๐ Trend: Decoupling the Git host from CI/CD engines and pipeline definitions
Many teams are intentionally separating the concerns of:
- Git hosting (source code and history)
- Pipeline definition (the "what to do")
- Pipeline execution (the "where/how to run it")
This decoupling improves:
- Portability across environments (local vs. CI/CD)
- Vendor independence
- Stability of developer workflows
- Security and compliance boundaries
๐ Why decouple?
Concern | Benefit of Decoupling |
---|---|
Environment drift | Same pipeline YAMLs run locally and in CI |
CI lock-in (e.g. GitLab CI, GitHub Actions) | Use any runner engine (e.g. Tekton, Argo, Drone) |
Air-gapped or multi-vendor infra | Run pipelines in Kubernetes or offline |
Security/Separation of concerns | Git hosting doesnโt need CI/CD access rights |
Developer velocity | Devs can test locally or in ephemeral clusters |
โ Tools/Practices That Reflect This Trend
๐งฑ 1. GitOps with Git as the source of truth
- Tools: Argo CD, Flux
- CI/CD pipelines watch Git, not vice versa
- Promotes Git repo as passive declarative state, not active executor
๐งช 2. Portable pipeline definitions
- Format:
.yaml
or.cue
orcue + bash + kustomize
- Runners: Drone, Tekton, GitHub Actions, GitLab CI, Dagger.io
- Goals: write once, run anywhere (like Terraform for pipelines)
๐งฐ 3. Dedicated pipeline engines
- e.g., use GitHub only for source, but Argo Workflows or Jenkins X for running pipelines
- In GitLab: use external runners on K8s that donโt require pipeline definitions to live in
.gitlab-ci.yml
(fully decoupled)
๐ฅ๏ธ 4. Run pipelines locally
With tools like:
act
(for GitHub Actions)gitlab-runner exec
(for GitLab)dagger
orearthly
(cross-platform build runners)devbox
,nix
, or container-based reproducibility
๐ What this enables
Use Case | How Decoupling Helps |
---|---|
Devs test pipelines locally | Same definition, same runner engine |
CI runs in air-gapped K8s | Git repo stays unchanged, K8s runs jobs |
Teams migrate from GitHub to GitLab | Reuse of pipeline logic without rewrite |
Multi-vendor redundancy | Git + declarative YAML portable across Git providers |
Separation of SDLC roles | SecOps can manage runners, Dev can own Git |
โ๏ธ Summary
Yes โ there's a clear and growing trend toward:
โ Portable, declarative pipeline definitions โ Git-agnostic pipeline engines (CI is not bound to Git host) โ K8s-native pipeline runtimes (e.g., Tekton, Argo Workflows) โ Local-to-cloud parity for reproducible dev/test builds
In this model, Git is the source of truth โ not the execution engine.