# CI/CD Компоненты: Сравнение, Альтернативы и Обоснование выбора **Версия:** 1.0 **Дата:** Январь 2026 **Целевая аудитория:** Technical Architects, DevOps Team, Management **Статус:** Decision Document --- ## Executive Summary ### Рекомендованный Stack для FinTech | Компонент | Продукт | License | Annual Cost | Обоснование | |-----------|---------|---------|-------------|-------------| | **Git Repository** | Gitea | MIT | $0 | Lightweight, full-featured, zero cost | | **CI Server** | Jenkins | MIT | $0 | Industry standard, 1800+ plugins | | **GitOps** | ArgoCD/Custom | Apache 2.0 | $0 | Best GitOps, audit trail | | **Container Registry** | Harbor | Apache 2.0 | $0 | Security scanning built-in | | **Orchestration UI** | Portainer CE | Zlib | $0 | User-friendly, RBAC | | **TOTAL** | | | **$0** | **vs $6,720 commercial stack** | --- ## Содержание 1. [Git Repository: Gitea vs Alternatives](#git-repository-gitea) 2. [CI Server: Jenkins vs Alternatives](#ci-server-jenkins) 3. [GitOps: ArgoCD vs Alternatives](#gitops-argocd) 4. [Container Registry: Harbor vs Alternatives](#container-registry-harbor) 5. [Orchestration UI: Portainer vs Alternatives](#orchestration-ui-portainer) 6. [Cost Comparison](#cost-comparison) --- ## Git Repository: Gitea ### Функциональность **Core Features:** - Git repository hosting (unlimited repos) - Pull Request workflow + code review - Issues + Projects (Kanban) - Wiki documentation - Branch protection rules - Webhooks для CI integration - LDAP/AD authentication - GPG commit signing - Git LFS support **Performance:** - RAM usage: 200-500 MB - Single Go binary (50-100 MB) - Fast startup (<5 seconds) - SQLite/PostgreSQL/MySQL support ### Альтернативы | Feature | Gitea | GitLab CE | GitHub Enterprise | Bitbucket | |---------|-------|-----------|-------------------|-----------| | **Cost** | FREE | FREE | $21/user/mo | $30/user/mo | | **RAM** | 200 MB | 4+ GB | 2+ GB | 1-2 GB | | **Setup** | 5 min | 30-60 min | 60+ min | 30 min | | **Built-in CI** | ❌ | ✅ | ✅ | ✅ | | **Lightweight** | ✅ | ❌ | ❌ | ⚠️ | ### Почему Gitea? ✅ **Zero cost** - критично для budget ✅ **Lightweight** - 200 MB RAM vs 4+ GB GitLab ✅ **Simple** - single binary, easy upgrade ✅ **Full-featured** - все нужное для Git workflow ✅ **LDAP ready** - corporate authentication **Use GitLab instead if:** - Need integrated CI/CD (without Jenkins) - Team already knows GitLab - Can allocate 8+ GB RAM --- ## CI Server: Jenkins ### Функциональность **Core Features:** - Pipeline as Code (Jenkinsfile) - 1800+ plugins ecosystem - Distributed builds (master-agent) - Docker/Kubernetes integration - LDAP/AD + RBAC - Credentials management - Audit trail - Blue Ocean modern UI **Plugin Examples:** ``` Security: ├─ OWASP Dependency Check ├─ SonarQube Scanner ├─ Trivy Container Scanner └─ Snyk Security Integrations: ├─ Gitea Plugin ├─ Docker Plugin ├─ Kubernetes Plugin ├─ Slack Notification └─ Email Extension Quality: ├─ JUnit Test Results ├─ Code Coverage (JaCoCo) ├─ Warnings Next Generation └─ Performance Plugin ``` ### Альтернативы | Feature | Jenkins | GitLab CI | GitHub Actions | Drone | |---------|---------|-----------|----------------|-------| | **Cost** | FREE | FREE | Cloud/Self-hosted | FREE | | **Plugins** | 1800+ | Limited | Marketplace | ~100 | | **Flexibility** | High | Medium | Medium | Medium | | **Learning Curve** | Medium | Low | Low | Low | | **Git Agnostic** | ✅ | ❌ GitLab only | ❌ GitHub only | ✅ | ### Pipeline Example ```groovy pipeline { agent { docker { image 'maven:3.8-openjdk-17' } } stages { stage('Build') { steps { sh 'mvn clean package' } } stage('Test') { parallel { stage('Unit Tests') { steps { sh 'mvn test' } } stage('Security Scan') { steps { sh 'mvn dependency-check:check' } } } } stage('Docker Build') { steps { sh 'docker build -t app:${BUILD_NUMBER} .' } } stage('Push to Harbor') { steps { sh 'docker push harbor.local/app:${BUILD_NUMBER}' } } } } ``` ### Почему Jenkins? ✅ **Industry standard** - 70% Fortune 500 use it ✅ **Plugin ecosystem** - 1800+ plugins ✅ **Proven in FinTech** - JPMorgan, Deutsche Bank ✅ **Flexibility** - Pipeline as Code ✅ **Git agnostic** - works with Gitea, GitLab, etc. **Use GitLab CI instead if:** - Using GitLab as Git provider - Need simpler YAML syntax - Want all-in-one platform --- ## GitOps: ArgoCD / Custom ### ArgoCD (для Kubernetes) **Features:** - Declarative GitOps - Automatic sync from Git - Web UI (topology view) - Multi-cluster support - SSO (OIDC, LDAP) - Rollback capabilities - Audit logging **Альтернативы:** - **Flux CD** - no UI, CLI-first - **Jenkins X** - very opinionated - **Spinnaker** - complex, multi-cloud ### Custom GitOps Operator (для Docker Swarm) **Why custom для Swarm:** - ArgoCD designed для K8s - Swarm simpler - custom operator = 200 lines Python - Full control, easy maintenance **Implementation:** ```python # gitops-swarm-operator.py import time, subprocess from git import Repo class GitOpsOperator: def __init__(self, repo_url, local_path): self.repo = Repo.clone_from(repo_url, local_path) def sync_loop(self, interval=30): while True: self.repo.remotes.origin.pull() for compose_file in Path(self.local_path).rglob('docker-compose.yml'): stack_name = compose_file.parent.name subprocess.run([ 'docker', 'stack', 'deploy', '-c', str(compose_file), stack_name ]) time.sleep(interval) ``` ### Почему ArgoCD/Custom? **Kubernetes:** ArgoCD ✅ Best-in-class UI ✅ Strong RBAC ✅ Audit trail **Docker Swarm:** Custom ✅ Simple (200 lines) ✅ Lightweight (50 MB RAM) ✅ Easy troubleshooting --- ## Container Registry: Harbor ### Функциональность **Core Features:** - Docker Registry v2 API - Vulnerability scanning (Trivy) - Image signing (Notary/Cosign) - RBAC (project-level) - LDAP/AD integration - Replication - Webhook notifications - Audit logging **Security Workflow:** ``` Push Image → Harbor │ ├──> Trivy Scan │ ├─ OS vulnerabilities │ └─ App dependencies │ ├──> Policy Check │ ├─ CRITICAL CVEs? → ❌ Block │ ├─ HIGH CVEs? → ⚠️ Warn │ └─ MEDIUM/LOW → ✅ Allow │ └──> Notification └─ Slack/Email ``` ### Альтернативы | Feature | Harbor | Docker Registry | Nexus | Artifactory | |---------|--------|-----------------|-------|-------------| | **Cost** | FREE | FREE | FREE (limited) | $3K+/year | | **UI** | ✅ | ❌ | ✅ | ✅ | | **Vuln Scan** | ✅ Trivy | ❌ | ⚠️ Paid | ✅ | | **Signing** | ✅ | ❌ | ⚠️ Paid | ✅ | | **RBAC** | ✅ | ❌ | ✅ | ✅ | ### Почему Harbor? ✅ **Security built-in** - Trivy scanning included ✅ **Compliance-ready** - audit logs, signing ✅ **Enterprise RBAC** - project-level permissions ✅ **Zero cost** - vs $3K+ Artifactory **Use Nexus instead if:** - Need multi-format (Maven, npm, PyPI) - Already using Sonatype tools --- ## Orchestration UI: Portainer ### Функциональность **Core Features:** - Docker Swarm native support - Modern Web UI - Stack deployment (Compose) - RBAC + Teams - LDAP/AD integration - Container logs streaming - Resource monitoring - Template library **RBAC Example:** ``` Teams: ├── DevOps (Admin) │ └─ Full access ├── Developers │ └─ Deploy to dev only ├── QA │ └─ Deploy to staging └── Managers └─ View-only ``` ### Альтернативы | Feature | Portainer CE | Swarmpit | Docker CLI | Rancher | |---------|--------------|----------|------------|---------| | **Cost** | FREE | FREE | FREE | FREE | | **UI** | ✅ Excellent | ✅ Good | ❌ | ✅ Excellent | | **RBAC** | ✅ | ⚠️ Basic | ❌ | ✅ | | **LDAP** | ✅ | ❌ | ❌ | ✅ | | **Swarm Focus** | ✅ | ✅ | ✅ | ⚠️ K8s focus | ### Почему Portainer? ✅ **User-friendly** - non-DevOps can deploy ✅ **RBAC** - compliance-ready access control ✅ **Free** - CE version has all needed features ✅ **Audit trail** - who deployed what --- ## Cost Comparison ### Recommended (Open Source) ``` Gitea: $0 Jenkins: $0 ArgoCD/Custom: $0 Harbor: $0 Portainer CE: $0 ─────────────────── TOTAL: $0/year Savings: $6,720/year ``` ### Alternative (Commercial) ``` GitHub Enterprise: $2,520/year (10 users) Bamboo CI: $1,200/year Spinnaker: $0 (FOSS) Artifactory: $3,000/year Rancher: $0 (FOSS) ──────────────────────────────────── TOTAL: $6,720/year ``` --- ## Implementation Priority **Week 1-2: Core** 1. Deploy Gitea + PostgreSQL 2. Deploy Harbor 3. Migrate existing repos **Week 3-4: CI/CD** 4. Deploy Jenkins 5. Create first pipeline 6. Setup webhooks **Week 5-6: GitOps** 7. Deploy ArgoCD/Custom 8. Deploy Portainer 9. End-to-end test --- ## Decision Matrix ### When to Choose Alternatives **GitLab over Gitea:** - ❓ Need integrated CI/CD - ❓ Team knows GitLab - ❓ Have 8+ GB RAM **GitHub Actions over Jenkins:** - ❓ Using GitHub (not on-prem) - ❓ Simple workflows only **Artifactory over Harbor:** - ❓ Need multi-format registry - ❓ Budget allows $3K+/year **Rancher over Portainer:** - ❓ Multiple clusters - ❓ Heavy K8s focus --- ## Appendix: Quick Reference ### Component URLs ``` Gitea: https://git.company.local Jenkins: https://jenkins.company.local Harbor: https://harbor.company.local ArgoCD: https://argocd.company.local Portainer: https://portainer.company.local:9443 ``` ### Default Ports ``` Gitea: 3000 (HTTP), 22 (SSH) Jenkins: 8080 (HTTP) Harbor: 80/443 (HTTP/HTTPS) ArgoCD: 8080 (HTTP), 8083 (gRPC) Portainer: 9443 (HTTPS), 8000 (Edge) ``` --- **Document Version:** 1.0 **Last Updated:** Январь 2026 **Status:** Decision Document - Ready for Approval **Approvals:** - [ ] Technical Architect - [ ] DevOps Lead - [ ] Security Lead - [ ] CTO