cicd

Last updated: 2025-04-24 01:06:41.820163 File source:

NuNet CI/CD Pipeline Documentation

This document provides an overview of the CI/CD pipeline infrastructure for the NuNet project. It is intended for developers, DevOps engineers, and SREs who will maintain and extend this system.

Table of Contents

Project Structure

The CI/CD configuration is organized into modular files that define specific aspects of the pipeline:

cicd/
├── Auto-DevOps.gitlab-ci.yml          # Main pipeline definition
├── Feature-Environment.gitlab-ci.yml  # Feature environment provisioning/deprovisioning
├── Jobs/
│   ├── Code-Quality.gitlab-ci.yml     # Code quality checks
│   ├── Unit-Tests.gitlab-ci.yml       # Unit test execution
│   ├── Integration-Tests.gitlab-ci.yml# Integration tests
│   ├── SAST-Security-Tests.gitlab-ci.yml# Static application security testing
│   ├── Feature-Environment.gitlab-ci.yml# Feature environment management
│   └── ...                            # Additional job definitions
├── Templates/
│   ├── rsync.gitlab-ci.yml            # Rsync template for artifact distribution
└── README.md                          # This documentation file

Pipeline Stages and Jobs

The pipeline is divided into logical stages, each containing specific jobs:

1. Pre-Build Stages

• Stages: .pre

• Jobs:

  • Prep Semver Config: Prepares versioning configuration for the pipeline.

  • DefectDojo Check Product Exists: Ensures product exists in DefectDojo.

2. Code Quality and Linting

• Stages: code_quality

• Jobs:

  • golangci_lint: Runs Go linting with golangci-lint.

  • license_check: Verifies software licenses using go-licence-detector.

3. Unit Tests

• Stages: unit_tests

• Jobs:

  • Golang Unit Tests: Executes unit tests for Go codebase.

  • JavaScript Unit Tests: Runs JavaScript unit tests with Mocha.

  • Golang Coverage Report: Generates coverage reports for Go code.

4. Integration and E2E Tests

• Stages: integration_tests_1, e2e_tests_1

• Jobs:

  • go_integration_tests: Runs integration tests for Go services.

  • go-e2e-tests: Executes end-to-end tests for the system.

5. Security Testing

• Stages: security_tests_1

• Jobs:

  • semgrep-sast: Runs Semgrep security analysis.

  • container-scanning-defectdojo: Performs container image scanning with Trivy.

  • secret-detection-defectdojo: Detects secrets in source code.

6. Build Stages

• Stages: build

• Jobs:

  • Build: Builds Debian packages for Linux distributions.

  • build:osx: Builds Darwin binaries for macOS.

7. Feature Environment Management

• Stages: test, functional_tests

• Jobs:

  • run_feature_environment: Spins up feature environments for testing.

  • feature_environment_test_results: Collects and aggregates test results.

8. Post-Build Stages

• Stages: .post

• Jobs:

  • delete_build_artifacts: Cleans up temporary build artifacts.

  • update_code_coverage: Updates code coverage information in the repository.

Configuration Variables

The pipeline uses a variety of variables to control its behavior. These can be customized in your GitLab project settings under CI/CD > Variables.

Build Configuration

• BUILD_DISABLED: Enable/disable builds (default: false).

• ALLOW_BUILD_FAIL: Allow build failures without blocking the pipeline (default: false).

Testing Configuration

• SKIP_UNIT_TESTS: Skip unit tests (default: false).

• ALLOW_E2E_TESTS_FAIL: Allow E2E test failures (default: false).

• E2E_TESTS_DISABLE: Disable E2E tests (default: false).

Security Configuration

• DEFECTDOJO_DISABLED: Disable DefectDojo integration (default: false).

• SAST_EXCLUDED_ANALYZERS: List of analyzers to exclude from SAST scans.

• SECRET_DETECTION_DISABLED: Disable secret detection (default: false).

Feature Environment Configuration

• FEATURE_ENVIRONMENT_BRANCH: Branch for feature environment builds (default: release).

• FEATURE_ENV_CONFIG_VAULT_PATH: Path to feature environment configuration in Vault.

Reporting and Notifications

• SLACK_WEBHOOK: Webhook URL for Slack notifications.

• TESTMO_URL: URL for Testmo integration.

• CI_REPORTS_SSH_KEY_B64: SSH key for report distribution.

Maintenance Guidelines

1. Keep It DRY:

   • Avoid duplicating configuration across files. Use templates and shared variables wherever possible.

2. Versioned Configuration:

   • Major changes to the pipeline should be versioned to ensure backward compatibility.

3. Monitor Performance:

   • Regularly review job execution times and optimize long-running jobs.

4. Security Best Practices:

   • Rotate credentials regularly.

   • Use scoped tokens with minimal permissions.

5. Documentation:

   • Keep this README updated whenever significant changes are made to the pipeline.

6. Testing Changes:

   • Test configuration changes in a staging environment before deploying them to production pipelines.

Technical Components

The CI/CD pipeline integrates with several key tools and services:

1. GitLab CI/CD:

   • Core orchestration engine for the pipeline.

   • Manages stages, jobs, and dependencies between tasks.

2. Allure:

   • Test reporting and visualization tool.

   • Provides detailed insights into test results and coverage.

3. SonarQube:

   • Code quality analysis tool.

   • Detects code smells, bugs, and vulnerabilities.

4. DefectDojo:

   • Vulnerability management platform.

   • Integrates with security testing tools to manage findings.

5. Testmo:

   • Test result aggregation and reporting tool.

   • Provides a unified view of test results across the pipeline.

6. Trivy:

   • Container image scanner for vulnerabilities and misconfigurations.

7. Semgrep:

   • Static application security testing (SAST) tool.

8. GolangCI-Lint:

   • Linter for Go codebases.

   • Enforces coding standards and best practices.

This documentation provides a comprehensive overview of the CI/CD pipeline structure, configuration options, and maintenance guidelines. For more detailed information about specific jobs or stages, refer to the individual .gitlab-ci.yml files in the cicd/Jobs directory.