c ea ion o he i ual machines and hei con igu a ion by Ansible.
• Ansible hos : (/blob/mas e /Ansible_hos s.yaml.e b), ha con igu es he
machines using some Ansible-playbooks.
The same app oach was ollowed o he ins an ia ion o o he en i onmen and esou ces, so
ha we can eplica e hem in case we need o do so in la e s ages o he p ojec .
Wi h he p ojec al eady s a ed (M7), he in eg a ion en i onmen was mo ed om Sphe e o
OpenS ack. In his mig a ion we o ked he IaC (eme ald/p i a e/de ops/open o u-k8s )
in o a new p ojec (eme ald/p i a e/de ops/open o u-k8so). In his p ojec we added he
12
h ps://open o u.o g/
13
h ps://docs.ansible.com/
14
h ps://www.openapis.o g/
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 32 o 54
www.eme ald-he.eu
• Execu e a command in o he componen (kubec l exec)
• Check he RCM API in e nally (cu l). To do so we c ea e a empo al componen in
Kube ne es o check access o se ices om inside he clus e (kubec l un -- m)
3.1.7 Ranche o debugging suppo
Besides he manual deploymen suppo , we also p o ide a Ranche -based web in e ace o
manage he Kube ne es clus e . This is con enien o many easons:
• P o ides a use managemen in e ace
• Allows o quickly check he s a us o he deploymen s
• P o ides a as way o check he logs o he pods
Use managemen is necessa y in EMERALD because we y o simula e a ealis ic deploymen
scena io, and i is no ealis ic o ha e an admin access when deploying he CaaS F amewo k in
he pilo s. The Ranche use managemen has been used o c ea e a highly cons ain eme ald-
de elope use , which has only w i e-access on he eme ald-de p ojec and ead-access o he
Keycloak p ojec o debugging pu poses.
Besides, i is also e y use ul o ha e quick access o moni o ing and debugging ools. I is e y
common in he De Ops eam o be inqui ed abou he s a us o some aspec o he CaaS
F amewo k (e.g., he s a us o a componen , he s a us o a deploymen , o he s a us o a pod).
Ini ia ing he de elope CLI equi es ime and some imes i may be mo e complex han expec ed.
In hese cases, he Ranche in e ace p o ides a quick access o his in o ma ion. The only hings
equi ed a e he URL o he Ranche in e ace (h ps://k8so.eme ald.digi al. ecnalia.de /) and
he use c eden ials.
3.1.8 Local en i onmen o es ing
A pa ial local en i onmen based on Docke Compose has been c ea ed. This en i onmen is
no in ended o be used in p oduc ion, bu i is use ul o some de elopmen and debugging
si ua ions. I p o ides a as e mechanism o es in e ac ion be ween componen s. This local
en i onmen has been used in wo si ua ions:
• To unde s and he con igu a ion o he consul se ice equi ed by he RCM componen .
• To unde s and he con igu a ion o Keycloak o se e al componen s.
The RCM local es equi es se e al side-se ices o be able o un (i.e., a da abase and a consul
se ice). These se ices equi e some ini ial con igu a ion ha mus ake place be o e he RCM
modules a e s a ed. In his si ua ion, he local en i onmen was used o unde s and, sequence
and es ha con igu a ion. Besides, he en i onmen has shown o be use ul no only o
unde s and how o con igu e hem bu also o deploy hem locally. Cu en ly he RCM
de elope s use he local en i onmen when hey de elop he RCM componen .
On he o he hand, one o he challenges o he De Ops eam is o unde s and he con igu a ion
o he Keycloak se ice equi ed by he EMERALD componen s. One o he lessons lea n om
p e ious p ojec s was ha Keycloak con igu a ions mus be s o ed unde e sion con ol. This
enables o con igu e he Keycloak se ice be o e he EMERALD componen s a e s a ed. The
local en i onmen was used o unde s and, sequence and es ha con igu a ion.
3.1.9 P og essi e Ve i ica ion
The e i ica ion o he added and upda ed componen s o he CaaS F amewo k is an impo an
aspec o ensu e he secu e e olu ion o he pla o m du ing he p ojec . The e i ica ion is
co e ed by a se o in eg a ion es s ha a e being au oma ed.

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 33 o 54
www.eme ald-he.eu
Ve i ica ion ac i i ies ocus on mul iple aspec s:
• Es ablish he means o check he heal h o he componen s
• Ve i y he compa ibili y o he e idence collec o componen s
• De ine mo e complex in eg a ion es s based on EMERALD wo k lows
In he i s s age o he p ojec , as componen s a e added, p ocedu es should be implemen ed
o check hei heal h. These mechanisms a e used du ing he in eg a ion es s o be pe o med
a e he upda e o each componen , as well as du ing con inuous moni o ing.
As he p ojec ad ances, addi ional in eg a ion es s a e added, based on eques s om he
de elope s and eedback om he pilo s.
The s a egy in EMERALD is o documen e i ica ion- ocused ac i i ies as issues linked o he
equi emen s. Implemen ing means o check he heal h o a componen may equi e
implemen ing pa s in he cho eog aphy and pa s in he componen i sel . Mo e complex
in eg a ion may equi e implemen ing speci ic componen s o gene a e he ac i i y equi ed o
e i y such complex in eg a ion scena ios.
3.1.10 Au oma ion
De Ops ac i i ies ocus on he au oma ion o all he ac i i ies ela ed o he e alua ion o
componen s as hey a e upda ed by he de elope s. The main ocuses o au oma ion a e:
• Upda e he in eg a ion pla o m as he de elope s upda e he componen s.
• Run he in eg a ion es as he pla o m is upda ed.
• Upda e he moni o ing mechanism o measu e he heal h o he CaaS F amewo k in
he long e m.
The s a egy is o use Gi Lab Agen
21
o Kube ne es, implemen ed in he De Ops eposi o y
inside he Gi Lab eposi o y o EMERALD (eme ald/p i a e/de ops/gi lab-agen -k8so). I
moni o s he CaaS F amewo k eposi o y, and e e y change de ec ed he e is ansla ed in o
he aimed en i onmen s, which allows o deploy new componen e sions di ec ly, wi hou
in eg a ion es ing. This is done o speed up he eedback o he de elopmen eam. In eg a ion
es s a e s a ed a a la e s age, using a Gi Lab unne .
The moni o ing mechanism is upda ed ollowing he same app oach as he CaaS F amewo k,
i.e., we use he Gi Lab Agen o Kube ne es o his pu pose as well.
3.2 CD S a egy
Fo he deploymen o he CaaS F amewo k o be e alua ed by he p ojec and he pilo s, he
ollowing echnological app oaches a e applied:
• Releases
• Public Asse s Release
• Keycloak Con igu a ion
• Demo pilo
• Documen a ion
• En i onmen de ined wi h IaC
• Deploymen au oma ion
21
h ps://docs.gi lab.com/use /clus e s/agen /ins all/
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 34 o 54
www.eme ald-he.eu
3.2.1 Releases
The p ojec ollows a e sioning sys em wi h h ee mayo eleases:
• 1.0.0 - Fi s elease o he EMERALD componen s in mon h 18
• 2.0.0 - Second elease o EMERALD componen s in mon h 30
• 3.0.0 - Final elease o EMERALD in eg a ed audi sui e in mon h 34
Addi ional eleases a e expec ed be ween hose mayo eleases, as he p ojec ad ances and
he CaaS F amewo k is alida ed. Ve sions 1.x.x ha e been c ea ed du ing he i s i e a ions o
he p ojec be o e he mon h 12. Ve sions 3.x.x a e also expec ed based on he eedback o he
las alida ion ac i i ies.
The s a egy o he eleases s a s wi h a pe i ion om an EMERALD pa ne (see Figu e 4).
Basically, he elease consis s o mo ing he con en om he in eg a ion b anch o he
p oduc ion b anch. To pe o m his p ocess an issue is c ea ed desc ibing he eques and he
pu pose. F om ha issue a new d a me ge eques is c ea ed o e he p oduc ion b anch. Tha
c ea es a new wo king b anch, whe e we mo e he in eg a ion e sion ha we wan o mo e o
p oduc ion. The in eg a ion e sion o be deployed should ha e been success ully e i ied wi h
he in eg a ion es s, o he wise we no i y he isk be o e p oceeding. A e ha , we change he
d a s a us on he me ge eques , which enables he me ge ac ion o e he p oduc ion b anch.
We pe o m he me ging ha upda es he p oduc ion e sion. Finally, we communica e he
change o he EMERALD p ojec .
Figu e 4. A Me ge Reques mechanism o p oduce a new elease in EMERALD
3.2.2 Public Asse s Release
Fo he public elease o he CaaS F amewo k (h ps://gi .code. ecnalia.de /eme ald/public), we
ha e de ined he ollowing s a egy:
• A common s uc u e o he componen s has been de ined ha is eplica ed in he
p i a e and public eposi o ies.
• An au oma ed p ocedu e has been implemen ed o p omo e he componen s om he
p i a e o he public eposi o y.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 35 o 54
www.eme ald-he.eu
• The CaaS F amewo k is loca ed a he oo o he public eposi o y.
• A desc ip ion o he public eposi o y is included a he op o he public eposi o y.
3.2.3 Keycloak con igu a ion
The s a egy wi h ega ds o he iden i y and access managemen is o assume i as an ex e nal
se ice. We ollow his app oach because, in a eal deploymen , we could be acing a si ua ion
in which we a e eques ed o use an exis ing iden i y and access managemen se ice in which
we may no ha e adminis a ion igh s.
So, he s a egy o he Keycloak con igu a ion managemen is educing he adminis a ion
equi emen s o he minimum. In his case, we will assume ha in o de o deploy he EMERALD
CaaS amewo k we will only equi e a p e-exis ing ealm and a use wi h igh s o con igu e ha
ealm.
Using ha use , du ing he s a up o he EMERALD amewo k, we upload he con igu a ion o
each componen o he Keycloak se ice. This is done h ough a Keycloak loading job in each o
he componen s. This suppo s he ollowing objec i es:
• Reduce he con igu a ion equi emen s o he minimum.
• Allow he componen s o be deployed in a p e-exis ing Keycloak se ice.
• Facili a e he e olu ion o he Keycloak con igu a ion o he componen s in an isola ed
way.
3.2.4 Demo pilo
One o he main goals o he EMERALD me hodology, apa om he c ea ion o he CaaS
F amewo k, is o acili a e he alida ion o he CaaS F amewo k in he pilo s. Wi h he pu pose
o checking he deploymen o a Demo pilo and i s upda e, a sepa a e demo en i onmen will
be c ea ed. So, we will c ea e a eposi o y o he demo pilo (eme ald/p i a e/de ops/demo)
ha will con ain he necessa y elemen s o deploymen :
• Con igu a ion iles o he demo pilo
• Sec e s o he demo pilo
• Keycloak deploymen o he demo pilo
• CaaS F amewo k deploymen o he demo pilo .
3.2.5 Documen a ion
The documen a ion ega ding he CaaS F amewo k is gene a ed as pa o he deploymen o
p oduc ion. So, he ocus o he documen a ion is on he deploymen and con igu a ion o he
pilo s.
We p o ide he ins alla ion and con igu a ion ins uc ions o he CaaS F amewo k in he
README.md ile o he public eposi o y, which includes in o ma ion abou :
• Ini ial deploymen o he CaaS F amewo k. Including de ails on how o con igu e he
CaaS F amewo k o adjus o he speci ic needs o he pilo s
• Upda e o he CaaS F amewo k
• In o ma ion abou he eedback channels
• In o ma ion abou he con ibu ion mechanisms
• In o ma ion abou he p ojec oadmap
• Gene al in o ma ion abou Au ho s, Acknowledgmen and License
• In o ma ion abou he p ojec s a us
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 36 o 54
www.eme ald-he.eu
Mo e con en s will be added o he documen a ion in case i is necessa y, o example o explain
he usage o he e idence collec o componen s in he pilo s.
Cu en ly he documen a ion is a ailable in he public eposi o y o he EMERALD p ojec
(h ps://gi .code. ecnalia.de /eme ald/public/caas- amewo k).The documen a ion is included
in he README.md ile o he public eposi o y.
O he documen a ion mechanisms may be added in he u u e o complemen he ins alla ion
and con igu a ion in o ma ion, such as he in o ma ion gene a ed using he pages ea u e o
Gi Lab
22
.
3.2.6 En i onmen s wi h IaC
The p oduc ion en i onmen is deployed using IaC, wi h he same app oach used o he
in eg a ion en i onmen . Besides, he De Ops eam will suppo he gene a ion o addi ional
en i onmen s, i needed. Fo example, en i onmen s on pilo s’ p emises due o p i acy o legal
es ic ions.
The s a egy o he p oduc ion en i onmen IaC is simila o he s a egy wi h he in eg a ion
IaC. Tha is, as any o he ac i i y in he De Ops eam, i is documen ed in an issue ela ed o an
EMERALD p ojec equi emen and implemen ed h ough a me ge eques .
3.2.7 Au oma ion
The De Ops s a egy wo ks owa ds he au oma ion o all ac i i ies ela ed o he c ea ion o
eleases and hei deploymen in he p oduc ion en i onmen . The main aspec s o au oma ion
a e ocused on:
• Deploying speci ic eleases o speci ic en i onmen s.
• Upda ing he moni o ing mechanism o measu e he long- e m heal h o he CaaS
F amewo k.
The au oma ion s a egy du ing deploymen is simila o ha o in eg a ion. We use Gi Lab
Agen o Kube ne es o ansla e new eleases on he p oduc ion en i onmen . Fo he pilo
en i onmen s, we lea e i up o he pilo owne s o decide he p ocedu e o upda ing hei
espec i e en i onmen s.
22
h ps://docs.gi lab.com/use /p ojec /pages/
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 37 o 54
www.eme ald-he.eu
4 Conclusions
This documen is he second and inal e sion o he De Ops app oach o EMERALD, whe e we
ha e le e aged he baselines o he De Ops s a egy p esen ed in he p e ious e sion a yea
ago. In a yea ’s ime, we ha e pu in p ac ice he ini ial ideas o elease he i s e sion o he
CaaS F amewo k, lea n some lessons and u he de elop he in eg a ion app oach. The esul
o his p ocess is his upda ed e sion o he epo , con aining a de ailed desc ip ion o he
CI/CD p ocess implemen ed.
The main guiding p inciple o his e sion is o p o ide he elemen s ha help in he suppo o
he ansi ion o he EMERALD CaaS F amewo k o he pilo s. This suppo will aim no only he
ini ial deploymen o he CaaS F amewo k, bu also he e olu ion o he CaaS F amewo k du ing
he p ojec .
The me hodology used cus omizes he commonly used De Ops li ecycle o he cha ac e is ics
and cons ains o he EMERALD p ojec . This li ecycle consis s o he ollowing s eps: Plan, Code,
Build, Tes , Release, Deploy, Ope a e, and Moni o . The goals o he de ined me hodology a e
o be elease-based, manage eedback, manage componen s, keep aceabili y, manage he
en i onmen s, and in eg a e as soon as possible. In his line, we ha e p esen ed he main
cus omised p ocesses, as well as a ailo ed app oach o i e a e, so ha we p io i ise speed o
in eg a ion o e o he elemen s.
In he CI/CD s a egy pa , we ha e desc ibed he echnical app oaches ha we will implemen
o suppo he EMERALD p ojec needs. In his sense, we will le e age some echnologies and
s a e o he p ac ice De Ops esou ces, such as:
• Con igu a ion managemen wi h IaC
• Gi Lab ea u es wi h espec o:
o Issues
o Gi wo k lows (b anches and me ge eques s)
o Au oma ion wi h Gi Lab CI/CD Componen s
o Documen a ion
• Releases wi h con aine s
• Con aine o ches a ion echnologies
I is likely ha du ing he cou se o he p ojec some changes will be made o he De Ops
me hodology and he CI/CD S a egy, howe e he undamen al p ocesses ha e al eady been
de ined in his deli e able and a e in ope a ion.

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 38 o 54
www.eme ald-he.eu
5 Re e ences
[1]
EMERALD Conso ium, “D1.5 De Ops me hodology and CI/CD s a egy o EMERALD- 1,”
2024.
[2]
EMERALD Conso ium, “Home page,” [Online]. A ailable: h ps://www.eme ald-he.eu/.
[Accessed Ap il 2025].
[3]
EMERALD Conso ium, “EMERALD - Annex 1 - Desc ip ion o Ac ion - GA 101120688,”
2022.
[4]
ISO, “ISO 16290:2013, Space sys ems — De ini ion o he Technology Readiness Le els
(TRLs) and hei c i e ia o assessmen ,” 2013.
[5]
EMERALD Conso ium, “D1.3 EMERALD solu ion a chi ec u e- 1,” 2024.
[6]
EMERALD Conso ium, “D1.4 EMERALD solu ion a chi ec u e - V2,” 2025.
[7]
CMMI De , “CMMI o De elopmen , Ve sion 1.3,” So wa e Enginee ing Ins i u e (SEI),
Ed., 2010.
[8]
In e na ional O ganisa ion o S anda diza ion (ISO/IEC), “ISO/IEC 15504-1:2004
In o ma ion Technology – P ocess Assessmen – Pa 1: Concep s and Vocabula y,” 2004.
[9]
AXELOS, “ITIL Founda ion,” S a ione y O ice Books, No wich, England, 2019.
[10]
J. A. V. M. K. Jayakody and a. W. M. J. I. Wijayanayake, “P ocess Imp o emen F amewo k
o De Ops Adop ion in So wa e De elopmen ,” in 2023 In e na ional Resea ch
Con e ence on Sma Compu ing and Sys ems Enginee ing (SCSE), IEEE, Jun. 2023. doi:
10.1109/scse59836.2023.10214992, 2023.
[11]
I. Bucena and M. Ki iko a, “Simpli ying he De Ops Adop ion P ocess,” in BIR Wo kshops,
pp. 1–15, 2017.
[12]
R. d. Feij e , “Towa ds he adop ion o De Ops in so wa e p oduc o ganiza ions: A
Ma u i y Model App oach,” Mas e ’s Thesis, 2017.
[13]
S. Badshah, A. A. Khan and B. Khan, “Towa ds P ocess Imp o emen in De Ops: A
Sys ema ic Li e a u e Re iew’,” in P oceedings o he E alua ion and Assessmen in
So wa e Enginee ing, EASE ’20. ACM, Ap . 2020. doi: 10.1145/3383219.3383280.
[14]
R. Ama o, R. Pe ei a and M. M. da Sil a, “Capabili ies and P ac ices in De Ops: A Mul i ocal
Li e a u e Re iew,” in IEEE T ans. So w. Eng., ol. 49, no. 2, pp. 883–901, Feb. 2023, doi:
10.1109/ se.2022.3166626.
[15]
M. Gaspa ai ė and S. Ragaišis, “Compa ison o de ops ma u i y models,” in IVUS 2019.
P oceedings o he In e na ional Con e ence on In o ma ion Technologies Kaunas,
Li huania, Ap il 25, 2019, CEUR-WS. o g, 2019, pp. 65–69.
[16]
R. T. Ya lagadda, “De Ops and i s p ac ices,” in In . J. C ea . Res. Though s IJCRT ISSN, pp.
2320–2882, 2021.
[17]
A. Colan oni, L. Be a dinelli and M. Wimme , “De opsML: Towa ds modeling de ops
p ocesses and pla o ms,” in P oceedings o he 23 d ACM/IEEE In e na ional Con e ence
on Model D i en Enginee ing Languages and Sys ems: Companion P oceedings, pp. 1–1,
2020.
[18]
R. Ama o, R. Pe ei a and M. M. da Sil a, “De Ops Me ics and KPIs: A Mul i ocal Li e a u e
Re iew,” in ACM Compu . Su ., Ma . 2024, doi: 10.1145/3652508.
[19]
A. V. Jha e al., “F om heo y o p ac ice: Unde s anding De Ops cul u e and mindse ,” in
Cogen Eng., ol. 10, no. 1, p. 2251758, 2023.
[20]
H. R. Kadaska , “Unleashing he Powe o De ops in So wa e De elopmen ,” in In . J. Sci.
Res. Mod. Sci. Technol., ol. 3, no. 3, pp. 01–07, 2024.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 39 o 54
www.eme ald-he.eu
[21]
Wikipedia, “De Ops oolchain,” 20 Jan 2024. [Online]. A ailable:
h ps://en.wikipedia.o g/w/index.php? i le=De Ops_ oolchain&oldid=1197449470.
[Accessed Ap 2025].
[22]
A. M. Da is, E. H. Be so and a. E. R. Come , “A s a egy o compa ing al e na i e so wa e
de elopmen li e cycle models,” in IEEE T ans. So w. Eng., ol. 14, no. 10, pp. 1453–1461,
doi: 10.1109/32.6190, 1988.
[23]
A. Mish a and D. Dubey, “A compa a i e s udy o di e en so wa e de elopmen li e cycle
models in di e en scena ios,” in In . J. Ad . Res. Compu . Sci. Manag. S ud., ol. 1, no. 5,
2013.
[24]
M. Kalske and o he s, “T ans o ming monoli hic a chi ec u e owa ds mic ose ice
a chi ec u e,” Uni . Hels., 2017.
[25]
J.-P. Gouigoux and D. Tamzali , “F om Monoli h o Mic ose ices: Lessons Lea ned on an
Indus ial Mig a ion o a Web O ien ed A chi ec u e,” in 2017 IEEE In e na ional
Con e ence on So wa e A chi ec u e Wo kshops (ICSAW), Go henbu g, F ance: IEEE, Ap .
2.
[26]
EMERALD Conso ium, “D7.1 P ojec Manual and Quali y Plan,” 2024.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 40 o 54
www.eme ald-he.eu
APPENDIX A: P ojec Risks and impac in he De Ops Me hodology
This sec ion makes an analysis o some o he isks de ined in he p ojec – ini ially om he DoA
[3] and hen ex ended in D7.1 [26] - and he impac ha he De Ops Me hodology can ha e o
mi iga e hem. I is impo an o no e ha hese can e ol e as pa o he EMERALD Task 7.2
Quali y Assu ance & Risk Managemen .
Table 2. Risk and mi iga ion lis
Risk n.
Desc ip ion
P oposed Mi iga ion Measu es
1
EUCS is no eady un il 2026.
No ele an .
2
Incompa ibili y be ween OSCAL and
EMERALD (da a impo /expo ,
modelling o secu i y schemes).
No ele an .
3
Use s expe ience low usabili y.
WP4 will wo k in he UI/UX concep . The
me hodology con ains ac i i ies o manage
eedback om pilo s.
4
EMERALD componen s a e no able
o be ully in eg a ed.
The me hodology should con ol which
componen s a e in eg a ed and which
componen s a e no in eg a ed.
5
Da a se no su icien o eaching
TRL7 on he e idence collec o
componen s.
No ele an . I should be con olled by he
alida ion ac i i ies as pa o o he wo k
packages.
6
The implemen a ion does no co e
all he use cases.
The me hodology deploymen ac i i ies
should keep ack o he use cases
in ol ed.
7
Unde es ima ion o e o needed o
comple e ac i i ies.
The me hodological app oach p omo es
sho cycles ha will help o iden i y hose
si ua ions as e . Besides, sho cycles will
ocus on ha ing unning e sions, and
clea e iew o wha is missing.
8
Technology changes equi e
signi ican edesign o he EMERALD
a chi ec u e.
In eg a ion es s will help o e i y he
edesigned elemen s. This will speed up
he e i ica ion o e ac o ed componen s
as hey a e changed o he new
a chi ec u e.
9
A pa ne ails o mee he
obliga ions and becomes non-
pe o ming o e en de aul ing.
The me hodological app oach should
p omo e mul iple e sions o ha e pa ial
e sions (ins ead o no e sions) in ha
case.
10
Pa ne he e ogenei y:
The di e en o ganiza ional and
na ional cul u es cause collabo a ion
p oblems o con lic s in he p ojec
conso ium
The me hodology has been de ined a he
beginning o he p ojec , and he cla i y o
he p ocess pa es he way o an easie
collabo a ion.
13
P ojec execu ion isks:
a) key miles ones a e delayed
b) c i ical deli e ables a e delayed
The De Ops me hodology, b inging
oge he he wo k o de elope s,
in eg a o s and inal use s, helps o
mi iga e he possible delays.
14
P ojec key echnologies,
de elopmen isks:
The De Ops Me hodology can be easily
adap ed o co e o he de elopmen
languages o echnologies.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 41 o 54
www.eme ald-he.eu
a) Key echnologies o componen s
a e no a ailable a he expec ed
ime
b) de elopmen akes longe han
expec ed
c) w ong echnology base is
selec ed
d) lacking consensus on he
echnological app oach be ween
scien i ic pa ne s
The De Ops Me hodology au oma es he
in eg a ion o he sou ce code, and hus
can speed up he deploymen o delayed
eleases o make hem a ailable o he
Use Cases.
15
Use case implemen a ion is poo
The De Ops Me hodology will p oduce
h ee eleases, as de ined in he p ojec
plan, and he successi e eedback can help
making a be e inal implemen a ion.
Also, he IaC app oach o he De Ops
Me hodology is a mi iga ion measu e.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 48 o 54
www.eme ald-he.eu
name: cm- on end
op ions:
disableNameSu ixHash: ue
- en s:
- ./.sec e s/ cm_con e e
name: cm-con e e
op ions:
disableNameSu ixHash: ue
esou ces:
- ./01-consul-se ice.yaml
- ./02-consul-deploymen .yaml
- ./03-consul-ing ess.yaml
- ./04-consul-con ig-loade -deploymen .yaml
- ./05-ma iadb-se ice.yaml
- ./06-ma iadb-pe sis ance- olume-claim.yaml
- ./07-ma iadb-deploymen .yaml
- ./08-admine -se ice.yaml
- ./09-admine -deploymen .yaml
- ./10-admine -ing ess.yaml
- ./11-ma iadb-se up-dbs-job.yaml
- ./12-backend-se ice.yaml
- ./13-backend-deploymen .yaml
- ./14- on end-se ice.yaml
- ./15- on end-deploymen .yaml
- ./16- on end-ing ess.yaml
- ./17-con e e -se ice.yaml
- ./18-con e e -deploymen .yaml
- ./19-ma iadb-se up-db-job.yaml
componen s:
- pa ches/keycloak-loade
Lis ing 9. Kus omize RCM componen
In his Kus omize code we can see some o he common Kus omize elemen s used:
• con igMapGene a o : o load iles as con igmaps
• sec e Gene a o : o load sec e s o di e en ypes
• esou ces: o add he mani es s ha decla e he olume claims, se ices, deploymen s,
ing esses, e c. o be c ea ed in Kube ne es
• componen s: o add o he componen s
C.4 – Docke compose app oach
In his sec ion we p esen he s uc u e o he local de elopmen amewo k used o he
in e nal es based on Docke Compose. Figu e 8 p esen s he s uc u e o his amewo k.

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 49 o 54
www.eme ald-he.eu
Figu e 8. Docke Compose amewo k
The mos ema kable elemen s in his s uc u e a e:
• componen s: In he gi olde we include he p ojec s o he di e en EMERALD
componen s such as RCM. They a e linked using he gi submodule app oach.
• da a: In he da a olde we poin o he CaaS amewo k p ojec wi h he gi submodule
mechanism.
The usage o his amewo k is simple once i is de ined. I we a e checking a componen , we
s a i wi h:
docke compose up <componen name>
To know he componen s included we issue a:
docke compose con ig --se ices
Figu e 9 shows he cu en lis o se ices suppo ed in he local de elopmen en i onmen .
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 50 o 54
www.eme ald-he.eu
Figu e 9. Local en i onmen se ices
Fo example, i we a e analysing he cm-backend we jus need o issue:
docke compose up cm-backend
This will s a he dependen se ices and once all he p e equisi es ha e been s a ed he cm-
backend will s a , as shown in Figu e 10.
The ad an age appea s when we a e es ing he e ec o a small change. We can pe o m a
change in he inne se ices, such as changing a p ope y in he cm-backend code (e.g., a
desc ip ion, as shown in Figu e 10).
Figu e 10. RCM change
Once he change has been made, o es again we only ha e o issue:
docke compose build cm-backend
docke compose up cm-backend
docke compose log cm-backend
C.5 – CI/CD Examples
In he in e nal a ea o he Gi Lab eposi o y he e a e se e al examples on how o apply he
CI/CD Componen s. He e we desc ibe some o hem:
• Docke
• Seman ic Ve sioning
Figu e 11 shows he de ails o a Docke example ha includes ou iles:
• .gi lab-ci.yml: This is he mos impo an ile ha will be explained below.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 51 o 54
www.eme ald-he.eu
• Docke ile: This is he main Docke a i ac . We added a e y simple Docke ile ha adds
some packages o a base Ubun u image.
• LICENSE: This is a mus ha e o any kind o eposi o y.
• README.md: This explains he eposi o y and i s pu pose.
Figu e 11. Docke CI/CD example
The ocus o he example is o p o ide in o ma ion on he Gi Lab CI/CD con igu a ion. Lis ing 10
shows he con en o he ile.
include:
- componen : gi .code. ecnalia.de /sma da alab/public/ci-cd-
componen s/docke /gi lab-ci-docke @5
inpu s:
snapsho -image: $CI_REGISTRY_IMAGE/snapsho :$CI_COMMIT_REF_SLUG
elease-image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
kaniko-build-job- ags: ["docke "]
docke -publish-job- ags: ["docke "]
# h ps://gi hub.com/j og/a i ac o y-use -
plugins/blob/mas e /cleanup/cleanDocke Images/README.md
me ada a: >-
--label o g.opencon aine s.image.u l=${CI_PROJECT_URL}
--label o g.opencon aine s.image.sou ce=${CI_PROJECT_URL}
--label o g.opencon aine s.image. i le=${CI_PROJECT_PATH}
--label o g.opencon aine s.image. e .name=${CI_COMMIT_REF_NAME}
--label o g.opencon aine s.image. e ision=${CI_COMMIT_SHA}
--label o g.opencon aine s.image.c ea ed=${CI_JOB_STARTED_AT}
--label com.j og.a i ac o y. e en ion.maxCoun =4
p od-publish-s a egy: au o
hadolin -disabled: ue
heal hcheck-disabled: ue
i y-disabled: ue
sbom-disabled: ue
a iables:
CI_REGISTRY_IMAGE: eme ald-docke -de -local.a i ac . ecnalia.de / empla e-docke
# CI_REGISTRY_USER de ined in Gi Lab CI/CD se ings
# CI_REGISTRY_PASSWORD de ined in Gi Lab CI/CD se ings
Lis ing 10. CI/CD o docke gene a ion
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 52 o 54
www.eme ald-he.eu
In he .gi lab-ci.yml code abo e you can see he usage o he elease 5 Docke componen
(h ps://gi .code. ecnalia.de /sma da alab/public/ci-cd-componen s/docke /gi lab-ci-
docke @5). This means ha he las elease 5 will be applied. The componen beha iou is
con olled wi h inpu pa ame e s, whe e we can:
• Speci y he names o he images
• Fil e he unne s applicable o each o he jobs
• Add me ada a o he image be o e publishing in o A i ac o y
• Selec he building engine
• Enable o disable addi ional es and ea u es.
The example is used in e nally, as well as he example pipelines (see Figu e 12).
Figu e 12. docke CI/CD example pipelines
We can also see he de ails o each s age (see Figu e 13).
Figu e 13. Docke CI/CD s ages de ail
Seman ic Release examples ollow a simila s uc u e (see Figu e 14). This example builds on he
Docke example by adding seman ic e sioning capabili y.
D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 53 o 54
www.eme ald-he.eu
Figu e 14. Seman ic elease CI/CD example
The ocus o his example is o p o ide in o ma ion on he Gi Lab CI/CD con igu a ion. Lis ing 11
shows he con en o he ile.
include:
- componen : gi .code. ecnalia.de /sma da alab/public/ci-cd-
componen s/docke /gi lab-ci-docke @5
inpu s:
snapsho -image: $CI_REGISTRY_IMAGE/snapsho :$CI_COMMIT_REF_SLUG
elease-image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
kaniko-build-job- ags: ["docke "]
docke -publish-job- ags: ["docke "]
# h ps://gi hub.com/j og/a i ac o y-use -
plugins/blob/mas e /cleanup/cleanDocke Images/README.md
me ada a: >-
--label o g.opencon aine s.image.u l=${CI_PROJECT_URL}
--label o g.opencon aine s.image.sou ce=${CI_PROJECT_URL}
--label o g.opencon aine s.image. i le=${CI_PROJECT_PATH}
--label o g.opencon aine s.image. e .name=${CI_COMMIT_REF_NAME}
--label o g.opencon aine s.image. e ision=${CI_COMMIT_SHA}
--label o g.opencon aine s.image.c ea ed=${CI_JOB_STARTED_AT}
--label com.j og.a i ac o y. e en ion.maxCoun =4
p od-publish-s a egy: au o
hadolin -disabled: ue
heal hcheck-disabled: ue
i y-disabled: ue
sbom-disabled: ue
- componen : gi .code. ecnalia.de /sma da alab/public/ci-cd-componen s/seman ic-
elease/gi lab-ci-sem el@3
inpu s:
elease-disabled: alse
seman ic- elease-job- ags: ["docke "]
au o- elease-enabled: ue

D1.6 – De Ops me hodology
and CI/CD s a egy o EMERALD- 2 Ve sion 1.0 – Final. Da e: 30.04.2025
© EMERALD Conso ium Con ac No. GA 101120688 Page 54 o 54
www.eme ald-he.eu
b anches- e : "/^(mas e |main)$/"
a iables:
CI_REGISTRY_IMAGE: eme ald-docke -de -local.a i ac . ecnalia.de / empla e-docke
# CI_REGISTRY_USER de ined in Gi Lab CI/CD se ings
# CI_REGISTRY_PASSWORD de ined in Gi Lab CI/CD se ings
Lis ing 11. CI/CD o seman ic elease gene a ion
In he .gi lab-ci.yml code abo e you can see how we ex end he p e ious Docke example
wi h i e lines o decla e he componen ’s Seman ic elease and pa ame ize i s beha iou .
We ha e also es ed i , and you can see he pipelines and de ails o hei s ages. In he image
below (Figu e 15) we can see ha i is simila o he Docke pipeline bu wi h an addi ional job.
Figu e 15. Seman ic elease CI/CD s ages de ail