DevOps & GitOps

From Legacy Scripts to a Unified CI/CD Platform: A Practical Migration Playbook

Migrate from Jenkins, CircleCI, or custom scripts to modern GitLab CI or GitHub Actions without breaking deployments.

17 min

Expert Guide

Updated Nov 2025

1. Why Migrate CI/CD Platforms

2. Current State Assessment

3. Target Platform Selection

4. Migration Strategy

5. Phase 1: Proof of Concept

6. Phase 2: Parallel Running

7. Phase 3: Full Cutover

8. Lessons Learned & Pitfalls

Why Migrate CI/CD Platforms?

Many engineering organizations find themselves trapped with legacy CI/CD systems that have become maintenance nightmares. Whether it's Jenkins instances requiring constant plugin updates, custom shell scripts scattered across repositories, or CircleCI configurations that no one dares to touch, the pain is real and growing.

Modern CI/CD platforms like GitLab CI and GitHub Actions offer compelling advantages: native Git integration, declarative pipeline definitions, built-in security scanning, and significantly lower operational overhead. But migration isn't trivial—especially when you're managing 50+ pipelines supporting production deployments.

This playbook documents the successful migration of 200+ Jenkins pipelines to GitLab CI over 12 weeks, with zero production incidents and minimal disruption to development teams. We'll share the strategy, tooling, and lessons learned.

70% Faster Builds

Modern runners and caching strategies significantly reduce build times

10-30 min → 3-9 min

Built-in Security

SAST, DAST, and dependency scanning included by default

100% coverage

GitOps-Native

Pipeline configuration lives in Git, versioned and reviewable

Zero drift

Current State Assessment

Before migrating a single pipeline, conduct a thorough assessment of your current CI/CD landscape. Understanding what you have is critical to planning what you need.

Inventory Your Pipelines

Create a comprehensive inventory including:

Pipeline Count & Complexity
How many pipelines? Simple builds or complex multi-stage deployments?
Trigger Mechanisms
Git webhooks, scheduled jobs, manual triggers, API calls?
External Dependencies
Docker registries, artifact repositories, secret managers, notification systems
Deployment Targets
Kubernetes, EC2, Lambda, on-prem servers
Custom Scripts & Tools
Groovy scripts, custom plugins, proprietary tooling

Real Example: 200-Pipeline Assessment

Our assessment revealed:

• 212 total pipelines across 85 repositories
• 45% simple build-test-deploy (good candidates for Phase 1)
• 35% complex multi-stage with manual approvals
• 20% legacy scripts with hard-coded secrets (required refactoring)
• 12 custom Groovy scripts (needed rewriting)

Target Platform Selection

Choosing between GitLab CI, GitHub Actions, and CircleCI depends on your specific needs. Here's how they compare:

GitLab CI

Best for: Teams already using GitLab or wanting complete DevOps platform
Pros: Integrated security scanning, built-in container registry, powerful auto-DevOps features
Cons: Steeper learning curve for .gitlab-ci.yml syntax, self-hosted runners require maintenance

GitHub Actions

Best for: GitHub-hosted repositories, rapid prototyping, extensive marketplace
Pros: Huge action marketplace, simple YAML syntax, tight GitHub integration
Cons: Limited free minutes for private repos, less enterprise features than GitLab

CircleCI

Best for: Docker-first workflows, mature performance optimization features
Pros: Excellent caching, fast execution, good VCS integration
Cons: Higher cost, less integrated than GitLab/GitHub solutions

Our Choice: GitLab CI

We chose GitLab CI for:

• Unified platform: source control + CI/CD + security + registry
• Self-hosted runners: complete control over build environment
• Cost-effective: unlimited minutes on self-hosted runners
• Compliance: air-gapped runners for regulated workloads

Migration Strategy: Gradual vs Big Bang

You have two approaches: migrate everything at once (big bang) or gradually migrate pipeline by pipeline. For most organizations, gradual migration is the safer choice.

Big Bang Migration

When to use:

• Small teams (<10 pipelines)
• Greenfield projects
• Mandated deadline

Risks:

• High chance of production impact
• Team overwhelm
• Difficult rollback

Gradual Migration (Recommended)

When to use:

• Large pipeline inventory (50+)
• Production-critical systems
• Learning curve needed

Benefits:

• Learn and improve iteratively
• Easy rollback per pipeline
• Team ramps up gradually

Recommended: 3-Phase Approach

Phase 1: Proof of Concept (Weeks 1-3)
Migrate 3-5 low-risk pipelines to validate approach and tooling
Phase 2: Parallel Running (Weeks 4-8)
Run new and old pipelines side-by-side, migrate 50% of pipelines
Phase 3: Full Cutover (Weeks 9-12)
Complete migration, decommission legacy system

Phase 1: Proof of Concept (3-5 Pipelines)

Start with low-risk pipelines to validate your migration approach, tooling, and team readiness. Choose pipelines that represent different patterns you'll encounter.

Select Your POC Pipelines

Choose pipelines that cover different scenarios:

Simple Build-Test Pipeline
Basic CI workflow to validate core functionality
Docker Build & Push
Test container registry integration
Deploy to Staging
Validate deployment automation and secrets management

Example: Jenkins to GitLab CI Migration

Before: Jenkinsfile

pipeline {
  agent any
  stages {
    stage('Build') {
      steps {
        sh 'npm install'
        sh 'npm run build'
      }
    }
    stage('Test') {
      steps {
        sh 'npm test'
      }
    }
    stage('Deploy') {
      when { branch 'main' }
      steps {
        sh './deploy.sh production'
      }
    }
  }
}

After: .gitlab-ci.yml

stages:
  - build
  - test
  - deploy

variables:
  NODE_VERSION: "18"

build:
  stage: build
  image: node:${NODE_VERSION}
  script:
    - npm ci
    - npm run build
  artifacts:
    paths:
      - dist/
    expire_in: 1 hour
  cache:
    paths:
      - node_modules/

test:
  stage: test
  image: node:${NODE_VERSION}
  script:
    - npm ci
    - npm test
  coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'

deploy:
  stage: deploy
  image: alpine:latest
  script:
    - apk add --no-cache bash
    - ./deploy.sh production
  only:
    - main
  environment:
    name: production
    url: https://app.example.com
  when: manual

Key Improvements in GitLab CI Version

• Explicit caching of node_modules (faster subsequent runs)
• Artifact preservation between stages
• Built-in coverage parsing
• Environment tracking for deployments
• Manual approval gate for production

Phase 2: Parallel Running

Run both old and new pipelines simultaneously to build confidence before fully committing. This gives you an escape hatch if issues arise.

Implementation Strategy

Dual Webhook Configuration
Configure Git webhooks to trigger both Jenkins and GitLab CI
Compare Outputs
Validate that both systems produce identical artifacts
Monitor Metrics
Track build times, success rates, and reliability
Team Training
Developers get hands-on experience with new system

Cost Consideration

Running parallel pipelines temporarily doubles your CI/CD costs. Budget for this during the transition period:

• Estimated duration: 4-6 weeks
• Additional cost: ~$2,000-5,000 depending on scale
• Worth it: Eliminates risk of production breakage

Phase 3: Full Cutover

With confidence built from parallel running, switch fully to the new platform and decommission the legacy system.

Cutover Checklist

Verify All Pipelines Migrated
100% of production pipelines must be operational
Update Documentation
Developer guides, runbooks, incident response procedures
Disable Old Webhooks
Prevent accidental triggers of legacy system
Archive Legacy Configuration
Keep backups for 90 days before deletion
Decommission Infrastructure
Shut down old Jenkins servers, reduce costs

0

Production Incidents

Zero downtime during entire migration

70%

Faster Builds

Average build time reduction

$3.2K

Monthly Savings

Reduced infrastructure and maintenance

Lessons Learned & Common Pitfalls

After completing 200+ pipeline migrations, here are the key lessons we learned:

What Worked Well

Start with Simple Pipelines
Building confidence early accelerated later phases
Automated Conversion Tools
Custom scripts converted 60% of basic Jenkins pipelines automatically
Team Champions
Designated GitLab experts in each team smoothed adoption
Comprehensive Logging
Detailed migration logs helped troubleshoot issues quickly

Common Pitfalls to Avoid

Underestimating Secrets Migration
Secret rotation took 2x longer than expected—plan accordingly
Ignoring Custom Scripts
Legacy Groovy scripts required complete rewrites, not simple ports
Insufficient Runner Capacity
Provision 30% more runner capacity than calculated—queue times matter
Poor Communication
Weekly migration updates kept stakeholders informed and reduced anxiety