Christoph Ruggenthaler

Enabling automated 1-click customer deployments with built-in quality and security

Their manual deployment process was unscalable and error-prone. See how they built a one-click CI/CD pipeline with automated quality and security gates.

Enabling automated 1-click customer deployments with built-in quality and security
#1about 5 minutes

The challenge of manual deployments at scale

The manual process of deploying updates to isolated customer security zones becomes error-prone and inefficient as the number of customers grows.

#2about 8 minutes

Structuring the development and testing workflow

The team uses Jira with the X-ray plugin to link user stories to automated Cucumber test cases for both API and UI validation.

#3about 3 minutes

Adopting a contract-first API development approach

Shifting to a contract-first workflow using OpenAPI specifications in Git allows for automated code generation and parallel development with a mock API server.

#4about 6 minutes

Building a comprehensive CI/CD pipeline with GitLab

The CI/CD pipeline automates building, quality scanning, security analysis, and nightly end-to-end testing before publishing Docker images.

#5about 4 minutes

Automating infrastructure deployment on Microsoft Azure

An Ansible playbook automates the creation and configuration of all necessary infrastructure in Microsoft Azure, including resource groups and app services.

#6about 5 minutes

Enforcing quality gates and improving developer experience

A "stop and fix" approach fails the pipeline on quality violations, while a merge request bot and shared base images streamline development and security.

#7about 3 minutes

Key lessons learned from implementing CI/CD automation

Important takeaways include starting small with soft limits, verifying tool documentation, and using an IDE-first approach to prevent standalone tools from being ignored.

#8about 7 minutes

Automating multi-customer deployments with Ansible

An idempotent Ansible playbook automates the rollout of new versions to numerous customer environments by updating configurations and restarting containers.

#9about 2 minutes

Future plans for advancing to a DevSecOps model

The roadmap includes integrating dynamic security scanning, performance testing, and adopting DevSecOps practices like signed images and secure secret management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Hardening the CI/CD pipeline with automated security tools
11:13 MIN

Hardening the CI/CD pipeline with automated security tools

You can’t hack what you can’t see

Automating security checks in the CI/CD pipeline
11:05 MIN

Automating security checks in the CI/CD pipeline

DevSecOps: Security in DevOps

Integrating security into the DevOps lifecycle with DevSecOps
08:53 MIN

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

The expanding role of developers in security
00:45 MIN

The expanding role of developers in security

Vulnerable VS Code extensions are now at your front door

Implementing CI/CD as a gatekeeper for quality
05:52 MIN

Implementing CI/CD as a gatekeeper for quality

Everything as Code: A Dozen As-Code Concepts beyond Infrastructure or Configuration as Code

Integrating serverless deployments into a DevOps pipeline
20:01 MIN

Integrating serverless deployments into a DevOps pipeline

Serverless on Cloud

The expanding security responsibilities of developers
00:46 MIN

The expanding security responsibilities of developers

Vue3 practical development

Q&A on development, challenges, and platform security
30:03 MIN

Q&A on development, challenges, and platform security

Sustainable Mobility – Giravolta

Featured Partners

Related Videos

See all videos
Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

GitLab CI pipelines for a whole company32:29

GitLab CI pipelines for a whole company

Martin Beránek

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Let developers develop again26:47

Let developers develop again

Kai Geißelhardt & Volker Zöpfel

CI/CD with Github Actions1:05:06

CI/CD with Github Actions

Chris Ayers

Improving Developer Happiness with GitOps42:29

Improving Developer Happiness with GitOps

Lars Hesel Christensen & Basil Brunner

Platform Engineering vs. DevOps Why not both?58:40

Platform Engineering vs. DevOps Why not both?

Christian Strack

Empowering Thousands of Developers: Our Journey to an Internal Developer Platform29:26

Empowering Thousands of Developers: Our Journey to an Internal Developer Platform

Bastian Heilemann & Bruno Margula

Related Articles

View all articles
CH
Chris Heilmann
With AIs wide open - WeAreDevelopers at All Things Open 2025
Last week our VP of Developer Relations, Chris Heilmann, flew to Raleigh, North Carolina to present at All Things Open . An excellent event he had spoken at a few times in the past and this being the “Lucky 13” edition, he didn’t hesitate to come and...
With AIs wide open - WeAreDevelopers at All Things Open 2025
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
DC
Daniel Cranney
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
Inside last week’s Dev Digest 194 . 🧠 Learn how to become an AI-native software engineer 🤷‍♂️ How can you stand out when anyone can build anything? 👂 Whisper Leak allows listening to encrypted chats 🐝 What’s new the OWASP2025 Top Ten List 🙅‍♀️ Curse...
Dev Digest 194: AI vs. Version Control, Password Louvre & Cursed Webdev
CH
Chris Heilmann
WeAreDevelopers LIVE days are changing - get ready to take part
Starting with this week's Web Dev Day edition of WeAreDevelopers LIVE Days, we changed the the way we run these online conferences. The main differences are:Shorter talks (half an hour tops)More interaction in Q&AA tips and tricks "Did you know" sect...
WeAreDevelopers LIVE days are changing - get ready to take part

From learning to earning

Jobs that call for the skills explored in this talk.

Cloud Engineer (m/w/d)

Cloud Engineer (m/w/d)

fulfillmenttools
Köln, Germany

50-65K
Intermediate
TypeScript
Google Cloud Platform
Continuous Integration
Cloud Engineer (m/w/d)

Cloud Engineer (m/w/d)

VECTOR Informatik
Stuttgart, Germany

Intermediate
Senior
DevOps
Cloud (AWS/Google/Azure)
DevOps Engineer CI/CD

DevOps Engineer CI/CD

Deutsche WertpapierService Bank AG
Frankfurt am Main, Germany

Remote
Bash
DevOps
Python
Gitlab
+6
DevOps Engineer

DevOps Engineer

Job@ctive GmbH
Bremen, Germany

72-80K
Linux
DevOps
Python
Gitlab
+3