CI/CD or Continuous Integration / Continuous Development Workflow of a Web App

Before you start any Web App, there are several important decisions you will need to make about the architecture, including how to get the code from local, though development, to testing then production. How would you do this over and over as the software changes and is developed? Continuous Integration / Continuous Development (CI/CD) is here to help… or hinder if you don't get it right.

CI/CD aims to answer the question “How do we allow the people working towards a better a system, to do just that, without unnecessary blocks”? For a web app, this means a person making a change should have the ability to take that change and put it on the live system with systems in place to facilitate this. CI/CD, done correctly, enables this. This is not the only definition of CI/CD, there are many definitions and descriptions of CI/CD, but they all seem to agree with the above, Wikipedia has the definition:

“In software engineering, CI/CD or CICD is the combined practices of continuous integration (CI) and continuous delivery (CD) or, less often, continuous deployment. They are sometimes referred to collectively as continuous development or continuous software development.

CI/CD bridges the gaps between development and operation activities and teams by enforcing automation in building, testing and deployment of applications. CI/CD services compile the incremental code changes made by developers, then link and package them into software deliverables.[3] Automated tests verify the software functionality, and automated deployment services deliver them to end users.[4] The aim is to increase early defect discovery, increase productivity, and provide faster release cycles.”

GitHub defines CI/CD as:

“CI/CD stands for Continuous Integration and Continuous Deployment (or Continuous Delivery). It's a set of practices and tools designed to improve the software development process by automating builds, testing, and deployment, enabling you to ship code changes faster and reliably.”

So, let’s break down exactly what this means:

1. Automate Build –Take the code and turn it into a build ready for production
2. Testing – Take our build and run both automated tests and manual tests
3. Deployment – Take our build and put it on the live server.

This is correct, but there are a few steps we need to add, and we need to expand our steps from above:

1. Automated Testing – Your first automated testing should happen with unit tests (bottom of the testing triangle) and Linting as soon as the developer says the code is ‘ready’.
2. Code / Peer review – Manually / automatically check the code for code smells, linting, duplication and standards
3. Data integrity – If there are any changes to data structure, do we need to take any extra steps or checks?
4. Security – Are we opening any ports or endpoints that need special attention?
5. Merge – We need to make sure we have all the code ready for production merged into the correct branch (develop, main or master).
6. Build & Version – Create a new Version using SemVer to create the build.
7. Testing – Using a staging or QA environment run Integration and End-to-End testing plus any manual testing.
8. Staggered Deployment – Using Blue / Green, cannery or A/B test deployment.

Now we have a full CI/CD Workflow let’s investigate how we can complete each of these steps correctly.

Automated Testing & Pull Request

After the developer has completed the feature on the feature branch, they should run the automated testing by creating a Pull Request from their feature branch to the develop branch. This will show any merge conflicts that need fixing.

The developer should / can run automated tests on their local machine before they push up and the IDE can do some of this as the developer types, but the developer should run the tests on the online repository like GitHub or GitLab once they think the code is complete. The tests to run here are Unit Tests.

If the tests fail, the developer should fix, commit, push and re-run the tests.

Once all the tests have passed, the feature branch can move to the next step.

Review

This is a manual step where the code is reviewed by the peer/s of the developer. It can start conversations in the online repository and the developer may have to take the code back to rewrite some of it. It could be there are issues not related to these changes or some refactoring is needed and tickets could need creating.

Our goal is always to move forward, so it's always best to get the code live and go back to refactor in pair programming, rather than stop the ticket, if possible.

Once the feature passes the review/s we can move to the next step.

Data checks

If there are changes to data or data structure with data migrations or something similar, a comment should be made to check this as part of the Peer Review. The developer that created the Pull Request may add a database specialist to the Pull Request that must pass the Peer Review before it moves to the next stage.

Security Checks

If there are changes to any API settings or changes to routing or anything that could be a vulnerability, then the developer should call this out and add a security specialist to the Pull Request that must pass the Peer Review before it moves to the next stage.

Merge

Take the feature branch that has been developed, tested and reviewed and merge it into the develop branch. Any branches that have, and have not, been released are in this branch. All code in this branch is “code complete” and ready to go to production.

Building a new Version

When the Product Owner decides a feature or set of features is ready (not forgetting feature switches), we can create a new version. To do this we create a release branch from the develop branch, making sure we list all the features (referencing the tickets) this build contains. Usually, the Pull Request branch is simply named with the version.

We usually create this branch named with the next version that makes sense for the features (conforming to SemVer) so 3 numbers, split with dots e.g. 1.2.3 or 3.23.0:

• Major version - Add 1 if there are incompatible changes, then reset the minor and patch versions to 0.
• Minor version - Add 1 (Major stays the same) if there is new functionality that is backwards compatible and reset patch versions to 0.
• Patch version - Add 1 (Major and Minor stay the same) if there a bug fix, new documentation, or anything that is backward compatible and does not change functionality.

We create the build from this branch with all the artifacts needed including node and composer modules and we can tag this branch with the version. We then create a staging server with this build so we can run our tests.

Testing

We have completed the Unit Tests on each feature and these tests can be ran again at this point, but this is the Integration and End-to-End testing phase on the build that will, ultimately, land on production.

If the tests fail, any fixes can be completed by the developers that created the feature branches and, as this is a release, this should be of high importance. We can also stop the release and destroy the release branch if there are major issues.

Once the tests have all passed, the Pull Request is merged and, if we haven’t done so, create the tag with the version of the build. This should trigger the deployment of the build we created earlier.

Staggered Deployment

Our build is pushed to the deployment server/s and any migrations to data are ran so the database is kept up-to-date, but what happens if there is a problem with the build? Some packages are corrupted, or an API is not connecting or any number of issues? This would stop the server and leave the app offline.

This is why we use a staggered deployment that does not actually deploy everything to everyone, just enough to give us peace of mind everything is good.

Blue / Green

We build a new server and call it blue and connect it to a new copy of the data. We pull the new code to that server, run all installs and all data migrations. Then we route a small percentage of traffic to that server (say 10%) and check all logs. Any errors and we route all traffic back to the old, green servers.

We keep routing more and more traffic to the new blue servers until 100% of traffic is on the new blue servers and there are no (expected) errors. Then we shut down the old green servers.

On the next release we use green for the new servers and blue becomes the old servers.

Canary

The same as blue / green except we always call the new server canary, like miners carried in mines to check for gas leaks. A canary release is usually 100% switch between old and new, but can percentage traffic can be used as with blue/green or can be just internal traffic to test everything is working correctly before going public.

A/B testing

This is more for feature testing and is less drastic than canary or blue / green. It works with feature switches. After a release of a new feature the new feature is set to off so it cannot be seen or used, but there is a switch to turn it on.

We then keep the feature off some of the traffic, A, but we turn it on for other traffic, B. We can use 50/50% or 20/80% or any other fractions of traffic for A/B

Depending on the results we can either keep the new functionality on for everyone or switch it off.

This type of testing is used more for marketing or UX than releasing but is used to release new functionality too.

Summary

CI/CD allows a developer the tools to take their changes and put them live, safely and efficiently, while providing everyone else the peace of mind the system will simply work.

The CI/CD Workflow I have outlined works for any system, but larger or multi-teams will benefit from the safety more than smaller or single developer teams. However, having automated CI/CD in place from day 1 will benefit everyone by keeping what can be a stressful process, to a simple, painless process.

If I’ve missed anything or you have any stories about going to production with systems you’ve worked with, please comment or contact us.