Building Scalable and Secure DevOps Pipelines with .NET

307 VIEWS

1 month ago

Introduction

This article will discuss how to build a scalable and secure DevOps Pipeline with .NET. This article covers creating a pipeline, best practices, and the strengths and weaknesses of .NET as a platform. .NET is an open-source C# framework that runs on the web, native mobile, and desktop applications.

What is DevOps?

The following definition is from AWS:

DevOps is the combination of cultural philosophies, practices, and tools that increases an organization’s ability to deliver applications and services at high velocity: evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.

Benefits of building a secure and scalable DevOps pipeline

Faster upgrades and maintenance
Improved means of fixing bugs and operational support
Increased Productivity
Improved data protection and security

Basic steps of a .NET-based DevOps pipelines

Day-to-day steps involved in building a pipeline include:

Develop – This involved writing and pushing code into a source control like Bitbucket or GitHub.
Clean – The first stage in a CI/CD pipeline should be the cleaning of the environment, example in Jenkins, it is CleanWs().
Build – Here, we build the code in the source control.
Test – In this step, we run a test to make sure the code base is secure.
Deploy – This is the last step of the pipeline, in this step we configure the production environment and deploy it to the end users.

Overview of .Net as a DevOps Platform

Strengths of .Net as a DevOps platform

Better performance: The performance is always good due to its top speed.
Platform Independent: It can use implemented in Windows, iOS, or native mobile applications (.Net core).

Weaknesses of .Net as a DevOps platform

Memory Leaks: While memory leaks tend to be common in most softwares, .Net has a reputation around its memory-related issues and risk of memory leaks.
It has fewer Open-Source libraries which sometimes makes the job of a developer less easy.
Memory footmark: Due to its large memory footmark, makes it less suitable for a resource-constrained environment.

Best practices for securing .NET-based DevOps pipelines

There are best practices for securing a .NET-based DevOps pipeline. These practices help to keep the data in a database or pipeline safe:

Safe storing of secrets: Authentication credentials allow access to applications or a step in a pipeline or project. If the keys are don’t properly used and also secured, it can lead to a data breach in an organization. So very few people should have control or access to credentials, with additional restrictions if necessary. Some examples include authentication token, API token, webhook, username and password, secret text, and secret file (SSH keys and encryption keys).
Shift left method: In this method, developers implement security features in the application design, instead of doing it in a later stage.
Privatizing your repository: When implementing a CI/CD pipeline, you should ensure that the repository storing the source code is a private repo. You should also implement two-factor authentication.
Strengthening access control: In an organization, there should be an access control list to a particular pipeline by making sure that different environment is centralized. They should make use of Identity and Access Management (IAM) to make sure an employee has access and can implement a particular feature to avoid a breakdown in the pipeline.

Roles of NuGet and MSBuild in an automated .Net Pipeline

MSBuild is used in building the software product in a .NET CI/CD Pipeline by compiling the source code, packaging, testing, and deploying it. Provides an XML schema for a project file that controls how the build platform processes and builds software.

NuGet is used to restore the packages by ensuring the application has all the binaries it needs to build in a CI/CD pipeline. Basically, NuGet is a package manager for .NET.

Solutions for Cloud-based DevOps Processes

There are a lot of cloud-based solutions for DevOps processes, which help to make the daily life of a DevOps engineer a lot easier. These are a few cloud-based solutions:

AWS

Amazon web services popularly known as AWS is a cloud-based DevOps solution that helps ease DevOps practices. Some of its services provided specifically for DevOps are CodeBuild, CodePipeline, and CodeDeploy.

Codebuild helps in automating the code delivery and deployment processes. In other words, it is where the source code is been compiled, tested, and deployed.

CodeDeploy is a deployment service that automates software deployment to services like AWS EC2, AWS ECS, AWS EKS, and Lambda functions.

CodePipeline is a continuous delivery service. It lets a user create a pipeline where all the steps can be automated.

GCP

Google cloud platform popularly known as GCP is a cloud-based DevOps that has services that are used in the daily life of a DevOps engineer. GCP provides tools like Cloud Run, Cloud Build, Artifact Registry, and Google Kubernetes Engine(GKE).

Cloud Run is a GCP fully managed platform that helps in running and scaling containers.

Cloud Build is a continuous integration / continuous delivery service which lets you run fast and reliable automated builds.

Artifact Registry is a service in GCP that manages container images like dockerHub and language packages.

AZURE

Microsoft Azure is a popular cloud-based solution for DevOps practices all over the world. It makes use of services like Azure pipeline, Azure Repos, Azure Test Plans, and Azure Artifacts.

Azure Pipeline is a fully managed CI/CD service that enables the building and testing of source code quickly and automatically.

If you are looking to manage your source code, Azure Repos is a version control service that lets you do so.

Azure Artifacts is a service that offers support for NPM, Maven, Python, and NuGet package feeds from public and private sources, it enables developers to share their code efficiently and manage their packages from one place.

How to use .NET in a CI/CD Pipeline

In this section, we will demonstrate how to create a CI/CD pipeline using .NET and Jenkins.

Open your Jenkins app if you already have it installed, but if you don’t have it installed, you can follow this link.

Step 1

Open your Jenkins and Install the required plugins.

Step 2

Navigate to “Manage Jenkins”, then to “Manage Plugins”.

Step 3

Click on “Available plugins”, then Install MsBuild, MsTest, MsTestRunner, PowerShell, and VsTestRunner and install them if not already installed, then click Install without restart.

Step 4

Create a Jenkins pipeline.

Go back to your Jenkins homepage and click “New item”, then enter the name of the pipeline and choose “pipeline” then click “ok”.

In the Definition area, change it to “pipeline script from SCM”, then choose “Git” and add your repo url.

Step 5

Insert “Jenkinsfile” in Script Path.

Step 6

Create a Jenkinsfile and set the environment to the path where you installed your dotnet.

pipeline{
    agent any
    environment {
        dotnet = 'C:\\Program Files\\dotnet\\dotnet.exe'  

    }
}

Step 7

The next stage should be the stage for cleaning the workspace to avoid an unexpected breakdown in the pipeline.

stages{
        stage("clean workspace"){
            steps{
                cleanWs()
            }
            post{
                success{
            echo "========clean workspace executed successfully========"
                }
                failure{
                    echo "========clean workspace execution failed========"
                }
            }
        }
   }

Step 8

Access the source code from your repo, by using your personal token as credentials instead of a password to avoid further hacks.

stage("github access"){
            Steps{
git branch: '<master or main branch>', credentialsId: '<credential for git>', url: '<git url>'
            }
`           
            post{

                success{
                    echo "====++++github access executed successfully++++===="
                }
                failure{
                    echo "====++++github access execution failed++++===="
                }
        
            }
        }

Step 9

Build the app by directing it to where the sln file does exist.

stage("build"){
            steps{
                
                echo "====++++executing build++++===="
                bat 'dotnet build ${workspace}\\<path-to-solution\\<solution-project-name>.sln --configuration Release' 
            }
            post{
                success{
                    echo "====++++build executed successfully++++===="
                }
                failure{
                    echo "====++++build execution failed++++===="
                }
        
            }
        }

Step 10

This is the stage where we run the test.

stage("test"){
            steps{
                
                echo "====++++executing test++++===="
                bat 'dotnet build ${workspace}\\<path-to-solution\\<path-to-test>\\<solution-project-name>.Test.csproj --logger:trx'   
            }
            post{
                success{
                    echo "====++++test executed successfully++++===="
                }
                failure{
                    echo "====++++test execution failed++++===="
                }
        
            }
        }

Step 11

Now that the Jenkinsfile is ready, go back to your Jenkins host url and click on the pipeline name “.Net CI-CD”, then click build to run the pipeline.

Conclusion

With these stated views, you should have knowledge on how to create a scalable, robust, and secure CI/CD pipeline with DevOps and also know some best practices on how to secure a DevOps pipeline in order to avoid a data breach in the future. Additionally, you now have an idea of a cloud-based solution for your pipeline and the function of various packages like MSBuild and NuGet.