LogoLogo
  • Technical Direction
  • Technical overview
    • Technical Implementation
    • API Design Guide
      • Data Definitions and Standards
      • Data Transfer Objects
      • Documentation
      • Environments
      • Error Handling
      • Example API Service
      • GraphQL Naming Conventions
      • Methods
      • Naming Conventions
      • Once Only Principle
      • Pagination
      • Resource Oriented Design
      • REST Request
      • REST Response
      • Security
      • Versioning
    • Ísland.is Public Web Data Flow
    • Code Reviews
    • Code Standards
    • Monorepo
    • Project Management
    • Teamwork
    • Architectural Decision Records
      • Use Markdown Architectural Decision Records
      • Use NX
      • Continuous Integration
      • CSS
      • Branching and Release Strategy
      • Error Tracking and Monitoring
      • What API Management Tool to Consider
      • Viskuausan Static Site Generator
      • Use OAuth 2.0 and OpenID Connect As Protocols for Authentication and Authorization
      • Unified Naming Strategy for Files and Directories
      • CMS
      • Open Source License
      • What Chart Library Should We Use Across Island.is?
      • What Feature Flag Service/application Should We Use at Island.is?
      • Logging, Monitoring and APM Platform
      • ADR Template
    • Log Management Policy
  • Products
    • Island.is Authentication Service
      • Terminology
      • Integration Options
      • Authentication Flows
      • Authorising API Endpoints
      • Session Lifecycle
      • Scopes and Tokens
      • Delegations
      • Configuration
      • Tools and Examples
      • Environments
      • Test IAS with Postman
      • Using the IAS admin portal
    • Notifications / Hnipp
      • New Notification Setup Guide
      • Notifications service workflow overview
      • Email notifications
    • Pósthólfið
      • Security Checklist
      • Introduction
      • Skjalatilkynning API
      • Skjalaveita API
      • Sequence Diagram
      • Interfaces
    • Straumurinn (X-Road)
      • Architecture Guidelines for Service Providers and Consumers
      • Setting up an X-Road Security Server
        • Network Configuration
      • X-Road - Uppfærsla á öryggisþjónum
      • Straumurinn - Notkun og umsýsla
      • X-Road Central - current version
  • Development
    • Getting Started
    • Generating a New Project
    • Definition of done
    • Devops
      • Continuous Delivery
      • Database
      • Dockerizing
      • Environment Setup
      • Logging
      • Metrics
      • NextJS Custom Server
      • Observability
      • Operations Base Principles
      • Security
      • Service Configuration
      • Support
    • AWS Secrets
    • Feature Flags
    • Documentation Contributions
    • Defining Monorepo Boundaries With Tags
    • OpenAPI
    • Code Generation
    • Workspace Settings (Deprecated)
    • External Contributions
  • REFERENCE
    • Problems
      • 400 Validation Failed
      • 400 Attempt Failed
      • 403 Bad Subject
      • 400 500 Template API Error
    • Glossary
  • Misc
    • Guide: Adding a Payment Step to an Application
    • Guide: Enable Organisations to Make Requests to an Application
    • README Template
Powered by GitBook
On this page
  • What is Continuous Delivery(CD)
  • Why do CD
  • Process overview
  • Continuous Integration(CI)
  • Merge queues
  • Configuration
  • Delivery pipeline

Was this helpful?

  1. Development
  2. Devops

Continuous Delivery

PreviousDevopsNextDatabase

Last updated 2 years ago

Was this helpful?

What is Continuous Delivery(CD)

The first paragraph from

Continuous Delivery is the ability to get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way.

Why do CD

Top three reasons:

  • Lower risk of changes - By delivering smaller changes to production and exercising the deployment process many times a day, we significantly lower the risk of quality regression or unexpected deployment hurdles.

  • Faster time-to-market - We often have emergency applications that need to get deployed in production under quite tight deadlines. Having a safe delivery pipeline makes this possible.

  • Higher quality - by running our ever-growing regression test suites after every change in the code, we make sure we do not take a step backwards quality-wise.

Process overview

Continuous Integration(CI)

CI is an integral part of the CD. It ensures the quality of the code and packages the assets, making them ready for deployment.

We trigger the CI process for all GitHub Pull Requests targeting the main branch without publishing assets. We trigger the CI process and publish the assets when making changes to main and release/** branches.

When the CI process finishes successfully and has published assets, we trigger the Delivery pipeline to the Dev environment.

Merge queues

Configuration

Delivery pipeline

Each application has a pipeline per deployment environment. The pipeline prepares (aka bakes) the configuration for the concrete environment, waits for manual approval of the deployment and then performs the deployment with the freshly baked configuration.

  • a Docker image tag - specifies which revision of the code/assets to be deployed.

  • a Helm config tag - specifies which revision of the configuration to be deployed.

The CI process triggers the pipelines upon a successful build, which automatically deploys to our Dev environment. After manual approval, it is possible to deploy to Staging and then Prod as well.

We lint the code, check the formatting of the code, perform Node modules vulnerability scan, run the unit and integration tests, run the end-to-end tests (results recorded to cypress.io: https://dashboard.cypress.io/projects/4q7jz8/) and finally, if successful, we package the code and assets. You can find a sample script to run the process for an app of your choosing . To find out more about the thinking around the CI process, please see the .

Code and assets from are packaged in Docker containers and stored in a private Docker registry hosted in AWS . The is configured to perform of all Docker images pushed to it.

(our merge bot) applies first-come-first-served policy to all PRs. To merge code to main, developers add the automerge label to their PRs and Kodiaq will take care of the rest. Developers do not have privileges to merge/push manually to the main branch to prevent accidents from happening and maintain fairness, since merging manually to main would bypass the Kodiak merge queue.

Our deployment platform is Kubernetes and our applications' deployment and configuration is specified using . Additionally, we have the configuration for our infrastructure in AWS specified using . These two configuration sources are hosted in two separate git repositories with restricted access.

We use as a deployment tool for Kubernetes. We have a few application pipelines that are identical for the most part.

The pipelines are defined and versioned in . The input to the pipelines is as follows:

The chart stored in our comes in as an asset as well as value files containing environmental specific values. Docker tag, value files and helm chart are baked together creating Kubernetes manifest, that can be deployed to a specific environment.

Our Spinnaker is accessible . Note that to be able to log in, your membership to the island-is github organization must be set to public. You can change that .

here
ADR
island.is
ECR
ECR
vulnerability scanning
Kodiaq
Helm
Terraform
Spinnaker
our Helm repo
Helm
Chartmuseum
here
here
continuousdelivery.com
cd-overview