Skip to content

Exercise 1: Automated Quality Assurance Activities

You are given a codebase of a Web app named Sitodo PMPL that implemented using Java and Spring Boot. The codebase contains both the production code and the test code. The production code is, obviously, the implementation of all features in the application. The test code comprises of unit test suite and functional test suite that covers 90% of the production code when tested locally using Maven.

As part of the exercise, you are asked to set up a CI/CD pipeline for performing automated quality assurance activities. You are required to automate the following tasks in the CI/CD pipeline:

  • Execute test suites.
  • Report test execution results, including pass/fail status and code coverage measurement.
  • Analyse code quality and possible security issues in the codebase using GitLab's Code Quality and SAST jobs.
  • Build and deploy the application to a PaaS of your choice (e.g. Heroku or Fly.io) only if the tests pass.

Additionally, you also need to improve the code quality and security based on the analysis produced by the CI/CD pipeline. Based on the identified issues, you have to fix the production code and the test code to resolve the issues. Please ensure the code coverage percentage is still maintained above 90%.

For your information when setting up the GitLab CI/CD configuration that will be run on GitLab CSUI, the following is the overview of the CI infrastructure in the faculty at the time of writing:

  • We run GitLab CSUI using GitLab Enterprise Edition version 15.
  • The CI server runs 8 instances of GitLab Runner that follows GitLab CSUI's version (i.e. version 15).
  • Each instance is running as a container with limited resources (2 CPU per container) and the privileged mode enabled. Hence, it is possible to run a Docker-in-Docker (DIND) type of CI job.
  • Each instance shares the cache between CI jobs using Minio.
  • Each instance is limited to run a single CI job at a time.

Tasks

To guide you working on the exercise, the following are the tasks you need to complete:

  1. Fork Sitodo PMPL codebase into your own namespace on GitLab CSUI and set the visibility of your fork to Internal.
  2. Clone the forked repository into your local development machine and load it into your favourite IDE. We recommend IntelliJ since the project was built and tested using IntelliJ.
  3. Set up the development environment on your local development machine. You can find the information required to set up the development environment in the project's README.md file.
  4. Ensure you can test and run the application locally.
  5. Update the CI/CD pipeline configuration in the codebase according to the specifications mentioned at the beginning of this document.
  6. Identify code quality and security issues, then resolve the identified issues.
  7. Write a short report at the end of the project's README.md that describes:
  8. List of identified code quality and security issues in the codebase.
  9. Explanation on how you resolve at least 2 issues in the codebase. You can explain it by comparing the diff of the codebase and explain the changes you made.
  10. Reflection on your experience making changes to the codebase with existing test suites. Did the presence of test code make you more confident in making changes to the production code? Explain why!

There are several TODO comments spread across the codebase that also part of the tasks to be completed. You can find them using Find/Search tool in your favourite IDE, or use grep:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
$ grep -nr "TODO:"
.gitlab-ci.yml:24:# TODO: Add Code Quality and SAST job templates into the CI/CD pipeline configuration
.gitlab-ci.yml:30:# TODO: Create .codeclimate.yml file to configure the static analysis engine (i.e. Code Climate) used by Code Quality CI job
.gitlab-ci.yml:56:# TODO: Complete the following 'test' CI job to run all test suites in the project (i.e. unit test, functional test)
.gitlab-ci.yml:81:# TODO: Deploy the project to Heroku or other PaaS of your choice (e.g. Fly.io)
.gitlab-ci.yml:83:# TODO: Configure 'spotbugs-sast' job (part of SAST job template) so it analyses the compiled Java artifacts
README.md:3:> TODO: Create badges that display pipeline status and code coverage percentage
README.md:99:> TODO: (For SQA/PMPL course participants) Write the URL to your deployed application in this section.
README.md:100:> TODO: (For SQA/PMPL course participants) Write your report in this section.
src/test/java/com/example/sitodo/functional/SeeMotivationMessageTest.java:122:        // TODO: (Optional) Refactor the following code to use Selenide completely
src/test/java/com/example/sitodo/service/TodoListServiceTest.java:29:    // TODO: (Challenge) We can make this unit test suite to be fully independent,

Deliverables

At the end of this exercise, you are required to prepare the following artifacts:

  • A fork repository of Sitodo PMPL project in your own namespace on GitLab CSUI.
  • An updated GitLab CI/CD configuration, i.e. .gitlab-ci.yml, in the fork repository.
  • An example of working pipeline in the fork repository that shows the CI/CD pipeline successfully build, test, and deploy the application.
  • An URL to the application that is built and deployed from your fork. Make sure the URL is accessible until the end of November, especially if you are using Heroku.
  • An updated README.md in the fork repository.

The due date of this exercise is: 4 November 2022, 21:00 UTC+7. Submit the URL of your fork repository to the designated submission slot on SCELE. Please ensure any updates to the fork repository related to this exercise were made and pushed before the due date.

Update: Previously, the due date was incorrectly set to 4 December 2022. Since there was a mistake in the due date, there will not be any penalty on late submission on the first exercise. All course participants are still allowed to make changes to their work on exercise 1 until 4 December 2022.

References


Last update: 2022-11-25 16:40:51
Created: 2022-10-27 13:46:33