Skip to main content

CI

CI is the component of Common in charge of providing the infrastructure of a Continuous Integration and Continuous Delivery system (CI/CD).

Public Oath

As the CI/CD is the backbone of our technological operation, we will constantly look for new technology that improves our development, testing and release processes.

Fluid Attacks will look for a CI/CD solution that is:

  • Cloud based
  • Scalable so developers get feedback as soon as possible
  • Secure
  • Integrable with the rest of our stack

Architecture

ArchitectureArchitecture
  1. The module is managed as code using Terraform.
  2. It implements an inspector AWS lambda that in Python.
  3. Our CI/CD system is GitLab CI.
  4. It is hosted on AWS.
  5. It is an implementation of the terraform-aws-gitlab-runner module.
  6. Each product has a bastion machine that spawns workers based on job demand.
  7. Workers have a aarch-64-linux architecture.
  8. There is a common-x86 bastion that spawns x86_64-linux workers for jobs that only run on that architecture.
  9. aarch-64-linux workers have 1 vcpu and 8 GiB memory.
  10. x86_64-linux workers have 2 vcpu and 8 GiB memory.
  11. Workers have Internet access.
  12. All workers have internal solid-state drives for maximum performance.
  13. Workers use the GitLab OpenID provider to assume AWS IAM roles provided by common/users.
  14. There is a terraform_state_lock DynamoDB table that allows locking terraform states when deploying infrastructure changes, helping prevent state corruption.
  15. It uses a AWS s3 bucket for storing cache.
  16. There is an API Gateway that receives merge request and pipeline triggers from GitLab.
  17. The API Gateway forwards the requests to the Lambda.
  18. The Lambda performs the following actions:
    • Cancel unnecessary pipelines.
    • Rebase merge requests with trunk.
    • Merge merge requests with green pipelines.

Contributing

Please read the contributing page first.

Last updated on