Tech Stacks - CI / CD
CI / CD: Continuous Integration / Continuous Delivery.
The process includes Build, Test, Release, Rollout:
- Load code from your Source Control
- build your code
- if no build errors, run all or related tests.
- if no test errors, release the binary to the artifact registry.
- rollout the new binary / package to your machines (servers).
Extra functions:
- canary: say you have 10 server, update 5 of them (i.e. "expriment"), the rest of 5 still run with the old version (i.e. "control"), run for some time, then compare the metrics (server error, client error, latency, etc), then decide if it is safe to fully roll it out.
- rollback: if there are issues in prod, rollback the servers to a previous version.
- cherrypicking: create a new build with a specific code change.
Things to consider:
- dependency management
- source management
- build
- package
- Secure Software Supply Chain (s3c)
- registry
- CI
- release management
- Vulnerability management
- Artifacts Management
Binary Release vs Data or Config Push
Configs can be set as commandline flags when starting the server, or they can be stored in a separate systems to be read dynamically. If set by flags, changing the configs require a new binary release.
- binary release needs to go through compilation and tests, which may take a few hours in a CI/CD system.
- data push should be a separate system that can quickly changes things (in minutes instead of hours) in prod without changing code and binary.
Data / Config push usecases:
- prod configs that need to be changed quickly.
- who can see what feature.
- flipping feature flags.
- staged rollout. (from 0% to 100%).
- operational changes (like whitelist / blacklist).
Rollout
- Imperative: give step by step instructions.
- Declarative: a service that monitors a model of what should be in production. When it detects changes in this model, it performs pushes until production looks like the model.
Hermetic packaging
Contain all needed files, even down to libc.