What is CI/CD?

CI/CD stands for Continuous Integration and Continuous Delivery/Deployment. It is the practice of automating the integration of code changes from multiple developers into a single codebase. It is a software development practice where the developers commit their work frequently to the central code repository (GitHub or Stash).

Continuous Integration(CI)

Continuous Integration is when developers regularly add their code to a shared place, like GitHub or GitLab. Every time someone adds code, automated tools check if it works by building and testing it.

Continuous Delivery (CD)

Continuous delivery helps developers test their code in a production-similar environment, hence preventing any last-moment or post-production surprises. These tests may include UI testing, load testing, integration testing, etc. It helps developers discover and resolve bugs preemptively.

Continuous Deployment

The final stage of CI and CD will be continuous deployment. It's an extension of continuous delivery, which automates the proper code to the code repository. Continuous deployment will automate the related app for production purposes because there is not have no manual gate at the stage of the pipeline before production, and continuous deployment relies on high automation.

In simple language, it is a change of application that goes through the cloud, which is carried by the developer, and it will live within a few minutes of writing, passing with automated testing.

CI Workflow

Below is a pictorial representation of a CI pipeline the workflow from developers checking in their code to its automated build, test, and final notification of the build status.

Once the developer commits their code to a version control system like Git, it triggers the CI pipeline which fetches the changes and runs automated build and unit tests. Based on the status of the step, the server then notifies the concerned developer whether the integration of the new code to the existing code base was a success or a failure.

This helps in finding and addressing the bugs much more quickly, makes the team more productive by freeing the developers from manual tasks, and helps teams deliver updates to their customers more frequently. It has been found that integrating the entire development cycle can reduce the developer's time involved by ~25 - 30%.

CI and CD Workflow

The below image describes how Continuous Integration combined with Continuous Delivery helps quicken the software delivery process with lower risks and improved quality.

We have seen how Continuous Integration automates the process of building, testing, and packaging the source code as soon as it is committed to the code repository by the developers. Once the CI step is completed, the code is deployed to the staging environment where it undergoes further automated testing (like Acceptance testing, Regression testing, etc.). Finally, it is deployed to the production environment for the final release of the product.

If the deployment to production is a manual step. In that case, the process is called Continuous Delivery whereas if the deployment to the production environment is automated, it is referred to as Continuous Deployment.

Common CI/CD Tools

CI and CD tools can help team in the development, deployment, and testing, some of the tools are highly recommended for the integration part and some are for the development and management of the testing and related functionality.

Most of the famous tools for the CI and CD is Jenkins. It is open source and it will help to handle all types of work and design a simple CI server to complete the CD hub.

Apart from the Jenkins, many more sources are available for the proper way of managing CI and CD which are listed below:

• Concourse: It is an open-source tool to build the mechanics of CI and CD.
• GoCD: it's used for the modeling and visualization.
• Screwdriver is a building platform for CD.
• Spinnaker: it's a CD platform used to build a multi-cloud environment.

Components of a CI/CD Pipeline

1. Commit Change

Developers make code changes and commit these changes to a version control system (e.g., Git). This step initiates the CI/CD pipeline. Committing code changes ensures that they are tracked and versioned properly.

2. Trigger Build

The version control system detects the new commit and triggers the build process automatically. Automated triggering of the build process ensures that new changes are continuously integrated and tested.

3. Build

The codebase is compiled and built into a deployable artifact, such as a binary executable or a Docker image. Common tools include Maven, Gradle, Ant for Java projects, and Docker for containerized applications. The build step verifies that the code compiles correctly and that all dependencies are resolved.

4. Notify of Build Outcome

The CI/CD system notifies the team of the build results, whether it passed or failed. Immediate feedback on the build status helps developers quickly identify and resolve any build issues. Notification systems can include emails, chat integrations (like Slack or Microsoft Teams), or dashboards in tools like Jenkins or GitLab CI.

5. Run Tests

Automated tests are executed on the build artifact. These can include unit tests, integration tests, end-to-end tests, and more. Testing frameworks like JUnit, Selenium, TestNG, pytest, etc. Running tests ensures that the new code does not introduce any bugs or regressions and that it meets the required quality standards.

6. Notify of Test Outcome

The results of the test suite are reported back to the development team. Quick feedback on test outcomes allows developers to address any failures promptly. Similar to build notifications, results can be sent via email, chat, or dashboards.

7. Deliver Build to Staging

If tests pass, the build artifact is deployed to a staging environment. The staging environment simulates the production environment, allowing for final validation before production deployment. Deployment tools like Ansible, Chef, Puppet, Kubernetes, or cloud-specific services like AWS CodeDeploy.

8. Deploy to Production

After successful validation in staging, the build is automatically or manually promoted to the production environment. This step makes the new features and fixes available to end-users. Deployment strategies might include blue-green deployment, canary releases, or rolling updates to minimize downtime and risk.

CI/CD Security

CI/CD security is all about protecting software development pipelines from hackers, data leaks, and security flaws. By adding security checks at every stage of development, teams can catch problems early and prevent attacks.

Common Security Risks:

• Code & Dependencies: Using outdated or unsafe libraries can introduce vulnerabilities.
• Pipeline Access: Weak passwords or excessive access can let attackers in.
• Container & Artifact Security: Running unverified images may lead to security breaches.
• Infrastructure Security: Poorly configured cloud settings can expose data or allow unauthorized access.

CI/CD (Continuous Integration and Continuous Delivery) is a set of practices that aim to streamline and automate the software development process. CI focuses on integrating code changes frequently and automatically running tests to ensure code quality.

What is Continuous Integration, Continuous Deployment & Continuous Delivery

Visit Course

What is Continuous Integration, Continuous Deployment & Continuous Delivery

What is CI/CD?