How To Use DevOps In Selenium Testing

This Hands-on Tutorial Explains How to Implement DevOps Practices in Selenium Project and How to Set Up Selenium Project For DevSecOps:

The increasing trend in collaboration has led the Development and the Operation teams to combine their objectives and achieve the organization’s goal of shipping software with speed at a higher quality. Quality Engineers also use the shift-left approach and align their activities or tasks with those of developers and operations.

Orchestrated and synchronized teams help in driving more value for the enterprises. In this article, we will explain how Web UI automation teams can participate in DevOps with Selenium.

DevOps in a Selenium Testing

Selenium is one of the vastly used browser automation tools, and testing teams extensively use this tool in DevOps pipelines. It is an open-source tool and brings cost benefits to the testing teams and functional testers, who own the UI testing. The use of Selenium is one of the effective ways to implement Web UI testing in DevOps.

In this article, we will give a brief idea about DevOps because the focus is on describing how to implement DevOps practices in a Selenium Project. However, before learning to implement this, it is best to know what it is. Let us head over to understand it.

What Is DevOps?

IT companies are migrating from the traditional culture of having siloed Development and Operations to a culture that focuses on collaboration. A culture that focuses on a centralized view across projects to overcome the challenges and complexities of faster release cycles.

DevOps help us in moving away from disconnected environments to a more cohesive and synchronized one with a common objective of delivering high-quality software with speed.

Development and Operations collaboration

[image source]

Practicing source code control and version maintenance with daily commits in smaller increments, faster and automated testing, agility, collaboration, continuous testing, continuous integration, continuous delivery has become the new normal.

Recommended Reading=> DevOps Tutorials

DevOps has a significant impact on testing teams because we can’t afford to be slow and perform testing tasks in conventional ways. Organizations need to be relevant, indispensable, and remain competitive. The role of a QA is changing across organizations.

Recommended Reading=> Devops And Software Testing

Selenium In DevOps

As a part of the UI testing team, Selenium test developers need to synchronize and orchestrate their test design and execution as per schedule and triggers, that are defined in their continuous integration or continuous delivery tools or platforms.

Test Design needs to be more agile, effortless, and error-free. There is a shift towards the enhancement of existing or new test automation frameworks to integrate with continuous integration/continuous delivery pipelines seamlessly.

Moreover, organizations are leveraging Machine Learning and AI to address the challenges concerning the complexities and scale in testing environments. Enterprises are exploring AI research areas such as Computer Vision and Natural language processing to address the challenges.

However, in this article, we will touch upon the concepts of secure coding practices with the help of IntelliJ IDEA plugins and running tests as a part of Gradle builds on a continuous integration platform called Travis CI. Furthermore, we also need to know that Selenium is only a tiny portion of the big picture of testing practices adopted in DevOps.

We have outlined one example of integrating Selenium with Jenkins at the Integration of Jenkins with Selenium Webdriver.

There are many more tools such as Anthill, TeamCity, GitHub Actions, and similar platforms that are being used by testing and development teams. A Selenium testing framework needs to provide a mechanism for the tests to be triggered or can be called on-demand from these tools.

An automation framework, in general, needs to have efficient and intelligent ways of documenting specifications and a mechanism to provide traceability between tests and specifications in reports.

Therefore, we need to create executable test specifications and employ build tools such as Gradle, Maven, and other similar tools. Such tools, along with Kanban and Scrum boards in agile test management tools, enable us to achieve higher productivity among testing teams.

To know about one such example of calling tests as part of builds, please read our post on How To Create Gradle Project With Selenium.

Achieving some speed in delivering the software is beneficial for businesses. However, while accelerating, we need not forget about the inherent attribute which makes a quality product i.e. a secure source code. Therefore, we need to make use of techniques such as static and dynamic code analysis to uncover vulnerabilities in the source code. We also need to have checks on code compositions and logic errors.

However, these are out of the scope of this article. We need to remove these vulnerabilities by adopting secure-coding practices because these vulnerabilities can be exploited by hackers with malicious intentions to bring harm and eventually disrepute to the testing team as well as to the organization.

Selenium In DevSecOps

Integrating security practices earlier in the development life cycle phases in DevOps is called DevSecOps. We create Selenium tests using development IDEs such as Eclipse, IntelliJ IDEA, Vim, Emacs, and similar ones. These IDEs enable us to install plugins such as FindBug, and SonarLint for code inspection and static code analysis.

Under code inspection, we can cover many tasks such as finding potential bugs, performance issues, removing dead codes, conforming to guidelines and standards, conforming to formatting specifications, and things of that nature.

In the below section, we have outlined the steps of setting up a Selenium project for static code analysis in IntelliJ IDEA, a few examples on non-secure & secure code, and configuring GitHub actions for running Selenium tests on Travis CI, based on a Git push event.

Set Up Selenium Project For DevSecOps

Let us get the sample project by first forking it on Github.

Go to Gradle selenium and click on the fork button. It requires the creation of a Github account. Therefore, if needed, then please create it.

creation of a Github account

Forking creates a copy of the project on Github for us to try and develop the project independently without affecting the original project. Moreover, if required, then we can enhance the source code and send pull requests to the upstream repository.

Now, let us open the forked project on Github and clone it in the IDE. We are using IntelliJ IDEA to clone an assignment to our local machine or PC. Please refer to our post on How To Create a Gradle Project with Selenium.

Let us Checkout branch devsecops of the sample project by clicking the branch icon in the status bar of the IDE as shown in the below image:

Git_Checkout_devsecops

Static Analysis Of Selenium Source Code

We need to install static analysis plugins to find out the issues in the source code during the development so that it can be fixed before publishing the changes to the repository. Let us go to project settings in the IDE and install below given plugins.

Step #1: Install QAPlug – FindBugs

Install QAPlug - FindBugs

Step 2: Install SonarLint Plugin

Install SonarLint Plugin

Restart the IDE to complete the installation of the above-stated plugins.

Now, in the project explorer, right-click on the src folder of the project and access the Analyze Code in the context menu and then click on Inspect Code.

Inspect_Code

Once we click on the Inspect Code, the plugin performs the code inspection analysis as per the default profile in the IDE. The below-given image shows similar results and suggestions.

Inspect_Code_results

In the above image, IDE has warned the user saying unused imports and redundant declarations. We can take corrective actions as suggested in the right-hand side panel of the Analysis Toolbar.

Right-click on the src folder of the project in the project explorer again and analyze the code by using the SonarLint plugin. SonarLint plugin has not performed a rigorous check on the code, however, it has reported problems in its log.

SonarLintLog

Now, let us analyze the code using QAPlug – FindBugs plugin. The report given by the plugin looks similar to the one shown below.

Analysis_Results

Thus the steps outlined above have helped us in understanding the errors in the source code design. We need to fix the errors as per the suggestions provided by the static analysis plugin.

However, we can’t fix these errors using automation because there are so many ways through which the developers write the source code. Automated source code fixing is still a research area, and we encourage the readers to explore that subject on their own.

We can implement these checks as a part of before_install hooks in the configuration files of our continuous testing platform. We can stop the build and can define the percentage error or warning density as thresholds for making decisions concerning the building or deploying the project.

In this project, we have neglected the identified security errors or warnings. Therefore, let us go ahead and prepare the project so that we can run the tests as a part of the continuous integration platform.

Prerequisites of Running the Build on Travis CI:

Update the SetUp method in the TestSteps Class of the internet package in the project.

Use the code snippet mentioned below and save the TestSteps Class:

@Before
public void setUp() {

    // ChromeDriver path on development machine, which is Windows
    String OS = System.getProperty("os.name");
    if (OS.startsWith("Windows")) {
        System.setProperty("webdriver.chrome.driver",
                Paths.get("src/test/resources/chromedriver_win32/chromedriver.exe").toString());

    }

    if (driver == null) {
        ChromeOptions options = new ChromeOptions();
        options.addArguments("--headless");
        driver = new ChromeDriver(options);
    }

    driver.manage().timeouts().implicitlyWait(5, TimeUnit.SECONDS);
}
 

Now let us create a configuration file for Travis CI in our project. Open sample project in IntelliJ IDEA and create a file called “.travis.yml”.

Write the below-mentioned lines:

dist: bionic
language: java
jdk:
- openjdk8
before_install:
- sudo apt-get install -y chromium-browser
- wget -N http://chromedriver.storage.googleapis.com/80.0.3987.106/chromedriver_linux64.zip -P ~/
- unzip ~/chromedriver_linux64.zip -d ~/
- rm ~/chromedriver_linux64.zip
- sudo mv -f ~/chromedriver /usr/local/share/
- sudo chmod +x /usr/local/share/chromedriver
- sudo ln -s /usr/local/share/chromedriver /usr/local/bin/chromedriver
- sudo chmod +x gradlew

Save the “.travis.yml” file, and commit the changes to the local repository. However, do not push the changes to Github forked repository yet.

Set Up Travis CI For Continuous Integration

Travis CI is a free continuous integration environment for open source projects.

Go to Travis CI and set up a plan that is suitable for our forked project. Let us set up a free plan. Travis CI also has a 14-day trial installation for private projects. Therefore, if required, we can set up a paid plan for our project.

Travis_CI

Once we have completed the set up of the Travis CI from the Github marketplace, we need to configure it for our sample project. Please read further to do the same.

Go to Github settings, and click on Applications to see whether Travis CI is present under applications. Now, click on the Configure button, and on the next page, select the forked project.

Travis_CI_Application_Configure_Select_repository

Upon clicking on the save button, we are redirected to a page to Login into the Travis CI platform. We can use a Github account to log in to Travis CI.

Travis_CI_Application_Configure_Login_with_Github
After logging in, we can find our project on Travis CI. Here, we can check current build, branches, build history, and Pull Requests for our repository.

Travis_CI_Build_History

Moreover, Travis CI is also present in integrations of our project settings.

Travis_CI_GitHub_project_settings
Let us go back to the IDE and look at the configurations for Travis CI in the “.travis.yml” file. We have mentioned that our distribution is bionic, which is Ubuntu 18.04 LTS. We have mentioned other options as required because we are using a Java project and need the latest version of the Chrome browser to be present on the target distribution.

We have also mentioned the steps and commands to download and to install the Chrome browser & chromedriver. Also, set the right permissions so that the chromedriver can drive the Chrome browser on the target machine.

Commit all the changes in the project in the devsecops branch.

All the above-mentioned steps will help the readers to learn the concept of creating configurations for running selenium tests on Travis CI. To run these tests, readers need not merge their changes in the master branch of the provided sample project because those changes are already present in the master branch.

Therefore, checkout the master branch of the repository. Push the changes to the origin repository using Git push. Git push invokes the Gradle build and runs all prerequisites, as mentioned in the ‘.travis.yml.’ Our tests will run as part of the Gradle’s build task. Travis CI dashboard also displays build logs.

These logs are similar to the one shown below.

Travis_CI_Build_History

For details on the failures, we can check the job log. Please check here one example of the Job log

Conclusion

In this article, we have covered the concepts of DevOps and DevSecOps by taking the Gradle Selenium project as an example. We have given a brief idea of source code analysis tools such as FindBugs and Sonarlint. We explained the steps to install these plugins in IntelliJ IDEA. Moreover, we have outlined steps to set up a continuous integration platform called Travis CI, which is free for open source projects of Github.