DevOps automation: Spacelift vs traditional CI/CD pipelines

Infrastructure as Code (IaC) tools like Terraform, Ansible, and Pulumi let you configure infrastructure resources using code files you can commit to a Git repository. IaC makes infrastructure easier to maintain, but it's often challenging to automate your tools.

‍

Many DevOps teams start out using CI/CD pipelines for IaC. This causes problems at scale because CI/CD systems aren't designed for infrastructure workflows. Pipelines are difficult to govern and it's hard to safely assign access to just the people who actually need to work with IaC.

‍

Spacelift is an IaC management tool that's designed to solve these issues. It replaces manual CI/CD pipelines with an automated platform that lets you provision, maintain, and govern infrastructure all in one place. In this article, we'll discuss how Spacelift compares to traditional CI/CD and explain its benefits for IaC workflows.

‍

‍

What are CI/CD Pipelines?

‍

CI/CD (Continuous Integration and Delivery) pipelines automate the process of releasing code changes. Whereas previously developers built, tested, and deployed changes manually, CI/CD pipelines run these tasks whenever commits are pushed to a repository.

‍

CI/CD systems like GitHub Actions, GitLab CI/CD, and Jenkins are a crucial part of modern DevOps workflows. However, these services are optimized for the needs of application code, not IaC. Infrastructure pipelines need to be highly visible, easy to govern, and simple to integrate with your cloud providers. Moreover, IaC deployments must be protected from concurrent rollouts that could cause changes to apply in the wrong order. These requirements are often tricky to implement in generic CI/CD solutions.

‍

‍

What is Spacelift?

‍

Spacelift is a CI/CD platform that's specifically designed for IaC. Instead of writing complex CI/CD pipelines, you can create Spacelift Stacks. Stacks combine source code, infrastructure state, and configuration sources such as environment variables. Stack runs automatically execute your IaC tools upon events such as merging a PR.

‍

Unlike conventional CI/CD solutions, Spacelift can natively manage the state of your infrastructure. Stacks automatically lock resources while they're being modified, preventing other changes from causing conflicts. The platform also has an integrated Terraform registry for storing your modules and state files.

‍

Elsewhere, Spacelift's Spaces let you assign teams access to specific infrastructure resources, while Blueprints empower developers to create new Stacks from preconfigured templates in just a few clicks. These capabilities don't exist in generic CI/CD services.

‍

‍

How Spacelift Improves CI/CD for Infrastructure

‍

Spacelift applies the principles of CI/CD to the unique execution model of IaC. It makes CI/CD usable for infrastructure workflows at scale, while addressing common pain points around collaboration and security.

‍

Although you can run terraform apply in a regular CI/CD pipeline, Spacelift adds the missing capabilities to easily see what's running, understand your infrastructure's state, and prevent errors caused by pipelines running in parallel. You can control everything from Spacelift's robust web interface, or use Spacelift's own Terraform provider to programmatically configure resources in your account.

‍

Here are 10 key ways in which Spacelift enables DevOps teams to effectively combine CI/CD and IaC.

‍

1. Direct VCS Integrations with Native GitOps Support

‍

Spacelift natively integrates with your repositories in GitHub, GitLab, Bitbucket, and Azure DevOps. You can connect your source control accounts, then choose which repos Spacelift should have access to.

‍

Stacks are linked to your repositories and run automatically when new commits are pushed. Spacelift will read your IaC files and prepare, plan, and apply changes to your infrastructure—all without you having to write any manual scripts. Policies let you control what each Run does, such as only applying some actions when specific files are changed.

‍

‍

2. Automatic IaC Deployments for PRs

‍

Spacelift makes it easy to automate IaC deployments for new PRs. For instance, you could create a Stack that provisions fresh infrastructure for specially labelled PRs, allowing new changes to be safely tested in isolation.

‍

This kind of workflow is difficult to implement using regular CI/CD pipelines. It often requires duplication of config files or leads to bill shock when temporary environments are forgotten. Spacelift's modular Stacks and native GitOps integration make the process much simpler while allowing you to visualize all active infrastructure using one consistent interface.

‍

‍

3. Self-Service Developer Access to IaC

‍

Spacelift is primarily aimed at DevOps teams responsible for infrastructure management, but the platform serves developers too. It's often helpful for engineers to have limited infrastructure access, such as to temporarily provision new staging infrastructure or apply scaling changes to production environments.

‍

Spacelift's Blueprints feature enables infrastructure teams to configure Stack templates that developers can access in the Spacelift dashboard. Blueprints support input fields that allow developers to customize the Stack each time the template is used, such as by specifying an environment name or a cloud instance size. This empowers developers to self-serve resources as they need them, increasing development velocity.

‍

‍

4. Simple Configuration of IaC Workflows

‍

Simplicity is one of Spacelift's biggest advantages. Instead of learning how to write CI/CD pipelines that run your IaC tools, you can connect Spacelift directly to your source repositories. The platform will automatically plan and apply IaC changes as you commit your code, while providing full visibility into what’s running and why. This makes IaC workflows easier to reason about and more accessible to DevOps practitioners of all skill levels.

‍

‍

5. Centralized Enforcement of Governance Policies

‍

Unlike application code, it's often crucial that IaC files and deployments are protected by granular rules. For example, you might require that all AWS EC2 instances are provisioned from a specific tier, or that destructive actions can't be applied to production on a Friday afternoon. Governance policies like these are cumbersome or impossible to enforce in traditional CI/CD.

‍

Spacelift includes a powerful policy-as-code engine that deeply integrates with your Stacks. You can write arbitrary policies using Open Policy Agent's Rego syntax, allowing you to precisely control when Stacks run. Policy violations block the Stack and can't be overridden by developers, ensuring continual defense against misconfigurations and security issues.

‍

‍

6. One Place to Manage All Infrastructure Assets

‍

IaC management often gets messy at scale. You need to switch between your CI/CD system and cloud accounts just to see what's running, why it was provisioned, and who's responsible for it. But with Spacelift, all this information is accessible within one cohesive interface.

‍

Spacelift provides deep visibility into your Stacks, their Runs, and your live resources. You can visualize the structure of your environments and drill down to access granular details about each resource. You've got one destination to answer any question about your infrastructure.

‍

‍

7. Simplified Infrastructure Scaling for Large Environments

‍

Spacelift is designed to scale to the needs of large organizations with many environments and infrastructure resources. This applies both in performance terms—it's simple to add new workers to host your jobs—and in ease of management.

‍

Spacelift's modular Stacks make it easy to reuse and connect different workflows. Similarly, Spaces enable you to replicate your organization's structure within Spacelift, ensuring everyone can access the resources they need without becoming overwhelmed. Rather than maintaining unwieldy CI/CD pipeline configurations for individual projects, you can bring IaC resources into Spacelift to standardize infrastructure visibility and governance.

‍

‍

8. Modelling of Complex Infrastructure Dependency Relationships

‍

Spacelift supports complex inter-Stack dependencies. Stacks can depend on chains of neighboring Stacks, enabling you to trigger workflows only once other tasks have completed. For instance, you may want to wait to deploy compute nodes until after networking infrastructure has been provisioned.

‍

In addition to dependencies, Spacelift also offers Stack trigger policies for advanced use cases. These policies execute after Stacks complete. They let you conditionally trigger other Stacks, based on the result that was just obtained. This empowers you to model very large interdependent workflows while ensuring individual Stacks stay simple and modular.

‍

‍

9. Combined Infrastructure Provisioning and Configuration Management

‍

Spacelift supports Ansible so you can handle configuration management right alongside your infrastructure provisioning workflows. It's common to first implement a Spacelift Stack that's based on an IaC tool like Terraform. This Stack provisions your infrastructure, perhaps by creating a set of AWS EC2 instances. You can then use a trigger policy or dependency to run an Ansible Stack that configures those instances, such as by installing software, starting services, and adding required user accounts.

‍

‍

10. Integrated State and Concurrency Management

‍

Finally, Spacelift's integrated infrastructure state management features are one of its biggest benefits compared to standard CI/CD. Spacelift natively manages your Terraform state, removing dependencies on external services. Your state files are protected so they can't be accidentally manipulated outside of Stacks.

‍

Spacelift also implements built-in concurrency management that prevents out-of-order infrastructure changes. State-changing operations are automatically serialized into a sequential queue, ensuring the previous task completes before the next can modify any infrastructure resources. Using this behavior by default prevents potentially destructive errors when many IaC changes are committed over a short time period.

‍

‍

Spacelift vs Traditional CI/CD: Comparison Table

‍

The following table summarizes the key benefits of Spacelift for infrastructure automation, compared with generic CI/CD systems.

‍

‍

‍

Conclusion

‍

CI/CD pipelines accelerate software delivery by automating tasks such as building code and creating releases, but they're less ideal for infrastructure management. Pipelines are usually stateless, unaware of previous activity, and difficult to govern. It's hard to see what's running or provide developers with templates that let them easily start new environments.

‍

Spacelift solves these issues. It’s a dedicated CI/CD solution that's optimized for IaC automation. It empowers you to provision, manage, and govern infrastructure assets at scale, without having to manually write complex CI/CD pipeline configurations. By orchestrating all IaC resources within one platform, Spacelift also streamlines collaboration by enabling safe self-service access.

‍

Ready to start implementing Spacelift in your teams? At Semantive, we're a certified Spacelift partner ready to guide you through your IaC and CI/CD journey. Book a free consultation to learn how we can help you implement Spacelift within just four weeks.