Jorge Hidalgo, profile picture
Uploaded byJorge Hidalgo
PDF, PPTX1,085 views

Multilanguage Pipelines with Jenkins, Docker and Kubernetes (Oracle Code One San Francisco 2018)

The document discusses the implementation of multilanguage pipelines using Jenkins, Docker, and other tools, emphasizing automation and DevOps principles. It outlines the pipeline process from environment preparation to code inspection, detailing each testing stage and the importance of code quality measures. The authors, Jorge Hidalgo and Julio Palma, encourage collaboration and provide online resources for further exploration.

Download as PDF, PPTX
INFINITE POSSIBILITIES MULTILANGUAGE PIPELINES WITH JENKINS, DOCKER AND FRIENDS JORGE HIDALGO @_deors JULIO PALMA @restalion ORACLE CODE ONE SAN FRANCISCO 2018
WHO WE ARE Jorge Hidalgo @_deors Senior Technology Architect Accenture Technology Spain Global Java Lead Spain Advanced Technology Center Custom Engineering & Architecture Lead MálagaJUG co-lead Julio Palma @restalion Technology Architect Accenture Technology Spain Spain Advanced Technology Center Backend & Cloud Architecture Chapter Lead MálagaJUG member Honorable mentions: Vicente González and the whole Architecture & DevOps Squad at Spain ATC INFINITE POSSIBILITIES
TL;DR All code and pipeline examples can be found online in these repositories: https://github.com/deors/deors-demos-petclinic https://github.com/restalion/python-jenkins-pipeline Don’t hesitate to ask, log issues or send your pull requests – HACKERS WELCOMED! INFINITE POSSIBILITIES
AT THE BEGINNING... ...ONLY PAIN AND BREAKING BUILDS
CAN WE REALLY MANUFACTURE ‘UNICORNS’? https://en.wikipedia.org/wiki/Unicorn_(finance) https://www.linkedin.com/pulse/5-signs-youre-unicorn-employee-ryan-holmes/
STANDARDIZATION FAST PREDICTABLE FAMILIAR
ADOP THE DEVOPS PLATFORM Share success Easy access to tooling platform accenture.github.io/adop-docker-compose/ open source (Apache 2 license)
ADOP IS... NGINX web / proxy server OpenLDAP directory server ELK log monitoring all tools packaged as Docker containers Sensu - Uchiwa infra/app monitoring Jenkins continuous integration / delivery Gerrit Git repositories / code review SonarQube code inspection / quality dashboard Selenium web browser testing Nexus binary artefact repositories
ADOP DRIVES OUR JOURNEY TO DEVOPS AND A NEW WAY OF WORKING AS TEAMS…
...BUT THERE IS STILL MORE TO DO
AGILE DEVOPS ARCHITECTURE VALUE PRIORITISED DELIVER–REFLECT–IMPROVE DECOUPLED ARCHITECTURE RESILIENT BY DESIGN AUTOMATED PIPELINES BLENDED TEAMS PRODUCT AND CUSTOMER CENTRIC BUILT-IN QUALITY DECENTRALISED EXECUTION
THE THREE AMIGOS
PIPELINES AS CODE THE THREE AMIGOS
UNIVERSAL APPLICATION PACKAGING THE THREE AMIGOS
UNIVERSAL RUNTIME PLATFORM THE THREE AMIGOS
K8S - HAVE IT YOUR WAY
SKETCH THE EXEMPLAR PIPELINE IN ARCHETYPES AND TEMPLATES
EVERYTHING TOGETHER AND IN VERSION CONTROL
JENKINS LIBRARIES TO REUSE COMMON TASKS
FREEDOM TO OVERRIDE WHATEVER IS NEEDED
AND LET THE PLATFORM CARE OF ANYTHING ELSE
STANDARDIZATION TAKES FORM AS AN AGREED PIPELINE SCHEMA “Behavior-over-tool”
BRIEF HISTORY OF A PIPELINE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Prepare environment for pipeline execution • Builder image with basic stuff: JDK, Maven, npm, Node.js, Python… • Install all needed dependencies • Python: pip install • Node.js: npm install • Java: Maven, either explicit or along the pipeline ENVIRONMENT PREPARATION ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Transform source code to binaries • In some cases compilation is replaced by other activities like uglyfication, minification, transpilation… • For interpreted languages, when viable, check for syntax errors COMPILE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Run project unit tests • And never forget: gather code coverage metrics • Coverage will highlight which code is not being exercized • “EXERCIZED” does not imply “TESTED” UNIT TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• In a nutshell: validates whether your tests are actually testing anything • Mutation tests will uncover: • Untested use cases • Test cases without assertions • Also, test cases with insufficient or wrong assertions MUTATION TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Package all application resources: • Binaries • Static resources • Application configuration which does not depend on the environment, e.g. literals, error codes… • Environment specific configuration must be externalized (package once run everywhere) PACKAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Put together all pieces which constitute our application • Base image • Build artifacts • Dependencies • Base images have their own pipeline • Typically maintained by someone else (vendor, community, other team…) BUILD DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• The purpose of this step is to ensure that our application runs and to make it available for tests • If application depends on other applications (database, message queue, other services…) they will be executed all together (docker compose, application.yml…) • The test environment is not lasting — will be available only to tests during the life of the pipelines • Should allow for concurrent execution (fast feedback on a continuous integration build-per-commit approach) RUN DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Run tests requiring the application running and its dependencies • Integration tests may include: UI tests, API tests… • Should be user-oriented whenever possible • Test data preparation is performed at this step too • For web applications use vulnerability scan agent/proxy • And remember: gather code coverage metrics INTEGRATION TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Exercize the application under load • Response times are important but will also uncover errors due to concurrency usage • Quality gate should be asserting both metrics • Should be user-oriented too — reuse integration tests whenever possible • Use of dynamic performance monitor agents is also advised PERFORMANCE TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Assessing application security is not negotiable • But usually we forget that most vulnerabilities, if not all, come from external dependencies • Some tools for this step include: • OWASP Dependency Check • Snyk • Black Duck • Nexus Lifecycle • PyUp Safety DEPENDENCY VULNERABILITY TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• Static code analysis: • Adherence to coding standards • Possible bugs • Code smells and best practices • Security vulnerabilities • Documentation and complexity metrics • Code duplication • This step usually happens at the same time that the overall quality gate (SonarQube) • Ideally this should happen earlier in the pipeline — however we assume that this is happening before code is pushed and/or merged CODE INSPECTION ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
• After the final quality gate, if all pass, the image is pushed to a shared registry • Once pushed it is available to be used by: • Other applications that depends on this image • To be promoted to a stage environment • All the way up to production PUSH DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
GOT ANY QUESTIONS? LET’S TALK!

More Related Content

PDF
DevOps Patterns to Enable Success in Microservices
byRich Mills
 
PDF
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
byCA Technologies
 
PDF
Multilanguage Pipelines with Jenkins, Docker and Kubernetes (Commit Conf 2018)
byJorge Hidalgo
 
PPTX
Open Source Power Tools - Opensouthcode 2018-06-02
byJorge Hidalgo
 
PPTX
An introduction to DevOps
byAdithya Krishnakant
 
PPTX
Tailoring your SDLC for DevOps, Agile and more
byJeff Schneider
 
PDF
Dev ops tutorial for beginners what is devops & devops tools
byJanBask Training
 
PDF
Multilanguage pipelines with Jenkins, Docker and Kubernetes (DevOpsDays Riga ...
byJorge Hidalgo
 
DevOps Patterns to Enable Success in Microservices
byRich Mills
 
DevOps Patterns Distilled: Implementing The Needed Practices In Practical Steps
byCA Technologies
 
Multilanguage Pipelines with Jenkins, Docker and Kubernetes (Commit Conf 2018)
byJorge Hidalgo
 
Open Source Power Tools - Opensouthcode 2018-06-02
byJorge Hidalgo
 
An introduction to DevOps
byAdithya Krishnakant
 
Tailoring your SDLC for DevOps, Agile and more
byJeff Schneider
 
Dev ops tutorial for beginners what is devops & devops tools
byJanBask Training
 
Multilanguage pipelines with Jenkins, Docker and Kubernetes (DevOpsDays Riga ...
byJorge Hidalgo
 

What's hot

PDF
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
byEdureka!
 
PDF
DevOps Interview Questions and Answers 2019 | DevOps Tutorial | Edureka
byEdureka!
 
PPTX
Azure DevOps
byMichael Jesse
 
PDF
CI/CD (DevOps) 101
byHazzim Anaya
 
PDF
Introduction to DevOps
byAhmed Adel
 
PPTX
DevOps Workshop, DevOps for DoD Professionals
byTonex
 
PPTX
CI/CD Best Practices for Your DevOps Journey
byDevOps.com
 
PDF
Introduction to DevOps
byRavindu Fernando
 
PDF
Open source technology, freeware drone (by Joris Krüse)
byVerhaert Masters in Innovation
 
PDF
DevSecOps for the DoD
byJamesHarmison
 
PPTX
Gartner EA Architecting for DevOps and Hybrid Cloud
byRosalind Radcliffe
 
PDF
Continuous Delivery vs Continuous Deployment | DevOps Methodology | Devops Tr...
byEdureka!
 
PDF
Top DevOps tools
byMetricoid Technology
 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
PDF
TMF2014 CI-CD Workshop Michael Palotas
byKJR
 
PDF
Enterprise CI as-a-Service using Jenkins
byCollabNet
 
PDF
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
byPROIDEA
 
PDF
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
byTechWell
 
PDF
OSDC 2019 | DevOps in a containerized world by Martin Alfke
byNETWAYS
 
PDF
How to Effect Change in the Epistemological Wasteland of Application Security
byJames Wickett
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
byEdureka!
 
DevOps Interview Questions and Answers 2019 | DevOps Tutorial | Edureka
byEdureka!
 
Azure DevOps
byMichael Jesse
 
CI/CD (DevOps) 101
byHazzim Anaya
 
Introduction to DevOps
byAhmed Adel
 
DevOps Workshop, DevOps for DoD Professionals
byTonex
 
CI/CD Best Practices for Your DevOps Journey
byDevOps.com
 
Introduction to DevOps
byRavindu Fernando
 
Open source technology, freeware drone (by Joris Krüse)
byVerhaert Masters in Innovation
 
DevSecOps for the DoD
byJamesHarmison
 
Gartner EA Architecting for DevOps and Hybrid Cloud
byRosalind Radcliffe
 
Continuous Delivery vs Continuous Deployment | DevOps Methodology | Devops Tr...
byEdureka!
 
Top DevOps tools
byMetricoid Technology
 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
TMF2014 CI-CD Workshop Michael Palotas
byKJR
 
Enterprise CI as-a-Service using Jenkins
byCollabNet
 
Containers, Serverless, Polyglot Development World, And Others…10 trends resh...
byPROIDEA
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
byTechWell
 
OSDC 2019 | DevOps in a containerized world by Martin Alfke
byNETWAYS
 
How to Effect Change in the Epistemological Wasteland of Application Security
byJames Wickett
 

Similar to Multilanguage Pipelines with Jenkins, Docker and Kubernetes (Oracle Code One San Francisco 2018)

PPTX
Software-Engineering-and-Best-Practices.
byOzias Rondon
 
PDF
DevSecOps: essential tooling to enable continuous security 2019-09-16
byRich Mills
 
PDF
High Performance Software Engineering Teams
byLars Thorup
 
PDF
Containers and Virtualisation for Continuous Testing
bysbbabu
 
PDF
Python - code quality and production monitoring
byDavid Melamed
 
PPTX
Build Quality In
byKishen Simbhoedatpanday
 
PPTX
Anatomy of a Build Pipeline
bySamuel Brown
 
ODP
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
byMatt Tesauro
 
PPTX
Experiences Bringing CD to a DoD Project
byGene Gotimer
 
PPTX
Integreation
bySean Killeen
 
PPTX
Bootstrapping Quality
byMichael Roufa
 
PPTX
Agile Engineering Sparker GLASScon 2015
byStephen Ritchie
 
KEY
Beyond TDD: Enabling Your Team to Continuously Deliver Software
byChris Weldon
 
PDF
Increasing Quality with DevOps
byCoveros, Inc.
 
PDF
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
by.NET Conf UY
 
PDF
Config Management Camp 2017 - If it moves, give it a pipeline
byMark Rendell
 
PPT
Lessons Learned in a Continuously Developing Service-Oriented Architecture
bymdwheele
 
ZIP
Introduction To Continuous Integration
byChristopher Read
 
PDF
Systems se
byFranco Bressan
 
PPTX
The essentials of the IT industry or What I wish I was taught about at Univer...
byEqual Experts
 
Software-Engineering-and-Best-Practices.
byOzias Rondon
 
DevSecOps: essential tooling to enable continuous security 2019-09-16
byRich Mills
 
High Performance Software Engineering Teams
byLars Thorup
 
Containers and Virtualisation for Continuous Testing
bysbbabu
 
Python - code quality and production monitoring
byDavid Melamed
 
Build Quality In
byKishen Simbhoedatpanday
 
Anatomy of a Build Pipeline
bySamuel Brown
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
byMatt Tesauro
 
Experiences Bringing CD to a DoD Project
byGene Gotimer
 
Integreation
bySean Killeen
 
Bootstrapping Quality
byMichael Roufa
 
Agile Engineering Sparker GLASScon 2015
byStephen Ritchie
 
Beyond TDD: Enabling Your Team to Continuously Deliver Software
byChris Weldon
 
Increasing Quality with DevOps
byCoveros, Inc.
 
Getting Ahead of Delivery Issues with Deep SDLC Analysis by Donald Belcham
by.NET Conf UY
 
Config Management Camp 2017 - If it moves, give it a pipeline
byMark Rendell
 
Lessons Learned in a Continuously Developing Service-Oriented Architecture
bymdwheele
 
Introduction To Continuous Integration
byChristopher Read
 
Systems se
byFranco Bressan
 
The essentials of the IT industry or What I wish I was taught about at Univer...
byEqual Experts
 

More from Jorge Hidalgo

PPTX
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
byJorge Hidalgo
 
PDF
GraalVM - MadridJUG 2019-10-22
byJorge Hidalgo
 
PPTX
JavaOne 2014 - CON2013 - Code Generation in the Java Compiler: Annotation Pro...
byJorge Hidalgo
 
PDF
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
byJorge Hidalgo
 
PPTX
The Usual Suspects - Red Hat Developer Day 2012-11-01
byJorge Hidalgo
 
PPTX
JavaOne 2016 - CON3080 - Testing Java Web Applications with Selenium: A Cookbook
byJorge Hidalgo
 
PPTX
DevOps Te Cambia la Vida - eComputing 2018-07-03
byJorge Hidalgo
 
PDF
Por qué DevOps, por qué ahora @ CHAPI 2017
byJorge Hidalgo
 
PPTX
JavaOne 2017 CON3276 - Selenium Testing Patterns Reloaded
byJorge Hidalgo
 
PPTX
Next-gen IDE v2 - OpenSlava 2013-10-11
byJorge Hidalgo
 
PDF
GraalVM - MálagaJUG 2018-11-29
byJorge Hidalgo
 
PDF
GraalVM - OpenSlava 2019-10-18
byJorge Hidalgo
 
PPTX
JavaOne 2015 - CON6489 - Smart Open Spaces Powered by Low Cost Computers
byJorge Hidalgo
 
PDF
GraalVM - JBCNConf 2019-05-28
byJorge Hidalgo
 
PDF
Accenture Liquid Architectures (for Master EMSE UPM-FI - April 2017)
byJorge Hidalgo
 
PPTX
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
byJorge Hidalgo
 
PDF
Architecture 2020 - eComputing 2019-07-01
byJorge Hidalgo
 
PDF
All Your Faces Belong to Us - Opensouthcode 2017-05-06
byJorge Hidalgo
 
PPTX
La JVM y el Internet de las Cosas @ MálagaJUG 2016-11-17
byJorge Hidalgo
 
PPTX
OpenSlava 2016 - Lightweight Java Architectures
byJorge Hidalgo
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
byJorge Hidalgo
 
GraalVM - MadridJUG 2019-10-22
byJorge Hidalgo
 
JavaOne 2014 - CON2013 - Code Generation in the Java Compiler: Annotation Pro...
byJorge Hidalgo
 
JavaOne 2017 CON2902 - Java Code Inspection and Testing Power Tools
byJorge Hidalgo
 
The Usual Suspects - Red Hat Developer Day 2012-11-01
byJorge Hidalgo
 
JavaOne 2016 - CON3080 - Testing Java Web Applications with Selenium: A Cookbook
byJorge Hidalgo
 
DevOps Te Cambia la Vida - eComputing 2018-07-03
byJorge Hidalgo
 
Por qué DevOps, por qué ahora @ CHAPI 2017
byJorge Hidalgo
 
JavaOne 2017 CON3276 - Selenium Testing Patterns Reloaded
byJorge Hidalgo
 
Next-gen IDE v2 - OpenSlava 2013-10-11
byJorge Hidalgo
 
GraalVM - MálagaJUG 2018-11-29
byJorge Hidalgo
 
GraalVM - OpenSlava 2019-10-18
byJorge Hidalgo
 
JavaOne 2015 - CON6489 - Smart Open Spaces Powered by Low Cost Computers
byJorge Hidalgo
 
GraalVM - JBCNConf 2019-05-28
byJorge Hidalgo
 
Accenture Liquid Architectures (for Master EMSE UPM-FI - April 2017)
byJorge Hidalgo
 
JavaOne 2017 CON3282 - Code Generation with Annotation Processors: State of t...
byJorge Hidalgo
 
Architecture 2020 - eComputing 2019-07-01
byJorge Hidalgo
 
All Your Faces Belong to Us - Opensouthcode 2017-05-06
byJorge Hidalgo
 
La JVM y el Internet de las Cosas @ MálagaJUG 2016-11-17
byJorge Hidalgo
 
OpenSlava 2016 - Lightweight Java Architectures
byJorge Hidalgo
 

Recently uploaded

PDF
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
PDF
White-Label Development vs In-House Tech Teams: Key Differences
byShiv Technolabs Pvt. Ltd.
 
PDF
product realizatio n software.pdf
byJames Cameron
 
PPTX
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
PDF
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
PDF
Employee Self Service in Payroll A Win for Transparency and Productivity .pdf
byCRMLeaf
 
PDF
Top 10 Ways AI Can Improve SEO Strategies in 2025.pdf
bybpractseo
 
PPTX
EMR software | Best EMR software | EasyClinic
byEasy Clinic
 
PPTX
Intoduction_to_Maven best java tool for project management
byparasbramhankar02
 
PPTX
College Management System.pptx
bygehlotyash2005
 
PDF
12 Simple Ways to Attract Direct Bookings.pdf
byHotelogix
 
PDF
AI-Powered Alert Analysis with ClickHouse Cloud Databases.pdf
byAlkin Tezuysal
 
PDF
Simplify Finances with Qandle’s Expense Software.pdf
byQandle
 
PDF
Build Vs. Buy: Cloud Cost Management and FinOps
byAmnic
 
PDF
Boobanker Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
PDF
Patterns of Patterns and why we need them
bydescri1
 
PPTX
Communicating Software Architecture using Arc42
byAshraf Fouad
 
PPTX
AI EMR Software Making Healthcare Smarter, Simpler, and More Human
byEasy Clinic
 
PDF
The future Android App Development in 2025
byLoudOwls Solutions Private Limited
 
PDF
NFTMeme Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
Hiring Dedicated Laravel Developers: Cost Breakdown
byShiv Technolabs Pvt. Ltd.
 
White-Label Development vs In-House Tech Teams: Key Differences
byShiv Technolabs Pvt. Ltd.
 
product realizatio n software.pdf
byJames Cameron
 
Hall-Pass-Management-Software-Transforming-School-Safety-and-Efficiency.pptx
byinfoswipesolutionsin
 
Cloud-based Hotel PMS_ Why hotels Must Upgrade Now.pdf
byHotelogix
 
Employee Self Service in Payroll A Win for Transparency and Productivity .pdf
byCRMLeaf
 
Top 10 Ways AI Can Improve SEO Strategies in 2025.pdf
bybpractseo
 
EMR software | Best EMR software | EasyClinic
byEasy Clinic
 
Intoduction_to_Maven best java tool for project management
byparasbramhankar02
 
College Management System.pptx
bygehlotyash2005
 
12 Simple Ways to Attract Direct Bookings.pdf
byHotelogix
 
AI-Powered Alert Analysis with ClickHouse Cloud Databases.pdf
byAlkin Tezuysal
 
Simplify Finances with Qandle’s Expense Software.pdf
byQandle
 
Build Vs. Buy: Cloud Cost Management and FinOps
byAmnic
 
Boobanker Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 
Patterns of Patterns and why we need them
bydescri1
 
Communicating Software Architecture using Arc42
byAshraf Fouad
 
AI EMR Software Making Healthcare Smarter, Simpler, and More Human
byEasy Clinic
 
The future Android App Development in 2025
byLoudOwls Solutions Private Limited
 
NFTMeme Token – Smart Contract Security Audit Report by EtherAuthority
byEtherAuthority1
 

Multilanguage Pipelines with Jenkins, Docker and Kubernetes (Oracle Code One San Francisco 2018)

  • 1.
    INFINITE POSSIBILITIES MULTILANGUAGE PIPELINES WITH JENKINS, DOCKER ANDFRIENDS JORGE HIDALGO @_deors JULIO PALMA @restalion ORACLE CODE ONE SAN FRANCISCO 2018
  • 2.
    WHO WE ARE JorgeHidalgo @_deors Senior Technology Architect Accenture Technology Spain Global Java Lead Spain Advanced Technology Center Custom Engineering & Architecture Lead MálagaJUG co-lead Julio Palma @restalion Technology Architect Accenture Technology Spain Spain Advanced Technology Center Backend & Cloud Architecture Chapter Lead MálagaJUG member Honorable mentions: Vicente González and the whole Architecture & DevOps Squad at Spain ATC INFINITE POSSIBILITIES
  • 3.
    TL;DR All code andpipeline examples can be found online in these repositories: https://github.com/deors/deors-demos-petclinic https://github.com/restalion/python-jenkins-pipeline Don’t hesitate to ask, log issues or send your pull requests – HACKERS WELCOMED! INFINITE POSSIBILITIES
  • 4.
    AT THE BEGINNING... ...ONLYPAIN AND BREAKING BUILDS
  • 5.
  • 6.
  • 7.
    ADOP THE DEVOPS PLATFORM Share success Easy accessto tooling platform accenture.github.io/adop-docker-compose/ open source (Apache 2 license)
  • 8.
    ADOP IS... NGINX web /proxy server OpenLDAP directory server ELK log monitoring all tools packaged as Docker containers Sensu - Uchiwa infra/app monitoring Jenkins continuous integration / delivery Gerrit Git repositories / code review SonarQube code inspection / quality dashboard Selenium web browser testing Nexus binary artefact repositories
  • 9.
    ADOP DRIVES OURJOURNEY TO DEVOPS AND A NEW WAY OF WORKING AS TEAMS…
  • 10.
    ...BUT THERE ISSTILL MORE TO DO
  • 11.
    AGILE DEVOPS ARCHITECTURE VALUE PRIORITISED DELIVER–REFLECT–IMPROVE DECOUPLED ARCHITECTURE RESILIENTBY DESIGN AUTOMATED PIPELINES BLENDED TEAMS PRODUCT AND CUSTOMER CENTRIC BUILT-IN QUALITY DECENTRALISED EXECUTION
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
    K8S - HAVEIT YOUR WAY
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
    AND LET THE PLATFORM CAREOF ANYTHING ELSE
  • 22.
    STANDARDIZATION TAKES FORM AS ANAGREED PIPELINE SCHEMA “Behavior-over-tool”
  • 23.
    BRIEF HISTORY OFA PIPELINE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 24.
    • Prepare environmentfor pipeline execution • Builder image with basic stuff: JDK, Maven, npm, Node.js, Python… • Install all needed dependencies • Python: pip install • Node.js: npm install • Java: Maven, either explicit or along the pipeline ENVIRONMENT PREPARATION ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 25.
    • Transform sourcecode to binaries • In some cases compilation is replaced by other activities like uglyfication, minification, transpilation… • For interpreted languages, when viable, check for syntax errors COMPILE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 26.
    • Run projectunit tests • And never forget: gather code coverage metrics • Coverage will highlight which code is not being exercized • “EXERCIZED” does not imply “TESTED” UNIT TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 27.
    • In anutshell: validates whether your tests are actually testing anything • Mutation tests will uncover: • Untested use cases • Test cases without assertions • Also, test cases with insufficient or wrong assertions MUTATION TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 28.
    • Package allapplication resources: • Binaries • Static resources • Application configuration which does not depend on the environment, e.g. literals, error codes… • Environment specific configuration must be externalized (package once run everywhere) PACKAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 29.
    • Put togetherall pieces which constitute our application • Base image • Build artifacts • Dependencies • Base images have their own pipeline • Typically maintained by someone else (vendor, community, other team…) BUILD DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 30.
    • The purposeof this step is to ensure that our application runs and to make it available for tests • If application depends on other applications (database, message queue, other services…) they will be executed all together (docker compose, application.yml…) • The test environment is not lasting — will be available only to tests during the life of the pipelines • Should allow for concurrent execution (fast feedback on a continuous integration build-per-commit approach) RUN DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 31.
    • Run testsrequiring the application running and its dependencies • Integration tests may include: UI tests, API tests… • Should be user-oriented whenever possible • Test data preparation is performed at this step too • For web applications use vulnerability scan agent/proxy • And remember: gather code coverage metrics INTEGRATION TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 32.
    • Exercize theapplication under load • Response times are important but will also uncover errors due to concurrency usage • Quality gate should be asserting both metrics • Should be user-oriented too — reuse integration tests whenever possible • Use of dynamic performance monitor agents is also advised PERFORMANCE TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 33.
    • Assessing applicationsecurity is not negotiable • But usually we forget that most vulnerabilities, if not all, come from external dependencies • Some tools for this step include: • OWASP Dependency Check • Snyk • Black Duck • Nexus Lifecycle • PyUp Safety DEPENDENCY VULNERABILITY TESTS ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 34.
    • Static codeanalysis: • Adherence to coding standards • Possible bugs • Code smells and best practices • Security vulnerabilities • Documentation and complexity metrics • Code duplication • This step usually happens at the same time that the overall quality gate (SonarQube) • Ideally this should happen earlier in the pipeline — however we assume that this is happening before code is pushed and/or merged CODE INSPECTION ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 35.
    • After thefinal quality gate, if all pass, the image is pushed to a shared registry • Once pushed it is available to be used by: • Other applications that depends on this image • To be promoted to a stage environment • All the way up to production PUSH DOCKER IMAGE ENVIRONMENT PREPARATION COMPILE UNIT TESTS MUTATION TESTS PACKAGE BUILD DOCKER IMAGE RUN DOCKER IMAGE INTEGRATION TESTS PERFORMANCE TESTS DEPENDENCY VULNERABILITY TESTS CODE INSPECTION PUSH DOCKER IMAGE
  • 36.