Create a GitLab CI/CD Pipeline Configuration for Multi-Stage Deployments

Generate a complete `.gitlab-ci.yml` configuration file for a [PROJECT_TYPE] project (e.g., Node.js microservice, Python Django app, Java Spring Boot) that deploys to [DEPLOYMENT_TARGET] (e.g., Kubernetes, AWS ECS, bare metal). **Pipeline Stages** — Define and configure these stages in order: 1. **Build**: - Use the [DOCKER_IMAGE] base image - Cache [DEPENDENCY_DIRECTORY] (e.g., `node_modules`, `.venv`, `.m2`) using a key based on the lock file hash - Build the application artifact and store it using `artifacts:paths` 2. **Test**: - Run unit tests with [TEST_FRAMEWORK] and generate a JUnit XML report for GitLab's test visualization - Run linting with [LINTER_TOOL] - Run security scanning using `sast` or a custom [SECURITY_SCANNER] job - Set `coverage` regex to parse coverage percentage from stdout 3. **Build Docker Image** (if containerized): - Use Docker-in-Docker or Kaniko for building - Tag images with `$CI_COMMIT_SHORT_SHA` and `latest` for the default branch - Push to [CONTAINER_REGISTRY] 4. **Deploy Staging**: - Deploy to the staging environment with `environment: name: staging` - Run smoke tests after deployment as a verification step - Trigger only on `merge_request` events to the `main` branch 5. **Deploy Production**: - Require `when: manual` approval - Only trigger on tagged releases matching `v*.*.*` - Include rollback instructions as comments **Additional Configuration**: - Define global variables for [ENVIRONMENT_VARIABLES] - Use `rules` (not `only/except`) for all conditional logic - Add `retry: 2` for flaky network-dependent jobs - Include a `workflow:rules` block to prevent duplicate pipelines Add comments explaining each decision and any GitLab-specific gotchas.