N|Solid is a superior Node.js platform enhanced to help you build, manage, secure, and analyze mission-critical Node.js applications.Get Started
7 Convenient CI/CD Tools for Your Node.js Projects
As modern developers, we have an ever-growing toolset available to us. Languages, platforms, tools, and systems - there’s an ever-growing list of things we use to develop, build, and deploy our code.
For every step, though, we want to ensure quality code that’s free of errors, vulnerabilities, and various other problems that can put a stop to what you’re trying to achieve. One of the systems available to help make this easier is continuous integration and continuous deployment - also known as CI/CD.
CI/CD takes a huge step in the direction of clean, maintainable, and production-ready code - it helps us spot errors, spend more time writing code, and less time fixing it.
Today, I’ve put together a quick overview of tooling for CI/CD systems for your Node.js project. These are some core tools to help you get up and running with CI/CD for both open-source projects and for production apps that need to be sturdy and resilient.
Building the Foundation: Systems for CI/CD
Free Open-Source CI with Travis CI
Travis-CI is a CI system that’s pretty simple to set up quickly and efficiently. It’s completely free for open-source projects, which makes it a quick win for CI in your OSS Node.js applications.
When building out my awesome-hyper list, I ended up landing on Travis CI with some CI/CD automation tooling (see Danger further down in the article) to ensure that commits didn’t have broken links. Because of just how fast I was able to set it up, it was a super easy win as a maintainer of the repo.
Self-hosted CI/CD infrastructure with Jenkins
Jenkins is a self-hosted CI/CD infrastructure with a broad scope. It’s got a decently quick setup process, meaning you can start using it on your own servers pretty quickly. One very nice benefit of Jenkins is that it’s got a pretty extensive plugin ecosystem, meaning you can fiddle and tweak it to get it set up exactly how you want it to with a bit more effort.
A live example of a Jenkins CI setup is the official Node.js CI server, which runs the build process for the majority of aspects of the official Node.js project - everything from Node core to libuv.
When looking into CI/CD for your Node.js apps and projects, there are a ton of options, including some that are specific to certain needs. One interesting one is the Node.js CI/CD on Azure, which is a nice, cloud-based CI/CD system that’s an easy win - there’s a nice guide on the Azure Docs to deploy a Node.js app with CI/CD that I highly recommend.
One thing to always consider when using a hosted CI/CD service is if it meets your needs and wants - there are many shared features between the hosted CI/CD services, but a few vary from service to service - things like integrations with version control platforms (for example, GitHub, GitLab, BitBucket, and all the Enterprise versions). If you have very specific needs, one may be preferable to the others.
Some nice alternatives to Travis and Jenkins that I’ve seen and used are CircleCI and CodeShip. CircleCI is pretty decent, and can easily be used for free with OSS projects. CodeShip is always free for OSS, as well.
Awesome Tools to use for Node.js Builds in Your CI/CD Pipeline
Monitor your project for vulnerabilities with Snyk
Snyk is a vulnerability monitoring and prevention service that you can drop into your CI/CD pipeline to detect and deal with security issues in your applications with PR checks in GitHub, at build-time, or with one of the several other integrations that they’ve built out. Snyk started with Node.js vulnerabilities, but can also now do Ruby and Java vulnerability monitoring as well.
Keep your dependencies up to date with Greenkeeper
Greenkeeper is an interesting tool that’s useful for ensuring your modules are up to date. It’s a pretty simple tool in concept - if a dependency is updated, create a new branch and run a GitHub repo’s CI/CD process. If the process passes, create a PR with the updated dependency - if it fails, it’ll create an issue with an explanation of the path to fix the failures and update your dependency.
See which parts of your code have test coverage with Coveralls
Coveralls is a test coverage tool that gives you information about the amount of your code that both does and doesn’t have test coverage. As both a tool to ensure issues don’t arise and a metric of quality, tests are becoming an important best practice for successful code as time goes on. Coveralls is a nice, drop-in tool to give you easy coverage metrics for your projects.
Make PRs less repetative with Danger
Danger is a pretty awesome tool to help with detecting and resolving common issues in PRs. It basically allows you to define rules that PRs need to follow in order to pass. If you’ve maintained a project with a lot of people submitting quick PRs before, you probably know that there are small mistakes that arise frequently. Danger basically acts as a first-responder to get those resolved and get the PR into a mergeable state as quickly and easily as possible.
Just one more thing...
If you'd like to keep reading about Node.js, deployment, security, and more, I've got some awesome resources for you.
As the container ecosystem grows and becomes more a part of the CI/CD process, you can try some quick and easy wins with Docker when containerizing your Node.js application - you’ll find some easy optimizations there.
Additionally, if security, code quality, licensing, and so on is a core concern for you, you should definitely take a peek at NodeSource Certified Modules - we’ve got some super interesting and exciting updates coming up and would love to get your feedback.