Open

Internal CI Pipeline Flow

Open

The internal CI pipeline will go through several steps to preserve quality and protect against code regressions.

1. Validate poms

   1. Checks out the code

   2. Uses the pomfix tool to validate that bundle dependencies are properly declared

2. Incremental Build (only runs for PR branches)

   1. Runs two parallel builds. One on Linux and one on Windows

      1. Runs a quick build with tests and analysis disabled

      2. Runs a build that runs the tests and analysis for the changed modules

      3. Runs the integration tests

3. Full Build (only runs for non-pr branches)

   1. Runs two parallel builds. One on Linux and one on Windows

      1. Runs a quick build with tests disabled

      2. Static analysis will run, including ErrorProne (2.12.x+), Checkstyle, and Coveo Formatting Check

      3. Runs the integration tests

4. Security Analysis

   1. OWASP

      1. Runs incremental scan if it is a pull request

      2. If not a pull request, run the full scan

   2. NodeJsSecurity

      1. Runs Node JS security check on UI packages

5.  Deploy

   1. The deploy stage will only be executed for deployable branches. These include master and any patch branch matching M.m.x format (i.e. 2.10.x, 2.9.x, etc...). It will also only deploy in the presence of an environment variable JENKINS_ENV = 'prod'. This can be passed in globally from the jenkins master node settings.

   2. In other words, PR and specialty branches will not be deployed

   3. Uses the Maven Deploy Plugin to publish the artifacts to the Codice Nexus

6. Quality Analysis

   1. Runs three scans in parallel: SonarCloud, Coverity, and Codecov

   2. SonarCloud (Code defect static analysis)

      1. Runs incremental scans for pull request branches

      2. Runs full scan for all other branches

   3. Coverity (Code defect static analysis)

      1. Only run on the master branch

   4. Codecov (Test code coverage)

      1. Always run

PR Quality Gate

Open