CircleCI Guide
The local DEV environment is based on Lando's Pantheon recipe for Drupal8. The center piece is the Web Server (Nginx) with the AppServer as the PHP processor. Cache (Redis), Index (Solr), Database (MariaDB), Node (Node.js) provide additional services to the AppServer. Edge (Varnish) and Edge_SSL (Nginx) provide caching in front of the Web Server.
Lando provides a convenience layer on top of Docker Compose so developers don't need to learn how to create and maintain a Docker environment.
CircleCI also runs a Docker environment. The core containers are the web/app server (PHP+Apache) and the database server (MariaDB). A Selenium container with the latest stable Chrome browser is used for UI testing.
As a client to GitHub and Pantheon, your git and terminus commands running on CircleCI must be authenticated by GitHub and Pantheon. You authorize CircleCI to access your GitHub repo when you log in via OAuth the first time. After that, CircleCI is able to listening to commits and checkout code.
terminus is the CLI tool that can perform all the functions in Pantheon web UI. A machine token must be generated on Pantheon and configured on CircleCI, where the token and associated email address is securely set in "Build Settings -> Environment Variables" for PortlandOR in CircleCI settings page.
To push to the Git repo on Pantheon, CircleCI needs a SSH private key whose public key is configured in your Pantheon account. This private key is set in "Permissions -> SSH Permissions". Use ssh-keygen -m pem to generate the key. (You may want to change the destination so that it doesn't overwrite your personal key in your home directory.)
These secrets are obfuscated in the UI once provisioned. But please note anyone in your GitHub organization can delete or update them in project settings.
In order to SSH into a container on CircleCI to debug a failed build, test or deployment, you can choose the option "run tests with SSH" which will provide you a IP:port combo to SSH into. In order to authenticate your SSH client, you need the same private key that you use to push commits to GitHub.
The three key components shared across local DEV environment, CircleCI and Pantheon are code, database, files. GitHub contains what's unique for your site: custom developed code, dependency config, Drupal config files. Pantheon has the latest database and files. CircleCI is responsible to combine pieces from GitHub and Pantheon to build a test site, run Behat tests, and deploy the site to Pantheon.
After you log into CircleCI with your GitHub account for the first time, CircleCI starts to listen to changes in your GitHub projects via Webhooks. On PortlandOR, when a Pull Request is created, CircleCI checks out the latest code from the feature branch, runs composer to install all dependencies, import downloaded database, copy files from the TEST environment at Pantheon, run Drush to import config files to create a test environment in CircleCI. If Behat tests pass, CircleCI deploys the site to the Multidev feature branch environment on Pantheon. QA can start testing on the Multidev site.
When the PR is merged into the Master branch, CircleCI runs the same "checkout -> test -> deploy" process. The only difference is that Master branch is deployed to the DEV environment instead of Multidev. The Multidev environment on Pantheon is automatically deleted if all tests on the PR merge succeed.