CI/CD Patterns¶
CI/CD Overview¶
GitHub Actions¶
# .github/workflows/ci.yml
name: CI/CD Pipeline
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: 'maven'
- name: Run tests
run: mvn test
- name: Upload coverage
uses: codecov/codecov-action@v3
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run linter
run: mvn spotless:check
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Trivy
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
severity: 'CRITICAL,HIGH'
build:
needs: [test, lint, security-scan]
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.meta.outputs.tags }}
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=sha,prefix=
type=ref,event=branch
type=semver,pattern={{version}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy-staging:
needs: build
runs-on: ubuntu-latest
environment: staging
steps:
- name: Deploy to staging
run: |
kubectl set image deployment/app \
app=${{ needs.build.outputs.image-tag }}
- name: Run smoke tests
run: ./scripts/smoke-test.sh
deploy-production:
needs: deploy-staging
runs-on: ubuntu-latest
environment: production
steps:
- name: Deploy to production
run: |
kubectl set image deployment/app \
app=${{ needs.build.outputs.image-tag }}
Deployment Strategies¶
Blue-Green Deployment¶
Canary Deployment¶
Rolling Deployment¶
Feature Flags¶
// Feature flag service
public class FeatureFlagService {
private final FeatureFlagClient client;
public boolean isEnabled(String flag, User user) {
return client.evaluate(flag, user.getId(), user.getAttributes());
}
}
// Usage in code
public class CheckoutService {
private final FeatureFlagService featureFlags;
public CheckoutResult checkout(Cart cart, User user) {
if (featureFlags.isEnabled("new-payment-flow", user)) {
return newPaymentFlow(cart, user);
}
return legacyPaymentFlow(cart, user);
}
}
// Gradual rollout configuration
{
"flag": "new-payment-flow",
"enabled": true,
"rules": [
{
"percentage": 10,
"variants": {
"on": 10,
"off": 90
}
}
],
"targeting": {
"beta_users": true,
"country": ["US", "CA"]
}
}
Feature Flag Best Practices¶
GitOps¶
ArgoCD Application¶
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/org/gitops-repo
targetRevision: HEAD
path: apps/my-app/overlays/production
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
Pipeline Best Practices¶
Trunk-Based Development¶
Common Interview Questions¶
- Blue-green vs Canary?
- Blue-green: Instant switch, full environment
-
Canary: Gradual rollout, percentage-based
-
What is GitOps?
- Git as source of truth
- Declarative, automated deployment
-
Pull-based (ArgoCD, Flux)
-
Feature flags benefits?
- Decouple deploy from release
- Gradual rollout, A/B testing
-
Quick rollback
-
CI vs CD?
- CI: Build, test, integrate
-
CD: Automated deployment (Delivery = manual gate, Deployment = fully automated)
-
How to speed up pipelines?
- Parallelization
- Caching
- Incremental builds
- Smaller test suites