Source: https://cli.nylas.com/guides/gitlab-ci-email-notifications

# Send Email from GitLab CI Pipelines

GitLab's built-in pipeline emails are coarse, and wiring an SMTP relay into CI means storing credentials that break the moment a provider tightens auth. A cleaner path: install the Nylas CLI in a job and send over API. One command emails the right people when a deploy fails, authenticated by a masked CI variable, with no SMTP host and no mail daemon. This guide adds email to a GitLab pipeline and scopes it to the failures you actually want to hear about.

Written by [Caleb Geene](https://cli.nylas.com/authors/caleb-geene) Director, Site Reliability Engineering

Updated June 8, 2026

> **TL;DR:** Add a job that installs the CLI with `curl -fsSL https://cli.nylas.com/install.sh | bash`, authenticates with `nylas auth config --api-key "$NYLAS_API_KEY"` from a masked CI/CD variable, and sends with `nylas email send`. Gate it on failure using `rules` or `when: on_failure` so the email fires only when the pipeline breaks. No SMTP host, no mail daemon.

Command references used in this guide: [`nylas email send`](https://cli.nylas.com/docs/commands/email-send), [`nylas auth config`](https://cli.nylas.com/docs/commands/auth-config), and [`nylas auth whoami`](https://cli.nylas.com/docs/commands/auth-whoami).

## How do you send email from GitLab CI?

You send email from GitLab CI by adding a job that installs the Nylas CLI and runs `nylas email send`. The CLI installs from a shell script in a couple of seconds on the runner, authenticates with an API key, and sends over HTTPS — so the job needs no SMTP server, no port 587, and no mail package. One `script` block turns a pipeline stage into a notifier.

This sidesteps the usual CI email pain. GitLab's native notifications are limited to a few event types, and a custom SMTP integration means storing a mailbox password that breaks when a provider tightens authentication. The CLI sends over API with an API key you store as a masked variable, per GitLab's [CI/CD variables documentation](https://docs.gitlab.com/ee/ci/variables/).

```yaml
# .gitlab-ci.yml — a notify job
notify:
  stage: .post
  image: ubuntu:24.04
  before_script:
    - apt-get update && apt-get install -y curl
    - curl -fsSL https://cli.nylas.com/install.sh | bash
    - export PATH="$HOME/.config/nylas/bin:$PATH"
    - nylas auth config --api-key "$NYLAS_API_KEY"
  script:
    - nylas email send --to team@example.com
      --subject "Pipeline $CI_PIPELINE_ID finished"
      --body "Project $CI_PROJECT_NAME, ref $CI_COMMIT_REF_NAME." --yes
```

## How do you authenticate the CLI in CI?

Authenticate with `nylas auth config --api-key "$NYLAS_API_KEY"`, reading the key from a masked, protected CI/CD variable. This is the headless auth path — no browser, no OAuth redirect — which is exactly what a runner needs. Store the key in **Settings → CI/CD → Variables**, mark it Masked and Protected, and it never appears in job logs.

Treat the key like any deployment secret: never hard-code it in `.gitlab-ci.yml`, and scope it to protected branches so merge requests from forks can't read it. Confirm auth succeeded in the job with `nylas auth whoami` if you want a sanity check before sending. The key authorizes sending from the connected account, so rotate it if it ever leaks into a log.

## How do you email only on pipeline failure?

Email only on failure by gating the job with `when: on_failure` or a `rules` clause, so it runs when an earlier stage fails and stays silent on green pipelines. That's the difference between useful alerting and inbox noise — nobody wants a “build passed” email on every commit. Put the notify job in a late stage so it sees the outcome of the build and test stages.

Enrich the message with the predefined CI variables GitLab injects — `$CI_PIPELINE_URL`, `$CI_COMMIT_SHA`, `$CI_JOB_NAME` — so the recipient can jump straight to the failing pipeline. A good failure email answers “what broke and where” in the subject line, with the pipeline URL one click away in the body.

```yaml
notify_failure:
  stage: .post
  image: ubuntu:24.04
  when: on_failure          # only when an earlier stage failed
  before_script:
    - apt-get update && apt-get install -y curl
    - curl -fsSL https://cli.nylas.com/install.sh | bash
    - export PATH="$HOME/.config/nylas/bin:$PATH"
    - nylas auth config --api-key "$NYLAS_API_KEY"
  script:
    - nylas email send --to oncall@example.com
      --subject "FAILED: $CI_PROJECT_NAME pipeline $CI_PIPELINE_ID"
      --body "Ref $CI_COMMIT_REF_NAME ($CI_COMMIT_SHA). See $CI_PIPELINE_URL" --yes
```

## Next steps

- [GitHub Actions email notifications](https://cli.nylas.com/guides/github-actions-email-notifications) — the same pattern in Actions
- [Jenkins email notifications](https://cli.nylas.com/guides/jenkins-email-notifications) — pipeline post-build email
- [Send email from a bash script](https://cli.nylas.com/guides/send-email-from-bash-script) — the underlying one-liner
- [Cron email without Postfix](https://cli.nylas.com/guides/cron-job-email-without-postfix) — scheduled alerts, same approach
- [Full command reference](https://cli.nylas.com/docs/commands) — every flag and subcommand documented