Scope
- Define the stages for CI/CD Pipelines and criteria’s for each stage
- Common Templates to be used for implementation
- Compliance checks to be done in tribes
CI/CD Pipeline Architecture
CI/CD Stages
| Sequence # | Stage | Naming Convention | Description | Stage Gate Criteria | Tools Used |
|---|---|---|---|---|---|
| 1 | Requirement | req | Check if all requirements are documented Epic and User story created in JIRA JIRA User story linked with Infrastructure requirement, GitLab standards, Coding Standards, Security Standards | Check if all requirements are fulfilled Epic and User story Mapping | Jira VersionOne Jama Trello Azure DevOps |
| 2 | Design | design | Design documents are in place according to requirements Repository structure defined Traceability established by having required IDs for Test suites | JIRA User story should have Links to validate stages: GitLab Repository Unit Test Suite ID Integration Test Suite ID Performance Test Suite ID Smoke Test Suit ID | Confluence Docs Sharepoint |
| 3 | Code | code | Every Check-In should have JIRA User story or Defect or incident ID Version Management as per guidelines Branching strategy as per guidelines | Artifacts checked in and compiled successfully Version Management Check for increment Link to JIRA User story or Defect or incident | GitLab AWS codeCommit GitHub Azure DevOps HelixTeamHub IBM gitRepository ClearCase |
| 4 | Code Review | code-review | Manual Code review is done Automated code review done using tools Defects are reported in JIRA and closed Defined the exit criteria for Code Quality | Defect Reported > 0 Open Defect = 0 (Each tribe to customize as per Quality guidelines) Resource Tagging done for AWS infrastructure components | Manual Code review Blackduck SonarQube SCA Checkmarx OSA |
| 5 | Unit Test | unit-test | Manual Test Scripts Run Automated Test Scripts Run | Pass rate for Non-Critical Test Cases> 90% for Pass Rate for Critical Test Cases = 100% | |
| 6 | Security - SAST | sast-scan | IDE using SAST tool integration Run on Dev environment if not integrated in IDE | Open Critical and High Priority Defects = 0 (Refer Latest Security guidelines) | SonarQube Blackduck Coverity Synopsys Internal Tools Checkmarx |
| 7 | Build | build | Builds are complied successfully Artifacts used should be in central repos | Artifacts checked in and compiled successfully IaC Checks | GitLab Jenkins AWS CloudFormation AWS-CDK Cloudfoundry AWS CodeBuild Azure DevOps AWS Artifactory jfrog IBM-CCD |
| 8 | Deploy | deploy | Deploy code on different Environments based on Variable DEV/QA/PRE-PROD/PROD Full/partial Deployments | Deployment with 0 Errors Compliance with Infrastructure code | AWS CloudFormation AWS-CDK Cloudfoundry |
| 9 | E2E Test | e2e-test | Manual Test Scripts Run Automated Test Scripts Run DEV/QA/PRE-PROD | Open Critical and High Priority Defects = 0 Pass rate for Non-Critical Test Cases> 90% for Pass Rate for Critical Test Cases = 100% | Jenkins Robotic framework Robot framework squish framework postman for API jmeter |
| 10 | Smoke Test | smoke-test | Only Automation to be supported QA/PRE-PROD/PROD | Automated Test Scripts Run and pass rate = 100% Test Cases | |
| 11 | Performance Test | perf-test | Only Automation to be supported Only on PRE-PROD | Performance Test Pass rate = 100% | jmeter |
| 12 | Security - DAST | dast-scan | Manual Review and Approval | Report reviewed and approved by Tech Architect or Security Architect | Qualys WAS OWASP ZAP Burp Suite IrisRisk Qualys Vulnerability NMAP BitSight Defensics |
| 13 | Monitoring | monitor | Set Up monitoring and hand over to monitoring teams | Monitoring is setup and Reports are working | KiTOC Splunk Cloudwatch Google Analytics Guard Duty Security Hub Trusted Advisor |
Common Template
- Master Template with all stages defined with exist criteria
- Child pipelines implementing hooks for tools
Implementation Guidelines
- Implement the master template
- Implement child templates as per customization required in Tribes
Compliance Checks
- GitLab Repository will be scanned every month against the pipeline runs for all SRD project
- Report will be created fir each Tribe and application comparing against common standard pipelines
- Refer this page for details - CI/CD Pipeline Compliance
CI/CD Pipeline Compliance
| Tribe | Project | req | design | code | code-review | unit-test | sast-scan | dev-build | int-test | qa-deploy | qa-test | stage-deploy | qa-smoke-test | stage-test | perf-test | prod-deploy | prod-smoke-test | dast-scan | monitor |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2022
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
