CI-CD Pipeline

CI/CD (Continuous Integration / Continuous Delivery or Deployment) pipeline is an automated process that helps developers build, test, and deploy software faster and more reliably.

Here is a typical step-by-step CI/CD pipeline flow:

Developer Code

      ↓

Source Control (Git/GitHub/Azure Repos)

      ↓

CI Pipeline (Build + Test)

      ↓

Artifact Creation

      ↓

Deploy to Dev Environment

      ↓

Deploy to Test/QA Environment

      ↓

Deploy to Stage/UAT Environment

      ↓

Deploy to Production

      ↓

Monitoring & Feedback

---

In CI/CD Pipeline -- Detailed

Typical flow:


++++++++++++++++++++++++++

1. Developer writes code

        ↓

2. Code Commit / Push to Repository (Git)

        ↓

3. Build Stage

   - Compile code

   - Resolve dependencies

        ↓

4. Static Code Analysis

   - Code quality checks

   - Security scans

   - Coding standards validation

        ↓

5. Unit Testing

   - Test individual components

        ↓

6. Build Artifact Creation

   - Create package (JAR, WAR, Docker image, ZIP, etc.)

        ↓

7. Artifact Repository Storage

   - Store artifacts (e.g., Nexus, Artifactory)

        ↓

8. Deploy to Development Environment

        ↓

9. Integration Testing

   - Validate component interactions

        ↓

10. Deploy to Test / QA Environment

        ↓

11. Functional Testing

12. API Testing

13. Performance Testing (if applicable)

14. Security / Vulnerability Testing

        ↓

15. User Acceptance Testing (UAT)

        ↓

16. Deploy to Staging Environment

        ↓

17. Approval / Release Gate (Optional)

        ↓

18. Deploy to Production

        ↓

19. Smoke Test / Health Check

        ↓

20. Monitoring & Logging

        ↓

21. Feedback / Incident Monitoring

        ↓

22. Continuous Improvement → back to development


1. Developer Writes Code

   ├─ Develop feature / bug fix

   ├─ Local validation

   └─ Local unit testing


           ↓


2. Code Commit / Push (Git)

   ├─ Push code to branch

   ├─ Pull Request / Merge Request

   └─ Code review


           ↓


3. Build Stage

   ├─ Compile source code

   ├─ Download dependencies

   ├─ Build application

   └─ Build verification


   Testing:

   ✓ Build validation

   ✓ Compilation checks

   ✓ Dependency verification


           ↓


4. Static Code Analysis

   ├─ Code quality analysis

   ├─ Coding standards validation

   ├─ Security scan

   ├─ Duplicate code detection

   └─ Complexity analysis


   Testing:

   ✓ Static analysis

   ✓ Vulnerability scanning

   ✓ Maintainability checks


           ↓


5. Unit Testing

   ├─ Test individual methods

   ├─ Validate business logic

   ├─ Exception handling

   └─ Coverage validation


   Testing:

   ✓ Unit tests

   ✓ Code coverage

   ✓ Edge case validation


           ↓


6. Build Artifact Creation

   ├─ Create JAR / WAR

   ├─ Create Docker image

   └─ Package deployment artifact


   Testing:

   ✓ Artifact integrity verification


           ↓


7. Artifact Repository Storage

   ├─ Store build artifact

   └─ Version management


   Testing:

   ✓ Artifact checksum validation


           ↓


8. Deploy to DEV Environment


   Testing in DEV:

   ✓ Integration Testing

      - Service → Service validation

      - API → Database validation

      - External dependency validation


   ✓ Smoke Testing

      - Application startup

      - Login validation

      - Basic API validation


   ✓ Deployment Validation

      - Kubernetes deployment

      - Configuration validation


           ↓


9. Deploy to TEST / QA Environment


   Testing in QA:


   ✓ Functional Testing

      - Feature validation

      - Requirement validation


   ✓ API Testing

      - Response validation

      - Authentication validation

      - Error handling


   ✓ Regression Testing

      - Existing functionality checks


   ✓ Performance Testing

      - Load testing

      - Stress testing

      - Endurance testing


   ✓ Security Testing

      - Vulnerability scanning

      - Authentication checks

      - Authorization checks


   ✓ Compatibility Testing

      - Browser validation

      - Device validation


           ↓


10. Deploy to UAT Environment


    Testing in UAT:


    ✓ User Acceptance Testing

       - Business workflow validation

       - End-to-end business scenarios

       - Stakeholder approval


    Outcome:

    APPROVED → Move forward

    REJECTED → Return to DEV


           ↓


11. Deploy to STAGING Environment


    Testing in STAGING:


    ✓ Final Smoke Testing


    ✓ End-to-End Testing


    ✓ Deployment Validation

       - Infrastructure validation

       - Helm deployment validation

       - Kubernetes health validation


    ✓ Release Validation

       - Version verification

       - Configuration verification


           ↓


12. Production Deployment


    Testing in PROD:


    ✓ Smoke Test

       - Critical API health

       - Application availability


    ✓ Health Checks

       - Database connectivity

       - Pod health

       - Service availability


    ✓ Monitoring

       - CPU

       - Memory

       - Error rate

       - Logs


    ✓ Incident Monitoring

       - Alerts

       - Failures

       - Performance degradation


           ↓


13. Feedback & Continuous Improvement


    └─ Production findings return to development


           ↓


Cycle repeats

++++++++++++++++++++++++++


1. Code Development

  • Developer writes code.
  • Code is committed to Git repository.
  • Example:
git add .
git commit -m "Added login feature"
git push origin feature/login

2. Continuous Integration (CI)

Triggered automatically after code push.

CI activities:

  • Pull latest code
  • Compile/build application
  • Run unit tests  
  • Static code analysis
  • Security scans
  • Create deployment artifact (Docker image, JAR, ZIP, Helm chart)
A Unit Test is a type of software testing where a small, individual part (unit) of code — such as a function, method, or class — is tested independently to verify that it works correctly.

Purpose of Unit Testing

  • Verify code behaves as expected
  • Catch bugs early during development
  • Make code changes safer
  • Improve code quality and maintainability

Common Unit Testing Tools

  • Python → pytest, unittest
  • Java → JUnit
  • JavaScript → Jest
  • C# → NUnit
  • .NET → xUnit

Static Code Analysis is the process of examining source code without running the program to identify issues such as bugs, security vulnerabilities, coding standard violations, and maintainability problems.

It analyzes the code statically (before execution).

What Static Code Analysis checks

  • Code quality issues → duplicate code, complex methods
  • Coding standard violations → naming conventions, formatting
  • Potential bugs → null pointer risks, unused variables
  • Security vulnerabilities → SQL injection risks, hardcoded secrets
  • Performance concerns → inefficient code patterns
  • Maintainability issues → overly complex logic

Common Static Code Analysis Tools

  • Java → SonarQube, PMD, Checkstyle
  • Python → Pylint, Flake8
  • JavaScript → ESLint
  • C# → StyleCop
  • Multi-language → SonarQube

1. Static Application Security Testing (SAST)

Scans source code for security issues.

Finds:

  • SQL Injection risks : SQL Injection risks are the security dangers that happen when an attacker manipulates SQL queries through user input.

  • Hardcoded passwords

  • Cross-Site Scripting (XSS) : Cross-Site Scripting (XSS) is a security vulnerability where an attacker injects malicious JavaScript code into a web page, and that code runs in other users’ browsers.
  • Insecure coding patterns

Tools:

  • SonarQube
  • Checkmarx
  • Fortify
  • Semgrep

Example:


DEV :

Integration Testing in DEV means:

Testing whether different modules/services of the application work together correctly after deployment.

What Integration Testing checks

✔ API communication
✔ Database connectivity
✔ Data flow between services
✔ Request/response correctness
✔ Service dependencies

Smoke Testing

Quick “sanity check” of application:

✔ Application started
✔ Login page loads
✔ API is responding
✔ Database connected


TESTING ENV

Functional Testing (Main test)

Checks:

“Does each feature work as per requirement?”

✔ Login works
✔ Add to cart works
✔ Payment works
✔ Logout works

Tools used for Functional Testing

✔ Selenium (most widely used)
✔ Cypress (modern web apps)
✔ Playwright (fast + modern)
✔ TestCafe
✔ UFT (Micro Focus – enterprise)


System / End-to-End Testing

Tests full application flow:

Login → Search → Cart → Checkout → Payment → Confirmation

Regression Testing (Major here)

Ensures new changes didn’t break existing features:

✔ Old login still works
✔ Old API still works
✔ Previous features unaffected

Tools used for Regression testing

✔ Selenium (UI regression)
✔ Cypress (modern UI regression)
✔ TestNG / JUnit (test frameworks)
✔ Robot Framework
✔ Playwright

API Testing (Detailed)

More deep testing than DEV:

✔ Status codes
✔ Response validation
✔ Edge cases
✔ Negative scenarios

Tools used for API Testing

✔ Postman (most common manual + automation)
✔ Rest Assured (Java automation)
✔ SoapUI (SOAP + REST)
✔ Karate DSL (API + BDD testing)
✔ Newman (Postman CLI for CI/CD)

Performance Testing (sometimes here)

Checks system behavior under load:

✔ Response time
✔ Load handling
✔ Concurrent users

Tools:

  • JMeter
  • LoadRunner


UAT :

UAT (User Acceptance Testing) – What tools are used?

UAT = Business users testing the system to confirm it meets real business needs.

So tools here are usually not heavy automation tools (like DEV/QA), but more business-friendly tools.


STAGING

1. 🔥 Final Smoke Testing (most important)

✔ App starts correctly
✔ Login works
✔ Core APIs respond
✔ No deployment issues

2. 🔁 End-to-End (E2E) Testing

Login → Browse → Add to Cart → Payment → Confirmation

Checks:

  • Full real-world flow
  • All integrations working together


----

1. feature/* branch

Purpose:

  • Developer builds one feature
  • Safe place to work without affecting others
Example :

develop
   ↓
feature/payment

Developer writes code

Push to feature branch

CI Pipeline triggers automatically

Build

Static Code Analysis

Unit Tests

(Optional) Integration Tests

PR created → develop branch

PR validation pipeline runs again

Reviewer approval

Merge to develop



PR Validation Pipeline runs
✓ Build again
✓ Static Analysis again
✓ Unit Tests again
✓ Security Scan

Reviewer approves

Merge to develop

Code Review / Approval

Merge → develop

CI Pipeline triggers on develop
✓ Build
✓ Static Analysis (optional)
✓ Unit Tests
✓ Package Artifact

CD Pipeline
Deploy → DEV

Comments

Post a Comment

Popular posts from this blog

Azure Migrate

Image
 Azure Site Recovery an earlier tool for migration: Thought purpose built for Disaster Recovery ASR: Azure Site Recovery Yes — Azure Site Recovery (ASR) is commonly used as a migration tool , even though its primary purpose is disaster recovery. How ASR Is Used for Migration Organizations use ASR to perform: Lift-and-shift migrations VMware to Azure migrations Hyper-V to Azure migrations Physical server to Azure migrations ASR replicates workloads continuously from on-premises infrastructure to Azure. During the final cutover, the replicated VM is started in Azure with minimal downtime. Migration Workflow Using ASR Typical Flow Discover on-prem servers Enable replication Continuous data synchronization Test failover (optional) Planned failover/cutover Azure VM becomes production workload This approach minimizes: Downtime Data loss Manual rebuild effort Why ASR Is Popular for Migration ASR vs Azure Migrate Real-World Use Case Example: Company has 200 VMware VMs on-premises. The...
Read more

Azure -- All Networking Components

   1. Virtual Network (VNet) 📌 One-paragraph explanation A Virtual Network (VNet) is the core private networking space in Azure where all cloud resources communicate securely. It is used to isolate workloads, control IP ranges, and create a private environment similar to a traditional data center network but fully software-defined in the cloud. 🔍 Details Where used: Hosting VMs, AKS clusters, databases, internal services Connected services: VM, Load Balancer, Application Gateway, Azure Firewall, Private Endpoint Dependencies: None (foundation component) Purpose in architecture: Acts as the main “network boundary” for all resources 🧩 2. Subnet 📌 One-paragraph explanation A subnet is used to divide a VNet into smaller logical networks so that different layers of an application (web, app, database) can be separated and controlled independently for security and traffic management. 🔍 Details Where used: Tiered architectures (web/app/db layers), microse...
Read more

All Kuberneters - Components

  Kubernetes Core Resources Explained 1. Pods What It Is A Pod is the smallest deployable unit in Kubernetes. It contains one or more containers that share: Network Storage Lifecycle Used For Running application containers Grouping tightly coupled containers together Example A web application container running inside a pod. 2. Deployments What It Is A Deployment manages Pods and ReplicaSets. Used For Rolling updates Application version upgrades Scaling applications Self-healing applications Example Deploying 3 replicas of an NGINX application. 3. ReplicaSets What It Is A ReplicaSet ensures a specified number of pod replicas are always running. Used For High availability Maintaining desired pod count Example Keeping 5 backend pods running at all times. 4. DaemonSets What It Is A DaemonSet ensures one pod runs on every node (or selected nodes). Used For Monitoring agents Log collectors Security agents Example Running Fluentd or Prometheus Node Exporter on all nodes. 5. StatefulSets W...
Read more