CI/CD Policy

Problem description

Automated tests and verification, as well as automated package and deployment are mandatory according to SDLC rules. Anything deployed in production MUST be deployed from code that can be audited and through an automated process.

Background

CI/CD stands for Continuous Integration and Continuous Deployment.

Jenkins is one of the oldest and most popular CI/CD tools in the market, and it has been the solution for CI/CD in Ebury for many years, with lots of tooling built around it. However, as the software development landscape has evolved, there are some caveats to using Jenkins in comparison to more modern CI/CD tools, including GitHub Actions.

GitHub is the SCM provider for Ebury. Bitbucket was the SCM provider for many years, but most of the repositories were migrated to GitHub in 2022. It is not expected to switch to a new provider in the foreseeable future.

Solution

The allowed CI/CD systems at Ebury Tech are Jenkins and GitHub Actions.

Jenkins

Jenkins is fully supported and maintained by the Platform Team, with extensive documentation, tools and examples, covering all the current use cases, with support for new use cases being also developed on demand.

GitHub Actions

GitHub Actions is considered “beta”, consequently you should be aware of several limitations: * Storing credentials in GitHub is not allowed, limiting the access to any external system. * Particularly, there is no access to Ebury Platform: * Missing PyPi server for internal libraries * Missing Access to Ebury environments for E2E tests * Missing Artefact repositories (Container images, Helm Charts, etc.) * We may incur additional costs. Usage needs to be monitored. * No tooling is built around it, so little re-usage is possible.

The usage of GitHub Actions is encouraged, reporting back to the Platform Team which capabilities are missing so a backlog can be built and prioritised based on demand.

Using a mix of verifications in GitHub Actions alongside deployment and further verifications in Jenkins is perfectly valid and encouraged.

Caveats

Despite the potential vendor lock-in, the benefits of using GitHub Actions for CI/CD workflows are significant. The platform offers deep integration with GitHub, a rich ecosystem of pre-built actions, and streamlined automation and collaboration. These advantages make GitHub Actions a powerful and easy-to-use solution for developers, making it a worthwhile choice despite the vendor lock-in concern.

Exceptions

Any other general purpose CI/CD system (i.e. CircleCI, Travis CI, Bitbucket Pipelines, etc.) SHALL NOT be used.

Specific CI/CD systems for a technology or use case MAY be used with a strong justification determined on a per use case basis. An RFC and an update in this section is required.

Approved exceptions