Example of Continous Integration/Deployment with Codeship

Hi all,
I just thought I would share my experience so far with using github and codeship (basic, free tier) for my CI/CD pipeline.
I’m still working out the best way to deal with secret keys, etc (while trying to avoid stepping up to the paid Codeship Pro, which I believe offers encrypted environment variable…), but this is what is currently working for me:

The project is an sms-notification service for the local nordic ski-trail conditions in Golden, B.C.
I’m using git (with the gitflow branching model) for my version-control, so the deployment-process is kicked off by pushing to my github repo.( I’m currently encrypting my serverless.yml and my secrets.yml, before committing them to git). A push to my “develop” branch will deploy to my “dev” stage AWS infrastructure, while a push to my “master” branch will deploy to my “production” stage. Setting the --stage flag sets the resource names correctly in my serverless.yml, as all the resource names inlude the ${opt:stage} variable in the name. For example:
TableName: User-Mobile-Numbers-${opt:stage}

Each time I push to my repo, the corresponding (dev or production) Codeship deployment pipeline is triggered. This is where Serverless is installed globally, serverless.yml and secrets.yml are decrypted and project dependencies are installed. The stack is deployed to AWS first, and then the front-end app is built and deployed to it’s own s3 bucket. Finally, a cloudfront invalidation is created to clear the cached data. Testing isn’t set up yet, but will be incorporated into the Codeship phase, just before deployment.

In Codeship, this is more or less what my setup script looks like:

nvm use stable
cd /
npm install -g serverless yarn node-cipher
cd /home/rof/src/github.com/nfurfaro/Trails4.0
yarn install
nodecipher decrypt "encrypted_secrets.yml" "secrets.yml" XXXXXXXXXXXXXX XXXXXXXXXXX p $PASSWORD
nodecipher decrypt "encrypted_serverless.yml" "serverless.yml" XXXXXXXXXXXXXX XXXXXXXXXXX p $PASSWORD

Then, my custom script for deploying to my “dev” stage looks like this:

cd serverless
yarn
serverless config credentials --provider aws --key "$AWS_KEY" --secret "$AWS_SECRET" --stage dev
serverless deploy -v --stage dev
cd ..
cd app
yarn add react-scripts
yarn run build

Next, I’m using Codeship’s s3 integration to deploy my frontend (before switching to codeship I was using the “serverless-single-page-app-plugin” to accomplish this part).
Finally, I run this script:

aws configure set preview.cloudfront true
aws cloudfront create-invalidation --distribution-id XXXXXXXXXXXXXXXXX --paths "/*"

It seems to be working really well, and once you set it up it’s so easy to push out updates to your service.
I’d be happy to answer any questions, or clarify how/why I’m doing things the way I am. Keep in mind that I’m pretty new to all of this (I’ve really only been learning web/software development for about 4 months now, trying to get into a new career) so use your own judgement in following my example! Feel free to check out the repo for this project here:

Hope this helps someone looking to do something similar!

1 Like

Thanks for sharing! This will definitely come in handy.

Hey, I’ve been using Codeship for my own CI/cd of serverless (ended up working there :slight_smile: but haven’t moved to the encrypted variables yet.

Just wanted to let you know that there’s a free tier for the pro version of Codeship as well in case you want to try it out. Keep in mind that you don’t need to deploy containers to use Pro; as long as you can define your environment using docker files, you’ll be fine :wink:

Thanks for the tip @dennisnewel. It’s good to know that’s an option. I
don’t have any experience with docker files yet, but I might look at going
this route.

let me know if you need any help getting setup