Appearance
Infrastructure
This page documents the backend infrastructure and the CI/CD pipeline used to build, test, and deploy services. The full CI/CD flow is executed by Jenkins and deploys container images to AWS ECR/ECS with a pre-production promotion step and notifications to Slack and Monday.
Architecture overview
Below is a simplified architecture diagram showing the major infrastructure components and how they interact.
CI/CD pipeline (Jenkins)
This pipeline is executed by Jenkins on GitHub push events. It performs static checks, unit tests, build, integration tests, pushes images to ECR, and deploys to pre-production ECS. After QA, a manual promotion step deploys the image to production and sends notifications.
Jenkins pipeline details (recommended)
- Use a
Jenkinsfilein repo (Declarative Pipeline). - Use ephemeral, autoscaling Jenkins agents (Kubernetes or cloud agents) to run builds and tests.
- Secure credentials with Jenkins Credentials Store: AWS credentials (ECR push), DockerHub if used, Sentry/API keys, Slack/Monday webhooks.
- Steps:
- Checkout code (shallow clone).
- Install dependencies (pin package manager: pnpm install).
- Lint + Prettier check, TypeScript typecheck.
- Run unit tests (fast path); fail early on failures.
- Build artifacts (production bundles).
- Start docker-compose integration environment (
docker-compose -f docker-compose.integration.yml up --build) and run integration tests. - Build Docker image and tag with
shaandbranch(e.g.,repo:sha-<short>). - Authenticate to ECR and push image.
- Trigger pre-production deploy (ECS service update or CI/CD deployment job).
- Wait for smoke tests / run automated acceptance tests against pre-prod.
- Pause for manual QA approval (Jenkins input step). On approval, deploy to production.
- On success or failure send notifications to Slack and create/update an item in Monday via webhook.
Integration tests and docker-compose
- Keep a small, reproducible
docker-compose.integration.ymlfor services needed by integration tests (local Mongo, Redis, Kafka or lightweight test doubles). - Run integration tests in an isolated network and tear down on completion. Use
--exit-code-fromto surface test failures to Jenkins.
ECR / ECS deployment strategy
- Push immutable images to ECR with tags:
sha-<commit>,branch-<name>, and optionallynightly-<date>. - Use ECS services (Fargate recommended) behind an ALB. Use blue/green or rolling deployments (via CodeDeploy or ECS deployments) for zero-downtime.
- Pre-production environment is an identical ECS cluster/namespace using the pushed image tag. Use task definitions that reference image by tag.
- Keep a short retention for images but ensure ability to rollback by re-deploying older tags.
Observability & Alerts
- CloudWatch for metrics and alerting (CPU, memory, request latency, custom app metrics like send-rate).
- Sentry for error aggregation and stack traces.
- Centralized logs (CloudWatch Logs / ELK / Datadog) for troubleshooting.
- Alerts wired to Slack and PagerDuty when thresholds are crossed.
Security & IAM
- Use least-privilege IAM roles for Jenkins agents and ECS tasks.
- Store secrets in AWS Secrets Manager or Parameter Store; Jenkins pulls securely at runtime.
- ECR push permissions limited to CI principal; production deploy role limited to deploy-only.
Notifications & Integrations
- Slack: pipeline start, failures, successful production deploy, and alerting.
- Monday: create or update board items for releases and QA status via webhook after pre-prod deployment and after production promotion.
Operational notes
- Keep the
Jenkinsfilesmall and delegate complex scripts to ascripts/ci/folder in the repo. - Keep integration test environment minimal to ensure CI runs fast.
- Use feature flags for risky releases to reduce blast radius.
If you want, I can:
- Add a ready-to-use
Jenkinsfile(declarative) tailored to this repository. - Create a sample
docker-compose.integration.ymlfor the integration step. - Add the Slack and Monday webhook snippets to the pipeline.