GitLab CI/CD — Automating Claude Code on Cloud
How to run Claude Code as a CI/CD step on GitLab.com (cloud) — design reviews, security audits, and automated fixes triggered by git events.
Why / When to Use
Use GitLab cloud when you want Claude Code running in CI without managing your own runner infrastructure. GitLab provides VMs — your laptop is just an editor.
Core Concept
GitLab.com provides shared runners (VMs) that clone your repo, run your pipeline stages, and call the Anthropic API. Your code goes to GitLab servers; Claude only receives the prompt + relevant code snippets (not the full codebase at once).
Cloud vs Self-Hosted
| GitLab.com (Cloud) | Self-Hosted | |
|---|---|---|
| Setup | Zero — just sign up | Docker Compose on your server |
| Runners | GitLab provides free | You run your own |
| Maintenance | None | You manage Docker, updates |
| Internet required | Yes — code goes to gitlab.com | No — stays local |
| Cost | Free 400 min/month trial | Free software + server cost |
When to use cloud: starting out, solo dev, testing the pipeline, up to ~50 full Claude cycles/month. When to self-host: privacy requirements, offline, exceeding free minutes.
Free Tier
GitLab.com free tier (2026):
- 400 runner minutes/month (~50 Claude review cycles)
- Unlimited private repos and users
- Paid starts at $29/month for 10,000 minutes
Setup (Cloud) — Step by Step
# 1. Create account at gitlab.com
# 2. Create new blank project at gitlab.com
# 3. Connect local repo
cd your-project
git init
git remote add origin git@gitlab.com:yourusername/your-project.git
# 4. Add pipeline files
cp CLAUDE.md your-project/
cp .gitlab-ci.yml your-project/
# 5. Push
git add .
git commit -m "chore: add Claude CI/CD pipeline"
git push -u origin main
# 6. Add secrets in GitLab UI
# Project → Settings → CI/CD → Variables
# Add: ANTHROPIC_API_KEY (masked + protected)What to Remove vs Keep from Self-Hosted Config
# REMOVE (self-hosted only):
docker-network-mode: "gitlab-net"
# KEEP (works on both):
services:
- name: postgres:16-alpine
alias: postgresEverything else in .gitlab-ci.yml stays the same.
Pipeline Stages on Cloud
You push code
↓
GitLab.com detects .gitlab-ci.yml
↓
Shared Runner (VM: Linux, 2 vCPU / 7.5 GB RAM)
↓
[lint] → python:3.12-slim → black, isort, flake8
[test] → python:3.12-slim + postgres:16 → pytest
[ai-review]→ node:24-alpine → installs Claude CLI → Claude runs
[security] → node:24-alpine → Claude security audit
↓
Claude calls Anthropic API (outbound from GitLab VM)
↓
Claude pushes MR comment / fixes / commits back to your repo
↓
You review at gitlab.com
Data Flow — What Goes Where
| Data | Destination | Notes |
|---|---|---|
| Your code | gitlab.com servers | Know this before deciding |
| Claude prompts | Anthropic API | Sent from GitLab VM |
| Your code content | NOT sent to Anthropic | Claude reads files locally in VM |
| Test results | GitLab artifacts | |
| Secrets | GitLab encrypted storage | Never visible in logs |
Gotchas
- Code goes to GitLab servers — not suitable for highly confidential codebases without self-hosted runner
- 400 free minutes depletes fast if you have long-running tests; Claude review steps typically 5–8 min each
- Secrets must be added in GitLab UI (Settings → CI/CD → Variables), not in
.gitlab-ci.yml
Source
Conversation: “Automating Claude with GitHub Actions” — 2026-05-14