![image.png](attachment:image.png)


Here's a breakdown of each part of the Continuous Delivery/Continuous Integration (CI/CD) flowchart:

1.  **Source Code**:
    
    -   Developers write and manage the application’s code.
    -   The source code is maintained in a **Version Control System** (VCS), such as Git, which allows collaboration and version tracking.
2.  **Version Control**:
    
    -   This is the repository where code changes are stored. Every change in the code is versioned here for proper tracking.
    -   Examples include GitHub, GitLab, or Bitbucket.
3.  **Build System**:
    
    -   The build system compiles the code, converts it into a machine-readable format, and prepares it for deployment.
    -   The **Build Tool** is responsible for fetching dependencies and compiling the code (e.g., Maven, Gradle for Java; npm for JavaScript).
4.  **Unit Tests**:
    
    -   Unit tests are small, automated tests that verify individual parts (units) of the application work correctly.
    -   This is one of the first steps in ensuring code quality.
5.  **Integration Tests**:
    
    -   Integration tests ensure that different modules or services work together as expected.
    -   Once unit tests pass, the code proceeds to integration testing.
6.  **Artifacts**:
    
    -   The output of the build process is called an artifact (e.g., a .jar, .war, .tar file).
    -   These artifacts are stored in an **Artifact Repository** (e.g., JFrog Artifactory, Nexus), making them available for future deployments.
7.  **Deployment Server**:
    
    -   This is the server responsible for the deployment process, ensuring the application is deployed to the right environment (e.g., staging, testing, production).
    -   It interacts with the deployment tool to trigger automated deployments.
8.  **Deployment Tool**:
    
    -   Tools like Jenkins, CircleCI, or GitLab CI/CD are used to manage the deployment pipeline.
    -   They automate the deployment process and ensure smooth transitions between environments.
9.  **CI Environment**:
    
    -   The CI environment is where the continuous integration process happens. The code is automatically built, tested, and packaged.
    -   It ensures that any code committed to the repository is continuously integrated with the rest of the application.
10.  **Integration Tests (CI)**:
    
    -   Post-deployment, these tests ensure that the newly deployed code works seamlessly with the existing system.
11.  **End-to-End (E2E) Tests**:
    
    -   These are more comprehensive tests that simulate real-world scenarios and test the entire system’s flow from start to finish.
    -   E2E tests are critical to ensure the user experience remains intact after deployment.
12.  **Production Environment**:
    
    -   This is where the final, stable version of the code is deployed for users.
    -   The deployment tool ensures that the application is delivered to the production environment smoothly, based on the results of integration and end-to-end testing.

**This flow is a typical CI/CD pipeline that ensures new code is continuously integrated, thoroughly tested, and reliably deployed to production environments, promoting faster and safer software delivery.**

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

![image.png](attachment:image.png)

### Version control in action with Git | pre commit hooks:

Tell git how to take a certain action before proceeding. Hooks are optional and we can't really trust that everyone on the team runs them. They're not a valid security or testing control because of that. But you can establish teams, standards and practices to get the most out of hooks. One good practice is where teams add their git hooks into the repo and then include an install script that everyone can run. 


### Continuous integration systems

 1. **Open source:** Like Jenkins, You download the software, host it yourself either on-prem or in the cloud. 
 2. **Commercial (purchased):** Commercial vendors that provide hosted CI systems or ones that run in your own infrastructure.
 3.  **CI as a service (SAS for CI):**  These popular offerings are a pay-per-use or pay-per-month CI solution. Many of the popular ones, like CircleCI or Travis CI offer a free tier for public projects in GitHub or a single private repo. 


**A CI Culture**

-   Run tests locally before committing
-   Don’t commit new code to broken builds
-   Don’t leave the build broken
-   Don’t remove tests that fail

### Continuous integration in action

**Jenkins** – an open source automation server which enables developers around the world to reliably build, test, and deploy their software, facilitating continuous integration, and continuous delivery.


### Building artifacts
An **artifact** refers to the files or outputs that are generated as a result of the build process. These could include compiled code, libraries, binaries, Docker images, or any other files that are produced and packaged for deployment or distribution. **Artifacts** are important because they represent the version of the application or software that can be tested, deployed, or used.
In the case of **compiled languages** (like C, C++, or Java), artifacts are often the compiled binaries or executable files. For **interpreted languages** like Python or PHP, artifacts might include package distributions (like `.whl` or `.tar.gz` for Python) or a Docker image containing the application.
**Artifacts** are the end products of the build process that can be deployed or distributed.

**Benefits of Artifacts**
- Reliability
- Composability
- Security
- Shareability


**Artifact Repositories**

-   Nexus Repository Manager 3 (free/paid)
-   JFrog Artifactory (paid)
-   Apache Archiva (free)
-   Many specific ones for Docker containers, npm, .NET packages, and so on

 

A **component** in **Nexus** is an installable unit that may consist of one or more **assets** (essentially files). Each component can include multiple assets, representing the individual files that make up the installable unit.

To integrate **Nexus** with **Jenkins**, we install the **Nexus** plugin in **Jenkins**.

### Testing and continuous delivery

**Good Tests**

-   Are fast
-   Are reliable
-   Isolate failures for you

**Types of Testing**

1.  Unit testing
2.  Integration testing
3.  UI testing
4.  Security testing

**1. Unit testing**

Performed at build time on a single unit of code and/or artifact without use of external dependencies or deployment.

Example tools: JUnit, XUnit, and Rspec

**2. Integration testing**

Performed as you bring together pieces of your application and as it needs to use external dependencies

Example tools: Abao/RAML and Serverspec

**3. End-to-end (E2E) testing**

Performed to exercise the full flow of your application in the same way an end user would

Example tools: Selenium and Protractor

**4. Security testing**

Performed to look for flaws in your code and runtime to prevent compromises and leaking of data in production

Example tools: FindBugs, Fortify, and Gauntlt

**Shift left**

Move testing as early as possible in the development process, ideally to the dev desktop.

**Test fixture**

A set of objects used to run a test in a well-known environment.

A dataset you load into the database before you run the tests is a test fixture. Test fixtures are artifacts and should be built and managed like artifacts.

**System under test (SUT)**

The application and system on which you are running your tests

**Cycle time** 

The time from when an item (feature or bug fix) is worked on until it is delivered into production

**Lead time**

 The time taken from when an item (feature or bug fix) is requested until it is delivered into production


**Mock** 

Code designed to stand in for a piece of code that contains external dependencies to enable unit tests

