Fred van Dijk: How the Plone Foundation AI-team manages its websites with CI/CD
Talk by Fred van Dijk at Plone conference 2023, Eibar, Basque Country.
What do you need for CI, Continuous Integration?
- A correct automatic repeatable setup of your project.
- tests, so you can tell automatically if the project works
- configured up to date servers to run those tests
- testing triggered automatically after a change
- feedback flowing to the developers
Okay, that works, with cookiecutter-plone-starter, plone/meta, Ansible, Docker Swarm, GitHub Actions. Most of them open source.
Continuous Delivery:
- Only when CI is green, no test failures.
- You need servers for this
- a CD orchestrator
- persistent data management, including possibly copy of production to test or development
So you not only need to know 100% of the software code, but all on top, maybe 400% more knowledge. No wonder you are burned out! You need to specialise to get this back to having to know only 100%. I like knowing about a lot of things, but it is hard to maintain over years.
We use GitHub. Not open source, so I asked internally if we really want this, as you never now what will happen with commercial companies. But it is there and we use it. With GitLab you could be more open source, but then you would need to run it yourself preferably.
So code is on GitHub. commit to a branch or main: code analysis is run. When we merge to main in certain directories: automatically deploy to testing. Create a tag release: deploy to live environment.
Other implementations are possible, like chat based: add a comment in a PR to ask the CD to deploy to testing.
There are some organisation and security challenges. GitHub.com/plone is open and writeable for a few hundred people. You don't want all of them to be able to change something in the plone.org repo and automatically deploy it live. We can't be this open anymore. So there are restrictions in place.
If you are a sysadmin and are interested in this stuff, please help us, talk to the AI Team (Admin and Infrastructure).
Would be good to get "devcontainers" up and running.
We have this setup for plone.org now, but also for plone.de, 2023.ploneconf.org, plone.nl.
Another thing that we have setup, is for when there is a new Plone backend or Volto version. We update a few version numbers in the repos for the Docker images, and then they get created, tested, and pushed to Docker.