►
From YouTube: An Intro to CI/CD
Description
Presenter: Jason Odoom, Cybersecurity Engineer @ Booz Allen Hamilton
This webinar will present an introduction to the DevOps CI/CD process while providing a brief demo using Jenkins and other tools such as Artifactory and Ansible.
The topics that will be covered are:
- What is DevOps?
- What DevOps isn't
- What is CI/CD?
- A brief introduction to Jenkins
- How to implement a DevOps process
A
Okay,
all
right,
hello,
everyone,
I'm
jason
o'doom,
I'm
a
cyber
security
engineer
at
blues
allen
and
today
I'm
going
to
introduce
you
to
cicd
the
whole
cicd
process.
So
here
here's
the
content.
Here's
what
we're
going
to
cover
today
we're
going
to
cover
what
ci
cd
is,
what
it
looks
like
what
it
isn't
developer
operations,
because
I
feel
it's
difficult
to
talk
about
cicd
without
talking
about
devops
and
then
I'm
going
to
go
into
the
devops
pipeline.
What
that
looks
like
and
also
some
deployment
methodologies,
and
also
why
you
should
use
ci
cd.
A
So
the
first
part
is
you
know
what
is
ci
cd,
so
we
have
two
parts
we
have
ci
and
we
have
cd
right.
The
ci
stands
for
continuous
integration
and
the
cd
is
just
continuous
delivery.
So
it's
how
you
take.
You
know
the
process
or
code
code,
and
then
you
know
you
deploy
or
you
deliver
it
and
send
it
to
production
so
that
whole
process
is.
A
Cicd
well,
let's
dive
a
little
deeper
into
into
what
it
means
right
code
is
committed
frequently.
That
means
you
know
every
couple
of
minutes.
A
The
reason
why
this
is
important
is
because
it
allows
us
to
avoid
merge
conflicts
or
issues
in
the
future
and
I'll
get
into
that
a
little
bit
later,
but
not
only
not
only
do
we
commit
it
frequently,
we
also
test
it.
The
testing
is
really
important
because,
as
it
moves
through
different
stages
or
environments
into
to
production,
we
have
to
make
sure
that
any
errors
are
caught
before
you
know.
The
whole
world
sees
them
before
the
end
product
you
know,
is
used.
A
A
Maybe
bob
would
work
on
the
same
document
as
alice
without
them
knowing
and
then,
when
it's
time
to
combine
those
changes
or
merge,
merges
what
they're
called
then
there'll
be.
You
know,
lots
of
merged
conflicts,
so
essentially
what
bob
and
alice
were
doing
was
making
changes
the
same
specific
part
of
the
code
and
that
just
doesn't
make
any
sense.
If
you
think
about
it
right
because
it's
hard
to
track
changes,
if
you,
if
you
don't
commit
them
independently,
but
if
you
try
to
commit
them
at
the
same
time,
it
gets
really
confusing.
A
So
in
order
to
avoid
this
issue,
that's
why
this
whole
process
you
know,
was
created.
You
know
I
like
to
think
of
it
as
philosophy.
Maybe
it's
me
being
dramatic,
but
that's
that's
really
what
it
is.
You
know
it's
more
than
just
you
know
tools
as
you'll
see
as
you
move
along.
You
know
it's
more
than
just
jenkins,
or
you
know,
ansible
or
whatever
it
has
to
be
this.
A
This
process
doesn't
work
without
you
know,
if
you
don't
have
this
process
the
tools,
the
tools
are
meaningless,
so
it's
very
important
to
have
you
know
to
put
this
in
place,
communicate
with
your
teams.
That
kind
of
thing
you
know
try
to
change
the
culture
within
your
your
business.
A
A
All
right,
so
this
is
this
is
the
new
way.
This
is
how
we
solve
the
problem.
We're
committing
code,
frequently
right
we're
not
waiting
an
hour
or
two
we're
not
waiting
for
for
days,
we're
doing
it
instantly.
Whatever
changes
we
make,
we
commit
this
way.
It's
also
easier
to
track.
This
is
actually
what's
recommended.
When
you,
you
know,
when
you
commit
something
to
you
know,
version
control
doesn't
have
to
be
bitbucket,
it
doesn't
have
to
be
github,
it
could
be
gitlab
so
whatever
whatever
your
business
decides
to
use.
A
This
is
what
you
do.
You
commit
every
single
time.
You
make
a
change
and
then
you
push
it
right
and
then
it
gets
tested
and
when
that
test
passes,
sorry
you
push
it.
It
gets
built
and
then
that
build
gets
tested
and
if
that
build
passes
only
when
that
build
passes,
then
it
gets
pushed
to
production
right,
but
it
really
depends
on
you,
because
I've
seen
I've
seen
it
differently
different
different.
You
know.
Companies
have
have
a
similar
process,
but
it's
not
always
the
same.
A
A
This
is
what
distinguishes
continuous
deployment
from
continuous
delivery
between
the
testing,
the
station
environment
and
the
product
environment.
It's
a
manual
procedure,
so
it
requires
manual
approval.
So
in
the
previous
stages,
here
we
just
saw
automation
from
source.
To
dev
to
test
is
all
automation.
There
are
no
human
interactions.
A
This
is
why
this
is
what
makes
the
process
fast,
because
everything
happens
by
itself
no
one's
intervening,
but
between
here
before
we
push
the
production,
we
need
to
check
to
make
sure
if
it's
good,
we
need
an
okay,
and
when
we
get
that
confirmation,
then
we
push
the
production
and
now
that
I've
mentioned
that,
let
me
show
you
what
continuous
deployment
looks
like
all
right.
So
this
is
not
what
it
is.
Cicd
is
not.
This
cicd
isn't
just
tools,
as
I
mentioned
in
the
past.
A
A
That's
it
we're
not
going
to
have
a
staging
environment,
we're
not
going
to
get
users
to
play
with
our
application
and
then
we're
not
going
to
catch.
You
know
additional
issues,
no
we're
just
going
to
question
right.
The
production
is
really
risky,
but
you
know,
as
I
mentioned
before,
you
have
to
do
what
works
for
you.
Maybe
you
don't
need
that
development
development
environment?
A
Maybe
you
just
need
to
test
it
in
the
station
and,
of
course
everyone
needs
prod
in
my
opinion,
but
you
know:
let's
move
on
all
right,
so
it's
very
hard
to
talk
about
cicd
without
talking
about
devops,
so
developer
operations
is
where
this
this
whole
process
comes
from
this
whole.
This
whole
process
doesn't
happen
without
you
know
devops,
so
cicd
is
the
devops
process,
so
you
have
people
in
development
right
and
people
in
operations
and
they
collaborate
in
the
past.
A
But
here's
here's
more
information
on
developer
operations,
so
we
use
the
pipeline
to
automate
this
whole
process.
So,
as
you
saw
in
the
previous
slide,
when
we
had
our
our
dev
environment,
we
had
the
source
box
and
we
had
the
dev
environment
and
you
know
all
the
other,
all
our
other
environments
in
between
the
source
or
actually
rather
the
source
that
whole
that
source
box
represents
the
pipeline,
for
example.
Jenkins,
is
you
know,
as
a
pipeline
jenkins
will
build
your
app.
It
will
test
your
app
everything
happens
on
jenkins.
A
So
here's
here's,
how
that
looks
like
all
right.
So
in
the
devops
pipeline
we
have
our
ci
server.
Our
continuous
integration
server,
an
example
of
that
are
jenkins.
Travis
ci,
aws
code
pipeline
jenkins
is
self-hosted.
You
can
host
that
yourself
travis
as
a
service,
so
you
know
you
you
pay
for
that
and
what
I
believe
there's
a
free
tier
also
and
of
course
you
know
everyone's
familiar
with
aws,
and
then
we
have
the
storage
repository.
A
So
what
the
storage
repository
is.
Basically
we
have
when
we
build
an
application,
we
have
an
artifact.
The
artifact
is
just
the
result
or
you
know
the
outcome
of
that
application.
You
know
the
quote:
unquote
compiled
version.
A
We
push
that
that
version
or
or
the
application
to
a
repository
sort
of
like
you
know
how
we
store
source
code
in
bitbucket
or
gitlab,
but
there
are
repository
managers
created.
You
know
just
for
this,
so
we
have
jfrog
artifactory.
You
can
even
store
them
in
s3
or
even
docker
hub.
If
you're
building
dark
containers,
you
can
tag
them
appropriately
to
manage
different
versions,
but
then
how
do
we
move
these
artifacts,
these
versions,
from
the
repository
to
production
or
whatever
environment
that
we
want
to
deploy
to?
A
And
that's
that's
where
you
know
the
cd
platform
comes
in.
You
have
to
choose
the
cd
platform
that
makes
sense
for
your
for
your
business,
for
your
order
for
your
application,
your
workflow,
so
we
have
many
different
options
such
as
ansible,
spinnaker,
circle,
ci,
gitlab
or
you
can
even
use
github
ansible
is
pretty
pretty
painless.
Spinnaker
is
feature-rich.
You
can
do
a
lot
of
things
with
that
and
here's
more
details
on
what
that
looks
like
so
to
break
it
down.
A
Think
of
this
as
more
of
a
detailed
image
compared
to
the
previous
one,
I
showed
you
with
you
know
the
whole
box
method,
so
we
build
the
application
from
what
we
pull
from
source
control.
Then
we
build
from
source
when
we
build
from
source.
We
execute
those
unit
tests
and
this
part
will
look
different
depending
on
you
know,
teams.
A
You
know,
I
know
you
know.
Most
teams
aren't
running
unit
tests,
maybe
they're
running
smoke,
tests
or
or
some
other
tests,
whatever
makes
sense
for
you
depending
on
you
know
the
size
and
time
that's
available,
but
unit
tests
are
usually
a
good
way
to
go,
and
then,
if
that
passes,
that's
going
to
move
to
the
tested
environment
where
qa
is
performed,
you
know,
checks
are
made
and
then
here's
the
part
that
you
wait
for
approval.
A
And
there
are
different
deployment
strategies,
so
here
are
some
of
the
deployment
strategies.
You
have
blue
green,
where
you
have
two
different
versions,
so
version
b
is
released
alongside
version
a
and
then
the
traffic
is
switched
to
version
v.
And
then
you
have
a
b
testing
where
you
have.
A
version
b
is
released
to
a
subset
of
users
under
a
specific
condition,
and
then
we
have
the
recreate
deployment
strategy.
A
Where
version
a
is
terminated,
then
version
b
is
rolled
out,
and
then
we
have
the
atomic
version
atomic
deployment
where
we
basically
deploy
by
assembling.
This
is
actually
really
helpful
if
your
application
is
huge
and
has
a
lot
of
files
where
you
copy.
You
know
at
the
new
version
of
an
app
into
a
different,
a
separate
directory
or
location,
and
then
once
that's
done
once
that's
ready,
you
provision
everything
ready
to
be
served
to
the
user.
A
Then
you
switch
the
sim
link
and
then
you
you,
you
publish
that
version
and
no
one
rarely
notices.
It's
called
zero
downtime
zero
downtime
deployments
for
a
reason,
because
you're
meant
to
basically
publish
a
new
version
of
the
app
without
you
know.
Taking
down
the
whole
instance
the
whole
website,
and
then
we
have
canary
deployments
where
new
features
are
rolled
out
to
selected,
select
users,
and
then
we
have
shadow
deployments
which
are
similar,
which
is
similar
to
the
atomic
deployments
because
deployments
happen,
but
no
one
really
knows
right.
A
A
So
here's
here's
why
you
should
use
it.
You
know
you
want
to
move
fast,
but
you
don't
want
to
break
any,
but
you
you
want
minimal
issues.
It's
it's
not
it's
hard
to
say
that
you
know
move
into
devops
move
into.
Excuse
me,
cicd
is
error-prone.
There
will
always
be
errors.
There
will
always
be
issues,
it's
almost
unavoidable,
but
moving
to
ci
cd
helps
you
avoid
these
issues.
A
I
didn't
really
get
into
devops
and
that
was
on
purpose.
There
was
a
presentation
that
was
given
about
two
weeks
ago
by
stephen
tarana
who's,
also
at
booze
on
devops
and
that's
you
know.
I
highly
recommend
you
watch
that,
but
I
can't
I
couldn't
talk
about
cicd
without
mentioning
a
little
bit
of
devops.
A
A
If
you
don't
test,
then
you're
going
to
have
lots
of
issues
when
you
deploy
to
different
well,
hopefully
different
environments,
and
then
you,
hopefully
you
can
catch
them
before
it
goes
to
production,
but
if
you're
doing
continuous
deployment,
then
good
luck,
because
you
know
you're,
probably
going
to
deploy
lots
of
bugs
and
then
you're
going
to
go
down
and
have
lots
of
problems
so
yeah
deploy,
deploy
to
multiple
environments
to
help
limit
those
issues,
and
this
just
basically
allows
you
to
you
know
developers
to
focus
on
development.
That's
what
developers
should
do.
A
They
shouldn't
have
to
worry
about
systems
so
yeah.