This repository provides an explanation of Devops, DevSecOps, CI/CD concepts and creating pipelines using GitHub Actions, as well as a test deployment using Azure App Services.
"DevOps is a software development methodology that accelerates the delivery of high-quality applications and services by combining and automating the work of software development and IT operations teams." IBM
Objective: keep up w/ growing demand for uninterrupted performance and availability in software.
✨ Key Points
Integration and automation> DevOps brings together shared practices and tools to make software development more efficient and faster with small and frequent updates.
Cultural shift > DevOps is apresented that a representation of change in organizational culture, incorporating the participation of all stakeholders in the software lifecycle.
Evolution of Delivery Process > The current stage of evolution in the software delivery process: from large and infrequent releases to smaller and interative updates released.
Origin > It emerged as an extension of agile methodologies, which began to be adopted in the 2000s. DevOps added new process and tools to accelerate development and improve softaware quality that extend continuous iteration and CI/CD automation to entire software delivery lifecycle.
CODE - Devs write the code using tools like Git to keep the process smooth and avoid mistakes.
BUILD - After coding, devs add their work to a shared code repository.
TEST - The build is tested in a test environment to check the quality aspects like security, integration, and performance.
RELEASE - Once the tests are passed, the build is ready for deployment. The team schedules the release or deploys it to production.
DEPLOY - The PRD environment is prepared using IaC and the build is deployed using various tools.
OPERATE - The release is now live for customers. The operations team manages server configuration and provisioning.
MONITOR - The entire system is monitored based on customer behavior and application performance to identify any issues that could impact the team's productivity.
It is a version of DevOps that includes security throughout the entire DevOps lifecycle, from planning to feedback and back to planning again.
DevSecOps has emerged as a solution to two major challenges that have made it difficult to fully integrate security into DevOps:
-
Incorporating security expertise into cross-functional teams (a cultural issue).
-
Automating security within the DevOps process (a technical issue).
With the security was often seen as a roadblock and an extra cost in many DevOps practices. DevSecOps was developed to address these issues by making security an integral part of the process, alongside development and operations, ensuring that security is a key focus from the start.
The idea is that DevSecOps solves these challenges of integrating security into DevOps by promoting a culture where everyone is responsible for security, automating continuous testing and monitoring to detect vulnerabilities from the outset, and integrating security tools directly into development pipelines.
CI And CD is the practice of automating the integration of code changes from multiple developers into a single codebase. It is a software development practice where the developers commit their work frequently to the central code repository. Then there are automated tools that build the newly committed code and do a code review, etc as required upon integration.
The key goals of Continuous Integration are to find and address bugs quicker, make the process of integrating code across a team of developers easier, improve software quality, and reduce the time it takes to release new feature updates.
When devs work in isolation for extended periods and only merge their changes when they're done, it can lead to many conflicts, accumulated bugs, and slower updates. With CI, the idea is that devs frequently commit to a shared repository. The CI pipeline automates the build, testing, and code review processes, making it easier to quickly detect issues and deliver updates more efficiently.
It helps devs test their code in an environment similar to production, reducing surprises and bugs before release. It automates the release process, ensuring low risk, high quality releases and faster updates to customers. CD follows CI and includes running tests like integration and regression in a staging area. It keeps the software always ready for deployment, with some tools managing the process.
The YAML files play a crucial role in configuring CI/CD pipelines by providing a clear and structured way to define the stages and processes needed for automating software development and delivery.
- YAML uses a hierarchical structure based on indentation to represent data.
- Keys and values are defined with two or more spaces of indentation.
- It does not use brackets or braces, its simpler to read.
- Keys and Values
- Keys represent categories or configurations, followed by a colon ( : )
- Values can be strings, numbers, lists, or objects.
name: CI Pipeline trigger: push
- Lists
- Used to represent multiple items under a key, preceded by a hyphen ( - )
stages: - build - test - deploy
- Nested objects
- To represent more complex structures
jobs: build: script: - make build - make test
- Job and Step Definitions
- Jobs are tasks that make up the pipeline (build, test, deploy).
- Steps are the commands executed within each job.
jobs: build: steps: - name: Checkout code run: git checkout . - name: Build project run: make build
- Variables
- Allow defining reusable values throughout the pipeline
variables: IMAGE_NAME: myapp
- Triggers
- Define when and how the pipeline should run, such as on a push to a specific branch or a pull request
trigger: branches: include: - main
- File Example using Github Actions
- .github/workflows/ci.yml
name: CI Pipeline on: [push] jobs: build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v2 - name: Build and test run: | make build make test
Deploy to App Service using Azure + Github Actions
singleton-scoped-transient-dotnet/.github/workflows
- IBM - DevOps Topics
- Simform - DevOps Lifecycle
- GeeksforGeeks - What is CI/CD?
- DevOps - Código Fonte TV
- DevSecOps (Segurança no Ciclo de Desenvolvimento de Software) - Código Fonte TV
- Azure Pipelines documentation
- Deploy to App Service using Azure Pipelines
- Azure Resource Manager QuickStart Templates