|
| 1 | +--- |
| 2 | +mainImage: ../../../images/part-11.svg |
| 3 | +part: 11 |
| 4 | +letter: e |
| 5 | +lang: en |
| 6 | +--- |
| 7 | + |
| 8 | +<div class="content"> |
| 9 | + |
| 10 | +This part focuses on building a simple, effective, and robust CI system that helps developers to work together, maintain code quality, and deploy safely. What more could one possibly want? In the real world, there are more fingers in the pie than just developers and users. Even if that weren't true, even for developers, there's a lot more value to be gained from CI systems than just the things above. |
| 11 | + |
| 12 | +### Visibility and Understanding |
| 13 | + |
| 14 | +In all but the smallest companies, decisions on what to develop are not made exclusively by developers. The term 'stakeholder' is often used to refer to people, both inside and outside the development team, who may have some interest in keeping an eye on the progress of the development. To this end, there are often integrations between Git and whatever project management/bug tracking software the team is using. |
| 15 | + |
| 16 | +A common use of this is to have some reference to the tracking system in Git pull requests or commits. This way, for example, when you're working on issue number 123, you might name your pull request <code>BUG-123: Fix user copy issue</code> and the bug tracking system would notice the first part of the PR name and automatically move the issue to <code>Done</code> when the PR is merged. |
| 17 | + |
| 18 | +### Notifications |
| 19 | + |
| 20 | +When the CI process finishes quickly, it can be convenient to just watch it execute and wait for the result. As projects become more complex, so too does the process of building and testing the code. This can quickly lead to a situation where it takes long enough to generate the build result that a developer may want to begin working on another task. This in turn leads to a forgotten build. |
| 21 | + |
| 22 | +This is especially problematic if we're talking about merging PRs that may affect another developer's work, either causing problems or delays for them. This can also lead to a situation where you think you've deployed something but haven't actually finished a deployment, this can lead to miscommunication with teammates and customers (e.g. "Go ahead and try that again, the bug should be fixed"). |
| 23 | + |
| 24 | +There are several solutions to this problem ranging from simple notifications to more complicated processes that simply merge passing code if certain conditions are met. We're going to discuss notifications as a simple solution since it's the one that interferes with the team workflow the least. |
| 25 | + |
| 26 | +By default, GitHub Actions sends an email on a build failure. This can be changed to send notifications regardless of build status and can also be configured to alert you on the GitHub web interface. Great. But what if we want more. What if for whatever reason this doesn't work for our use case. |
| 27 | + |
| 28 | +There are integrations for example to various messaging applications such as [Slack](https://slack.com/intl/en-fi/) or [Discord](https://discord.com/), to send notifications. These integrations still decide what to send and when to send it based on logic from GitHub. |
| 29 | + |
| 30 | +</div> |
| 31 | + |
| 32 | +<div class="tasks"> |
| 33 | + |
| 34 | +### Exercise 11.18 |
| 35 | + |
| 36 | +We have set up a channel <i>fullstack\_webhook</i> to the course Discord group at [https://study.cs.helsinki.fi/discord/join/fullstack](https://study.cs.helsinki.fi/discord/join/fullstack) for testing a messaging integration. |
| 37 | + |
| 38 | +Register now to Discord if you have not already done that. You will also need a <i>Discord webhook</i> in this exercise. You find the webhook in the pinned message of the channel <i>fullstack\_webhook</i>. Please do not commit the webhook to GitHub! |
| 39 | + |
| 40 | +#### 11.18 Build success/failure notification action |
| 41 | + |
| 42 | +You can find quite a few third-party actions from [GitHub Action Marketplace](https://github.com/marketplace?type=actions) by using the search phrase [discord](https://github.com/marketplace?type=actions&query=discord). Pick one for this exercise. My choice was [discord-webhook-notify](https://github.com/marketplace/actions/discord-webhook-notify) since it has quite many stars and decent documentation. |
| 43 | + |
| 44 | +Setup the action so that it gives two types of notifications: |
| 45 | +- A success indication if a new version gets deployed |
| 46 | +- An error indication if a build fails |
| 47 | + |
| 48 | +In the case of an error, the notification should be a bit more verbose to help developers find quickly which is the commit that caused it. |
| 49 | + |
| 50 | +See [here](https://docs.github.com/en/actions/learn-github-actions/expressions#status-check-functions) how to check the job status! |
| 51 | + |
| 52 | +Your notifications may look like the following: |
| 53 | + |
| 54 | + |
| 55 | + |
| 56 | +</div> |
| 57 | + |
| 58 | +<div class="content"> |
| 59 | + |
| 60 | +### Metrics |
| 61 | + |
| 62 | +In the previous section, we mentioned that as projects get more complicated, so too, do their builds, and the duration of the builds increases. That's obviously not ideal: The longer the feedback loop, the slower the development. |
| 63 | + |
| 64 | +While there are things that can be done about this increase in build times, it's useful to have a better view of the overall picture. It's useful to know how long a build took a few months ago versus how long it takes now. Was the progression linear or did it suddenly jump? Knowing what caused the increase in build time can be very useful in helping to solve it. If the build time increased linearly from 5 minutes to 10 minutes over the last year, maybe we can expect it to take another few months to get to 15 minutes and we have an idea of how much value there is in spending time speeding up the CI process. |
| 65 | + |
| 66 | +Metrics can either be self-reported (also called 'push' metrics, where each build reports how long it took) or the data can be fetched from the API afterward (sometimes called 'pull' metrics). The risk with self-reporting is that the self-reporting itself takes time and may have a significant impact on "total time taken for all builds". |
| 67 | + |
| 68 | +This data can be sent to a time-series database or to an archive of another type. There are plenty of cloud services where you can easily aggregate the metrics, one good option is [Datadog](https://www.datadoghq.com/). |
| 69 | + |
| 70 | +### Periodic tasks |
| 71 | + |
| 72 | +There are often periodic tasks that need to be done in a software development team. Some of these can be automated with commonly available tools and some you will need to automate yourself. |
| 73 | + |
| 74 | +The former category includes things like checking packages for security vulnerabilities. Several tools can already do this for you. Some of these tools would even be free for certain types (e.g. open source) projects. GitHub provides one such tool, [Dependabot](https://dependabot.com/). |
| 75 | + |
| 76 | +Words of advice to consider: If your budget allows it, it's almost always better to use a tool that already does the job than to roll your own solution. If security isn't the industry you're aiming for, for example, use Dependabot to check for security vulnerabilities instead of making your own tool. |
| 77 | + |
| 78 | +What about the tasks that don't have a tool? You can automate these yourself with GitHub Actions too. GitHub Actions provides a scheduled trigger that can be used to execute a task at a particular time. |
| 79 | + |
| 80 | +</div> |
| 81 | + |
| 82 | +<div class="tasks"> |
| 83 | + |
| 84 | +### Exercises 11.19-11.21 |
| 85 | + |
| 86 | +#### 11.19 Periodic health check |
| 87 | + |
| 88 | +We are pretty confident now that our pipeline prevents bad code from being deployed. However, there are many sources of errors. If our application would e.g. depend on a database that would for some reason become unavailable, our application would most likely crash. That's why it would be a good idea to set up <i>a periodic health check</i> that would regularly do an HTTP GET request to our server. We quite often refer to this kind of request as a <i>ping</i>. |
| 89 | + |
| 90 | +It is possible to [schedule](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule) GitHub actions to happen regularly. |
| 91 | + |
| 92 | +Use now the action [url-health-check](https://github.com/marketplace/actions/url-health-check) or any other alternative and schedule a periodic health check ping to your deployed software. Try to simulate a situation where your application breaks down and ensure that the check detects the problem. Write this periodic workflow to an own file. |
| 93 | + |
| 94 | +**Note** that unfortunately it takes quite long until GitHub Actions starts the scheduled workflow for the first time. For me, it took nearly one hour. So it might be a good idea to get the check working firstly by triggering the workflow with Git push. When you are sure that the check is properly working, then switch to a scheduled trigger. |
| 95 | + |
| 96 | +**Note also** that once you get this working, it is best to drop the ping frequency (to max once in 24 hours) or disable the rule altogether since otherwise your health check may consume all your monthly free hours. |
| 97 | + |
| 98 | +#### 11.20 Your own pipeline |
| 99 | + |
| 100 | +Build a similar CI/CD-pipeline for some of your own applications. Some of the good candidates are the phonebook app that was built in parts 2 and 3 of the course, or the blogapp built in parts 4 and 5, or the Redux anecdotes built in part 6. You may also use some app of your own for this exercise. |
| 101 | + |
| 102 | +You most likely need to do some restructuring to get all the pieces together. A logical first step is to store both the frontend and backend code in the same repository. This is not a requirement but it is recommended since it makes things much more simple. |
| 103 | + |
| 104 | +One possible repository structure would be to have the backend at the root of the repository and the frontend as a subdirectory. You can also "copy paste" the structure of the example app of this part or try out the [example app](https://github.com/fullstack-hy2020/create-app) mentioned in [part 7](/en/part7/class_components_miscellaneous#frontend-and-backend-in-the-same-repository). |
| 105 | + |
| 106 | +It is perhaps best to create a new repository for this exercise and simply copy and paste the old code there. In real life, you most likely would do this all in the old repository but now "a fresh start" makes things easier. |
| 107 | + |
| 108 | +This is a long and perhaps quite a tough exercise, but this kind of situation where you have a "legacy code" and you need to build proper deployment pipeline is quite common in real life! |
| 109 | + |
| 110 | +Obviously, this exercise is not done in the same repository as the previous exercises. Since you can return only one repository to the submission system, put a link of the <i>other</i> repository to the one you fill into the submission form. |
| 111 | + |
| 112 | +#### 11.21 Protect your main branch and ask for pull request |
| 113 | + |
| 114 | +Protect the main branch of the repository where you did the previous exercise. This time prevent also the administrators from merging the code without a review. |
| 115 | + |
| 116 | +Do a pull request and ask GitHub user [mluukkai](https://github.com/mluukkai) to review your code. Once the review is done, merge your code to the main branch. Note that the reviewer needs to be a collaborator in the repository. Ping us in Discord to get the review, and to include the collaboration invite link to the message. |
| 117 | + |
| 118 | +**Please note** what was written above, include the link to _the collaboration invite_ in the ping, not the link to the pull request. |
| 119 | + |
| 120 | +Then you are done! |
| 121 | + |
| 122 | +</div> |
| 123 | + |
| 124 | +<div class="content"> |
| 125 | + |
| 126 | +### Submitting exercises and getting the credits |
| 127 | + |
| 128 | +Exercises of this part are submitted via [the submissions system](https://studies.cs.helsinki.fi/stats/courses/fs-cicd) just like in the previous parts, but unlike parts 0 to 7, the submission goes to different "course instance". Remember that you have to finish <i>all the exercises</i> to pass this part! |
| 129 | + |
| 130 | +Your solutions are in two repositories (pokedex and your own project), and since you can return only one repository to the submission system, put a link of the <i>other</i> repository to the one you fill into the submission form! |
| 131 | + |
| 132 | +Once you have completed the exercises and want to get the credits, let us know through the exercise submission system that you have completed the course: |
| 133 | + |
| 134 | + |
| 135 | + |
| 136 | +**Note** that you need a registration to the corresponding course part for getting the credits registered, see [here](/en/part0/general_info#parts-and-completion) for more information. |
| 137 | + |
| 138 | +You can download the certificate for completing this part by clicking one of the flag icons. The flag icon corresponds to the certificate's language. |
| 139 | + |
| 140 | +</div> |
0 commit comments