Scope
- Define the stages for CI/CD Pipelines and criteria’s for each stage
- Common Templates to be used for implementation
- Compliance checks to be done in tribes
CI/CD Pipeline Architecture
CI/CD Stages
Sequence # | Stage | Naming Convention | Description | Stage Gate Criteria | Tools Used |
---|---|---|---|---|---|
1 | Requirement | req | Check if all requirements are documented Epic and User story created in JIRA JIRA User story linked with Infrastructure requirement, GitLab standards, Coding Standards, Security Standards | Check if all requirements are fulfilled Epic and User story Mapping | Jira VersionOne Jama Trello Azure DevOps |
2 | Design | design | Design documents are in place according to requirements Repository structure defined Traceability established by having required IDs for Test suites | JIRA User story should have Links to validate stages: GitLab Repository Unit Test Suite ID Integration Test Suite ID Performance Test Suite ID Smoke Test Suit ID | Confluence Docs Sharepoint |
3 | Code | code | Every Check-In should have JIRA User story or Defect or incident ID Version Management as per guidelines Branching strategy as per guidelines | Artifacts checked in and compiled successfully Version Management Check for increment Link to JIRA User story or Defect or incident | GitLab AWS codeCommit GitHub Azure DevOps HelixTeamHub IBM gitRepository ClearCase |
4 | Code Review | code-review | Manual Code review is done Automated code review done using tools Defects are reported in JIRA and closed Defined the exit criteria for Code Quality | Defect Reported > 0 Open Defect = 0 (Each tribe to customize as per Quality guidelines) Resource Tagging done for AWS infrastructure components | Manual Code review Blackduck SonarQube SCA Checkmarx OSA |
5 | Unit Test | unit-test | Manual Test Scripts Run Automated Test Scripts Run | Pass rate for Non-Critical Test Cases> 90% for Pass Rate for Critical Test Cases = 100% | |
6 | Security - SAST | sast-scan | IDE using SAST tool integration Run on Dev environment if not integrated in IDE | Open Critical and High Priority Defects = 0 (Refer Latest Security guidelines) | SonarQube Blackduck Coverity Synopsys Internal Tools Checkmarx |
7 | Build | build | Builds are complied successfully Artifacts used should be in central repos | Artifacts checked in and compiled successfully IaC Checks | GitLab Jenkins AWS CloudFormation AWS-CDK Cloudfoundry AWS CodeBuild Azure DevOps AWS Artifactory jfrog IBM-CCD |
8 | Deploy | deploy | Deploy code on different Environments based on Variable DEV/QA/PRE-PROD/PROD Full/partial Deployments | Deployment with 0 Errors Compliance with Infrastructure code | AWS CloudFormation AWS-CDK Cloudfoundry |
9 | E2E Test | e2e-test | Manual Test Scripts Run Automated Test Scripts Run DEV/QA/PRE-PROD | Open Critical and High Priority Defects = 0 Pass rate for Non-Critical Test Cases> 90% for Pass Rate for Critical Test Cases = 100% | Jenkins Robotic framework Robot framework squish framework postman for API jmeter |
10 | Smoke Test | smoke-test | Only Automation to be supported QA/PRE-PROD/PROD | Automated Test Scripts Run and pass rate = 100% Test Cases | |
11 | Performance Test | perf-test | Only Automation to be supported Only on PRE-PROD | Performance Test Pass rate = 100% | jmeter |
12 | Security - DAST | dast-scan | Manual Review and Approval | Report reviewed and approved by Tech Architect or Security Architect | Qualys WAS OWASP ZAP Burp Suite IrisRisk Qualys Vulnerability NMAP BitSight Defensics |
13 | Monitoring | monitor | Set Up monitoring and hand over to monitoring teams | Monitoring is setup and Reports are working | KiTOC Splunk Cloudwatch Google Analytics Guard Duty Security Hub Trusted Advisor |
Common Template
- Master Template with all stages defined with exist criteria
- Child pipelines implementing hooks for tools
Implementation Guidelines
- Implement the master template
- Implement child templates as per customization required in Tribes
Compliance Checks
- GitLab Repository will be scanned every month against the pipeline runs for all SRD project
- Report will be created fir each Tribe and application comparing against common standard pipelines
- Refer this page for details - CI/CD Pipeline Compliance
CI/CD Pipeline Compliance
Tribe | Project | req | design | code | code-review | unit-test | sast-scan | dev-build | int-test | qa-deploy | qa-test | stage-deploy | qa-smoke-test | stage-test | perf-test | prod-deploy | prod-smoke-test | dast-scan | monitor |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|