logo

Tech Stacks - CI / CD

CI / CD: Continuous Integration / Continuous Delivery.

The process includes Build, Test, Release, Rollout:

  • Load code from your Source Control
  • build your code
  • if no build errors, run all or related tests.
  • if no test errors, release the binary to the artifact registry.
  • rollout the new binary / package to your machines (servers).

Extra functions:

  • canary
  • rollback
  • cherrypicking: create a new build with a specific code change.

Things to consider:

  • dependency management
  • source management
  • build
  • package
  • Secure Software Supply Chain (s3c)
  • registry
  • CI
  • release management
  • Vulnerability management
  • Artifacts Management

Binary Release vs Data or Config Push

  • binary release needs to go through compilation and tests, which may take a few hours in a CI/CD system
  • data push is relatively small, mostly configurations, should be rolled out quickly (in minutes instead of hours). Data push should be a separate system that can quickly changes things in prod without changing code and binary.

Data / Config push usecases:

  • who can see what feature; flipping feature flags; staged rollout; dynamic configuration; operational changes (like whitelist / blacklist)

How to use such a system:

  • Key value pairs
  • files from source controls (non key-val data): modify files in source control, the system detects differences and push the new file to prod
  • server flags: need to reboot after flags change
  • from GUI

Rollout

  • Imperative: give step by step instructions.
  • Declarative: a service that monitors a model of what should be in production. When it detects changes in this model, it performs pushes until production looks like the model.

Hermetic packaging

Contain all needed files, even down to libc.