CI/CD

CI/CD nima?

CI/CD - bu dasturiy ta'minotni ishlab chiqish va yetkazib berishni avtomatlashtiradigan amaliyotlar va vositalar to'plami. Bu qisqartma ikki tushunchani o'z ichiga oladi:

• CI (Continuous Integration) - doimiy integratsiya: dasturchilar kodlarini tez-tez (kuniga bir necha marta) umumiy repo'ga qo'shishadi, har safar avtomatik testlar ishga tushadi
• CD (Continuous Delivery/Deployment) - doimiy yetkazib berish: kod avtomatik ravishda production'ga yetkaziladi (yoki bir tugma bilan)

CI/CD pipeline - bu kod yozilganidan boshlab production'ga chiqguncha bo'lgan barcha bosqichlarni avtomatlashtiradigan conveyer.

Nega kerak?

CI/CD yo'q bo'lsa, deploy qilish qo'lda amalga oshiriladi. Bu ko'p muammolarga olib keladi:

Asosiy tushunchalar

Pipeline bosqichlari

• Source - kod o'zgarishi trigger bo'ladi (push, PR, tag)
• Build - kod kompilyatsiya, dependency'lar o'rnatiladi
• Test - unit, integration, e2e testlar ishlaydi
• Security Scan - SAST, DAST, dependency check
• Artifact - Docker image, binary, package yaratiladi
• Deploy - staging yoki production'ga joylashtiriladi

Continuous Integration

CI ning asosiy tamoyillari:

• Har bir developer kuniga kamida bir marta main branch'ga merge qiladi
• Har bir merge avtomatik build va test trigger qiladi
• Build buzilsa, darhol tuzatiladi (birinchi prioritet)
• Test coverage yetarli darajada bo'lishi kerak (80%+)

Continuous Delivery vs Deployment

• Continuous Delivery - kod har doim deploy qilishga tayyor holatda. Lekin production'ga chiqarish qo'lda (bir tugma bilan)
• Continuous Deployment - barcha testlardan o'tgan kod avtomatik production'ga chiqadi. Odam aralashuvi yo'q.

Deployment Strategiyalari

• Rolling Update - eski pod'lar birin-ketin yangilanadi
• Blue/Green - ikki muhit, traffic bir zumda almashadi
• Canary - avval 5% traffic, keyin asta-sekin 100%
• Feature Flags - kod deploy, lekin feature o'chirilgan

Amaliy jarayon (step-by-step)

Eng ko'p uchraydigan xatolar

Best practices

• Trunk-based development - qisqa muddatli branch'lar, tez merge
• Fast feedback - pipeline 10 daqiqadan oshmasin, tez testlarni avval bajaring
• Immutable artifacts - bir marta build, har joyda deploy (staging = production artifact)
• Infrastructure as Code - pipeline konfiguratsiyasi ham version control'da
• Semantic versioning - v1.2.3 format, automated changelog
• Branch protection - main branch'ga to'g'ridan-to'g'ri push taqiq, PR va review majburiy
• Environment parity - dev, staging, production bir xil konfiguratsiya
• Automated rollback - health check fail bo'lsa, avtomatik orqaga qaytarish
• Deployment windows - production deploy faqat ish vaqtida (rollback uchun jamoa tayyor)
• Post-deploy verification - smoke tests, synthetic monitoring

Asboblar va texnologiyalar

Mini misol

GitHub Actions bilan Node.js CI/CD pipeline:

name: CI/CD Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}

jobs:
  # ========== TEST ==========
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      
      - name: Install dependencies
        run: npm ci
      
      - name: Run linter
        run: npm run lint
      
      - name: Run unit tests
        run: npm run test:coverage
      
      - name: Upload coverage
        uses: codecov/codecov-action@v3

  # ========== SECURITY SCAN ==========
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Run Snyk
        uses: snyk/actions/node@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

  # ========== BUILD ==========
  build:
    needs: [test, security]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    
    steps:
      - uses: actions/checkout@v4
      
      - name: Log in to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      
      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest

  # ========== DEPLOY STAGING ==========
  deploy-staging:
    needs: build
    runs-on: ubuntu-latest
    environment: staging
    
    steps:
      - name: Deploy to Staging
        run: |
          echo "Deploying ${{ github.sha }} to staging..."
          # kubectl set image deployment/app ...
      
      - name: Run smoke tests
        run: |
          curl -f https://staging.example.com/health

  # ========== DEPLOY PRODUCTION ==========
  deploy-production:
    needs: deploy-staging
    runs-on: ubuntu-latest
    environment: production
    if: github.ref == 'refs/heads/main'
    
    steps:
      - name: Deploy to Production
        run: |
          echo "Deploying ${{ github.sha }} to production..."

Docker multi-stage build (optimized):

# Build stage
FROM node:20-alpine AS builder

WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

COPY . .
RUN npm run build

# Production stage
FROM node:20-alpine AS production

WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules

USER node
EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=3s \
  CMD wget -qO- http://localhost:3000/health || exit 1

CMD ["node", "dist/main.js"]

Ko'p so'raladigan savollar (FAQ)

Glossary (Atamalar lug'ati)