The CI/CD and DevOps Blog

Manisha Sahasrabudhe

Manisha Sahasrabudhe

Recent Posts

Announcing Windows, Mac OS, and CentOS BUILDS

Today, we are excited to announce support for multiple Operating Systems, including Windows, Mac OS, and CentOS. From the start, our goal at Shippable has been to provide you with a common CI and DevOps platform for all your applications, irrespective of application technology and architecture. 

Our journey started with Continuous Integration (CI) in 2013, when we debuted the first CI platform to support native Docker workflows for our customers. Last year, we added Assembly Lines to let you easily define end-to-end workflows across your DevOps tools to achieve Continuous Delivery with Application Release Automation, Release orchestration, approval gates, etc. This completed our end-to-end support for Ubuntu applications. 

As much as we like Ubuntu, most Enterprises have a mix of applications across multiple Operating Systems. We are proud to expand Shippable today with support for multiple platforms, as well as a bunch of other enhancements that will help you manage build infrastructure and create CI, CD, and DevOps workflows more easily.

Let's look at the top features launched today. In upcoming weeks, we will post detailed blogs on how to use each of these features.

Security Best Practices At Shippable

In light of a recent blog post about a competitor's security vulnerabilities, I wanted to be completely transparent about our security best practices to reassure our customers that they're in good hands.

From the start, we've been very aware of the fact that when customers click on the Authorize button to grant us access to their GitHub or Bitbucket repositories, they trust us with their Intellectual Property.  This is a tremendous step, especially since we're all aware of hackers attacking almost every major site and stealing personal information.

Our security measures fall under two pillars, Product and Process, both of which are explained below.

Are you Stuck in The New DevOps Matrix From Hell?

If you google "matrix from hell", you'll see many articles about how Docker solves the matrix from hell. So what is the matrix from hell? Put simply, it is the challenge of packaging any application, regardless of language/frameworks/dependencies, so that it can run on any cloud, regardless of operating systems/hardware/infrastructure.


The original matrix from hell: applications were tightly coupled with underlying hardware


Docker solved for the matrix from hell by decoupling the application from the underlying operating system and hardware. It did this by packaging all dependencies inside Docker containers, including the OS. This makes Docker containers "portable", i,e, they can run on any cloud or machine without the dreaded "it works on this machine" problems. This is the single biggest reason Docker is considered the hottest new technology of the last decade.

With DevOps principles gaining center stage over the last few years, Ops teams have started automating their tasks like provisioning infrastructure,  managing config, triggering production deployments, etc. IT automation tools like Ansible and Terraform help tremendously with these use cases since they allow you to represent your infrastructure-as-code, which can be versioned and committed to source control. Most of these tools are configured with a YAML or JSON based language which describes the activity you're trying to achieve. 

Using NPM Private Modules In Your CI Workflow

In addition to publicly available packages, npm also allows users to publish and manage packages in a private namespace. If you want your npm install command in the CI workflow to install your private dependencies, there are a couple of setup steps that are required.

Unless you follow these steps, your npm install command will throw an error, such as 

  npm ERR! 404 Not found : @manishas/my-private-module   


Step 1: Get your npm auth token

First, you need to find your npm token, which is stored in the .npmrc file in your home directory. The file will contain a line which looks like this:


Copy the value of the token, which is everything after authToken=

CI For Gitflow Or Feature Branch Workflows

Many Shippable customers create branches on their source control repository in order to work on new features.

Let's take an example of two developers, Ted and Mary,  who're going to work on Feature #42 for the FooApp application. Their feature branch workflow will look something like this:

  1. Ted creates a feature branch off the master branch. He calls the new branch feature-42
  2. Ted and Mary commit code changes to feature-42
  3. When coding for Feature #42 is complete, Mary sends a pull request to merge feature-42 into master 
  4. A dev lead reviews the pull request.and if everything looks good, merges the code into master
  5. If the merged code passes all checks, feature-42 is deleted

Fig 1: Gitflow workflow

The Atlassian team has written a more detailed description of the feature branch and Gitflow workflow which explains how to handle it from a source control provider perspective: 

Let us look into how you can configure your Continuous Integration (CI) platform to handle these scenarios. In this example, we'll use Shippable's native CI functionality.