logoalt Hacker News

Kinranytoday at 9:36 AM3 repliesview on HN

CI shouldn't do deployments, deployment pipelines should run separately when a new release passes CI

Of course the general purpose task runner that both run on does need to support secrets

Replies

arccytoday at 9:43 AM

you conveniently ignored the "CD" part of CI/CD

show 1 reply
regularfrytoday at 9:51 AM

We're iterating towards GHA for CI, AWS CodeBuild for the CD. At least on AWS projects. Mainly because managing IAM permissions to permit the github runner to do everything the deployment wants is an astonishingly large waste of time. But you need a secret to trigger one from the other.

show 1 reply
Kinranytoday at 9:40 AM

Hmm, I have long assumed that a perfectly executed CI/CD setup would be based on a generic task runner... But maybe not?

Only the CI part needs to build; it needs little else and it's the only part of a coherent setup that needs to build.