Nowadays if you want your open source project to thrive, attract contributors and get traction among the community, there's no doubt, you need to have basic CI/CD - or any other continuous - processes implemented.
Any open source contributions that you put out there should be backed by processes to make sure they are valid and working.
Whether it's a web application, a new Docker image, a mobile app, an Ansible role, etc., you should always have your work double-checked, and there are tons of free and easy to use tools to help you.
Here are 5 tools that I use and recommend for your next contributions.
Circle CI
Let's start with the basic and the base of a stable and trustworthy codebase - implementing a CI pipeline.
Circle CI is a cloud-native CI/CD tool, that lets you quickly set up a CI pipeline for your projects.
Just register your project on Circle CI and add a config.yml
inside the .circleci
folder on the root of your project repository and you're done.
For example, a simple Gradle project can be set up with the following config.yml
:
version: 2
jobs:
build:
docker:
- image: circleci/openjdk:8-jdk
steps:
- checkout
- run: mvn compile
There are a lot of other similar tools, I usually use CircleCI but any other tool should do the job.
Codacy
As your project starts to get traction, and more and more contributions, you should have a gatekeeper on every pull request to make sure the quality of your code does not go down.
Codacy is a great tool for that, it scans your code and detects code smells, technical debt, bugs and helps you maintain a healthy codebase in general.
It's very easy to integrate into your current workflow and gives you great insights into your code with graphs pinpointing the most problematic areas of your code.
Snyk
Any project is vulnerable to security issues, especially if it's using third-party libraries. Snyk is your best friend in this situation, it will scan your project dependencies and report any known vulnerabilities.
It can open automatically a PR on your repository with the compromised dependencies update, you'll just have to review it and migrate your code to the dependency's new version.
If your project is containerized, Snyk can even alert you for vulnerabilities on your container images.
Snyk displays the vulnerabilities by severity and you can generate reports and lists of known issues in your project.
Netlify
If you're building a modern frontend static application, Netlify is a great way to quickly set up a continuous deployment flow.
It connects directly to your git repository and listens for changes on your default branch. It will then build and deploy your frontend application.
Besides providing a great free plan Netlify also has some very useful features like the 1-Click HTTPS and the deploy preview which builds and deploys every open pull request on a different URL. This way you can quickly see your changes live before merging your PR.
Semantic versioning and Changelog
If you want your open source project to be taken seriously you should keep a changelog and start thinking about versioning your project right from the beginning.
Versioning and changelogs are important once your project starts to get traction. It will boost developers' confidence in your project since changes are tracked and they won't be blindsided by breaking changes - if you follow semantic versioning correctly.
If you're unfamiliar with Semantic versioning you can read the specs and Keep a changelog is a great place to start with changelogs.
What do you think about these tools? Would you add any other tools to the list?
Top comments (4)
That's really helpful post, well written and well-explained, thank you for sharing.
Looking forward to such more articles from you.
Regards,
DevOps Training in Pune
Good article! To do semantic versioning you can use QCObjects CLI Tool:
Thank you for including Codacy in this!
Thanks