This stage contains the classic application build as well as any checks on the code in isolation (unit testing, static code analysis).
The goal of the test/checks in this stage is to make sure that each unit of code performs correctly. Business logic should - if possible - be checked in this stage.
- Security and Compliance
- Check source signature
- Verify source
- Build the code.
Any build failure must stop the pipeline. This to provide fast feedback.
More details and tool suggestions: build.md
The unit test stage should:
- run all unit tests,
- collect test results, and
- collect test coverage.
Failing unit tests will not stop the execution of the step to ensure proper collection of the results of all tests at the end of the step. Any non-passing test must change the status of this step to unstable.
Stop the pipeline if the step status returns unstable (failing unit tests).
Testing guidelines: test pyramid
The static analysis step consists of:
- static Code Analysis (SCA), and
- static Application Security Testing (SAST).
More details and tool suggestions: static-analysis.md
This pipeline step consists of:
- checking dependencies for updates,
- checking dependencies for security problems, and
- checking licenses.
More details and tool suggestions: dependency-checks.md
- Generation of the application artifact.
- Signing of the source code
The output will be:
- application artifacts, and
- test results