Running pipelines in development mode
Development mode for CI and CD pipelines tests the implementation of your DevSecOps configuration (yaml) file, without running any security or compliance-related task. Development mode also reduces pipeline execution time.
Use development mode only for development purposes. Development mode is not a replacement for the official DevSecOps CI and CD pipelines, which remain the reference implementations.
Develop, implement, and test changes made to the .pipeline-config.yaml
file by using a simplified pipeline. This pipeline has the following characteristics:
- Runs the various stages of the
.pipeline-config.yaml
file only. - Skips the compliance and security-related tasks to optimize the time to run your code.
Prerequisites
- An existing DevSecOps CI or CD toolchain.
- A
.pipeline-config.yaml
and the corresponding build, test, and deploy scripts.
Setting up development mode
Complete the following steps to set up development mode for a pipeline:
-
Go to the Triggers page of your CI or CD pipeline.
-
Locate the Manual Trigger, click the Actions icon , and then click Duplicate.
-
Name the trigger. For example,
Manual-Dev-Mode
. -
Change the
EventListener
todev-mode-listener
(for CI) ordev-mode-cd-listener
(for CD). -
Save your changes.
Setting up development mode in the IaC pipeline
Complete the following steps to set up development mode in the Infrastructure as Code (IaC) pipeline:
-
Go to the Triggers page of your CI pipeline.
-
Locate the Manual Trigger, click the Actions icon , and then click Duplicate.
-
Name the trigger. For example,
Manual-IaC-Dev-Mode
. -
Change the
EventListener
toiac-dev-mode-listener
. -
Save your changes.
Running the development-mode pipeline
Complete the following steps to run the development mode pipeline:
- Go to the PipelineRuns page.
- Click Run Pipeline and select the
Manual-Dev-Mode
trigger that you created. - Click Run.
The development-mode pipeline runs the code that is in the .pipeline-config.yaml
file only.
All other security and compliance tasks do not run, reducing the pipeline execution time.
Development mode for CI pipeline
The CI pipeline builds deployable artifacts from application repositories.
The following table lists the stages in development mode of the CI pipeline.
Dev-mod-ci pipeline stage | Stage description |
---|---|
code-ci-start |
Set up the pipeline environment. This process includes the cloning of the configuration and application repositories to the pipeline local file system. |
code-setup |
Set up your build and test environments to prepare them for the following pipeline stages. |
code-unit-tests |
Run unit tests and application tests on the application code. |
build-artifact |
Build the artifacts and images. |
deploy-dev |
Deploy the built artifacts to the dev environment. |
deploy-acceptance-tests |
Run acceptance and integration tests on the deployed built artifacts on the dev environment |
deploy-release |
Add the built artifacts to the inventory. The Continuous Delivery pipeline uses this inventory. |
code-ci-finish |
Collect, create, and upload the logs files, artifacts, and evidence to the evidence locker. If any of the compliance checks that were previously executed in the pipeline fail, this stage also fails. This stage represents the “fail safe” behavior to ensure that compliance issues are remediated before a PR can be merged or a build can be deployed. |
Development mode for CD pipeline
The CD pipeline deploys the build to an environment, such as staging or production.
The following table lists the stages in development mode of the CD pipeline.
CD Pipeline Stage | Stage Description |
---|---|
prod-start |
Calculate deployment delta. |
prod-setup |
Set up your build and test environments. |
prod-verify-artifact |
Verifiy signatures of images that are built in the CI pipeline. |
prod-deployment |
Deploy the build to an environment. |
prod-acceptance-tests |
Run acceptance tests. |
prod-finish |
Publish acceptance tests, deploy record, collect CycloneDX SBOM, and close change requests. |
Returning to standard mode
When you are satisfied with the implementation of the .pipeline-config.yaml
file and its associated scripts, either disable or delete the Manual-Dev-Mode
trigger, and instead use the standard
trigger that
you use to run security and compliance checks.