There are many additional tools used in CI/CD pipelines that can help further streamline your workflow and ensure fast and reliable software delivery.
There are many additional tools used in CI/CD pipelines that can help further streamline your workflow and ensure fast and reliable software delivery. With SonarCloud, teams can collaborate effectively, automate workflows, and deliver high-quality software solutions with speed and efficiency. Mend.io Bolt offers a visual interface to configure and manage integrations, allowing teams to seamlessly exchange data between different tools, systems, and platforms. Bolt supports a wide range of connectors and APIs, enabling organizations to integrate popular development and deployment tools, issue trackers, testing frameworks, and more. Also, App Service Slots in Azure DevOps provide a way to deploy and test multiple versions of an application simultaneously within a single Azure App Service instance. Slots are essentially separate environments within an App Service, allowing developers to stage, validate, and swap different versions of their applications without affecting the production environment. Agent pools in Azure DevOps are a set of computing resources that provide the infrastructure for running build and release pipelines, and they offer flexibility in managing the availability and capacity of agents, enabling teams to allocate resources based on specific project requirements. By using agent pools, organizations can efficiently distribute workloads, scale their pipelines, and ensure faster and more reliable software delivery.
In this course, you will learn about SonarCloud, which is a scalable and flexible cloud platform in Azure DevOps. We will also demonstrate how Mend.io Bolt can be an effective tool for building and deploying applications. You will also discover how to use App Service Slots to stage and test code changes before deployment and how to use Agent Pools to efficiently distribute workloads, scale pipelines, and ensure fast and reliable software delivery.
Learning Objectives:
- Explain how to extend the DevOps process to include automated testing
- Identify how to test deployments in production using application slots
- Explore how to configure additional build capacity with Agent pools
Skills you’ll gain
Azure DevOpsContinuous DeploymentContinuous IntegrationDeltacloudDevOpsAWS Certified DevOps EngineerWhat You'll Learn
- Extend the DevOps process to include automated testing
- Test deployments in production using App Service Slots
- Configure additional build capacity with Agent Pools
- Use SonarCloud as a scalable, flexible cloud platform in Azure DevOps
- Apply Mend.io Bolt to build and deploy applications
- Stage, validate, and swap application versions without affecting production
Key Takeaways
- SonarCloud lets teams collaborate, automate workflows, and deliver high-quality software with speed and efficiency.
- Mend.io Bolt provides a visual interface to configure and manage integrations and supports a wide range of connectors and APIs across development, deployment, testing, and issue-tracking tools.
- App Service Slots in Azure DevOps are separate environments within an App Service that let developers stage, validate, and swap application versions without affecting production.
- Agent Pools are sets of computing resources that run build and release pipelines, letting teams distribute workloads, scale pipelines, and ensure faster, more reliable delivery.
Frequently Asked Questions
What tools does this course cover?
It covers SonarCloud, Mend.io Bolt, App Service Slots, and Agent Pools as additional tools used in CI/CD pipelines within Azure DevOps.
What will I be able to do after taking this course?
You will be able to extend the DevOps process to include automated testing, test deployments in production using application slots, and configure additional build capacity with Agent Pools.
What are App Service Slots used for?
App Service Slots provide a way to deploy and test multiple versions of an application simultaneously within a single Azure App Service instance, letting developers stage and test code changes before deployment without affecting the production environment.
What are Agent Pools and why are they useful?
Agent Pools are a set of computing resources that provide the infrastructure for running build and release pipelines, offering flexibility to manage agent availability and capacity so teams can distribute workloads, scale pipelines, and ensure fast, reliable software delivery.
What lessons are included?
The course includes three lessons: Integrating Automated Testing, Advanced Deployment Strategies, and Agent Pool.
Transcript
Show transcript (free preview lesson)
Transcript of the free preview lesson. Remaining lessons unlock with the full course.
Hello, my name is Stephen Burnley, and in these lessons, you will learn some of the advanced options to expand your CI-CD pipelines. The goal of DevOps is to automate the installation and testing of software applications. You can see that the Azure DevOps portal has over a thousand opportunities to integrate with external tools, and that security and compliance is a big part of running pipelines in the Azure DevOps environment. Let's take a look at some of the most popular tools for analyzing code or code resources in your projects. So in our cloud is a tool to analyze source code. This is essentially an automated code review tool. Source code is generated by developers to implement features that are requested by users. However, programmers have a variety of different styles, and a tool like Sonar Cloud can help your team create more consistent software. Because the continuous integration process has access to the raw, uncompiled source code, this is a good opportunity to run an automated code analysis tool. This will compare your developers syntax with industry standards or best practices. This will actually go through all of the code line by line and look for opportunities to improve your application code. In addition to providing the appropriate code checks, it will also show you things such as vulnerabilities, which would be references to known faulty software, or the opportunity to look for credentials that might be embedded in the source code. It's a common practice for developers to embed credentials in source code for testing when they're in a development mode, but authentication credentials should never be embedded in the source code. This is like having an automated AI assistant who is a member of your team and will automatically go through all of the new source code that's generated to attempt to recommend better coding practices. For Microsoft developers, they use NuGet. NuGet is actually a place to retrieve existing software components from the internet to be implemented within your application. These are reusable software components. Many of them are open source. You can see here that there are over 300,000 reusable packages published to the NuGet repository. Mend Bolt is also a very popular product for analyzing software dependencies. Bolt will actually analyze the referenced packages that you're using from outside developers. This will compare it to a list of products that are known to have defaults and flaws, or show you outdated references, which gives you an opportunity to know which packages should be upgraded, verifying that you are running the latest and greatest version of all of the dependent software. Let's build a DevOps pipeline that could implement both Sonar Cloud and Mend. Here in the Azure DevOps portal, we have a sample application called Parts Unlimited. Let's select that now. You can see as part of this Parts Unlimited project, we have a menu item called Pipelines on the left-hand side of the screen. Let's click that. You can see here in Pipelines that we have an existing pipeline for performing continuous integration builds called Parts Unlimited E2E. We'll select that pipeline and add an extension for a third-party product. In order to modify this pipeline, we'll need to click the Edit button in the upper right-hand corner of the screen. Now that we have edited this pipeline, it would be a good idea to implement some of the existing third-party modules. Before we can add the third-party modules to our pipelines, we must first add them as extensions to the Azure DevOps portal. We can do that by clicking on the Azure DevOps logo in the upper left-hand corner. In order to add software components to your DevOps organization, click on Organization Settings at the bottom of the screen. We are now configuring the root of the Azure DevOps portal. And on the left-hand menu, we can see an option to add extensions. Extensions will be connections to third-party tools, meaning non-Microsoft tools. We would like to add one for Sonar Cloud. Let's browse the marketplace. Now that we are looking at the extensions for Azure DevOps, you can see that Sonar Cloud is one of the most popular components. Let's click to install that. We can click Get Free and Azure will perform the installation of this product in the background to our DevOps portal. In a few moments, we will be able to return to the organization and begin to embed this call to Sonar Cloud within our pipelines. Let's return to the parts unlimited project. Let's click on Pipelines on the left-hand side and let's edit the parts unlimited E2E pipeline to add a call to Sonar Cloud. Let's click the plus sign as part of this phase to see if we can find the Sonar Cloud block. We are now presented with a search box. Let's type in Sonar. You can see Run Code Analysis as one of the options. Let's click that. You can see it has added this block at the end of the process. Let's drag that up so that it performs this earlier in the pipeline. Now you can see Run Source Code Analysis is an option. We have now asked it to call out to Sonar Cloud, pass Sonar Cloud the actual source code that it's retrieving from the Azure repo, and it will actually run that against a scoring tool to compare it against industry standard best practices and show us the results. The other extension that we would like to add to our Azure DevOps organization is a reference to Mend Bolt. Mend Bolt will analyze our software dependencies. Let's click on Organization Settings in the bottom left-hand corner. We can see here on the left-hand side an option for extensions. You can see that we have added the Sonar Cloud extension for source code analysis. Let's add the Bolt extension for code dependency analysis. For that, we'll click Browse the Marketplace. We can now enter in Bolt into the search box. You can see here that Mend Bolt is also a very popular component for Azure DevOps, but let's select that now. You can see that it is a free extension, although you may want to sign up for additional features with this vendor. We'll go ahead and use the free version. Let's click get it now. This will authenticate with our Azure DevOps organization and install this component so we can now add it to our pipelines. Let's go into one of our existing pipelines and look at the Mend Bolt component. In the parts-unlimited sample project, we'll click on Pipelines. Now we can click on one of our existing pipelines and click the Edit button. You can see here in this pipeline, we have a continuous integration process set up to check out and build our software. Let's add the module for Bolt. After clicking on the plus sign, we can see all of the additional components that could be added to the pipeline. Let's type in Bolt to search that. You can now see that Mend Bolt is a scanner that can be added to our existing pipeline. It's important to know that both Sonar Cloud and Mend do not modify any of your code. These are simply reporting tools to perform analysis of your source code or your dependencies and recommend modifications to make your application more stable or more secure. Stay tuned for the next lesson where I will show you some of the advanced deployment strategies. Thanks for watching.
Learn on the Go
Take your learning anywhere — the KnowledgeCity mobile app lets you watch lessons on the go.