CI
CI is the component of Common in charge of providing the infrastructure of a Continuous Integration and Continuous Delivery system (CI/CD).
Public Oath
As the CI/CD is the backbone of our technological operation, we will constantly look for new technology that improves our development, testing and release processes.
Fluid Attacks will look for a CI/CD solution that is:
- Cloud based
- Scalable so developers get feedback as soon as possible
- Secure
- Integrable with the rest of our stack
Architecture
- The module is managed as code using Terraform.
- It implements an
inspector
AWS lambda that in Python. - Our CI/CD system is GitLab CI.
- It is hosted on AWS.
- It is an implementation of the terraform-aws-gitlab-runner module.
- Each product has a bastion machine that spawns workers based on job demand.
- Workers have a
aarch-64-linux
architecture. - There is a
common-x86
bastion that spawnsx86_64-linux
workers for jobs that only run on that architecture. aarch-64-linux
workers have 1 vcpu and 8 GiB memory.x86_64-linux
workers have 2 vcpu and 8 GiB memory.- Workers have Internet access.
- All workers have internal solid-state drives for maximum performance.
- Workers use the GitLab OpenID provider to assume AWS IAM roles provided by common/users.
- There is a
terraform_state_lock
DynamoDB table that allows locking terraform states when deploying infrastructure changes, helping prevent state corruption. - It uses a AWS s3 bucket for storing cache.
- There is an API Gateway that receives merge request and pipeline triggers from GitLab.
- The API Gateway forwards the requests to the Lambda.
- The Lambda performs the following actions:
- Cancel unnecessary pipelines.
- Rebase merge requests with trunk.
- Merge merge requests with green pipelines.
Contributing
Please read the contributing page first.