Skip to Content
Tech PrinciplesTechnical ResourcesInfrastructureCI/CD

CI/CD 🤖

Build

The first step is converting your application code into executable artifacts. This involves:

  1. Ideally, using a static analysis and checkstyle tools tied to your build task to fail-fast if non-compliant. For Java/Kotlin languages, I’m recommending Spotless and PMD.
  2. Fetching dependencies - during this step several options:
  • Your project pulls dependencies from your company’s artifact repository (Artifactory/Nexus) doing also the caching
  • Your company has pipeline templates handling the caching logic for you.
  • Your team implementing it in its own pipeline.
  1. Compiling source code into binaries and packaging it

Testing

Next, you want to automatically test:

  • Run unit and integration tests to validate functionality
  • Closer your project is to the finish line, more your focus will be on testing, you can look at the different Types Of Testing

Containerization

Your org may already have a set of optimized build-time and run-time base images, if not:

  • Use a minimal base image like Amazon Corretto or Distroless to reduce attack surface
  • Do not run containers as root user, switch to a non-root user after installation
  • Only install essential packages needed for your application (already the case if using images mentioned above)
  • Use multistage builds and leverage builder patterns for smaller images (buildx)
  • Scan images for vulnerabilities before deployment (e.g. Harbor)
  • Leverage Docker content trust for immutable and signed images
  • Narrowing down for JVM images the list of allowed SSL ciphers and TLS versions

Deployment

Infrastructure

Before deploying the app, your pipeline can include the provisioning of application infrastructure using an IaC tool. This is especially valuable for generating dashboards, alerts, or any resource tied to the environment you are deploying.

Application

Nowadays we have two options, the latest becoming more and more the new standard.

  • Push model: using a command line tool in your CI/CD (or part of your pipeline templates) with the right permissions deploying your container.
  • Pull model (Recommended): notifying a GitOps tool like Argo CD or Flux with a Git webhook to deploy your successful pipeline

Resources

  • DORA Metrics - Pipeline KPIs that can be fully captured from system usage.
  • SPACE Metrics - KPIs existing at the System, Team, and Individual levels, but only some are captured from system usage.
Last updated on
KubernetesE2E Load Testing