Continuous Integration & Deployment

Bedrock runs a series of automated tests as part of continuous integration workflow and deployment pipeline. You can learn more about each of the individual test suites by reading their respective pieces of documentation:

Deployed site URLs

Note that a deployment of Bedrock will actually trigger two separate deployments: one serving all of and another serving certain parts of





By default, the Demo servers on GCP point to the Bouncer Dev service at To change this, you will have adjust GCP Secrets - see the demo sites docs

You can check the currently deployed git commit by checking /revision.txt on any of these URLs.

Tests in the lifecycle of a change

Below is an overview of the tests during the lifecycle of a change to bedrock:

Local development

The change is developed locally, and page specific integration tests can be executed against a locally running instance of the application. If testing changes to the website as a whole is required, then pushing changes to the special run-integration-tests branch (see below) is much faster than running the full test suite locally.

Pull request

Once a pull request is submitted, a Unit Tests Github Action will run both the Python and JavaScript unit tests, as well as the suite of redirect headless HTTP(s) response checks.

Push to main branch

Whenever a change is pushed to the main branch, a new image is built and deployed to the dev environment, and the full suite of headless and UI tests are run. This is handled by the pipeline, and is subject to change according to the settings in the Github Action workflow defined in bedrock/.github/workflows/integration_tests.yml.

The tests for the dev environment are currently configured as follows:

  • Chrome (latest) via local Selenium grid.

  • Firefox (latest) via local Selenium grid.

  • Internet Explorer 11 (smoke tests) via Sauce Labs.

  • Internet Explorer 9 (sanity tests) via Sauce Labs.

  • Headless tests.

Note that now we have Mozorg mode and Pocket mode, we actually stand up two dev, two stage and two test deployments and we run the appropriate integration tests against each deployment: most tests are written for Mozorg, but there are some for Pocket mode that also get run.


The deployment workflow runs like this

1. A push to the main/stage/prod/run-integration-tests branch of mozilla/bedrock triggers a webhook ping to the (private) mozilla-sre-deploy/deploy-bedrock repo.

2. A Github Action (GHA) in mozilla-sre-deploy/deploy-bedrock builds a “release”-ready Bedrock container image, which it stores in a private container registry (private because our infra requires container-image access to be locked down). Using the same commit, the workflow also builds an equivalent set of public Bedrock container images, which are pushed to Docker Hub.

  1. The GHA deploys the relevant container image to the appropriate environment.

4. The GHA pings a webhook back in mozilla/bedrock to run integration tests against the environment that has just been deployed.

Push to stage branch

Whenever a change is pushed to the stage branch, a production docker image is built, published to Docker Hub, and deployed to a public staging environment. Once the new image is deployed, the full suite of UI tests is run against it again, but this time with the addition of the headless download tests.

Push to prod branch (tagged)

When a tagged commit is pushed to the prod branch, a production container image (private, see above) is built, and a set of public images is also built and pushed to Docker Hub if needed (usually this will have already happened as a result of a push to the main or stage branch). The production image is deployed to each production deployment.

Push to prod cheat sheet

  1. Check out the main branch

  2. Make sure the main branch is up to date with mozilla/bedrock main

  3. Check that dev deployment is green:
    1. View the Integration Tests Github Action and look at the run labelled Run Integration tests for main

  4. Check that stage deployment is also green (Run Integration tests for stage)

  5. Tag and push the deployment by running bin/ --push


By default the script will push to the origin git remote. If you’d like for it to push to a different remote name you can either pass in a -r or --remote argument, or set the MOZ_GIT_REMOTE environment variable. So the following are equivalent:

$ bin/ --push -r mozilla
$ MOZ_GIT_REMOTE=mozilla bin/ --push

And if you’d like to just tag and not push the tag anywhere, you may omit the --push parameter.

What Is Currently Deployed?

You can look at the git log of the main branch to find the last commit with a date-tag on it (e.g. 2022-05-05): this commit will be the last one that was deployed to production. You can also use the service to get a nice view of what is actually currently deployed to Dev, Stage, and Prod:,stage,prod-green.svg

Instance Configuration & Switches

We have a separate repo for configuring our primary instances (dev, stage, and prod). The docs for updating configurations in that repo are on their own page, but there is a way to tell what version of the configuration is in use on any particular instance of bedrock. You can go to the /healthz-cron/ URL on an instance (see prod for example) to see the current commit of all of the external Git repos in use by the site and how long ago they were updated. The info on that page also includes the latest version of the database in use, the git revision of the bedrock code, and how long ago the database was updated. If you recently made a change to one of these repos and are curious if the changes have made it to production, this is the URL you should check.

Updating Selenium

There are several components for Selenium, which are independently versioned. The first is the Python client, and this can be updated via the test dependencies. The other components are the Selenium versions used in both SauceLabs and the local Selenium grid. These versions are selected automatically based on the required OS / Browser configuration, so they should not need to be updated or specified independently.

Adding test runs

Test runs can be added by creating a new job in bedrock/.github/workflows/integration_tests.yml with the desired variables and pushing that branch to Github. For example, if you wanted to run the smoke tests in IE10 (using Saucelabs) you could add the following clause to the matrix:

- LABEL: test-ie10-saucelabs
  BROWSER_NAME: internet explorer
  DRIVER: SauceLabs
  PLATFORM: Windows 8

You can use Sauce Labs platform configurator to help with the parameter values.

Pushing to the integration tests branch

If you have commit rights to our Github repo (mozilla/bedrock) you can simply push your branch to the branch named run-integration-tests, and the app will be deployed and the full suite of integration tests for that branch will be run. Please announce in our Slack channel (#www on that you’ll be doing this so that we don’t get conflicts. Also remember that you’ll likely need to force push, as there may be commits on that branch which aren’t in yours – so, if you have the mozilla/bedrock remote set as mozilla:

$ git push -f mozilla $(git branch --show-current):run-integration-tests