2 Building a barebones DevOps pipeline
This chapter covers
- Configuring a CI pipeline for an example invoicer application
- Deploying the invoicer in AWS
- Identifying areas of a DevOps pipeline that require security attention
In chapter 1, I outlined an ambitious security strategy and described why security must be an integral component of the product. For security to be a part of DevOps, we must first understand how applications are built, deployed, and operated in DevOps. We’ll ignore security in this chapter and focus on building a fully functional DevOps pipeline to understand the techniques of DevOps and set the stage for security discussions we’ll have in chapters 3, 4, and 5.
DevOps is more about concepts, ideas, and workflows than it is about recommending one specific technology. A DevOps standard may not exist, yet it has consistent patterns across implementations. In this chapter, we take a specific example to implement those patterns: the invoicer, a small web API that manages invoices through a handful of HTTP endpoints. It’s written in Go and its source code is available at https://securing-devops.com/ch02/invoicer.