Process

Code goes through several QA steps before a ticket (bugfix/improvements/new features) is considered done.

  • code review
  • done by one or more peer engineers, depending on the complexity of the issue at hand
  • pre-integration QA
  • usually manual QA done by a peer after code review and before merging code
  • unit and/or integration tests are in most cases mandatory before code can be merged
  • QA on integrated code
  • usually manual QA done by a peer who was not involved in code review and pre-integration QA
  • Continuous integration
  • an extensive set of integration tests (including UI tests) is triggered automatically by code changes and usually runs several times a day on different bundles (CE, DX-Core, Addons) or modules (e.g. Rest support, Content Editor)
  • when a regression is found the issue is addressed promptly and changes reverted asap if no quick fix is possible
  • Migration tests
  • a set of automated tests meant to detect configuration discrepancies when updating to the next maintenance release

Before releasing

  • pre-release QA
  • mostly smoke tests and manual testing on bundles of features not covered by ITs yet
  • migration updates not covered by automated migration tests
  • final QA
  • again smoke tests on staged bundle artifacts before making release artifacts public

Security scans

  • CVE scan runs automatically once a day on bundles (and some modules, e.g. Blossom, Tomcat bundle) to detect and fix (or dismiss) security issues with 3rd party libraries asap