CI/CD Enforcement for Code Changes

  • David Koenitzer

Continuous Integration and Continuous Deployment (CI/CD) is a software development strategy that helps teams update their code and software quickly, safely, and efficiently. A CI/CD process can include a git-based repo for integrating code changes, unit tests to test code, building images, and deploying changes.

There are a few benefits to using CI/CD for every code change:

  • Ensure that all changes are reviewed and approved by your team.
  • Automate code promotion between development and production runtime deployments.
  • Protect your production runtime deployments from newly introduced bugs.
  • Enforce automated testing to increase code quality.

If your team doesn’t use CI/CD, your pipelines are at increased risk of breaking after deploying code changes. Your code quality could drift over time, resulting in performance problems and unforeseen issues with your data. And if your pipeline does break, you won’t be able to revert back to an older version of working code. Teams that rigorously use CI/CD on production runtime deployments avoid these issues and have increased data reliability as a result.

At Astronomer, we developed CI/CD tooling to ensure our customers have the best CI/CD systems for managing Airflow pipelines. These include our CI/CD templates, the Deploy Action, and the Astro CLI for integrating with custom scripts.

We’re now introducing a new feature to make our CI/CD tools even stronger: CI/CD enforcement. Now you can enforce that all deploys (code changes) occur through CI/CD. An organization Admin can set this policy on a specific runtime deployment or for an entire workspace. This feature enforces CI/CD by forcing code to be deployed through API tokens. API tokens are created through the UI and used in CI/CD pipelines to securely connect your CI/CD tools to your Astro runtimes. Once this feature is enabled for a given runtime or workspace, no user can deploy code changes unless they use a Deployment API key or workspace token created by a Workspace Admin. This ensures that workspace members don’t accidentally deploy code outside of your CI/CD processes and break your workflows.

If you know that you want all the runtime deployments in workspace to use CI/CD, you should enable this feature for the entire workspace. This may be helpful if you create runtime deployments frequently or use short-lived Deployment Previews in your CI/CD process. If you’re only worried about enforcing CI/CD for a production deployment, then you can turn on CI/CD enforcement for that runtime deployment only. See Documentation for steps to enable the feature.

CI/CD has many benefits, and enforcing all code deploys to occur through CI/CD will ensure that your team fully realizes these benefits. If you’re an Astro customer, we encourage you to try this new feature on your Deployments that utilize CI/CD. If you’re not utilizing CI/CD, read through our CI/CD docs and see if you could use one of our CI/CD templates.

Ready to Get Started?

See how your team can fuel its data workflows with more power and less complexity than ever before.

Start Free Trial →

Which plan works best for your team?

Learn about pricing →

What can Astronomer do for your organization?

Talk to an expert →