← 14.114.3 →
1141 words Slides

14.2 GitLab CI/CD Integration: Claude in Pipelines

Course: Claude Code - Enterprise Development Section: 14 - CI/CD & Automation Length: 4-5 minutes Presenter: Daniel Treasure

Opening Hook

"If you're a GitLab shop, Claude integrates seamlessly into your CI/CD pipelines. Instead of static linters, imagine a pipeline stage that analyzes every merge request, generates intelligent feedback, and even proposes fixes—all automatically. Let me show you how."

Key Talking Points

What to say:

  • GitLab CI/CD uses .gitlab-ci.yml to define pipeline stages and jobs
  • Claude can be a pipeline job that runs on merge requests, commits, or schedules
  • Use GitLab's CI/CD variables to store ANTHROPIC_API_KEY—no manual setup
  • Claude analyzes code changes and generates structured feedback: security issues, test coverage gaps, refactoring suggestions
  • Results post as MR (merge request) notes/comments—same place developers review code
  • You control when Claude runs: on every MR, on specific paths, or on manual trigger
  • Secrets are scoped and masked in logs—your API key stays safe

What to show on screen:

  1. A GitLab project with .gitlab-ci.yml open (show pipeline structure)
  2. GitLab Settings > CI/CD > Variables, adding ANTHROPIC_API_KEY
  3. Create a pipeline job that calls Claude Code CLI
  4. Merge request with Claude's feedback as comments
  5. Example: Claude proposes a refactoring commit (if pipeline can create commits)

Demo Plan (Timed)

Time: 0:00-0:45 - Open a GitLab project repository - Show existing .gitlab-ci.yml or create a new one - Explain stages: build, test, lint, review, deploy - Show where Claude fits: after code is committed, before merge

Time: 0:45-1:45 - Add a new job to .gitlab-ci.yml called "claude-review" - Show: - stage: review - script: calling claude --permission-mode dontAsk -p "..." - variables: with ANTHROPIC_API_KEY - artifacts: if outputting JSON or reports - Explain only: [merge_requests] to run only on MRs

Time: 1:45-3:00 - Switch to a merge request in the repo - Show the pipeline running in the MR page - Click into the claude-review job, show execution logs - Claude output appears as job artifacts or notes - Show example MR comments from Claude: "Security: Potential SQL injection on line 42. Consider parameterized queries."

Time: 3:00-4:00+ - Show GitLab variable masking (ANTHROPIC_API_KEY hidden in logs) - Discuss scheduling: run Claude on a cron schedule for nightly analysis - Show how to integrate with existing linters/test jobs - Recap: CI/CD integration, secrets, artifacts, MR feedback

Code Examples & Commands

Basic .gitlab-ci.yml with Claude

stages:
  - build
  - test
  - lint
  - review
  - deploy

variables:
  ANTHROPIC_API_KEY: $ANTHROPIC_API_KEY  # Set in Settings > CI/CD > Variables

build:
  stage: build
  script:
    - npm install
    - npm run build

test:
  stage: test
  script:
    - npm test

claude-review:
  stage: review
  image: debian:latest  # Or use ubuntu/alpine with claude installed
  script:
    - apt-get update && apt-get install -y curl
    - curl https://install.codeaide.anthropic.com | bash
    - export PATH="/root/.codeaide/bin:$PATH"
    - |
      claude -p "Review the changes in this MR for code quality, security, and testing.
      Focus on: SQL injection risks, unhandled errors, missing tests, performance issues.
      Output as markdown suitable for a code review comment." > review.md
    - cat review.md
  artifacts:
    reports:
      sast: review.md
    paths:
      - review.md
    expire_in: 1 week
  only:
    - merge_requests
  allow_failure: true  # Don't block merge if review job fails

Claude Job with Structured Output

claude-analyze:
  stage: review
  image: debian:latest
  script:
    - curl https://install.codeaide.anthropic.com | bash
    - export PATH="/root/.codeaide/bin:$PATH"
    - |
      claude \
        --permission-mode dontAsk \
        --allowedTools "Read" "Grep" "Bash(git diff)" \
        --output-format json \
        -p "Analyze code changes for: security_issues, test_gaps, performance_risks.
        Return as JSON with keys: issues (array), suggestions (array), risk_level (high/medium/low)" \
        > analysis.json
    - cat analysis.json
  artifacts:
    paths:
      - analysis.json
    reports:
      sast: analysis.json
  only:
    - merge_requests

Setting ANTHROPIC_API_KEY in GitLab (CLI)

# Using GitLab API (requires access token)
curl --request POST \
  --header "PRIVATE-TOKEN: <your_access_token>" \
  --form "key=ANTHROPIC_API_KEY" \
  --form "value=$ANTHROPIC_API_KEY" \
  --form "variable_type=env_var" \
  --form "protected=true" \
  --form "masked=true" \
  https://gitlab.com/api/v4/projects/:id/variables

Conditional: Only Review on Python Changes

claude-python-review:
  stage: review
  image: debian:latest
  script:
    - curl https://install.codeaide.anthropic.com | bash
    - export PATH="/root/.codeaide/bin:$PATH"
    - claude -p "Review Python code for PEP 8, type hints, and security" > review.md
  artifacts:
    paths:
      - review.md
  only:
    - merge_requests
  changes:
    - "**/*.py"  # Only run if .py files changed

Gotchas & Tips

  • Image Selection: The job runs in a container. Use image: debian:latest and install Claude manually, OR use a custom image with Claude pre-installed.
  • Pipeline Timeout: MR analysis could timeout if code is massive. Use timeout: 20m to extend, or add --max-turns to limit complexity.
  • Variable Masking: Mark ANTHROPIC_API_KEY as "masked" in GitLab Settings so it doesn't appear in logs.
  • artifacts: Output review.md as an artifact so it persists after job completes. Useful for reports.
  • allow_failure: true: If you don't want a failing Claude job to block the MR, set this flag.
  • Costs: Each MR review = API call. On high-traffic repos, costs add up. Monitor usage.
  • Rate Limiting: GitLab may rate-limit concurrent jobs. Stagger Claude jobs with resource_group: if needed.
  • Permissions: The job has no direct Git push access by default. If Claude needs to commit fixes, you'll need to set up a deploy token or SSH key.

Lead-out

"GitLab's CI/CD pipelines are incredibly flexible—Claude fits naturally into any workflow. Whether you're doing MR reviews, nightly analysis, or performance checks, the same pattern applies. Now let's step back and see how Claude works in headless mode, which powers all of this automation."

Reference URLs

Prep Reading

  • Review: GitLab CI/CD Quick Start
  • Important: CI/CD variables and masking best practices
  • Test: Create a .gitlab-ci.yml with a "hello world" job, push it, verify the pipeline runs
  • Explore: GitLab Merge Request interface—where feedback will appear
  • Optional: Check if your repo has any existing linting or testing jobs to integrate Claude alongside

Notes for Daniel

  • GitLab vs GitHub: Tone should be "GitLab is equally powerful, just different syntax." No superiority language.
  • Live Demo Risk: Pipeline jobs can take 30-60 seconds to show results. Plan a pre-recorded MR with Claude feedback ready.
  • YAML Pacing: Lots of YAML on screen. Walk through line-by-line. Highlight the script: section where Claude is called.
  • Secrets Security: Emphasize masked variables—this is a strong point for enterprises.
  • Artifacts: Show how review.md appears in the pipeline UI. Developers love seeing output without scrolling through logs.
  • Integration Angle: Mention this works in tandem with existing build/test jobs. Claude is additive, not replacing.
  • Q Expected: "Can Claude approve the MR automatically?" Answer: technically yes, but dangerous. Show the safer approach: Claude posts feedback, humans approve.