Continuous Integration

A 12-post collection

Continuous Web.config security analysis with WCSA and TeamCity

Ah, automation. Any time I find myself doing the same thing more than once, I get the inclination to bundle it all up into something that can begin happening with a single click. Or even better, with no clicks. I’ve been writing a lot on continuous integration lately, primarily using TeamCity to execute tasks on the change of source code, on a nightly basis and on demand. I’ve automated deployment of websites with web deploy, deployment of databases with RedGate, code quality with NDepend, code statistics with StatSVN and application security with Netsparker. Recently I’ve begun using WCSA or in non-acronym terms, the Web.Config Security Analyser. This little beauty let’s you...

My Simple-Talk article on Continuous Integration for SQL Server Databases

I must have struck a chord with the folks at Red Gate recently when I wrote about Automated database releases with TeamCity and Red Gate. Inadvertently, I managed to get this post out right in the final stages of their work on SQL Source Control 2 which added the ability to version static data. This was pretty opportune timing and caused me to rewrite – and significantly simplify – a fair swathe of the post.Clearly the post was a glowing endorsement of their tools, and rightly so. In conjunction with TeamCity, they’ve helped me to fill a fairly gaping hole in the CI process and bring the DB up to a first class citizen with the application...

Continuous delivery panel discussion at ThoughtWorks

So I went along to the ThoughtWorks quarterly update on Continuous Delivery today. This took the form of a panel discussion with Martin Fowler, Evan Bottcher and Neal Ford. Smart guys, interesting topic and tantalising banner ad: The good news is that I didn’t hear anything that sounded too foreign. Either they were principles I’d written about, experienced firsthand or at least had a good understanding of. Usually it was all three but hearing the words from these guys in a very candid fashion is a great endorsement of the beliefs. Here’s the “best of the best” in terms of the messages that really resonated with the crowd: Software that is not...

Automated database releases with TeamCity and Red Gate

Databases have long been the poor cousin of the application tier when it comes to many of the processes we take for granted in the .NET world. Source control management, for example, is near ubiquitous for application files and there are several excellent VCS products which make versioning a breeze. Continuous integration is another practice which although not as common, is still frequently present in a robust application lifecycle.Of course the problem is that database objects don’t exist as simple files that can be versioned, nor can you just pick them up and place them in a target location when you want to deploy them. You’ve got to consider the very nature of databases being...

Continuous web application security scanning with Netsparker and TeamCity

Late last year I got all excited about continuous deployment with TeamCity when I wrote a five part series on using it in conjunction with web deploy. I then went on to write about Continuous code quality measurement with NDepend and TeamCity and Continuous project statistics with StatSVN and TeamCity. Needless to say, I’m a bit of a fan of continuous, automated processes which make the software development process more predictable and result in a higher quality product. Speaking of quality, there are very few things that drop the quality bar faster than software with security vulnerabilities. Web application security is something I’m pretty passionate about, and for good reason. Nothing destroys reputation like security holes...

Continuous project statistics with StatSVN and TeamCity

Yesterday I wrote about Continuous code quality measurement with NDepend and TeamCity where I looked at nightly builds that assessed code quality using the very excellent NDepend. These reports are great and it’s easy to configure but you need to make both a dollar investment in the software and an education investment to really understand the metrics and how they relate to code quality. What’s nice about StatSVN is that it’s free and it doesn’t take a lot of thinking to use it. Rather than analysing your codebase, like NDepend, StatSVN analyses your Subversion repository and reports on how your app has changed over time. In a way, it’s kind...

Continuous code quality measurement with NDepend and TeamCity

I love a good set of automatically generated code metrics. There’s something about just pointing a tool at the code base and saying “Over there – go and do your thing” which really appeals to the part of me that wants to quantify and measure. I think part of it is the objectiveness of automated code analysis. Manual code reviews are great, but other than the manual labour issue, there’s always that degree of subjectiveness the human bring with them. Of course code reviews are still important, but generated findings and metrics are always a nice complement and because they can be done automatically, you can do them as frequently as you like. One...

You're deploying it wrong! TeamCity, Subversion & Web Deploy part 5: Web Deploy with TeamCity

<< Part 4: Continuous builds with TeamCity In the first four parts of this series we got config transforms playing nice, command line builds and packaging ticking along, Web Deploy happily receiving our application and TeamCity continuously building the entire solution on every commit. The last thing to do is to harmonise everything so that we can actually automate the deployment. Breaking down the build and deploy processes First up, we’re now only focussed on the web application. If there are other projects in the solution on which the web app is not dependent, they’re not going to play a role in this post. It’s now all about building, packaging and deploying the...

You're deploying it wrong! TeamCity, Subversion & Web Deploy part 4: Continuous builds with TeamCity

<< Part 3: Publishing with Web Deploy Part 5: Web Deploy with TeamCity >> Over the last three posts in this series, we got to the point where all the Microsoft bits are working really nicely together. Config transforms, packaging and Web Deploy are great stable mates in the world of web application deployment.The bit that’s missing though is automation. Actually there are several bits missing but automation is the common solution. Deployment by developers directly from Visual Studio or command line with MSDeploy works fine most of the time but has a few flaws we’re simply not going to be able to overcome without a build and deployment server. In all likelihood,...

You're deploying it wrong! TeamCity, Subversion & Web Deploy part 3: Publishing with Web Deploy

<< Part 2: MSBuild and deployable packages Part 4: Continuous builds with TeamCity >> In the first two parts of this series we got config transforms working and the web app successfully bundled into a nice self-contained deployable package. Next up: get the thing to publish. For the most part, the vast majority of web app deployment has historically been done by pushing the entire site out over either UNC or FTP, a practice which has a series of fundamental shortcomings that set deployment up for potential failure. To begin with, by default neither protocol is encrypted. Yes, there’s SFTP and FTPS but it’s not often you see these applied, particularly not as a...