In the contemporary landscape of software development, the velocity and reliability of code deployment are not merely competitive advantages; they are fundamental requirements for survival and growth. The ability to move an idea from a developer's local machine to a production environment serving millions of users—swiftly, safely, and repeatedly—is what distinguishes high-performing technology organizations. This process is orchestrated by a Continuous Integration and Continuous Deployment (CI/CD) pipeline, an automated workflow that serves as the central nervous system for modern application delivery. Building such a pipeline, however, involves navigating a complex ecosystem of tools, services, and best practices. This article provides a comprehensive exploration of how to construct a robust, scalable, and secure CI/CD pipeline from the ground up using the native suite of AWS developer tools.
We will move beyond theoretical concepts and dive deep into the practical implementation, architecting a pipeline that not only automates builds and deployments but also incorporates security, resilience, and operational excellence. By leveraging core services like AWS CodeCommit for source control, AWS CodeBuild for compilation and testing, AWS CodePipeline for orchestration, and various AWS services for deployment targets (such as Amazon S3 and Amazon ECS), we will assemble a production-ready system capable of supporting demanding, real-world applications. The focus will be on understanding not just the "how" but the "why" behind each architectural decision, enabling you to tailor these patterns to your specific project needs.
The Philosophical Pillars of CI/CD
Before assembling the components of our pipeline, it is crucial to understand the principles that guide its construction. CI/CD is not just a set of tools; it's a development philosophy that emphasizes automation, frequent iteration, and a culture of shared responsibility.
Continuous Integration (CI)
Continuous Integration is the practice of developers merging their code changes into a central repository frequently—ideally, multiple times a day. Each merge triggers an automated build and a series of automated tests. The primary objectives of CI are:
- Early Detection of Integration Issues: By integrating small code changes often, conflicts and bugs are identified sooner, when they are smaller, less complex, and easier to resolve. This prevents the dreaded "merge hell" that occurs when developers work in isolated branches for extended periods.
- Automated Quality Gates: Every commit is validated against a suite of tests (unit tests, component tests, static code analysis). This ensures that the mainline branch, often called
mainormaster, remains in a consistently stable and deployable state. - Improved Developer Productivity: Automation of repetitive build and test tasks frees developers to focus on writing code and solving business problems. It provides rapid feedback, allowing them to iterate quickly without manual intervention.
Continuous Delivery (CD)
Continuous Delivery is the logical extension of CI. It's a practice where every code change that passes the automated testing stages is automatically prepared and released to a production-like environment (e.g., staging, pre-production). The final step of deploying to the live production environment is typically triggered by a manual approval. This ensures that the business or operations team has the final say on when a release goes live. Key benefits include:
- Release-Ready Artifacts at All Times: At any given moment, you have a thoroughly tested and deployable build artifact. This drastically reduces the risk and overhead associated with release cycles.
- Lower-Risk Releases: Since deployments become routine, non-eventful activities, the pressure and risk associated with large, infrequent "big bang" releases are eliminated. Deployments become smaller, more manageable, and easier to troubleshoot.
- Faster Feedback Loops: New features can be delivered to stakeholders or a subset of users (e.g., via canary releasing) much faster, allowing for rapid validation of business ideas.
Continuous Deployment (also CD)
Often confused with Continuous Delivery, Continuous Deployment takes automation one step further. In this model, every change that passes all automated tests is automatically deployed to production *without* any manual intervention. This is the ultimate goal for many high-velocity teams, but it requires a very high degree of confidence in the automated test suite, robust monitoring, and sophisticated deployment strategies (like blue/green or canary deployments) to manage risk.
For our purposes, we will build a pipeline that embodies Continuous Delivery, including an optional manual approval gate before the final production deployment, as this model provides an excellent balance of speed and control for most organizations.
Architecting the Pipeline: The AWS Developer Tool Suite
AWS provides a suite of fully managed services, collectively known as the AWS Code* family, designed to build a complete CI/CD pipeline without managing any underlying infrastructure. This serverless approach allows us to focus entirely on the pipeline's logic and workflow.
Our pipeline will consist of the following core stages and services:
- Source Stage (AWS CodeCommit): This is the entry point. A
git pushto our repository will trigger the entire pipeline. - Build Stage (AWS CodeBuild): This stage compiles the source code, runs tests, and packages the application into a deployable artifact.
- Deploy Stage (AWS CodePipeline with various deployment targets): The orchestrator, CodePipeline, will take the artifact from the build stage and deploy it to our chosen environment.
Deep Dive into the Core Components
1. AWS CodeCommit: Secure Git Hosting
AWS CodeCommit is a fully-managed source control service that hosts secure and private Git repositories. While functionally similar to GitHub or GitLab, its primary differentiator is its deep integration with the AWS ecosystem.
- Security and Compliance: Repositories are automatically encrypted at rest and in transit. Access control is managed through AWS Identity and Access Management (IAM), allowing for granular permissions. You can define precisely which users or roles can read, write, or create branches, tying your source code security directly into your overall cloud security posture.
- Scalability and Availability: As a managed service, CodeCommit is built on Amazon's highly available and durable infrastructure (leveraging S3 and DynamoDB under the hood), eliminating the need to manage and scale your own Git servers.
- Triggers and Integrations: CodeCommit can trigger actions in other AWS services, such as invoking a Lambda function or, most importantly for our use case, starting an AWS CodePipeline execution upon a push to a specific branch.
2. AWS CodeBuild: Serverless Build and Test Engine
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. It is a powerful and flexible engine that eliminates the need for provisioning, managing, and scaling your own build servers.
- Managed Environments: CodeBuild provides pre-packaged build environments for popular programming languages and runtimes like Java, Python, Node.js, Go, Docker, and more. You can also bring your own custom Docker image to create a build environment with any tool you need.
- Pay-as-you-go Pricing: You are charged per minute for the compute resources you consume during the build process. When no builds are running, there is no cost, making it extremely cost-effective compared to maintaining idle build servers.
- The
buildspec.ymlFile: The heart of a CodeBuild project is thebuildspec.ymlfile. This YAML-formatted file is placed in the root of your repository and defines the commands CodeBuild will execute during each phase of the build process (e.g.,install,pre_build,build,post_build). This keeps your build logic version-controlled alongside your source code.
3. AWS CodePipeline: The Workflow Orchestrator
AWS CodePipeline is the service that ties everything together. It's a continuous delivery service that models, visualizes, and automates the steps required to release your software. It orchestrates the entire workflow from source to deployment.
- Visual Workflow: CodePipeline provides a graphical interface that shows the progression of your changes through the release process, making it easy to see the status of each stage and diagnose failures.
- Flexible Stages: A pipeline is composed of stages (e.g., Source, Build, Test, Deploy, Approval). Each stage can contain one or more actions. CodePipeline supports a wide range of actions, including integrations with AWS services (like CodeCommit, CodeBuild, S3, ECS, Elastic Beanstalk) and third-party tools (like GitHub, Jenkins, Runscope).
- Release Process Automation: It automates the entire release process. Once a pipeline is configured, it will run automatically on every code change, ensuring a consistent and repeatable deployment process.
Practical Implementation: Building a Pipeline for a Static Website
To make these concepts concrete, let's build a complete CI/CD pipeline to deploy a simple static website to Amazon S3. This is a common and highly effective pattern for hosting performant, scalable, and low-cost websites.
Prerequisites
- An AWS account.
- The AWS CLI installed and configured with credentials for an IAM user with sufficient permissions (e.g., AdministratorAccess for this tutorial, but in production, you should use least-privilege permissions).
- Git installed on your local machine.
- A basic understanding of Git commands.
Step 1: Create the Source Code Repository with AWS CodeCommit
First, we'll create a CodeCommit repository to store our website's source code.
aws codecommit create-repository --repository-name my-static-websiteThis command will return a JSON object containing the repository's metadata, including its clone URL. You'll need to configure your local Git client with credentials to access CodeCommit. The easiest way is to use the Git credentials helper that comes with the AWS CLI.
git config --global credential.helper '!aws codecommit credential-helper $@'
git config --global credential.UseHttpPath trueNow, clone the newly created repository:
# Use the cloneUrlHttp from the create-repository output
git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-static-websiteLet's create a simple website inside this repository.
Create an `index.html` file:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>My Awesome Website</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<h1>Welcome to My Production-Ready Website!</h1>
<p>This site was deployed automatically via an AWS CI/CD pipeline.</p>
<p id="version">Version: 1.0.0</p>
</body>
</html>
Create a directory `css` and a file `style.css` inside it:
body {
font-family: Arial, sans-serif;
background-color: #f0f2f5;
color: #333;
display: flex;
flex-direction: column;
justify-content: center;
align-items: center;
height: 100vh;
margin: 0;
}
h1 {
color: #1d4ed8;
}
#version {
font-size: 0.8em;
color: #666;
}
The final piece is the `buildspec.yml` file, which tells CodeBuild what to do. For a static site, the "build" process might simply involve validating files or preparing them for deployment. We'll keep it simple for now.
Create `buildspec.yml` in the root of your repository:
version: 0.2
phases:
install:
runtime-versions:
nodejs: 18
commands:
- echo "No installation steps needed for a static site."
pre_build:
commands:
- echo "Starting the pre-build phase..."
# In a real-world scenario, you might run an HTML linter here
build:
commands:
- echo "Build started on `date`"
- echo "Zipping files for deployment artifact..."
# We don't really have a build step, so we just log a message
- echo "Build completed."
post_build:
commands:
- echo "Post-build phase complete."
artifacts:
files:
- '**/*'
base-directory: '.'
This `buildspec` is straightforward. It defines several phases and specifies that all files (`**/*`) in the current directory (`.`) should be included in the output artifact.
Now, commit and push these files to the `main` branch:
git add .
git commit -m "Initial commit of static website"
git push origin main
Step 2: Set Up the Deployment Target with Amazon S3
We need a place to host our website. We'll use two S3 buckets:
- Artifact Bucket: CodePipeline will use this bucket to store the intermediate files (artifacts) between stages.
- Hosting Bucket: This bucket will be configured for static website hosting and will contain our deployed `index.html` and `css/style.css`.
Choose globally unique names for your buckets. Let's say `my-cicd-pipeline-artifacts-12345` and `my-static-website-hosting-12345` (replace `12345` with a random number).
Create the artifact bucket:
aws s3api create-bucket --bucket my-cicd-pipeline-artifacts-12345 --region us-east-1Create the hosting bucket:
aws s3api create-bucket --bucket my-static-website-hosting-12345 --region us-east-1Now, configure the hosting bucket for static website hosting. This involves enabling the feature and attaching a bucket policy that allows public read access.
aws s3 website s3://my-static-website-hosting-12345/ --index-document index.html
Create a `bucket-policy.json` file with the following content, replacing `my-static-website-hosting-12345` with your bucket name:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-static-website-hosting-12345/*"
}
]
}
Apply this policy to the bucket:
aws s3api put-bucket-policy --bucket my-static-website-hosting-12345 --policy file://bucket-policy.json
Important Note on S3 Public Access: Since 2018, AWS has enabled "Block Public Access" settings by default on all new S3 buckets. You will need to go to the S3 console, find your hosting bucket, go to the "Permissions" tab, and edit the "Block public access (bucket settings)" to disable the top two options that block public policies. This is necessary for a public website but should be done with caution. For any non-public data, these settings should remain enabled.
Step 3: Create the Build Project with AWS CodeBuild
Now we create the CodeBuild project. This requires an IAM role that gives CodeBuild permissions to interact with other AWS services (like logging to CloudWatch and fetching code from CodeCommit).
The AWS console is often easier for creating IAM roles with the correct trust policies, but it can also be done via the CLI. For simplicity, let's assume a role `CodeBuildServiceRole` has been created with the `AWSCodeBuildAdminAccess` policy attached and a trust relationship allowing `codebuild.amazonaws.com` to assume it.
With a role ARN (`arn:aws:iam::ACCOUNT_ID:role/CodeBuildServiceRole`), we can create the project:
aws codebuild create-project --name my-static-website-build \
--source '{"type": "CODECOMMIT", "location": "https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-static-website"}' \
--artifacts '{"type": "CODEPIPELINE"}' \
--environment '{"type": "LINUX_CONTAINER", "image": "aws/codebuild/standard:7.0", "computeType": "BUILD_GENERAL1_SMALL"}' \
--service-role arn:aws:iam::ACCOUNT_ID:role/CodeBuildServiceRole
Key parameters explained:
--name: A unique name for our build project.--source: Specifies that the source is a CodeCommit repository and provides its URL.--artifacts: `{"type": "CODEPIPELINE"}` tells CodeBuild that the input and output artifacts will be managed by CodePipeline, rather than being defined here. This is the standard integration pattern.--environment: Defines the build environment. We're using a standard Linux container managed by AWS with a small compute type.--service-role: The IAM role CodeBuild will use for permissions.
Step 4: Orchestrate with AWS CodePipeline
This is the final step where we connect all the pieces. Creating a pipeline via the CLI is complex due to the large JSON structure required. It's often more practical to create the first pipeline using the AWS Management Console's wizard, which can generate the necessary IAM roles and structures for you. Then, you can use the CLI's `get-pipeline` command to see the JSON definition and use it as a template for automation (e.g., with CloudFormation).
Here is a conceptual overview of the JSON structure for creating the pipeline. You would save this as `pipeline.json`.
{
"pipeline": {
"name": "my-static-website-pipeline",
"roleArn": "arn:aws:iam::ACCOUNT_ID:role/CodePipelineServiceRole",
"artifactStore": {
"type": "S3",
"location": "my-cicd-pipeline-artifacts-12345"
},
"stages": [
{
"name": "Source",
"actions": [
{
"name": "Source",
"actionTypeId": {
"category": "Source",
"owner": "AWS",
"provider": "CodeCommit",
"version": "1"
},
"runOrder": 1,
"configuration": {
"RepositoryName": "my-static-website",
"BranchName": "main",
"PollForSourceChanges": "false"
},
"outputArtifacts": [
{
"name": "SourceOutput"
}
]
}
]
},
{
"name": "Build",
"actions": [
{
"name": "Build",
"actionTypeId": {
"category": "Build",
"owner": "AWS",
"provider": "CodeBuild",
"version": "1"
},
"runOrder": 1,
"configuration": {
"ProjectName": "my-static-website-build"
},
"inputArtifacts": [
{
"name": "SourceOutput"
}
],
"outputArtifacts": [
{
"name": "BuildOutput"
}
]
}
]
},
{
"name": "Deploy",
"actions": [
{
"name": "DeployToS3",
"actionTypeId": {
"category": "Deploy",
"owner": "AWS",
"provider": "S3",
"version": "1"
},
"runOrder": 1,
"configuration": {
"BucketName": "my-static-website-hosting-12345",
"Extract": "true"
},
"inputArtifacts": [
{
"name": "BuildOutput"
}
]
}
]
}
],
"version": 1
}
}
A few key points in this definition:
- `roleArn`: CodePipeline needs its own IAM service role to manage the actions in the pipeline.
- `artifactStore`: This points to the S3 bucket we created for intermediate artifacts.
- Stages: The pipeline is defined as an array of stages.
- Source Stage: Connects to our CodeCommit repository's `main` branch. `PollForSourceChanges` is set to `false` because we will use a more efficient event-based trigger. The output is an artifact named `SourceOutput`.
- Build Stage: Takes `SourceOutput` as its input, uses our `my-static-website-build` CodeBuild project, and produces an artifact named `BuildOutput`.
- Deploy Stage: Takes `BuildOutput` as its input, uses the S3 deployment provider, and deploys to our hosting bucket. `"Extract": "true"` tells the action to unzip the artifact before placing it in the bucket.
You would create the pipeline with:
aws codepipeline create-pipeline --cli-input-json file://pipeline.json
Finally, to enable event-based triggering (which is much faster and more efficient than polling), we need to create an Amazon EventBridge (formerly CloudWatch Events) rule.
aws events put-rule \
--name MyCodeCommitTriggerRule \
--event-pattern '{"source":["aws.codecommit"],"detail-type":["CodeCommit Repository State Change"],"resources":["arn:aws:codecommit:us-east-1:ACCOUNT_ID:my-static-website"],"detail":{"referenceType":["branch"],"referenceName":["main"]}}'
aws events put-targets \
--rule MyCodeCommitTriggerRule \
--targets '{"Id":"1","Arn":"arn:aws:codepipeline:us-east-1:ACCOUNT_ID:my-static-website-pipeline"}'
# You also need to grant EventBridge permission to start the pipeline
aws codepipeline put-permission ... # (This part can be complex and is often handled by the console/CloudFormation)
Step 5: Test the Pipeline
With everything configured, the pipeline is live. Let's make a change to our website to trigger it.
Edit `index.html`:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>My Awesome Website V2</title>
<link rel="stylesheet" href="css/style.css">
</head>
<body>
<h1>Welcome to My Upgraded Website!</h1>
<p>This update was also deployed automatically via AWS CI/CD.</p>
<p id="version">Version: 2.0.0</p>
</body>
</html>
Commit and push the change:
git commit -am "Update website to version 2.0"
git push origin main
This push will trigger the EventBridge rule, which in turn starts an execution of your CodePipeline. You can navigate to the CodePipeline console to watch the progress in real-time. You'll see the Source stage turn green, then the Build stage, and finally the Deploy stage. Once all are green, visit your S3 website URL (you can find this in the S3 console under your hosting bucket's "Properties" -> "Static website hosting"). You should see your updated content live.
Advancing the Pipeline: Production-Ready Enhancements
A simple S3 deployment is a great start, but real-world production pipelines require more sophistication. Let's explore several critical enhancements.
1. Adding a Test Stage
Our current pipeline lacks any form of automated testing, which is a critical quality gate. We can add a dedicated test stage to our pipeline. This could involve unit tests, integration tests, or end-to-end tests.
Let's add a unit test to our build process. If we were using a Node.js application, we would:
- Add a test framework like Jest or Mocha to our `package.json`.
- Write test files (e.g., `app.test.js`).
- Modify the `buildspec.yml` to run the tests.
An updated `buildspec.yml` for a Node.js project might look like this:
version: 0.2
phases:
install:
runtime-versions:
nodejs: 18
commands:
- echo "Installing dependencies..."
- npm install
build:
commands:
- echo "Running unit tests..."
- npm test # This command will fail the build if tests fail
- echo "Building the application..."
- npm run build # Example build script
artifacts:
files:
- '**/*'
base-directory: 'dist' # Output from the build process
Now, if `npm test` returns a non-zero exit code, the CodeBuild project fails, which in turn fails the Build stage of the pipeline, preventing a faulty build from ever reaching the deployment stage.
2. Multi-Environment Deployments (Dev, Staging, Prod)
Deploying directly to production is risky. A standard practice is to deploy to a series of environments, such as Development, Staging, and finally Production. This can be modeled in CodePipeline using multiple stages and Git branching strategies.
A common Git workflow is GitFlow, where features are developed in feature branches, merged into a `develop` branch, and finally merged into the `main` branch for a production release.
- A push to `develop` could trigger a pipeline that deploys to a 'Staging' environment.
- A push or merge to `main` could trigger a pipeline that deploys to the 'Production' environment.
This would involve creating two separate pipelines, each triggered by a different branch. The Production pipeline should also include a manual approval stage.
To add a manual approval stage in your pipeline's JSON definition:
{
"name": "ManualApproval",
"actions": [
{
"name": "ApproveProductionDeploy",
"actionTypeId": {
"category": "Approval",
"owner": "AWS",
"provider": "Manual",
"version": "1"
},
"runOrder": 1,
"configuration": {
"NotificationArn": "arn:aws:sns:us-east-1:ACCOUNT_ID:MyApprovalTopic"
"CustomData": "Approve deployment of version XYZ to production."
}
}
]
}
This stage will pause the pipeline execution until a user with the necessary IAM permissions manually approves or rejects the action in the CodePipeline console. The `NotificationArn` can be configured to send an email or message via SNS to alert the approvers.
3. Infrastructure as Code (IaC)
Managing all these AWS resources (pipelines, build projects, S3 buckets, IAM roles) through the console or CLI is not scalable or repeatable. The best practice is to define your entire infrastructure, including the CI/CD pipeline itself, as code using a tool like AWS CloudFormation or the AWS Cloud Development Kit (CDK).
A CloudFormation template snippet to define a CodePipeline might look like this:
Resources:
MyCICDPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: my-static-website-pipeline
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: !Ref ArtifactsBucket
Stages:
- Name: Source
Actions:
- Name: SourceAction
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: '1'
Configuration:
RepositoryName: !GetAtt MyCodeCommitRepo.Name
BranchName: main
OutputArtifacts:
- Name: SourceOutput
- Name: Build
Actions:
- Name: BuildAction
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
Configuration:
ProjectName: !Ref MyCodeBuildProject
InputArtifacts:
- Name: SourceOutput
OutputArtifacts:
- Name: BuildOutput
# ... and so on for the Deploy stage
By defining your pipeline as code, you can version control it, peer review changes, and create or update entire environments with a single command. This is a cornerstone of modern DevOps practices.
4. Security and Permissions
Security is paramount. The principle of least privilege should be applied to all IAM roles used by the pipeline.
- CodePipeline Role: This role only needs permission to start CodeBuild projects, read from the source (CodeCommit), and write to the artifact S3 bucket. It should *not* have deployment permissions itself.
- CodeBuild Role: This role needs permissions to get its source from S3 (where CodePipeline places it), write its output artifact to S3, and write logs to CloudWatch. It might also need permissions to pull dependencies from package managers.
- Deployment Action Role: The deployment action within CodePipeline (e.g., the S3 Deploy or an ECS Deploy action) should assume a *separate* role that has the specific, narrow permissions needed to deploy to the target environment. For our S3 example, this role would only need `s3:PutObject` and `s3:GetObject` permissions on the specific hosting bucket.
This separation of duties ensures that a compromised build environment, for example, does not grant an attacker permissions to modify your production infrastructure.
5. Deploying Containerized Applications with Amazon ECS
For dynamic applications, a common target is a container orchestrator like Amazon Elastic Container Service (ECS). The pipeline flow would be slightly different:
- Source Stage: Same as before (CodeCommit).
- Build Stage: The `buildspec.yml` would now be responsible for:
- Running unit tests.
- Building a Docker image (`docker build`).
- Pushing the Docker image to a registry like Amazon Elastic Container Registry (ECR).
- Creating an `imagedefinitions.json` file, which is a special artifact that tells the ECS deploy action which image to use.
- Deploy Stage: CodePipeline would use the "Amazon ECS" deploy provider. This action takes the `imagedefinitions.json` file and updates the specified ECS service to pull the new Docker image from ECR and deploy it, often using a rolling update strategy for zero-downtime deployments.
This pattern is incredibly powerful for microservices architectures, allowing independent teams to deploy their services safely and frequently.
Conclusion: The Journey to Automation
We have journeyed from the foundational principles of CI/CD to the hands-on implementation of a production-ready pipeline on AWS. By assembling AWS CodeCommit, CodeBuild, and CodePipeline, we created a fully automated, serverless workflow that transforms a simple `git push` into a live, deployed application. We saw how this basic pipeline can be extended with critical features like automated testing, manual approvals, multi-environment strategies, and robust security practices through IAM.
Building a CI/CD pipeline is not a one-time setup; it is an evolving system that grows with your application and your team. The true power of the AWS tool suite lies in its modularity and deep integration, allowing you to start simple and progressively add more sophisticated capabilities as your needs mature. By embracing Infrastructure as Code to manage this pipeline, you create a scalable, repeatable, and transparent process that becomes a core asset of your development lifecycle.
The ultimate goal of this automation is to increase the speed and quality of software delivery, reduce the risk of human error, and empower development teams to focus on innovation. A well-architected CI/CD pipeline on AWS is a critical enabler of this goal, serving as the automated backbone that supports a culture of continuous improvement and rapid, reliable delivery.
0 개의 댓글:
Post a Comment