September 26, 2023
01:18:53 PM
In today’s evolving tech landscape, ensuring impeccable code quality and robust end-to-end testing is imperative. Recognizing this need, especially from one of our major clients, we decided to embed a solution to our Blocktree deployment within the development lifecycle. This approach aims to achieve consistent code quality and security throughout the app’s growth.
After conducting a thorough analysis and drawing from our extensive experience, we built our solution based on integrating two renowned open-source products: SonarQube and Cypress.
SonarQube: A trusted name in static code analysis, SonarQube specializes in code security checks. Boasting a mature platform, it is backed by a vibrant community and offers a complimentary edition.
Cypress: A contemporary tool, Cypress is designed for creating, visually debugging, and automatically running end-to-end tests in continuous integration builds. It capably emulates client behaviors across various browsers, including Chrome, Firefox, and Microsoft Edge. Like SonarQube, Cypress has commendable community support and provides a free edition.
Our client leverages Gitlab for their CI/CD solutions and as a code storage system. Given this, here’s how we’ve streamlined the continuous integration workflow:
SonarQube Analysis: For any fresh commits made to the IH application, SonarQube employs the sonar-scanner tool for scrutiny. This analyzed data is dispatched to the SonarQube server. Developers can then use the SonarQube server UI to rectify any identified issues. It’s crucial to note that the subsequent building of the application’s docker image is contingent upon successfully completing the preceding SonarQube pipeline.
Before rolling this out in a live environment, we made a pivotal move. The application code underwent a SonarQube analysis, enabling developers to fix all significant concerns. After this comprehensive compliance check, in line with the customer’s standards, we automatically detect new code modifications.
Cypress Testing: This phase is triggered during deployment. The pipeline embarks on end-to-end testing once the application code is active on STAGE and PRE-PROD environments. Successful test outcomes pave the way for deployment in the PROD environment.
A key distinction here is the nature of Cypress tests. While the STAGE environment witnesses regression testing, the PRE-PROD environment is earmarked for sanity checks.
Integrating SonarQube and Cypress amplifies our app deployment procedure and fortifies the application’s resilience and security. Through this integration, we continue our commitment to delivering top-notch quality and unmatched security to our clients.
If you are seeking additional details or are interested in consulting with our team, feel free to contact us. We are here to assist and provide tailored solutions to your specific needs.