👨‍👧‍👧 ⏭️ 🙍 The perfect pipeline in a vacuum 💀 👩🏾‍🎓 ✍🏿

Don't even call me if your pipeline doesn't look like this.

In interviews for a position that involves understanding DevOps, I like to ask candidates this question (and sometimes they also ask me):

What do you think the ideal pipeline from commit to production should be? / Describe the ideal CI / CD / etc

. , CI/CD .

, .
, .
, "", . , ( ) , . , , " — " DevOps.
. , . : Jira production. gitflow, gitlabFlow, githubFlow.

, - CI, , ?

CI?

;
;
;
;
;
Merge;
MR code review.

Code scanning

— .

— Senior/Lead Backend Developer. , // . , .

;
;
.

I need your vulnerabilities, boots and a motorcycle — ,

, git push

.

gitlab-ci

stages:
  - code-scanning

.code-scanning:
 only: [pushes]
 stage: code-scanning

Linters

– ! . " ".

— .

. - . , , CI. soft skills, .


eslint	JavaScript
pylint	Python
golint	Golang
hadolint	Dockerfile
kubeval	Kubernetes manifest
shellcheck	Bash
gixy	nginx config
etc

Code Quality

code quality

— , ML- : , , ., code security

.

		Price
SonarQube		€120
CodeQL	Github native, CVE	OpenSource – free
etc

Code Security

, code security

. :

, , . "" production , git

. , , vault

, git

		Price
gitleaks	Gitlab Security, "" "".	Free
shhgit	Enterpise Edition.	$336
etc

, .

Yes, just like the Spanish Inquisition! — -, !

Code Coverage

, , code coverage

.

, .

		Price
go cover	Golang. Golang.	Free
cobertura	jcoverage. Java	Free
codecov		Free 5
etc

Unit test

code quality

, .


phpunit	PHP (My mom says I am special)
junit	Java ( junit)
etc

Build

artifacts/packages/images .. , .

semVer ( gitflow);
romVer;
c;
datetime, timestamp;
etc

, .


docker build	.
buildx / buildkit	Moby . , `DOCKER_BUILDKIT=1` .
kaniko	Google, , -.
werf	'. stapel. All-in-one: , .
buildah	Open Container Initiative, Podman.
etc

, – .

Scan package

/ . . registry .


harbor	Docker Registry, ChartMuseum, Robot-users.	Free
nexus	Docker.	Free pro
artifactory	, .	Free pro
etc

Deploy

rolling – ;
recreate – , production;
blue/green – 90% production ;
canary – 99% production .

Stateful

, stage production, production - , stateful . , , / . stage/pre-production .

/ .


helmwave	Docker-compose helm. .
helm	.
argoCD	" GitOps".
werf.io	.
kubectl / kustomize	, .
etc

helmwav' GitHub. helmwave.

Integration testing

. - . . , . .


Selenium	.
Selenoid	. Docker-in-Docker.
etc

Performance testing (load/stress testing)

stage/pre-production . , , production.


wrk	. .
k6.io	C--JavaScript! AutoDevOps.
Artillery.io	JS. k6
jmeter	OldSchool.
yandex-tank	.
etc


sitespeed.io	: coach, browserTime, compare, PageXray.
Lighthouse	Google. , . . , .
etc

Code Review / Approved

Merge Request. pipeline , , c.

QA;
Security;
Tech leads;
Release managers;
Maintainers;
DevOps;
etc.

, MR , MR:

production;
QA release ;
DevOps' , : helm-charts / pipeline / / etc.

Developing flow

, , -. -, gitflow, gitlabFlow, githubFlow .

, – . , gitflow . GithubFlow . gitlabFlow , , - , feature-.

, :

Gitflow: feature -> develop -> release-vX.X.X -> master (aka main) -> tag

;
GitHubFlow: branch -> master (aka main);
GitLabFlow: environmental branches.

TL;DR

Feature-

Pre-Production -> Production

P.S.

- , , , , – update.

. ?

The perfect pipeline in a vacuum

CI?