CI/CD Static Security Scanning

The following is inspired by the article from Kris the Coding Unicorn. This is not meant to be a comprehensive suite of tests but a start.

The following steps use the open-source Security Code Scan project, which publishes a tool to NuGet.

Unfortunately, Jenkins doesn’t seem to have a mechanism for visualizing security scans, so the output file is stored as an artifact of the job.

Continue reading

CI/CD Code Coverage

Code coverage measures how much of the code is covered when running tests. This is a useful indicator of how effective tests are. One of the features we want to add is to set a minimum bar for testing to increase the quality of our components.

Visual Studio 2022 Community Edition doesn’t automatically include code coverage features out of the box. There are some things we can do to expose it in Jenkins during our build processes, validate the results, and possibly fail the build based on it. Within Visual Studio itself, you can install Fine Code Coverage from the Visual Studio Marketplace or consider tools such as NCrunch.

Adding additional steps to Jenkins won’t take long to get code coverage data and expose it on the Jenkins build page.

Continue reading

CI/CD Revisions!

I have been relying on my previous efforts over five years ago that initially set out our C# builds in Jenkins. However, my next topic, code coverage, was new territory for me.

In the process of working through code coverage, I had the opportunity to discover opportunities to clean up the existing build scripts set out in the previous articles so far.

This article will cover the revisions I’ve made. However, I’ll also update the previous articles that will jump immediately to the result.

Continue reading

CI/CD Publishing NuGet Packages

Initially, when building C# projects, I would have multiple solutions directly referencing the projects to be built. Sometimes, the solutions would have an extraordinary number of projects in them, so I could update them all in parallel.

However, this isn’t an ideal scenario as it makes it easy to blend code and develop tighter dependencies between modules that make future software development harder. By decomposing projects into smaller, more discrete and manageable components, we can increase the rigour around changes we make and have greater confidence in the code quality.

The use of NuGet to store versions of my packages means the applications I build can be small and lean and can work with already-defined mechanisms for publishing and retrieving packages.

I don’t want to publish my personal NuGet packages to a public repository (at least not without developing some confidence in the process first). So I have set up a Sonatype Nexus Repository to host NuGet packages.

I’ll go through the steps for configuring the Nexus Repository, Jenkins, and Visual Studio projects.

Continue reading

CI/CD Building a C# Project in Jenkins

The goal for this stage of development is to get our C# project listed in Jenkins and building. The next iteration will be adding testing.

This step follows the work from CI/CD Scanning GitHub for Repositories from Jenkins, where Jenkins is set up to scan for projects, but it now needs the files required to build.

Continue reading

CI/CD Visual Studio Project Layout

As described in https://www.oneoddsock.com/2022/04/02/personal-ci-cd/, the goal of setting up the CI/CD automation is to:

  • Break up my more monolithic solutions into much smaller, more consumable components
  • Automate testing of my code
  • Improve potential for code sharing with others
  • Greater visibility of code/test status through reporting

To facilitate this, I’ll structure my Visual Studio solutions in GitHub so Jenkins can access them and run builds and tests.

The sample project is published on GitHub for reference at: https://github.com/FineRedMist/jenkins-project-sample-dotnet

For reference, I’m using Visual Studio 2022 Community Edition. I’m configuring the projects to use .NET 6.0.

Continue reading

Applying PFX Certificates for Signing Internal .NET Applications

Motivation

We distribute several tools internally that we want to ensure are code-signed (particularly ClickOnce applications).

The goals were:

  1. Anyone on the team could build and publish the tools (including ClickOnce tools).
  2. No team member has to go through manual steps: they should be able to sync and build.
  3. No UI popups during the build (such as passwords).
  4. No trust issues when using the tools–Certificates are trusted.
Continue reading