Curly Brackets LogoCurly Brackets

CI/CD for Web Apps: A Practical Starter Guide for Beginners

2025-12-12
DevOpsGitHub ActionsWeb Development

As a junior developer, you have likely heard the term "CI/CD" thrown around in job descriptions and team meetings. It sounds like high-level DevOps wizardry, but at its core, it is simply about automating the boring parts of software development so you can focus on coding.

In this guide, we will break down what CI/CD is, why it prevents headaches, and how you can set up a basic pipeline using GitHub Actions.

What is CI/CD?

CI/CD stands for Continuous Integration and Continuous Deployment (or Delivery). It is a philosophy and a set of practices that allow development teams to deliver code changes more frequently and reliably.

Continuous Integration (CI)

Think of CI as your safety net. Every time you push code to your repository (like GitHub or GitLab), an automated process kicks off. It merges your code with the main branch and checks: "Did I break anything?"

Continuous Deployment (CD)

If CI is the safety net, CD is the delivery truck. Once your code passes all the CI checks, CD automatically deploys that code to your staging or production environment. No more dragging and dropping files via FTP.

The Anatomy of a Simple Pipeline

A "pipeline" is just a series of steps your code goes through from your laptop to the live server. A standard web app pipeline usually follows this order:

  1. Install: The server downloads your code and installs dependencies (e.g., npm install).
  2. Lint: The pipeline checks your code style to ensure it looks clean and follows team rules (e.g., eslint).
  3. Test: Automated tests run to ensure your logic works (e.g., jest or pytest).
  4. Build: The code is compiled or bundled into static assets ready for the browser (e.g., npm run build).
  5. Deploy: The built assets are pushed to your hosting provider (e.g., Vercel, Netlify, AWS).

Important Considerations: Secrets and Safety

Before you build your pipeline, there are two critical concepts to understand regarding security and reliability.

Secrets and Environment Variables

Never hardcode API keys, database passwords, or secret tokens in your code. If you commit these to GitHub, bots will find them in seconds. Instead, use your CI/CD platform's "Secrets" settings. These allow you to inject sensitive data as Environment Variables only when the pipeline runs.

Rollbacks

Even with tests, bugs happen. A good CD strategy includes a plan for rollbacks. If a deployment breaks production, you should be able to instantly revert to the previous working version. Many modern hosting platforms (like Vercel or Netlify) handle this automatically by keeping previous builds available.

A Starter Example with GitHub Actions

GitHub Actions is a great place to start because it integrates directly with your repository. Here is a configuration file (YAML) for a simple Node.js project.

To use this, you would create a file in your project at .github/workflows/main.yml.

name: Node.js CI/CD

# Trigger the pipeline whenever code is pushed to the 'main' branch
on:
  push:
    branches: [ "main" ]

jobs:
  build-and-test:
    runs-on: ubuntu-latest

    steps:
    # Step 1: Check out the code from the repo
    - uses: actions/checkout@v3

    # Step 2: Set up the environment
    - name: Use Node.js 18.x
      uses: actions/setup-node@v3
      with:
        node-version: 18

    # Step 3: Install dependencies (Clean Install)
    - name: Install Dependencies
      run: npm ci

    # Step 4: Linting (Check for syntax/style errors)
    - name: Run Linter
      run: npm run lint
      continue-on-error: false # Stop pipeline if this fails

    # Step 5: Run Tests
    - name: Run Tests
      run: npm test

    # Step 6: Build the project
    - name: Build
      run: npm run build
      
    # Step 7: Simulation of a Deploy (Echoing a message)
    # In a real app, you might use a specific action here, like 'actions/deploy-to-aws'
    - name: Deploy
      run: echo "Deploying to production server..."

How to Read This

  1. Events (on): This tells GitHub to run this workflow every time you push to the main branch.
  2. Jobs: We defined one job called build-and-test. It runs on a virtual Linux machine (ubuntu-latest).
  3. Steps: These are the sequential commands. If npm test fails, the pipeline stops immediately, and the Build and Deploy steps never happen. This prevents broken code from reaching your users.

Summary

Implementing CI/CD takes the fear out of clicking the "Merge" button. By automating the installation, linting, testing, and deployment, you ensure that your code is always in a deployable state. Start with a simple GitHub Action like the one above, and as your application grows, you can add more complex steps like integration testing or security scanning.