Continuous Integration Tools
What is CI or contineous integration ?
Continuous integration is a DevOps software development practice , where developers regularly push their code changes or new features into a central repository like github,bitbucket & gitlab etc. after that build tools like jenkin will clone the source code and start the automated builds.
The key goals of continuous integration are to find and address bugs quicker, improve software quality, and reduce the time it takes to validate and release new software updates.
How CI works ?
Developer or Application owner creates/checkout a new feature/temporary branch from develop branch . Add the new code/feature into the feature/temporary branch and push the branch to remote repository .
In jenkins , basically we configure multibranch pipeline job , hence jenkin will scan the pipeline and pick the new branch and trigger the job to start build & deployment process(deployment process we can see in contineous deployment steps) .
if build , deployment & test are sucess , application owner creates a pull review from temporary/featrure branch to develop branch for merge the new code. pull review basically approved by team lead or manager.
once PR(pull review) is approved , jenkin starts build the source code in develop branch. if build & deploy is sucess , PR creates for release branch . This entire process is called branching strategy
.Tolls here we will use for contineous integration (git ,maven , sonarqube ,sonarscanner , skaffold , kankiko , docker hub & trivy)
Basic idea behind the tools
Basically jenkins pipeline job is configured into multiple stages and each stage performs some specific task by help of above tools
stage-1 : Jenkin clone the source code from remote repository and keep under the workspace by help of git
stage-2 : once clone is completed sucessfully , jenkins performs unit test and packaging the code by help of maven tool(maven is used only for java based project , for nodejs we can use npm tool).
stage-3 : post maven , source code scanned by soanr scanner tools for code quality checks.
stage-4: once code scan is done , skaffold is used to build the docker image with automatic tagging and push the image into image artifactory(jfrog or docker private registry).
stage-5 : post image build , trivy(aqua scan tool) is used to scan the image to check the vulnerAbilities.
Practical Implemenation Of git
Practical Implemenation Of maven
Maven is a build automation tool used primarily for Java projects. It works based on pom.xml file
POM stands for project object model . It is an XML file that contains information about the project and configuration details used by Maven to build the project.
When executing a Maven task or goal(mvn clean test package), It looks for the POM in the current directory. It reads the POM, gets the needed configuration information, then executes the goal.
Installation Of maven
Create a small project called DemoMavenProject , follow the below command
mvn archetype:generate -DgroupId=ToolsQA -DartifactId=DemoMavenProject -DarchetypeArtifactId=maven-archetype-quickstart -DinteractiveMode=false
cd DemoMavenProject
ls
mvn test package
Practical Implemenation Of Sonarqube & Sonar-scanner
SonarQube is a Code Quality Assurance tool/ code review tool , it detects bugs, vulnerabilities ,code smells and code duplicates . It performs both static analysis and dynamic analysis.
Static Analysis
Static code analysis is done without executing any of the code , it performs , Detecting errors in programs and Recommendations on code formatting with a formatter etc
Dynamic Analysis
It identifies the code behaviour during run time/execution. It performs below operations
Code Coverage
Memory error detection
Fault localization
Security Analysis
Concurrency errors
Componenets of Sonar tool:
Sonar have 2 componenets SoanrQube & SonarScanner SonarQube is web severer , it provides dashboard feature where we can see the code reports SonarScanner scans the source code , generates the report and push the report to SonarQube.
SonarQube
wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-8.9.8.54436.zip
unzip sonarqube-8.9.8.54436.zip
vi sonar.properties
sonar.web.hosts 172.31.17.225
Initial password & Username ; admin/admin
SonarScanner :
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip
unzip sonar-scanner-cli-4.7.0.2747-linux.zip
sonar-scanner-4.7.0.2747-linux/bin/sonar-scanner -Dsonar.host.url=http://172.31.17.225:9000/ -Dsonar.projectKey=myproject -Dsonar.sources=DemoMavenProject/src/main -Dsonar.login=admin -Dsonar.password=admin@123
https://docs.sonarqube.org/latest/analysis/analysis-parameters/
Practical Implemenation Of Dockerdaemon , Dockerhub & Docker Login
Docker is a software platform , that allows you to test , build and deploy application quickly. Docker help to build light weight images and it is tightly coupled with base os image.
yum install docker ; systemctl start docker
Practical Implemenation Of Skaffold
Skaffold is a command line tool that facilitates continuous development for Kubernetes-native applications. Skaffold handles the workflow for building, pushing, and deploying your application, and provides building blocks for creating CI/CD pipelines
Installation Of Skaffold
curl -Lo skaffold https://storage.googleapis.com/skaffold/releases/latest/skaffold-linux-amd64 sudo install skaffold /usr/local/bin/
Practical Implemenation Of Trivy (image scanning)
Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. Trivy detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). Trivy is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
https://aquasecurity.github.io/trivy/v0.18.3/installation/
Comments
Post a Comment