CI/CD Pipelines
The Mojaloop Community uses CircleCI to automatically build, test and deploy our software. This document describes how we use CI/CD in Mojaloop, the different checks we perform on the software, and how we distribute the software.
Broadly speaking, there are 2 types of workflow we use, depending on the type of project:
Library: build node project -> test -> publish to npm
Service: build docker image -> test -> publish to Docker Hub
Additionally, we also maintain a set of Mojaloop Helm Charts, which are built from the mojaloop/helm
Libraries
For a good example of this CI/CD pattern see central-services-shared
Pull Request (PR) Flow:
The PR flow runs on pull requests, and during the PR review process, these checks must be satisfied for the code to be merged in.
Step | Description | More Info |
---|---|---|
pr-title-check | Checks that the PR title conforms to the conventional commits specification | Defined in a CircleCI orb here: mojaloop/ci-config |
test-coverage | Runs the unit-tests and checks that code coverage is above the specified limit. | Typically this is 90% |
test-unit | Runs the unit-tests. Fails if any unit test fails. | |
vulnerability-check | Runs the |
|
audit-licenses | Runs the mojaloop |
Master and Release Flow:
This CI/CD pipeline runs on the master/main branch:
Step | Description | More Info |
---|---|---|
pr-title-check | See above | |
test-coverage | See above | |
test-unit | See above | |
vulnerability-check | See above | |
audit-licenses | See above | |
release | Runs a release which creates a git tag and pushes the git tag | |
github-release | Adds the release metadata (e.g. changelog) to github, sends a slack alert to #announcements |
Tag Flow:
Once a git tag is pushed to the repository, it triggers a workflow that ends in publishing to npm
. Importantly, the checks are all run again, to ensure nothing has changed (e.g. dependencies) inbetween the main/master and the actual artefact that is published to npm
.
Step | Description | More Info |
---|---|---|
pr-title-check | See above | |
test-coverage | See above | |
test-unit | See above | |
vulnerability-check | See above | |
audit-licenses | See above | |
publish | Publishes the latest version of the library based on the git tag |
Services
For a good example of this CI/CD pattern see central-ledger
Pull Request (PR) Flow:
The PR flow runs on pull requests, and during the PR review process, these checks must be satisfied for the code to be merged in.
Step | Description | More Info |
---|---|---|
pr-title-check | Checks that the PR title conforms to the conventional commits specification | Defined in a CircleCI orb here: mojaloop/ci-config |
test-coverage | Runs the unit-tests and checks that code coverage is above the specified limit. | Typically this is 90% |
test-unit | Runs the unit-tests. Fails if any unit test fails. | |
test-integration | Runs the integration-tests. Typically by building a docker image locally | |
vulnerability-check | Runs the |
|
audit-licenses | Runs the mojaloop |
Master and Release Flow:
This CI/CD pipeline runs on the master/main branch:
Step | Description | More Info |
---|---|---|
pr-title-check | See above | |
test-coverage | See above | |
test-unit | See above | |
test-integration | See above | |
vulnerability-check | See above | |
audit-licenses | See above | |
release | Runs a release which creates a git tag and pushes the git tag | |
github-release | Adds the release metadata (e.g. changelog) to github, sends a slack alert to #announcements |
Tag Flow:
Once a git tag is pushed to the repository, it triggers a workflow that ends in publishing a docker image to Docker Hub. Importantly, the checks are all run again, and further scans are made on the docker image before the image is pushed.
Step | Description | More Info |
---|---|---|
pr-title-check | See above | |
test-coverage | See above | |
test-unit | See above | |
vulnerability-check | See above | |
audit-licenses | See above | |
build | Builds the docker image | |
image-scan | Runs | See anchore-engine CircleCI Orb for more information. |
license-scan | Runs the mojaloop | |
publish | Publishes the latest version of the library based on the git tag |
Last updated