Case Study - Mario - platform-independent, centrally managed, secure-by-design CI/CD pipeline tooling
Image source: Google Images
Organisations across Australia are adopting cloud, along with the right tooling, to meet the ever increasing demand and outperforming their competition in terms of delivering features to their customers. Mario looks to unify CI/CD tooling to provide teams with low-effort, consistent and secure build and deploy experience.
Overview
The mission of Platform Engineering is to enable engineering teams to deliver value quickly and reliably. Pipeline tooling is an often-overlooked component of the delivery process.
In an organisation, teams sometimes (not always) agree on the CI/CD platform, and this is as far as it goes. Teams rarely standardise their pipelines and end up building them ad-hoc, which leads to:
Challenges
Fragmentation
Vendor lock-in on CI/CD platform
Burden on developers
Repetition
Long builds
Lack of security
Authentication to cloud becomes tedious
CI/CD Toolset
We identified a demand for a CI/CD toolset, that:
Ensures simple, quick and secure builds
Offers easy-to-use patterns for most common build and deploy scenarios
Automates trivial tasks (like cloud provider authentication)
Is well-documented and easy to use
Not bound to a particular CI/CD platform
Is versatile and extensible
Every CI/CD platform allows using docker images as runners, which allowed a design, where on top of the base docker image, with just the basic automation, we build a set of “flavours”, each one solves for a specific scenario (or a group of scenarios), like below:
Use Case
Our client is a mid-sized software development house, specialising in automation and management in education. For the last year and a half, they have been focusing on rolling out a modern microservices based SaaS solution, however, management saw an opportunity to accelerate delivery, and brought in Innablr to do a DORA assessment of the delivery process, which highlighted:
Overly long builds
Low level of standardisation of the CI/CD pipelines
No unit or integration testing patterns in the pipelines
No contract testing
No supply chain security gates in the pipelines
Authentication to AWS using long-lived credentials
Solution
Mario is a set of docker images (or “flavours”, like mario-typescript, mario-node, mario-terraform and others) built on top of mario-base. These images are used as build agents in the steps of CI/CD pipelines. They offer taskfile.dev as an easy-to-use scenario language and build targets for the most common patterns of building and deploying the application components, as well as security and quality assurance tooling. Each flavour includes the specific toolchain and build targets for its technology.
The delivery teams now have a solution that:
Reduces complexity of the CI/CD pipelines
Reduces pipeline execution times
Implements quality and security gates
Automates trivial tasks
Standardises pipelines across the board
Unties the pipeline logic from the CI/CD platform
Result
4x
Pipeline Execution
More than 4x reduction in pipeline execution times, all-through automation, and increased team velocity
Deploy quality code with confidence
Embedded quality and security gates minimise deployments risks and raise overall solution quality
Download the full case study below
