CICD is the process of automating the building, testing & deploying of your application.
CICD is no more a novelty instead it’s a need for every development team. Over the past few weeks, I got a chance to spend huge time implementing CICD from scratch, and based on my experience I suggest six best practices required for any DevOps team, and these are:
- Plan your repo
- Choose your tools
- Plan your Tests automation
- Secure your pipelines and secrets
- Pipelines for early-stage verification and deployment
- Involve the Team.
Plan your repo
Your code repository is extremely important to avoid mess working with small/big teams. A wise decision is always to avoid direct push to the main branch or a release branch, hence the recommendation would be to have branches like this:
In this case, the Feature branch will be the branch that will be synced to the Main for any changes and all developers should be worked with Feature Branch to avoid any accidental/unwanted changes to the Main.
Also, the most important task here is to restrict access to the Main & Release branch for direct push, Pull Request approval, etc.
Choose your tools
It is always important to scan the code being pushed to the branches in terms of security & vulnerabilities. To do this there are plenty of tools available like SonarQube, Blackduck, etc.
These scanning tools help you to make sure your code going safely on in the internet ocean.
Plan your Tests automation
Unit Tests or Integration Tests are important to make sure no breaking changes are being pushed and your application is healthy but can be relied on running the tests on local/dev machines only, Oh No, that would be a big mistake.
So make sure you have a pipeline to trigger with every pull request to your concern branch which builds the project and runs the tests and PR should be accepted only with the successful execution of these pipelines.
i.e. check this out:
CI/CD with GitHub Actions pipeline to run the .Net unit test and publish results
Secure your pipelines and secrets
Make sure your pipeline is secured. If you are on GitHub please go through this link:
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
For securing your application secrets, you can use cloud Key Vault services with restricted access i.e. Azure Key Vault
Pipelines for early-stage verification and deployment
Issues in application code are like diseases in your body so as early it is caught, it can be treated well.
So plan your pipeline like Code scanning (SonarQube, Blackduck, etc), Test execution, dev/test deployment, etc in the early stages like with each PR of the feature branch and main branch.
Involve the Team
Last but not the least, Team involvement is very much required as DevOps activity is not one person's responsibility. Whether it is writing tests or observing the pipeline's progress/failure, everyone’s responsibility is equal to making sure the pipeline goes end-to-end green.
Hope you enjoyed the content, follow me for more like this, and please don’t forget to LIKE it. Happy programming.
No comments:
Post a Comment