Five Days of CI with ColdFusion and Bitbucket Pipelines
Build, lint, secure, test and deploy your CF app in just one week!
So you've got an app. A CF app. The best app. And it's gorgeous, absolutely beautiful.
Only it's not tested. The coding style is all over the map. And you have a gut feeling that big, beautiful app you wrote is full of security holes.
If you don't var scope your variables, your code is not thread-safe. Period. If you don't test your app, you have no guarantee it is working correctly. And if you don't find the security holes in your CF app, eventually someone else will.
You don't need a rebuild, you need a code cop. Someone or something that tells you when you inadvertently programmed an XSS hole into your blog, when you forgot to scope a variable, left a
<cfdump> in production code, or broke the
login() function just by modifying
You need CFLint. You need Fixinator. You need TestBox. And you need Bitbucket Pipelines to pull all three together and perform "code cop" duty by informing you when your code quality takes a nosedive.
Enter Five Days of CI. Five Days of CI is a five step guide to setting up Continuous Integration on your CF app using Bitbucket Pipelines. We'll cover:
- How to set up a basic Bitbucket Pipelines build
- How to continuously improve your CFML programming style via CFLint
- How to scan for XSS, SQLi, or other vulnerability errors with Fixinator
- How to test your code using TestBox to make sure your app works like it should
- How to deploy from Bitbucket Pipelines using SSH and Git
Five Days of CI will help you automate your build process and continuously improve your app using a modern CFML workflow. Each step in this course is an optional, hassle-free method of keeping bugs out of production, and features stand-alone Bitbucket Pipelines configuration for easy copy-and-paste to save you even more time.
Transform "Let's Fix Bugs" time to "Let's Build Features" time by using Continuous Integration to automate your code quality. Remember, the earlier you catch bugs, the less they cost, so catching bugs before they hit production is crucial.
So check in early, check in often, and follow along as I help introduce Continuous Integration to your CFML app.
Frequently Asked Questions
What Is Continuous Integration?
In a nutshell, the original definition of Continuous Integration is to 1. build frequently, and 2. verify a successful build. We build frequently (check in developer’s code) to avoid merge conflicts, and we verify a successful build by testing the software against design requirements.
How Does Continuous Integration Fit with Agile Development?
Agile development is the premise that incremental, iterative releases will produce better results than a slower, larger single release. Continuous Integration (CI) doesn’t just embody the ethos of agile development - it makes agile development possible.
Rapid releases are not possible if one must manually paste each developer’s changes into the code repository, and iterative releases are inefficient unless the process of integrating, testing, and deploying a new build is automated. However, creating a release is pointless unless it works. If that new code throws errors, introduces a bug, or doesn’t even compile, it’s worse than useless, right?
Do I Have to Love Agile?
No, you don’t have to love agile to complete this course. You don’t even have to like it. What this course will give you is an automatic pragmatic workflow to help improve your code quality - regardless of your opinion on development methodologies.
Why Do I Need CI?
Because honestly, your code stinks! (Probably. No offense.) We all write buggy, insecure code by default, but careful code review, scanning and testing can help us prevent bad code from ever hitting production.
Why Bitbucket Pipelines?
Let's face it - there are a ton of CI tools out there. I use Bitbucket for my freelance work - I like it, it's easy and powerful and doesn't require a separate server or installation. Also, Bitbucket Pipelines comes with a decent free plan which includes 50 free build minutes per month.
What About __ CI?
If you're looking for a Gitlab CI course for ColdFusion, you may get some value out of this pertaining to configuring ColdFusion tools, such as Testbox, Fixinator or CFLint. Anything else is strictly related to the Bitbucket Pipelines platform and is obviously not relevant to Gitlab CI, Jenkins, etc.
Could You Make One for __ CI?
Honestly, I would love to extend or duplicate this course for another platform. If you would want to see another CI platform (Gitlab CI, Jenkins, Travis) please let me know!
I once interviewed with a web agency and tried to convince my future employer that I could quickly learn to build ColdFusion apps for their clients. I got the job, bought a book, and after reading a few online tutorials (and bugging my coworkers), I realized it's not that hard to learn CF.
ColdFusion is a different beast now. There's a new open-source engine. There's a powerful CLI, new frameworks, a package system, and so much more. But the ColdFusion tutorials and books have not changed since I learned ColdFusion!
I am sick of hearing that CF is not capable. That CFML is an "XML language", is doomed, extinct, dead, or spaghetti by nature. So I'm going to teach modern CF, from setting up your IDE to querying the database to CI and CD. CF is not dead - the way you wrote it is dead. Long Live CF!
What do I need for this course?
- You need a Bitbucket account with your CFML app already stored in a
(I use the Bitbucket free plan, you can sign up by going to bitbucket.org/account/signup/)
- You need to know basic Git - how to commit, branch, and push code.
(Don’t know Git? Get started with #0 Git Tutorial | What Is Git?)
- A basic knowledge of Docker concepts would be helpful but not necessary.
(Don’t know Docker? Check out What is Docker & Docker Containers, Images, etc?)