AWS Amplify CI/CD: Code Lint & End-to-End Testing

After my first approach to AWS Amplify, I want to deal with the implementation of source code linters and end-to-end tests with Cypress, obviously automated in the AWS Amplify CI/CD pipeline. Let’s face up this new challenge!

Image for post

Photo by Yancy Min on Unsplash

References: this is the link to the GitHub repository and this is the link to the web application related to this post.

Linter

The linter is a tool that analyzes the source code to flag programming errors, bugs, stylistic errors and suspicious constructs — wikipedia

Linter tools allows to increase the quality of the source code. Using these tools in a CI/CD pipeline also allows to deploy an application when its source code meets certain quality levels.

The web application I created with AWS Amplify includes a React frontend and few Python lambdas in backend. For this reason I need two different tools, specific to the two technologies used.

ESLint

One of the best linters I’ve had the chance to test for JavaScript is ESLint: its functions are not limited to test but it includes automatic fix of a large number of problems.

ESLint installation is simple: from the main directory of our project, we can install the linter with the following command:

npm install eslint --save-dev

Once the installation is complete, we can run the first configuration wizard:

npx eslint --init

You will be asked for various information: in general you can choose whether to use ESLint for:

  • syntax checking
  • syntax checking and problem finding
  • syntax checking, problem finding and code style checking

This last option is interesting and includes most popular styles, such as Airbnb and Google source code styles. Once the configuration is complete, the required packages are installed. In my case:

"devDependencies": {
    "eslint": "^7.8.1",
    "eslint-config-google": "^0.14.0",
    "eslint-plugin-react": "^7.20.6"
  }

Now that we’ve set up ESLint, let’s check the code:

npx eslint src/*.js

Depending on the options chosen during configuration, the result may not be the most optimistic, revealing a long series of problems.

Image for post

But as I said initially, ESLint allows us to automatically correct some of these, using the following command:

npx eslint src/*.js --fix

Great! Of the 87 problems initially detected, only 6 require our intervention to be corrected.

Image for post

#cypress #react #eslint #pylint #aws-amplify

What is GEEK

Buddha Community

AWS Amplify CI/CD: Code Lint & End-to-End Testing
Matt  Towne

Matt Towne

1589791867

Serverless CI/CD on the AWS Cloud

CI/CD pipelines have long played a major role in speeding up the development and deployment of cloud-native apps. Cloud services like AWS lend themselves to more agile deployment through the services they offer as well as approaches such as Infrastructure as Code. There is no shortage of tools to help you manage your CI/CD pipeline as well.

While the majority of development teams have streamlined their pipelines to take full advantage of cloud-native features, there is still so much that can be done to refine CI/CD even further. The entire pipeline can now be built as code and managed either via Git as a single source of truth or by using visual tools to help guide the process.

The entire process can be fully automated. Even better, it can be made serverless, which allows the CI/CD pipeline to operate with immense efficiency. Git branches can even be utilized as a base for multiple pipelines. Thanks to the three tools from Amazon; AWS CodeCommit, AWS CodeBuild, and AWS CodeDeploy, serverless CI/CD on the AWS cloud is now easy to set up.

#aws #aws codebuild #aws codecommit #aws codedeploy #cd #cd pipeline #ci #ci/cd processes #ci/cd workflow #serverless

Tamia  Walter

Tamia Walter

1596754901

Testing Microservices Applications

The shift towards microservices and modular applications makes testing more important and more challenging at the same time. You have to make sure that the microservices running in containers perform well and as intended, but you can no longer rely on conventional testing strategies to get the job done.

This is where new testing approaches are needed. Testing your microservices applications require the right approach, a suitable set of tools, and immense attention to details. This article will guide you through the process of testing your microservices and talk about the challenges you will have to overcome along the way. Let’s get started, shall we?

A Brave New World

Traditionally, testing a monolith application meant configuring a test environment and setting up all of the application components in a way that matched the production environment. It took time to set up the testing environment, and there were a lot of complexities around the process.

Testing also requires the application to run in full. It is not possible to test monolith apps on a per-component basis, mainly because there is usually a base code that ties everything together, and the app is designed to run as a complete app to work properly.

Microservices running in containers offer one particular advantage: universal compatibility. You don’t have to match the testing environment with the deployment architecture exactly, and you can get away with testing individual components rather than the full app in some situations.

Of course, you will have to embrace the new cloud-native approach across the pipeline. Rather than creating critical dependencies between microservices, you need to treat each one as a semi-independent module.

The only monolith or centralized portion of the application is the database, but this too is an easy challenge to overcome. As long as you have a persistent database running on your test environment, you can perform tests at any time.

Keep in mind that there are additional things to focus on when testing microservices.

  • Microservices rely on network communications to talk to each other, so network reliability and requirements must be part of the testing.
  • Automation and infrastructure elements are now added as codes, and you have to make sure that they also run properly when microservices are pushed through the pipeline
  • While containerization is universal, you still have to pay attention to specific dependencies and create a testing strategy that allows for those dependencies to be included

Test containers are the method of choice for many developers. Unlike monolith apps, which lets you use stubs and mocks for testing, microservices need to be tested in test containers. Many CI/CD pipelines actually integrate production microservices as part of the testing process.

Contract Testing as an Approach

As mentioned before, there are many ways to test microservices effectively, but the one approach that developers now use reliably is contract testing. Loosely coupled microservices can be tested in an effective and efficient way using contract testing, mainly because this testing approach focuses on contracts; in other words, it focuses on how components or microservices communicate with each other.

Syntax and semantics construct how components communicate with each other. By defining syntax and semantics in a standardized way and testing microservices based on their ability to generate the right message formats and meet behavioral expectations, you can rest assured knowing that the microservices will behave as intended when deployed.

Ways to Test Microservices

It is easy to fall into the trap of making testing microservices complicated, but there are ways to avoid this problem. Testing microservices doesn’t have to be complicated at all when you have the right strategy in place.

There are several ways to test microservices too, including:

  • Unit testing: Which allows developers to test microservices in a granular way. It doesn’t limit testing to individual microservices, but rather allows developers to take a more granular approach such as testing individual features or runtimes.
  • Integration testing: Which handles the testing of microservices in an interactive way. Microservices still need to work with each other when they are deployed, and integration testing is a key process in making sure that they do.
  • End-to-end testing: Which⁠—as the name suggests⁠—tests microservices as a complete app. This type of testing enables the testing of features, UI, communications, and other components that construct the app.

What’s important to note is the fact that these testing approaches allow for asynchronous testing. After all, asynchronous development is what makes developing microservices very appealing in the first place. By allowing for asynchronous testing, you can also make sure that components or microservices can be updated independently to one another.

#blog #microservices #testing #caylent #contract testing #end-to-end testing #hoverfly #integration testing #microservices #microservices architecture #pact #testing #unit testing #vagrant #vcr

AWS Amplify CI/CD: Code Lint & End-to-End Testing

After my first approach to AWS Amplify, I want to deal with the implementation of source code linters and end-to-end tests with Cypress, obviously automated in the AWS Amplify CI/CD pipeline. Let’s face up this new challenge!

Image for post

Photo by Yancy Min on Unsplash

References: this is the link to the GitHub repository and this is the link to the web application related to this post.

Linter

The linter is a tool that analyzes the source code to flag programming errors, bugs, stylistic errors and suspicious constructs — wikipedia

Linter tools allows to increase the quality of the source code. Using these tools in a CI/CD pipeline also allows to deploy an application when its source code meets certain quality levels.

The web application I created with AWS Amplify includes a React frontend and few Python lambdas in backend. For this reason I need two different tools, specific to the two technologies used.

ESLint

One of the best linters I’ve had the chance to test for JavaScript is ESLint: its functions are not limited to test but it includes automatic fix of a large number of problems.

ESLint installation is simple: from the main directory of our project, we can install the linter with the following command:

npm install eslint --save-dev

Once the installation is complete, we can run the first configuration wizard:

npx eslint --init

You will be asked for various information: in general you can choose whether to use ESLint for:

  • syntax checking
  • syntax checking and problem finding
  • syntax checking, problem finding and code style checking

This last option is interesting and includes most popular styles, such as Airbnb and Google source code styles. Once the configuration is complete, the required packages are installed. In my case:

"devDependencies": {
    "eslint": "^7.8.1",
    "eslint-config-google": "^0.14.0",
    "eslint-plugin-react": "^7.20.6"
  }

Now that we’ve set up ESLint, let’s check the code:

npx eslint src/*.js

Depending on the options chosen during configuration, the result may not be the most optimistic, revealing a long series of problems.

Image for post

But as I said initially, ESLint allows us to automatically correct some of these, using the following command:

npx eslint src/*.js --fix

Great! Of the 87 problems initially detected, only 6 require our intervention to be corrected.

Image for post

#cypress #react #eslint #pylint #aws-amplify

Top Security Penetration Testing Companies

Cybercrime is one of the world’s fastest-growing threats, with malicious actors constantly elaborating their methods of undetectable intrusion. According to Verizon’s Business 2020 Data Breach Investigations report, there has been a 100% increase in web app breaches, and stolen credentials were used in more than 80% of these cases. These statistics are worrying for many businesses that actively move their processes to the cloud and deal heavily with customers’ personal data.

Under these circumstances, companies need to run regular automated and manual tests to determine weak spots in their infrastructure, software, network and physical perimeter security. One of the most efficient testing methods is security penetration testing, or pentesting.

Pentesting is a benign hacking attempt, manual or automated, to break into the system and uncover its vulnerabilities before actual cyber criminals do it. This method is directed at testing the system security controls for their real-world effectiveness. It involves such stages as data collection, threat modeling, vulnerability scans, penetration tests, and so on.

To get proactive with their cyber security protection, many businesses cooperate with professional security testing companies that are able to comprehensively check the system, identify risks, fix vulnerabilities, and stay one step ahead of potential hackers.

The ranking criteria for security testing companies

When asking a professional software testing company to check your system’s security, in most cases you need to grant them access to sensitive information. For this reason, it’s important to choose a reliable company with an exceptional reputation, which will become your trusted partner.

Unsurprisingly, the market of security penetration testing companies is overwhelmingly crowded. To narrow down your search, we have analyzed hundreds of testing companies and compiled the list of top testing professionals. We have applied the following criteria:

  • Pentesting expertise
  • Portfolio
  • Software QA experience
  • Market penetration
  • Online reviews

As a result, we’ve picked 30 skilled security testing companies and rated them accordingly.

1. a1qa

a1qa is a software testing company from Lakewood, CO, that has delivered over 1,500 successful projects and established 10 Centers of Excellence during their 17 years of operation. It has partnered with more than 500 companies, from smaller businesses to Fortune 500 giants. The company’s prominent customers include adidas, Kaspersky Lab, SAP, Yandex, Forex Club, and more.

a1qa specializes in delivering full-cycle QA and testing services, including comprehensive security penetration testing. Its expertise covers testing of web apps such as portals, ecommerce, media and e-learning platforms, games and online casinos, and line-of-business testing, such as CRM, collaboration, document management, and financial systems. The company also runs a specialized security testing lab.

2. QA Mentor

Founded in New York in 2010, QA Mentor has managed to establish a strong global presence with 12 testing centers around the world. Its team consists of 300 certified QA professionals that have successfully completed over 870 projects, including the ones for Amazon, eBay, Bosch, HTC, and more. The company offers more than 30 testing services, with cyber security penetration testing among them.

QA Mentor is recognized as a top software testing company by Clutch, GoodFirms, and Gartner.

3. UnderDefense

UnderDefense is a certified computer and network security company that was established in New York in 2016. It provides a wide range of testing services, with a special focus on security penetration testing. The company’s certified security testing team has performed hundreds of penetration tests, including compliance-specific tests, app and wireless network penetration testing, and social engineering security testing. UnderDefense has been repeatedly awarded by Clutch.

#testing #software-testing #security-testing #penetration-testing #top-software-testing-companies #software-testing-companies #good-company #code-quality

Derek  Champlin

Derek Champlin

1595578080

Working with GitHub Actions

GitHub has become one of the most widely used Source Code Repository. Its Distributed Version Control System helps the developers for faster development and Integration of their code. Recently, it launched GitHub Actions in beta which enabled developers to create automated workflows to build, test, and deploy their source code on GitHub.

In this article, we will discuss about GitHub Actions and how it can be used to build an automated software development life-cycle workflow.

Below are the things we will discuss in this article:

About GitHub Actions

Using GitHub Actions, we can create custom workflows that will help to build, test, package, release or deploy the code without leaving the GitHub UI. It enables us to build Continuous integration and Continuous Deployment capabilities directly in our repository. Here are some important features about GitHub Actions.

**YAML based process: **The workflow is written in YAML. Hence it is easy to create, read and use the actions that make up the workflow.

**One Place for everything: **By using GitHub Actions, we can build and test the developed code directly in our repository. There is no need to worry about integrating the source code repository with other build and deployment tools. Everything can be done in one single place.

**Easy to integrate code: **Since enabling CI/CD directly in the repository is possible using workflows, creating merge requests(MRs), building, testing and integrating them become way more seamless.

#tech (re)view #build #cd #ci #ci-cd #github #github actions #gitlab-ci #gradle #java #test