Let’s consider a scenario in which you are deploying your infrastructure using a Terraform code (infrastructure-as-code) which is stored in a remote git repository. Now working in an organization you need to make sure that all your deployments are always tracked without an exception, an add-on to that whether your Terraform code is following your security and compliance policies or not. Or maybe what is the monthly cost that you can expect with that infra and whether it lies under your budget or not. You may also want to take note that all your resources are being created in the same region… etc… etc.
Sounds magical right !!! We all know that these concerns are very important when you’re looking for a highly consistent, fully tracked, and automated approach. That’s why in this article we are going to look for a simple step-by-step way to automate and streamline our Terraform code using Azure DevOps (ADO).
We’re on the verge where all the small to big organisations are shipping software to customers in minutes. Earlier this was not possible, but thank’s to Continuous Integration (CI) and Continuous Delivery (CD) that made it possible.
Continuous Integration (CI) is the practice of integrating code changes from multiple contributors into a single project via automation. Continuous Delivery (CD) is the automated process to build, test, configure & deploy software into the production environment. Both methods combined make it possible to build, test & deploy everyday code changes into the production environment.
There are lots of tools in the market to implement CICD, one among which we are about to discuss today in this post.
Continuous Integration/Continuous Deployment or CI/CD has become a key cornerstone for building, testing, and deploying applications across environments these days. Here, we talk about the popular build & deploy tools being used in the industry today, that are centred around microservices application delivery. Take a look! While Continuous Integration helps to mitigate the risks and enables a quick and seamless code release by automating multiple code changes from different developers of the project. On the other hand, Continuous Deployment enables DevOps teams to deliver the integrated code to production seamlessly, thus providing a quick and effective automated process to release new features and updates to customers without much hassles.
In simple words, SonarQube is an open-source tool for continuous inspection of code quality. It does static code analysis, provides a detailed report of bugs, code smells, vulnerabilities and code duplications.
SonarQube integration with Azure DevOps
We can utilize built-in Azure DevOps tasks for SonarQube which helps us to incorporate this tool into our CI/CD pipelines. We will learn that with a use case.