Introduction

Thank you for choosing OpenRefactory’s Intelligent Code Repair (iCR). iCR combines source level static analysis and machine learning to examine programs to detect security, reliability, and compliance issues and combines that with behavior-enhancing code refactoring technology to create safe and reliable corrections for those flaws. This results in code free from many serious security vulnerabilities and programming errors.

iCR may be used on a demand basis when needed using a pay-as-you-go model such as offered with cloud providers such as Amazon’s AWS and Microsoft’s Azure services. iCR may also be deployed using a Private Platform which is managed directly by the iCR users. Frequent users of iCR may want to integrate iCR into their regular Continuous Integration/Continuous Deployment (CI/CD) operation. Integrating into the CI/CD workflow empowers the operations team to ensure that code is routinely checked for errors and that developers are given the opportunity to review and correct those errors.

This User Guide will provide a detailed description of how iCR may be integrated into CI/CD workflows provided by Jenkins, GitHub and GitLab, three of the most popular CI/CD workflow frameworks available. CI/CD integration is only offered through the Private Deployment model for iCR.

The Guide assumes that the user is already familiar with the private deployment usage of iCR as described in the User Guides for Java, Python or for Go. This guide also assumes that iCR is correctly installed and operating on the desired server platform. Only the steps to create the workflows and configure the triggers are described in this document.

Referencing the Admin Guides for Java, Python or Go, we will review where to find the CI/CD information from your iCR release package. In that package you will find a subdirectory named icr-CICD-package which holds 6 files to be used to integrate iCR into Jenkins, GitHub Actions or GitLab CI/CD pipelines. The subdirectory contains:

1. icrPlugin.hpi: iCR supports Jenkins workflows which use a plugin to be inserted into workflows to trigger iCR. This file is the plugin which would be used with Jenkins.

2. icr-gitlab.tar: This is the file containing the Docker image to be executed by GitLab to start an analysis via a CI/CD pipeline in GitLab.

3. icr-github.tar: This is the file containing the Docker image to be executed by GitHub to start an analysis via a CI/CD pipeline in GitHub Actions.

4. prep-container: For simplicity and convenience, OpenRefactory provides a simple script to make it easier to prepare the iCR code for insertion into the GitLab and GitHub CI/CD container registries.

5. gitlab-ci.yml: When using a GitLab CI/CD pipeline, a yml script is required in each desired repository to activate iCR when the pipeline is executed. This is the sample script to be inserted into the User’s repository to cause iCR to be correctly invoked.

6. githubAction.yml: When using a GitHub CI/CD pipeline, a yml script is required in each desired repository to activate iCR when the pipeline is executed. This is the sample script to be inserted into the User’s repository to cause iCR to be correctly invoked.

How these files are used will be covered in each of the sections dealing with CI/CD workflows for each supported system.