Repository files navigation

This example uses aJenkins multi-branch pipelines.The code for this pipeline can be foundhere.

Jenkins multi-branch pipelines build all your branches in your repository under source codecontrol (e.g. github) automatically. Note that you can explicitly include/exclude branch usingregular expressions.This allows for a development approach with short-lived feature and bugfixbranches that can be build, deployed, and tested simultaneously.This is important, because it allows developers to update and test the pipeline as part ofthe change request (or bugfix) they are working on,so the pipeline code always stays in sync with the the application code.Furthermore,"standard" development processes can now not only be applied to theapplication code, but also to the pipeline code, specifically source code control, testing,and code review.

1. Build the JavaSpring Bootapplication usingApache MavenThis includes runningunit tests.
2. Performs a security scan on the Java code base usingSonarQube via Maven
3. Build and register a version of theDocker image
4. Deploy the image to thedev environment
5. Run the automated browser tests against the application in thedev environment.Thebrowser tests are written inPython using thePython Selenium Webdriver API binding.
6. Deploy the image to thetest environment
7. Run the automated browser tests against the application in thetest environment
8. Pause for confirmation that the new image can be deployed to theprod environment.Allow for some manual tests to be executed beforeThis step times out after some (configurable amount of) time.
9. Deploy the image to theprod (or live) environment

Web Application:

Pipeline executions:

Pause step (step 8):

SonarQube (security scan) output:

Note that in the above steps, steps 5 and up in the pipeline areonlyexecuted against themaster branch.The pipeline code is configured to treat development (feature/bugfix) branches asadditionaldev environments.These temporary additionaldev environments can quickly be created using the application'scloud-formation script andsetting theEnvironment parameter todev-<branch-name> and theSecurityContext parametertodev.The newdev-<branch-name> environment now operates in the same security context as thedevenvironment`.

Now when a new temporary development branch is created of the master branch,the Jenkins pipeline will automatically discover the new branch andexecute the pipeline code from that specific branch allow a developer to build and testthe branch specific changes in isolation, including changes to the pipeline code.

Multiple branch executions (feature1 andmaster) after creating thefeature1 branch:

Development branch (feature) execution details:

The following outlines how this development pipeline would be used in a (typical) developmentprocess:

1. A user story (or bug) ticket is assigned to a developer
2. Create a temporary and short-lived development (feature/bugfix) branch environmentusing the Hello World applicationcloud formation script.Run the script setting theEnvironment parameter todev-<name> and thetheSecurityContext parameter todev.
3. A development branch is created in the repository using the format feature/ orbug-fix/ from themaster branch
4. The developer implements and tests the changes, include new and/or updated automated tests.
5. Changes are committed to the branch and tested.The developer references the ticket in the commit message to allow for integrationwith the ticketing system, e. GitHub-Jira Integration.
6. Changes are pushed to the central git server.
7. A git webhook triggers the Jenkins pipeline for the feature branch.
8. If pipeline build fails, either fix infrastructure issue, or return to step 3
9. Manually test the changes
10. Once satisfied acceptance criteria are met, create a Pull Request (PR) to the master branchand assign a reviewer.
11. Reviewer verifies changes.
12. If not accepted, return to step 3
13. Reviewer accepts changes, the reviewer or developer merges the PR intomaster anddeletes the branch
14. Delete the temporary development branch environment.
15. A git webhook triggers the Jenkins pipeline for the master branch
16. Manual tests (if any are executed against the Test environment
17. If problems are detected, return to step 3
18. Accept changes and push to production

1. Automate the creation and deletion of temporary development branch environment
2. Create separate test suites to allow for a smoke vs. a full suite of tests.Smoke tests would always be applied to each environment, including production.The full suite of tesst would only be executed against pre-production environments.
3. Application/browser tests are executed against all targetted brower/platform configurationsusing a hosted service, such asBrowserstack orSaucelabs.
4. Add performance testing in the pipeline, e.g. usingTaurus and/orApache jMeter.
5. Penetration tests are executed as part of the pipeline,e.g. using OWAPS'ZAProxy
6. Integrate a notification mechanism with the pipeline, e.g.Slack
7. If an Restful API component is added, useNewman to run API tests usingPostmantest collections viaNewman Docker image.

Installation instructions can be foundhere.