...
Every gate is responsible to perform quality checks (cohesive) and ensure the code promotion is controlled based on the quality results.
Gate 1 (Hell)
Fastest running testtests with majority of coverage
Scope: Unit, Integration, Linting, Static code analysis (security, codesytles etc)
...
Vulnerability Assessment
Code analysis
tools: npm audit, owasp dependency checker, sonarqube, talisman etc
Gate 2 (Smoke)
Automatically triggered once the Gate 1 is 🟢 and the code changes are deployed on ci integrated environment (dev)
Scope: End-To-End (E2E) Functional test covering critical journeys
Guidelines
Should provided feedback within 10-15 mins
Is contextual i.e. cherry-picks E2E test based on the changes e.g. change in lab-lite frontend should run critical test only for lab-lite flows
Gate 3 (Security)
Automatically triggered once the Gate 2 is 🟢
Scope: Security testing (Penetration and Runtime testing) running on integrated ci environment (dev)
OWASP ZAP
Guidelines
Should provided feedback within 10-15 mins
Is contextual i.e. cherry-picks tests based on the changes
Gate 4 (E2E Functional)
Manually triggered - Allow manual trigger only if last Gate 3 is 🟢
Scope:
Post successful deployment to qa environment
ALL Automated E2E Functional Test (headless browser, tablet view-port)
Manual Tests
Exploratory
Story level
Guidelines
Should provided feedback within 30-40 mins
Manual testing is independent of automated tests
Gate 5 (Performance)
Manually triggered - Allow manual trigger only if last Gate 4 is 🟢
Scope:
Post successful deployment on stage/preprod environment
Performance Tests (Load, Endurance etc)
Guidelines