Hi all,
I just thought I would share my experience so far with using github and codeship (basic, free tier) for my CI/CD pipeline.
I’m still working out the best way to deal with secret keys, etc (while trying to avoid stepping up to the paid Codeship Pro, which I believe offers encrypted environment variable…), but this is what is currently working for me:
The project is an sms-notification service for the local nordic ski-trail conditions in Golden, B.C.
I’m using git (with the gitflow branching model) for my version-control, so the deployment-process is kicked off by pushing to my github repo.( I’m currently encrypting my serverless.yml and my secrets.yml, before committing them to git). A push to my “develop” branch will deploy to my “dev” stage AWS infrastructure, while a push to my “master” branch will deploy to my “production” stage. Setting the --stage flag sets the resource names correctly in my serverless.yml, as all the resource names inlude the ${opt:stage} variable in the name. For example:
TableName: User-Mobile-Numbers-${opt:stage}
Each time I push to my repo, the corresponding (dev or production) Codeship deployment pipeline is triggered. This is where Serverless is installed globally, serverless.yml and secrets.yml are decrypted and project dependencies are installed. The stack is deployed to AWS first, and then the front-end app is built and deployed to it’s own s3 bucket. Finally, a cloudfront invalidation is created to clear the cached data. Testing isn’t set up yet, but will be incorporated into the Codeship phase, just before deployment.
In Codeship, this is more or less what my setup script looks like:
nvm use stable
cd /
npm install -g serverless yarn node-cipher
cd /home/rof/src/github.com/nfurfaro/Trails4.0
yarn install
nodecipher decrypt "encrypted_secrets.yml" "secrets.yml" XXXXXXXXXXXXXX XXXXXXXXXXX p $PASSWORD
nodecipher decrypt "encrypted_serverless.yml" "serverless.yml" XXXXXXXXXXXXXX XXXXXXXXXXX p $PASSWORD
Then, my custom script for deploying to my “dev” stage looks like this:
cd serverless
yarn
serverless config credentials --provider aws --key "$AWS_KEY" --secret "$AWS_SECRET" --stage dev
serverless deploy -v --stage dev
cd ..
cd app
yarn add react-scripts
yarn run build
Next, I’m using Codeship’s s3 integration to deploy my frontend (before switching to codeship I was using the “serverless-single-page-app-plugin” to accomplish this part).
Finally, I run this script:
aws configure set preview.cloudfront true
aws cloudfront create-invalidation --distribution-id XXXXXXXXXXXXXXXXX --paths "/*"
It seems to be working really well, and once you set it up it’s so easy to push out updates to your service.
I’d be happy to answer any questions, or clarify how/why I’m doing things the way I am. Keep in mind that I’m pretty new to all of this (I’ve really only been learning web/software development for about 4 months now, trying to get into a new career) so use your own judgement in following my example! Feel free to check out the repo for this project here:
Hope this helps someone looking to do something similar!
but haven’t moved to the encrypted variables yet.