Lukas Pradel is a Senior Consultant at Conciso GmbH. He likes to spend the time he saves by automating everything on riding his motorcycle.
Test-driven development of CI/CD pipelines
CI/CD pipelines are becoming more and more popular as organizations begin to implement actual continuous deployment and therefore require not only automated builds and tests but also the critically important deployment step as well as part of their pipelines.
Hence it is with good reason that for a while now the DevOps community has been advocating for treating CI/CD pipelines with the same care and diligence as the application code itself, for example when it comes to security aspects, namely "DevSecOps". A key principle of this is that everyone is responsible for the security of pipelines and that security aspects are taken into consideration from the very beginning. This is considered a best practice in software development itself.
Another important lesson from software development is: consistently assuring software quality is a must and pays off in the long run. Therefore, state of the art software development involves test-driven development where the software is tested before it is implemented. If the same holds true for security, then why should pipelines not be developed test-driven as well? After all they control the crucial deployment step of our applications and buggy or faulty deployments will very likely impact our users or even cause catastrophic fallout!
In this live-coding session we will develop a Jenkins pipeline from scratch in an entirely test-driven way and demonstrate how we can apply the principles of test-driven development to CI/CD pipelines and employ the typical tools of test-driven development such as unit testing, mocks and assertions to verify that our pipeline works correctly.