Uploaded image for project: 'SAFe Program'
  1. SAFe Program
  2. SP-1325

Improving CI/CD Workflow

    XporterXMLWordPrintable

Details

    • Enabler
    • Not Assigned
    • PI8
    • None
    • Services
    • Hide

      In order to have a consistent and robust development/security/review/QA processes for ska-telescope projects, there needs to be a common series of automated checks and feedback mechanism in place following the SKA policies and developer portal guidelines. So that the projects are checked, feedback is given to the developers early, necessary metrics are collected for analysing and reporting of the quality of ska-telescope projects as a whole are ensured.

      Show
      In order to have a consistent and robust development/security/review/QA processes for ska-telescope projects, there needs to be a common series of automated checks and feedback mechanism in place following the SKA policies and developer portal guidelines. So that the projects are checked, feedback is given to the developers early, necessary metrics are collected for analysing and reporting of the quality of ska-telescope projects as a whole are ensured.
    • Hide

      A series of checks are defined and implemented using the CI/CD Automation framework(SP-993) and other 3rd party tools that integrate with CI/CD:

      • Necessary Checks and Feedback Mechanisms are defined and architectured and implemented/improved following the DevSecOps Roadmap (TBD)
      • Active: directly integrate with the pipeline (as a step of it) to check if the commit, MR, versioning is following the guidelines and report back to the MR page. In each of these cases, feedback will be given in mainly MR page, optionally blocking the MR, notifying on Slack/email
        • commit message: guidelines on developer portal (also need to review the guidelines, update them)
        • MR checklist
        • versioning: release files correctly updated, check tags
        • Read the docs
        • Basic Security checks
        • Check if the license file is correct
        • Idea: Linting could also be done here as well?
      • Active: directly integrate with the pipeline to check if the necessary files for testing, linting etc. is correctly built
      • Active: directly integrate with the pipeline to check the included steps are up to date (linting, testing, ci-metrics, publishing, releasing)
      • Active: directly integrate with the pipeline to check for secrets, tokens etc.
      • Passive: Trigger a service via webhook to check if the MR settings are correct
      • Passive: Trigger a service via webhook to report on metrics about the MR on create/update/merge events (also need to consider close/discard case):
        • Commit count
        • Author
        • File count
        • Diff
        • Day of the merge
        • How long MR has been open
        • Etc.
      • Passive: Trigger a service to if the MR is part of a triage operation (security scanning, SKB Bug, Incident etc.) to update necessary issues, perform other tasks.

      Note: This list is not final and needs to be decided on prior to following any of the issues to have a better architecture of the SKA DevOps Framework with processes and tools defined.

      Show
      A series of checks are defined and implemented using the CI/CD Automation framework( SP-993 ) and other 3rd party tools that integrate with CI/CD: Necessary Checks and Feedback Mechanisms are defined and architectured and implemented/improved following the DevSecOps Roadmap (TBD) Active: directly integrate with the pipeline (as a step of it) to check if the commit, MR, versioning is following the guidelines and report back to the MR page. In each of these cases, feedback will be given in mainly MR page, optionally blocking the MR, notifying on Slack/email commit message: guidelines on developer portal (also need to review the guidelines, update them) MR checklist versioning: release files correctly updated, check tags Read the docs Basic Security checks Check if the license file is correct Idea: Linting could also be done here as well? Active: directly integrate with the pipeline to check if the necessary files for testing, linting etc. is correctly built Active: directly integrate with the pipeline to check the included steps are up to date (linting, testing, ci-metrics, publishing, releasing) Active: directly integrate with the pipeline to check for secrets, tokens etc. Passive: Trigger a service via webhook to check if the MR settings are correct Passive: Trigger a service via webhook to report on metrics about the MR on create/update/merge events (also need to consider close/discard case): Commit count Author File count Diff Day of the merge How long MR has been open Etc. Passive: Trigger a service to if the MR is part of a triage operation (security scanning, SKB Bug, Incident etc.) to update necessary issues, perform other tasks. Note: This list is not final and needs to be decided on prior to following any of the issues to have a better architecture of the SKA DevOps Framework with processes and tools defined.
    • 13
    • 0.923
    • Team_SYSTEM
    • 8.6

    • PI22 - UNCOVERED

    Description

      Define automated checks and implement feedback mechanisms using CI/CD Automation Framework (developed in SP-993) for SKA DevSecOps processes.

      This system will improve:

      • MR Workflow
      • CI/CD Pipeline Workflow
      • Packaging and Release Procedure
      • Collection and Reporting of Necessary metrics for the defined repositories

       

      The general idea is to have:

      • Development workflow (MR) integrated tightly with Release and Packaging workflow
      • Necessary Checks and Feedback Mechanisms are defined and architectured and implemented/improved following the DevSecOps Roadmap (TBD)
      • Series of central checks (checks that are triggered by pipeline not run as part for pipeline, i.e. release gate-keeping, updating repos, incident triage etc.) and their feedback mechanism are in place
      • Automated pipeline jobs are defined for compliance with SKA Standards and Policies
      • danger and similar tools (for security scanning/metric collection etc.) is integrated with CI/CD to implement predefined checks and feedback mechanisms

      Attachments

        Issue Links

          is cloned by

          Enabler - An Enabler supports the activities needed to extend the Architectural Runway to provide future business functionality. These include exploration, architecture, infrastructure, and compliance. SP-1444 CI/CD Workflow: Merge Request Hooks

          • Not Assigned - Priority is not assigned yet.
          • Done
          relates to

          Enabler - An Enabler supports the activities needed to extend the Architectural Runway to provide future business functionality. These include exploration, architecture, infrastructure, and compliance. SP-993 CI/CD Automation Framework

          • Not Assigned - Priority is not assigned yet.
          • Done

          Enabler - An Enabler supports the activities needed to extend the Architectural Runway to provide future business functionality. These include exploration, architecture, infrastructure, and compliance. SP-1443 Complete CI/CD Automation Framework

          • Not Assigned - Priority is not assigned yet.
          • Done

          Structure

            Activity

              People

                m.bartolini Bartolini, Marco
                U.Yilmaz Yilmaz, Ugur
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Feature Progress

                  Story Point Burn-up: (0%)

                  Feature Estimate: 13.0

                  IssuesStory Points
                  To Do00.0
                  In Progress   00.0
                  Complete00.0
                  Total00.0

                  Dates

                    Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel