Enforce Continuous Integration (CI) for Every Code Change

This standard mandates the rigorous enforcement of Continuous Integration (CI) for every code change, establishing it as a pre-merge quality gate to ensure code integrity, enforce standards, and prevent regressions.

1. Mandatory Continuous Integration (CI) as a Pre-Merge Quality Gate:

Every code commit must trigger an automated CI pipeline that performs build, test, and validation steps. This process acts as a stringent quality gate, ensuring that only code meeting predefined standards is merged into the main branch.

  • 1.1 Automated Build, Test, and Validation:
    • 1.1.1 Automated Build Process:
      • Implement automated build processes to compile and package code for various environments.
      • Ensure builds are reproducible and consistent across all environments.
    • 1.1.2 Automated Test Execution:
      • Integrate comprehensive automated test suites (unit, integration, end-to-end) into the CI pipeline.
      • Ensure all tests are executed automatically for every commit.
    • 1.1.3 Automated Validation:
      • Implement automated validation checks to ensure code adheres to coding standards, linting rules, and security policies.
      • Integrate static analysis tools to identify potential code quality and security issues.
  • 1.2 No Manual Testing Before Merging:
    • 1.2.1 CI as the Sole Gatekeeper:
      • Enforce a strict policy that no code should be manually tested before merging.
      • Treat the CI pipeline as the sole gatekeeper for code quality and stability.
    • 1.2.2 Automated Regression Prevention:
      • Rely on automated tests to prevent regressions and ensure code changes do not introduce new issues.
      • Automate regression testing as part of the CI pipeline.
  • 1.3 Enforcement of Standards and Security:
    • 1.3.1 Coding Standards & Linting:
      • Integrate linting tools and coding style checkers into the CI pipeline to enforce coding standards.
      • Automate code formatting and style checks to ensure consistency.
    • 1.3.2 Security Scanning Integration:
      • Integrate security scanning tools (SAST, SCA) into the CI pipeline to detect vulnerabilities.
      • Enforce security policies and fail the CI pipeline if vulnerabilities are found.
    • 1.3.3 Configuration Management:
      • Integrate configuration management tools to ensure consistency in environment configurations.
      • Automate configuration validation and deployment.
  • 1.4 CI Failures as Blockers:
    • 1.4.1 Immediate Remediation:
      • Treat failed CI checks as blockers that must be resolved before merging.
      • Prioritize fixing failed CI checks to maintain a stable codebase.
    • 1.4.2 Clear Failure Reporting:
      • Provide clear and detailed failure reports within the CI pipeline to facilitate debugging.
      • Implement notifications to alert teams of CI failures.
  • 1.5 Standardised CI/CD Tools:
    • 1.5.1 Consistent Tooling:
      • Standardise on CI/CD tools such as GitHub Actions, GitLab CI, Azure DevOps, or Jenkins to ensure consistency across teams.
      • Provide training and documentation to ensure teams are proficient in using the chosen tools.
    • 1.5.2 Shared Pipeline Templates:
      • Develop and maintain shared pipeline templates to promote consistency and reduce duplication.
      • Utilise pipeline libraries and modules to streamline CI/CD configuration.
    • 1.5.3 Pipeline as Code:
      • Treat CI/CD pipelines as code, storing them in version control and managing them through code reviews.
      • Automate pipeline updates and deployments.

By enforcing mandatory CI as a pre-merge quality gate, organisations can ensure code quality, prevent regressions, and maintain a stable and reliable codebase.