CI/CD and Non-Interactive Jobs
Pipeline jobs should be reproducible and fail fast when credentials or paths are wrong.
Pipeline Pattern
ci-step.sh
rclone version
rclone lsd remote-ci:
rclone sync ./artifact remote-ci:releases/${CI_COMMIT_SHA} --checksum --log-level INFO
Recommended CI Controls
| Control | Why it matters |
|---|---|
Explicit --config path | Avoid runner user-context surprises |
| Secret injection from CI vault | Prevents secret-in-repo issues |
| Dry-run gate for destructive jobs | Stops accidental delete events |
| Post-sync check | Confirms published artifact integrity |
Mapping
Example Verify Stage
rclone check ./artifact remote-ci:releases/${CI_COMMIT_SHA} --one-way
warning
Never use broad production credentials in shared CI runners.
Common Pitfalls
| Pitfall | Effect | Prevention |
|---|---|---|
| Interactive OAuth in CI | Job hangs/fails | Use service credentials |
| Non-unique destination path | Release overwrite | Include commit/tag in target path |
| Missing verification stage | Corrupt artifacts pass downstream | Add integrity checks |