Automated Software Delivery with Gitlab CI
At Base58, we devised an automated process for software delivery, and in this blog post, I will guide you through its integration into a mono repo project. Like always the idea was to minimize the interaction needed after the software was marked as ready for production. The job code is available here.
The delivery process in our case starts by merging the latest verified code into the main branch and from there on we do several things:
- Increment the release version
- Build the software
- Publish the software to a package repository
- Package repository artifact integrity check
- Construct the download and deployment instructions
- Encrypt the download and deployment instructions
- Deliver the encrypted download and deployment instructions via e-mail
- Notify people
Our main branch pipeline looks like this
But let us concentrate on the delivery job that has the following steps:
- Package repository artifact integrity check
- Construct the download and deployment instructions
- Encrypt the download and deployment instructions
- Deliver the encrypted download and deployment instructions via e-mail
You can find out more about our git flow practices in the previous post about automated versioning: https://base58.hr/en/stories/automated-software-release-versioning
With the “Package repository artifact integrity check” step, we make sure that the packages that we have built are the same as the ones in the package repository. We download the artifacts from the package repository and we compare the sha256 sums of the files with the ones from the build artifacts. The same sha256 sums prove data integrity and validate that the file was:
1. Uploaded correctly
2. Not modified after upload. What we have built is what is in the repository.
In the “Construct the download and deployment instructions” step we append several things to a file:
- Project name and release version
- Additional delivery notes
- Download instructions
- File checksums
The deployment instructions look something like this
In the “Encrypt the download and deployment instructions” step we import the recipient's PGP public keys and encrypt the delivery notes and sign the message with the CI private PGP key.
That gives us a message that looks like this:
And in the “Deliver the encrypted download and deployment instructions via e-mail” step we send the encrypted message to all intended recipients.
Done!