Overview
Navida Pro governance model, which is a comprehensive framework designed to manage the mobile platform efficiently and securely through end-to-end DevOps practices. Here's a summary of the key points from the document:
User Stories and Prioritization: The process begins with the articulation, prioritization, and approval of User Stories by the Product Owner (PO) or Business Owner (BO), incorporating a risk analysis framework that addresses both functional and non-functional requirements.
Multi-Branch Development: Developers follow a Multi-Branch Development approach, with each User Story corresponding to a single branch, ensuring granularity and traceability. A structured branching model with incrementally named branches facilitates this process.
Code Quality and Verification: Pull requests against Feature branches, followed by peer code reviews, lead to the integration of high-quality code. Automated and manual verification steps, including Unit Testing, Code Quality Scan via SonarQube, and Open Source Software (OSS) Scanning, are performed to maintain code integrity and detect vulnerabilities early.
Quality Gates and Testing: The model introduces Quality Gate 1 during Sprint Planning, which aligns with the merging of mature increments into a Release branch, followed by System Integration Testing (SIT). Further testing protocols, such as Penetration Testing, Performance Testing, and Snapshot Testing, validate the application's resilience, speed, and stability.
Bug Tracking and Assessment: Bugs are tracked using the Azure board and addressed by technical leads. The PO/BO evaluates test results, vulnerability reports, test coverage, and code quality metrics before approving the formation of a Release branch.
Release Process: Quality Gate 2 is a critical checkpoint in the release process, where applications must pass previous assessments to progress. Successful completion leads to the application being deemed 'DONE' and ready for final testing rounds.
Deployment: The deployment is carefully staged, with the pipeline building the latest artifact and publishing it to an artifact staging directory. Azure pipeline ensures reliable deployment to target servers/VMs. The process is supported by technologies like Fastlane and plugin binding for mobile deployments, as well as Tekton and Argo/Helm for container orchestration.
Tooling and Repository Management: Navida Pro maintains Git repositories on Bitbucket to facilitate a smooth Continuous Integration (CI) and Continuous Deployment (CD) environment. Tools such as ADO, Snyk, and SonarQube provide additional scrutiny and gatekeeping.
Overall, the Navida Pro governance model integrates disciplined branching models, stringent quality gates, and a robust suite of testing and deployment tools to ensure that each release meets the highest standards of quality, security, and performance. The model is designed to streamline the development process and instill confidence in stakeholders that the final product is reliable and production-ready.
CI/CD pipeline :
Links :
https://dev-tekton.navida-cloud.plus.aok.de/tekton/
https://dev-argocd.navida-cloud.plus.aok.de
https://dev-defectdojo.navida-cloud.plus.aok.de
https://dev-sonar.navida-cloud.plus.aok.de (will be included in defectdojo)