davidandreoletti · December 9, 2021 00:17 · Sep 13, 2019 · Sep 13, 2019 · Sep 13, 2019 · Sep 13, 2019
diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -226,7 +226,7 @@ django:
 
 ```
 
-Note: it may be better just do build/test/release as separated jobs, like I do [here](https://gist.github.com/douglasmiranda/9b899c748e915173c8f19d948bbdc69c#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job).
+Note: it may be better just do build/test/release as separated jobs, like I do [here](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job).
 
 - https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -226,6 +226,8 @@ django:
 
 ```
 
+Note: it may be better just do build/test/release as separated jobs, like I do [here](https://gist.github.com/douglasmiranda/9b899c748e915173c8f19d948bbdc69c#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job).
+
 - https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
 
 ### Fail if the environment variable is not defined

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -201,6 +201,31 @@ testing:
 
 ```
 
+Real world example:
+
+```yaml
+stages:
+  - Build/Test
+
+django:
+  stage: Build/Test
+  image: docker:19
+  services:
+    - docker:19-dind
+    - name: postgres:11-alpine
+      alias: postgres
+  variables:
+    # https://gist.github.com/douglasmiranda/9b899c748e915173c8f19d948bbdc69c#docker-in-docker-doesnt-work-in-gitlab-runner-exec-docker
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    # Let's get the IP for postgres service
+    - POSTGRES_IP=$(cat /etc/hosts | awk '{if ($2 == "postgres") print $1;}')
+    # Build
+    - docker build --target=production -t ubit/django .
+    - docker run --rm --add-host="postgres:$POSTGRES_IP" --env="DJANGO_SETTINGS_MODULE=ubit_ads.config.test" --entrypoint="" ubit/django sh -c "pip install --user -r requirements/test.txt && pytest"
+
+```
+
 - https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
 
 ### Fail if the environment variable is not defined

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -8,6 +8,7 @@
     - [Extending/Templating jobs](#extendingtemplating-jobs)
     - [Running locally](#running-locally)
       - [Docker-in-Docker doesn't work in gitlab-runner exec docker](#docker-in-docker-doesnt-work-in-gitlab-runner-exec-docker)
+      - [Accessing a service container from another container](#accessing-a-service-container-from-another-container)
     - [Fail if the environment variable is not defined](#fail-if-the-environment-variable-is-not-defined)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
@@ -165,6 +166,43 @@ gitlab-runner exec docker --docker-privileged testing
 - https://github.com/docker-library/docker/blob/487a0ba15be708af420c13e9f0d787c89d8be372/19.03/dind/dockerd-entrypoint.sh#L128
 - https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
 
+#### Accessing a service container from another container
+
+A service available during a job runs in a container, but it's not available for you to link to another container.
+
+- https://docs.gitlab.com/ee/ci/services/
+- https://docs.gitlab.com/ee/ci/yaml/#services
+
+My solution at the moment is:
+
+```yaml
+stages:
+  - Test
+
+testing:
+  stage: Test
+  image: docker:19
+  services:
+    - docker:19-dind
+    - name: postgres:11-alpine
+      alias: postgres
+  variables:
+    # https://gist.github.com/douglasmiranda/9b899c748e915173c8f19d948bbdc69c#docker-in-docker-doesnt-work-in-gitlab-runner-exec-docker
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    # Let's get the IP for postgres service
+    # We need that in order to add as a host available in our container
+    - POSTGRES_IP=$(cat /etc/hosts | awk '{if ($2 == "ip6-localne") print $1;}')
+    # Just checking that the IP is reachable from outside the container
+    - ping -w 2 $POSTGRES_IP
+    # Now we add/map our Postgres service IP inside the container
+    # The hostname will be "postgres"
+    - docker run --rm --add-host="postgres:$POSTGRES_IP" alpine sh -c "ping -w 5 postgres"
+
+```
+
+- https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
+
 ### Fail if the environment variable is not defined
 
 ```yaml

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -133,7 +133,37 @@ gitlab-runner exec docker my_awesome_job
 
 I faced a problem with recent versions (19.*) of Docker when using DinD.
 
-Solution: https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
+It turns out Docker generates certificates and enforce connection using TLS for DinD.
+
+This is security by default, so people don't make the mistake of deploying Docker-in-Docker open to the world without authentication.
+
+In GitlabCI, I think that may not be a problem. (please correct me if I'm wrong)
+
+Try for yourself:
+
+```yaml
+stages:
+  - Test
+
+testing:
+  stage: Test
+  image: docker:19
+  services:
+    - docker:19-dind
+    - postgres:11-alpine
+  variables:
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    - docker version
+    - docker info
+```
+
+```
+gitlab-runner exec docker --docker-privileged testing
+```
+
+- https://github.com/docker-library/docker/blob/487a0ba15be708af420c13e9f0d787c89d8be372/19.03/dind/dockerd-entrypoint.sh#L128
+- https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
 
 ### Fail if the environment variable is not defined
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -7,6 +7,7 @@
     - [What about interactive jobs?](#what-about-interactive-jobs)
     - [Extending/Templating jobs](#extendingtemplating-jobs)
     - [Running locally](#running-locally)
+      - [Docker-in-Docker doesn't work in gitlab-runner exec docker](#docker-in-docker-doesnt-work-in-gitlab-runner-exec-docker)
     - [Fail if the environment variable is not defined](#fail-if-the-environment-variable-is-not-defined)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
@@ -128,6 +129,12 @@ And you'll be running something like:
 gitlab-runner exec docker my_awesome_job
 ```
 
+#### Docker-in-Docker doesn't work in gitlab-runner exec docker
+
+I faced a problem with recent versions (19.*) of Docker when using DinD.
+
+Solution: https://gitlab.com/gitlab-com/support-forum/issues/4416#note_216039772
+
 ### Fail if the environment variable is not defined
 
 ```yaml

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -18,7 +18,7 @@
       - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
       - [Check if my Docker Compose and Docker Stack files are valid](#check-if-my-docker-compose-and-docker-stack-files-are-valid)
       - [Docker TLS remote connection](#docker-tls-remote-connection)
-      - [Get ID of ONE Docker replicated (service) container that is running and is health](#get-id-of-one-docker-replicated-service-container-that-is-running-and-is-health)
+      - [Get ID of ONE Docker replicated (service) container that is running and is healthy](#get-id-of-one-docker-replicated-service-container-that-is-running-and-is-healthy)
   - [Python](#python)
     - [Snippets](#snippets-1)
       - [Check code style with Black](#check-code-style-with-black)
@@ -342,7 +342,7 @@ remote-docker-template-job:
     - docker stack deploy ...
 ```
 
-#### Get ID of ONE Docker replicated (service) container that is running and is health
+#### Get ID of ONE Docker replicated (service) container that is running and is healthy
 
 Let's say you want to run an one-off command inside a replicated (service) container. For example a DB migration job.
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -348,6 +348,10 @@ Let's say you want to run an one-off command inside a replicated (service) conta
 
 Django DB migration example:
 
+```bash
+docker exec $(docker ps -q -f name=mystack_django -f health=healthy -n 1) django-admin migrate
+```
+
 ```yaml
 django_dbmigrate:
   # You probably have some configurations for remote Docker here

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -18,6 +18,7 @@
       - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
       - [Check if my Docker Compose and Docker Stack files are valid](#check-if-my-docker-compose-and-docker-stack-files-are-valid)
       - [Docker TLS remote connection](#docker-tls-remote-connection)
+      - [Get ID of ONE Docker replicated (service) container that is running and is health](#get-id-of-one-docker-replicated-service-container-that-is-running-and-is-health)
   - [Python](#python)
     - [Snippets](#snippets-1)
       - [Check code style with Black](#check-code-style-with-black)
@@ -341,6 +342,30 @@ remote-docker-template-job:
     - docker stack deploy ...
 ```
 
+#### Get ID of ONE Docker replicated (service) container that is running and is health
+
+Let's say you want to run an one-off command inside a replicated (service) container. For example a DB migration job.
+
+Django DB migration example:
+
+```yaml
+django_dbmigrate:
+  # You probably have some configurations for remote Docker here
+  <<: *remote_docker_template
+  stage: Deployment
+  script:
+    # $(docker ps -q -f name=$STACK_NAME_$DJANGO_SERVICE_NAME -f health=healthy -n 1): Get the id of ONE container
+    # from $STACK_NAME_django service that is running and is healthy.
+    - DJANGO_CONTAINER_ID=$(docker ps -q -f name=$STACK_NAME_$DJANGO_SERVICE_NAME -f health=healthy -n 1)
+    # docker-secrets-to-env-var.sh: will get postgres credentials available in Docker Secrets and
+    # expose as environment variables
+    - DJANGO_MIGRATE_CMD="django-admin migrate"
+    # Sometimes you have an additional step before the migrate command, like export environment variables, or something.
+    # - DJANGO_MIGRATE_CMD="source export-secrets.sh && django-admin migrate"
+    - docker exec $DJANGO_CONTAINER_ID sh -c "$DJANGO_MIGRATE_CMD"
+  when: manual
+```
+
 ## Python
 
 ### Snippets

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -17,6 +17,7 @@
       - [Create secrets from environment variables before deploy](#create-secrets-from-environment-variables-before-deploy)
       - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
       - [Check if my Docker Compose and Docker Stack files are valid](#check-if-my-docker-compose-and-docker-stack-files-are-valid)
+      - [Docker TLS remote connection](#docker-tls-remote-connection)
   - [Python](#python)
     - [Snippets](#snippets-1)
       - [Check code style with Black](#check-code-style-with-black)
@@ -315,6 +316,31 @@ validate_stack_files:
       - deployment/docker-stack.*
 ```
 
+#### Docker TLS remote connection
+
+- Configure your Docker host to accept remote connections with TLS.
+- Genereate your client certificates.
+- In your Gitlab Environment Variables:
+  - `$TLSCACERT`
+  - `$TLSCERT`
+  - `$TLSKEY`
+
+```yaml
+remote-docker-template-job:
+  image: docker:stable
+  variables:
+    DOCKER_HOST: tcp://YOUR-DOCKER-HOST-IP-HERE:2376
+    DOCKER_TLS_VERIFY: 1
+  before_script:
+    - mkdir -p ~/.docker
+    - echo "$TLSCACERT" > ~/.docker/ca.pem
+    - echo "$TLSCERT" > ~/.docker/cert.pem
+    - echo "$TLSKEY" > ~/.docker/key.pem
+    - docker login -u $DEPLOY_USER -p $DEPLOY_TOKEN $CI_REGISTRY
+    # Now you are able to run commands in your remote docker from Gitlab CI.
+    - docker stack deploy ...
+```
+
 ## Python
 
 ### Snippets

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -28,6 +28,7 @@ Useful links:
 
 - Caching: https://docs.gitlab.com/ce/ci/caching/
 - .gitlab-ci.yml: https://docs.gitlab.com/ce/ci/yaml/
+- Examples of .gitlab-ci.yml files: https://docs.gitlab.com/ce/ci/examples/
 - Available Variables: https://docs.gitlab.com/ce/ci/variables/
 
 ## General

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -7,7 +7,7 @@
     - [What about interactive jobs?](#what-about-interactive-jobs)
     - [Extending/Templating jobs](#extendingtemplating-jobs)
     - [Running locally](#running-locally)
-    - [Fail if environment variable is not defined](#fail-if-environment-variable-is-not-defined)
+    - [Fail if the environment variable is not defined](#fail-if-the-environment-variable-is-not-defined)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
     - [Notes on using services](#notes-on-using-services)
@@ -115,7 +115,7 @@ deploy:
 
 Run your jobs locally to avoid to commit and push just to see if you're writing correct "CI code".
 
-There are some [limitations](https://docs.gitlab.com/runner/commands/README.html#limitations-of-gitlab-runner-exec), but for basic checks it's good enough.
+There are some [limitations](https://docs.gitlab.com/runner/commands/README.html#limitations-of-gitlab-runner-exec), but for basic checks, it's good enough.
 
 So, install: https://docs.gitlab.com/runner/
 
@@ -125,15 +125,15 @@ And you'll be running something like:
 gitlab-runner exec docker my_awesome_job
 ```
 
-### Fail if environment variable is not defined
+### Fail if the environment variable is not defined
 
 ```yaml
 job:
   script:
     - '[[ -z "$MY_PASSWORD" ]] && echo "You must set the variable: MY_PASSWORD" && exit 1;'
 ```
 
-Of course you have a built in way of executing jobs only if variable == to something:
+Of course, you have a built-in way of executing jobs only if variable == to something:
 
 - https://docs.gitlab.com/ce/ci/yaml/#onlyvariables-and-exceptvariables
 
@@ -143,7 +143,7 @@ Of course you have a built in way of executing jobs only if variable == to somet
 
 ### You can use the image you've built in the previous job as your current job
 
-This can be useful for testing, like in a Build > Test > Release scenario.
+This can be useful for testing, like in a Build > Test > Release Scenario.
 
 Let's see a complete example of how that would be:
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -53,7 +53,7 @@ You have two options:
 - https://docs.gitlab.com/ce/ci/yaml/#anchors
 - https://docs.gitlab.com/ce/ci/yaml/#extends
 
-When you're templating/extending keep in my mind that is better to avoid some simplified syntaxes, because when merging the values, Gitlab CI will not merge lists for example.
+When you're templating/extending keep in my mind that is better to avoid some simplified syntaxes because when merging the values, Gitlab CI will not merge lists for example.
 
 Let's say you have something like:
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -71,7 +71,7 @@ now you want to extend and add:
       - ./**/*.py
 ```
 
-In order to avoid having to repeat the first bit in the extended form, you use from the beggining, like this:
+In order to avoid having to repeat the first bit in the extended form, you use from the beginning, like this:
 
 ```yaml
 deploy:

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -16,6 +16,7 @@
     - [Snippets](#snippets)
       - [Create secrets from environment variables before deploy](#create-secrets-from-environment-variables-before-deploy)
       - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
+      - [Check if my Docker Compose and Docker Stack files are valid](#check-if-my-docker-compose-and-docker-stack-files-are-valid)
   - [Python](#python)
     - [Snippets](#snippets-1)
       - [Check code style with Black](#check-code-style-with-black)
@@ -294,6 +295,25 @@ deploy:
   when: manual
 ```
 
+#### Check if my Docker Compose and Docker Stack files are valid
+
+```yaml
+validate_stack_files:
+  stage: Validate
+  image: docker:stable
+  script:
+    - wget https://github.com/docker/compose/releases/download/1.23.2/run.sh -O /usr/local/bin/docker-compose
+    - chmod +x /usr/local/bin/docker-compose
+    # Validating the main Docker Compose file used in development environment
+    - docker-compose -f docker-compose.yml config
+    # Validating the deployment docker stack files
+    - docker-compose -f deployment/docker-stack.django.yml config
+  only:
+    changes:
+      - docker-compose.*
+      - deployment/docker-stack.*
+```
+
 ## Python
 
 ### Snippets

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -16,6 +16,9 @@
     - [Snippets](#snippets)
       - [Create secrets from environment variables before deploy](#create-secrets-from-environment-variables-before-deploy)
       - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
+  - [Python](#python)
+    - [Snippets](#snippets-1)
+      - [Check code style with Black](#check-code-style-with-black)
 
 - https://about.gitlab.com/product/continuous-integration/
 - https://docs.gitlab.com/ce/ci/
@@ -289,4 +292,24 @@ deploy:
     # and then we deploy to our swarm:
     - docker stack deploy --with-registry-auth -c deployment/docker-stack.yml my_stack
   when: manual
+```
+
+## Python
+
+### Snippets
+
+#### Check code style with Black
+
+```yaml
+code_style:
+  stage: Quality
+  # It is simply to official Python image + Black
+  image: douglasmiranda/black
+  script:
+    - black --check --diff my_project/
+  only:
+    changes:
+      - ./**/*.py
+  allow_failure: true
+  when: on_success
 ```
diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -284,11 +284,8 @@ deploy:
   image: docker:latest
   stage: Deployment
   script:
-    # Fist let's check if our variables exists:
-    - '[[ -z "$MY_SECRET" ]] && echo "You must set the variable: MY_SECRET" && exit 1;'
-    # step two is to check if MY_SECRET is stored in Docker Secrets
-    # if not, we create one
-    - docker secret inspect MY_SECRET || echo $MY_SECRET | docker secret create MY_SECRET -
+    - apk add --no-cache openssl
+    - docker secret inspect MY_SECRET || openssl rand -base64 50 | docker secret create MY_SECRET -
     # and then we deploy to our swarm:
     - docker stack deploy --with-registry-auth -c deployment/docker-stack.yml my_stack
   when: manual

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -15,6 +15,7 @@
     - [Validate a Docker Compose/Stack file syntax](#validate-a-docker-composestack-file-syntax)
     - [Snippets](#snippets)
       - [Create secrets from environment variables before deploy](#create-secrets-from-environment-variables-before-deploy)
+      - [Create secrets with openssl before deploy](#create-secrets-with-openssl-before-deploy)
 
 - https://about.gitlab.com/product/continuous-integration/
 - https://docs.gitlab.com/ce/ci/
@@ -261,6 +262,23 @@ test_docker_compose_files:
 
 #### Create secrets from environment variables before deploy
 
+```yaml
+deploy:
+  image: docker:latest
+  stage: Deployment
+  script:
+    # Fist let's check if our variables exists:
+    - '[[ -z "$MY_SECRET" ]] && echo "You must set the variable: MY_SECRET" && exit 1;'
+    # step two is to check if MY_SECRET is stored in Docker Secrets
+    # if not, we create one
+    - docker secret inspect MY_SECRET || echo $MY_SECRET | docker secret create MY_SECRET -
+    # and then we deploy to our swarm:
+    - docker stack deploy --with-registry-auth -c deployment/docker-stack.yml my_stack
+  when: manual
+```
+
+#### Create secrets with openssl before deploy
+
 ```yaml
 deploy:
   image: docker:latest

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -272,6 +272,6 @@ deploy:
     # if not, we create one
     - docker secret inspect MY_SECRET || echo $MY_SECRET | docker secret create MY_SECRET -
     # and then we deploy to our swarm:
-    - docker stack deploy --with-registry-auth -c deployment/docker-stack.caddy.yml $STACK_NAME
+    - docker stack deploy --with-registry-auth -c deployment/docker-stack.yml my_stack
   when: manual
 ```
diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -13,6 +13,8 @@
     - [Notes on using services](#notes-on-using-services)
     - [How to login on my Gitlab Registry and stay logged in between jobs?](#how-to-login-on-my-gitlab-registry-and-stay-logged-in-between-jobs)
     - [Validate a Docker Compose/Stack file syntax](#validate-a-docker-composestack-file-syntax)
+    - [Snippets](#snippets)
+      - [Create secrets from environment variables before deploy](#create-secrets-from-environment-variables-before-deploy)
 
 - https://about.gitlab.com/product/continuous-integration/
 - https://docs.gitlab.com/ce/ci/
@@ -253,4 +255,23 @@ test_docker_compose_files:
     - docker-compose -f docker-compose.yml config
     # Validating deployment docker stack files
     - docker-compose -f deployment/docker-stack.django.yml config
+```
+
+### Snippets
+
+#### Create secrets from environment variables before deploy
+
+```yaml
+deploy:
+  image: docker:latest
+  stage: Deployment
+  script:
+    # Fist let's check if our variables exists:
+    - '[[ -z "$MY_SECRET" ]] && echo "You must set the variable: MY_SECRET" && exit 1;'
+    # step two is to check if MY_SECRET is stored in Docker Secrets
+    # if not, we create one
+    - docker secret inspect MY_SECRET || echo $MY_SECRET | docker secret create MY_SECRET -
+    # and then we deploy to our swarm:
+    - docker stack deploy --with-registry-auth -c deployment/docker-stack.caddy.yml $STACK_NAME
+  when: manual
 ```
diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -11,7 +11,7 @@
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
     - [Notes on using services](#notes-on-using-services)
-  - [How to login on my Gitlab Registry and stay logged in between jobs?](#how-to-login-on-my-gitlab-registry-and-stay-logged-in-between-jobs)
+    - [How to login on my Gitlab Registry and stay logged in between jobs?](#how-to-login-on-my-gitlab-registry-and-stay-logged-in-between-jobs)
     - [Validate a Docker Compose/Stack file syntax](#validate-a-docker-composestack-file-syntax)
 
 - https://about.gitlab.com/product/continuous-integration/
@@ -226,7 +226,7 @@ variables:
 
 - https://docs.gitlab.com/ce/ci/variables/
 
-## How to login on my Gitlab Registry and stay logged in between jobs?
+### How to login on my Gitlab Registry and stay logged in between jobs?
 
 ```yaml
 before_script:

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -7,6 +7,7 @@
     - [What about interactive jobs?](#what-about-interactive-jobs)
     - [Extending/Templating jobs](#extendingtemplating-jobs)
     - [Running locally](#running-locally)
+    - [Fail if environment variable is not defined](#fail-if-environment-variable-is-not-defined)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
     - [Notes on using services](#notes-on-using-services)
@@ -117,6 +118,18 @@ And you'll be running something like:
 gitlab-runner exec docker my_awesome_job
 ```
 
+### Fail if environment variable is not defined
+
+```yaml
+job:
+  script:
+    - '[[ -z "$MY_PASSWORD" ]] && echo "You must set the variable: MY_PASSWORD" && exit 1;'
+```
+
+Of course you have a built in way of executing jobs only if variable == to something:
+
+- https://docs.gitlab.com/ce/ci/yaml/#onlyvariables-and-exceptvariables
+
 ## Docker
 
 - https://docs.gitlab.com/ee/ci/docker/using_docker_build.html

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -6,6 +6,7 @@
     - [How to execute a job only when some files were changed?](#how-to-execute-a-job-only-when-some-files-were-changed)
     - [What about interactive jobs?](#what-about-interactive-jobs)
     - [Extending/Templating jobs](#extendingtemplating-jobs)
+    - [Running locally](#running-locally)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
     - [Notes on using services](#notes-on-using-services)
@@ -100,9 +101,22 @@ deploy:
       - ./**/*.py
 ```
 
-
 - https://docs.gitlab.com/ce/ci/yaml/#onlyrefs-and-exceptrefs
 
+### Running locally
+
+Run your jobs locally to avoid to commit and push just to see if you're writing correct "CI code".
+
+There are some [limitations](https://docs.gitlab.com/runner/commands/README.html#limitations-of-gitlab-runner-exec), but for basic checks it's good enough.
+
+So, install: https://docs.gitlab.com/runner/
+
+And you'll be running something like:
+
+```
+gitlab-runner exec docker my_awesome_job
+```
+
 ## Docker
 
 - https://docs.gitlab.com/ee/ci/docker/using_docker_build.html

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -73,6 +73,7 @@ deploy:
 
 Then when you extend, you'll have the result you expect.
 
+
 ```yaml
 deploy:
   only:

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -73,7 +73,6 @@ deploy:
 
 Then when you extend, you'll have the result you expect.
 
-
 ```yaml
 deploy:
   only:

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -101,7 +101,7 @@ deploy:
 ```
 
 
-https://docs.gitlab.com/ce/ci/yaml/#onlyrefs-and-exceptrefs
+- https://docs.gitlab.com/ce/ci/yaml/#onlyrefs-and-exceptrefs
 
 ## Docker
 

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -73,10 +73,6 @@ deploy:
 
 Then when you extend, you'll have the result you expect.
 
-| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
-|---------------------|---------------------|---------------|
-| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
-| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
 
 ```yaml
 deploy:
@@ -98,6 +94,8 @@ deploy:
 ```yaml
 deploy:
   only:
+    refs:
+      - master
     changes:
       - ./**/*.py
 ```

diff --git a/gitlab_ci-cd.md b/gitlab_ci-cd.md
@@ -5,6 +5,7 @@
     - [How to make my jobs execute in parallel?](#how-to-make-my-jobs-execute-in-parallel)
     - [How to execute a job only when some files were changed?](#how-to-execute-a-job-only-when-some-files-were-changed)
     - [What about interactive jobs?](#what-about-interactive-jobs)
+    - [Extending/Templating jobs](#extendingtemplating-jobs)
   - [Docker](#docker)
     - [You can use the image you've built in the previous job as your current job](#you-can-use-the-image-youve-built-in-the-previous-job-as-your-current-job)
     - [Notes on using services](#notes-on-using-services)
@@ -36,6 +37,74 @@ When you define your `stages` all jobs of the same stage are executed in paralle
 
 - Gitlab.com doesn't support interactive web terminals for now (last I checked 2019/02/20), follow [this issue](https://gitlab.com/gitlab-org/gitlab-ce/issues/52611) for more.
 
+### Extending/Templating jobs
+
+You have two options:
+
+- https://docs.gitlab.com/ce/ci/yaml/#anchors
+- https://docs.gitlab.com/ce/ci/yaml/#extends
+
+When you're templating/extending keep in my mind that is better to avoid some simplified syntaxes, because when merging the values, Gitlab CI will not merge lists for example.
+
+Let's say you have something like:
+
+```yaml
+deploy:
+  only:
+    - master
+```
+
+now you want to extend and add:
+```yaml
+  only:
+    # ...
+    changes:
+      - ./**/*.py
+```
+
+In order to avoid having to repeat the first bit in the extended form, you use from the beggining, like this:
+
+```yaml
+deploy:
+  only:
+    refs:
+      - master
+```
+
+Then when you extend, you'll have the result you expect.
+
+| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
+|---------------------|---------------------|---------------|
+| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
+| asdfasdfasdfadsfadf | asdfasfddsafadsfads | asdfafafafdfs |
+
+```yaml
+deploy:
+  only:
+    refs:
+      - master
+```
+
+\+
+
+```yaml
+deploy:
+  only:
+    changes:
+      - ./**/*.py
+```
+
+=
+```yaml
+deploy:
+  only:
+    changes:
+      - ./**/*.py
+```
+
+
+https://docs.gitlab.com/ce/ci/yaml/#onlyrefs-and-exceptrefs
+
 ## Docker
 
 - https://docs.gitlab.com/ee/ci/docker/using_docker_build.html