Continuous integration and continuous deployment (CI/CD) is the core of DevOps, and when implemented properly, it can greatly improve code quality, speed up development, and help teams develop more efficiently.

In this article, we will share RightCapital’s best practices in this area, team culture, and hopefully inspire you.

This article mainly introduces the CI/CD of our back-end project, using the following technology stack:

  • PHP
  • GitLab CI
  • Kubernetes
  • Helm + Helmfile + Helm Secret

Continuous Integration

What is a CI

Every time a developer pushes or merges a code change, it triggers a series of automated tools to perform code inspections. These checks help us find errors and potential vulnerabilities in the code, exposing problems very early on, rather than waiting for user feedback when the code is deployed to the production environment.

Our CI Pipeline

So let me just tell you a little bit about what exactly we did in CI?

  • Prepare phase: Performs a series of initialization tasks, such as installing project dependencies
  • Lint phase: Code style checks
    • PHP CS Fixer: Make sure everyone’s code style is consistent
    • Yaml Lint: Ensures that Yaml files in your project are formatted correctly and styled consistently
  • Test phase: Tests
    • PHPUnit: Unit and integration tests performed
    • PHPStan: Code static analysis checks, such as finding undefined variables, type errors, etc
  • Post phase: Finishing the work
    • Sentry: Associate code commits to Sentry to quickly locate code changes and subauthors after Sentry has collected an error
    • Trigger Deploy: The pipeline that triggers the deployment, as discussed in the next section

Since our company uses GitFlow sequentially, all code changes come from the feature, Bugfix, and hotfix branches, and we forbid direct code changes on the Develop, Release, and Master branches. All changes are merged into the trunk branches using PR; If any check of a PR fails, it is not allowed to be merged. In other words, through the CI process above, we have established a baseline of code quality that we can accept.

What is Continuous Deployment

When continuous integration is complete, automate deployment in a timely manner to ensure that our code is deliverable at every turn.

  • Pre-deploy phase: Do some preparatory work, such as downloading some artifacts for CI Pipline
  • The Publish:
    • Quay Cloud: Build a docker image and push it to Quey. IO.
    • TS Schema Generator: This is an internal tool that analyzes the models in our PHP code, automatically extracts API schemas and generates TypeScript code for the front end, packaged and distributed. This contains the source information of our API Model attribute nouns, types, and so on.
  • Deploy:
    • In this step, we will automatically deploy the code to the environment corresponding to the branch and perform a series of operations
      • For example, the Master branch is deployed to the Production environment, the Release branch to the staging and UAT environments, and the Develop branch to the Development environment
      • Here are a series of operations:
        • Use helm + Helmfile to deploy K8S of the Docker image we packed earlier
        • Deploying our Env to K8S using Helm Secret is secrets, which we covered earlier in Managing Secret with SOPS
        • To automate migration, we will automatically back up the database after the application is automatically deployed, and then run Migration to perform database changes
        • Cache cleaning……

Code is deliverable all the time, which is very important for a team to effectively and continuously improve the product. And the use of automatic way to standardize the process, to avoid the possibility of manual error, before any database changes we will automatically backup the database first, to ensure data security.

What’s this? This is a set of best development environment deployment practices that we are very proud of. Take a look at these scenarios:

  • Since all of our features are developed on the Feature branch, the feature branch cannot be merged into the Develop branch without passing A CI and code review, meaning that the code cannot be deployed into the development environment. But during development, there is always a need for front-end and back-end tuning. How do we solve that?
  • In the process of code review, although CI passes, reviewers sometimes want to run the code and test it manually. How can it be convenient and efficient?

Solution: We can automatically deploy a temporary environment for testing and tuning for each branch, which is automatically destroyed when PR is merged. We then created a DevBar at the bottom of the front end page to see what environments and branches are currently available and to switch the API to any environment to start testing at any time, as well as to see some information about the commit of the current environment.

What if the front and back ends need to be combined? The back end only needs to tell the front end what the branch name is, Done! What about code review tests? Start testing by selecting the environment with the current branch name in the front end.

This solution greatly simplifies the cost of managing our development environment and allows other processes to run more efficiently.

The implementation of this solution is based on the following technologies, which will be detailed in a subsequent article:

  1. GitLab CI Review Apps
  2. K8S + Helm
  3. Cert manager

conclusion

Some might argue that the process is too demanding to be effective. With code push without any constraints, our process is naturally slow, and that’s exactly what we want to happen.

Because we insist on code quality over development speed, and rely on highly automated processes to remain sufficiently efficient, we can have it both ways. If you believe in our philosophy, you can apply to join us.

This article is an overview of our CI/CD, if you are interested in our implementation, please subscribe to our account/official account for subsequent updates.

NauxLiu, DevOps Manager, RightCapital

Welcome to follow our wechat official account “RightCapital”