Promoting and deploying inventory changes

The DevSecOps reference implementation helps to enforce the review of code changes before they are merged, promoted, and deployed to production. See,Best practices for peer review compliance to know more about peer review for delivering secure and compliant software.

Promoting inventory entries from source to target branches

To promote code changes from the source branch to the target (staging, prod) branch of your inventory repository, complete the following steps:

The continuous integration pipelines populate the source (master) branch with inventory entries. Use the continuous deployment promotion pipeline to promote this content from your source (master) branch to the target (staging or prod) branch.
1. From the cd-pipeline dashboard, click Run Pipeline.
2. Select Manual Promotion Trigger.
3. Click Run. The pipeline-run creates a merge request to promote your code changes from the source branch to the target branch.
Manual Promotion Trigger
Approve and merge the pull request.
1. Click the pipeline-run and check the execution log of the promotion pipeline.
MR execution log
1. Locate the URL of the merge request and open the merge request.
2. Populate the required fields (Priority, Change Request assignee, Additional Description, and other fields).
3. Merge the merge request (MR) to promote your changes from the source branch to the target branch.

Now, that your changes are promoted to the target branch, you can deploy them by using the continuous deployment pipeline.

Deploying changes from the source-environment to the target-environment

The source and target environments are defined at the continuous deployment pipeline level.

continuous deployment pipeline properties — Continuous deployment pipeline properties

Depending on the trigger settings of your continuous deployment pipeline trigger settings, the pipeline is either automatically triggered after a merge request is merged or the pipeline is merged manually. To manually merge the pipeline, click Run Pipeline and choose the trigger to run.

The pipeline starts and tags the current commit in the inventory repo with the Pipeline Run ID. The pipeline uses that tag to pick up the content from the target branch (prod) and calculates the deployment delta between the current commit and the content of the last successful deployment. The delta is marked by the <target-environment>_latest tag, where target-environment is the value that is set in your continuous deployment pipeline properties, such as prod_latest.

The pipeline attempts to deploy the content. During the deployment, the change request ID is attached to the commit that the pipeline works with as a tag. A successful deployment concludes by attaching the <target-environment>_latest tag to the commit that you promoted.

For more information about the inventory workflow, see Understanding DevSecOps pipelines.