Automotive CI/CD DevOps & Test Automation

Modern vehicles typically have more than 100 million lines of code. Maintaining both quality and affordability have become priorities and unique challenges for many development teams. This comes in tandem with more rigorous requirements for safety and security. All of this adds up to testing becoming even more of an integral part of the software development life cycle (SDLC).

As the automotive industry continues to embrace Agile development methodology, other processes that can be accelerated appear. This includes delivery by DevOps with a particular focus on continuous testing. DevOps is aimed at automating all of the necessary steps required to take application code and deliver it to the end user. Essentially, it works like a conveyor belt to move application code through distinct phases.

Today’s DevOps and continuous everything initiatives require the ability to assess the risks associated with a release candidate instantly and continuously. Continuous testing provides an automated, unobtrusive way to obtain immediate feedback on the business risks associated with a software release candidate. It guides development teams to meet business expectations and helps managers make informed trade-off decisions in order to optimize the business value of a release candidate. Much of this is performed through continuous integration (CI).

Our whitepaper on the subject illuminates just how CI/CD DevOps can be useful for automotive development projects. This blog covers some of the same topics and answers the following questions.

1. What is CI/CD in ADAS Development?
2. What are the benefits of CI/CD?
3. How does it fit into automotive industry DevOps?
4. What can test automation do for your team?
5. What are containers and how do they work?
6. Why is Parasoft good for CI/CD DevOps in automotive development?

Continuous integration as part of a continuous development cycle.

What Is CI/CD?

CI/CD stands for continuous integration and continuous delivery. The combination of the two creates an automated pipeline where code is constructed then tested then deployed using automated processes. It also entails development teams working in shorter cycles in a more streamlined workflow.

Teams using CI/CD typically have reduced risks, costs, and development times while using this methodology and approach. As pictured above in the CI/CD DevOps cycle, the feedback loop enables the “continuous” aspect of the methodology to enable automation. However, it’s automated testing that powers the whole loop.

How Does CI/CD Fit Into DevOps for the Automotive Industry?

Since much of automotive development has become wrapped up in software, pushing updates has become the more routine work over addressing hardware malfunctions. Adhering to updates to functional safety standards like ISO 26262, AUTOSAR, and more means teams must adapt quickly.

Utilizing Agile methodology, continuous testing, and automation is the best strategy to address these modern concerns in automotive software development and maintenance.

Benefits of CI/CD Pipelines

Here are seven benefits of CI/CD pipelines in automotive software development.

Code & Test Coverage

Knowing what code was and was not covered through test case execution allows teams to better understand where bugs might be lurking. It also helps with knowing how many more test cases are needed for required code coverage goals and getting more accurate results.

Code Standards

Employing static analysis within the CI/CD DevOps workflow makes it easier to conform to industry coding requirements such as MISRA C/C++.

Continuous Test Automation

Leverage immense labor and cost reduction to create automotive software testing on an automated continuous basis that requires little human interaction.

Shift-Left Testing

Testing early and often helps to ensure fewer threat vectors, mistakes, and problems during your workflow. Bugs get exposed earlier leading to easier fixes, reduced deployment times, and lower project costs.

Security

Using static analysis coding standards like SEI CERT C/C++ allows for earlier detection of security vulnerabilities and bugs.

Containers

These can help create reproducible, consistent, and secure development environments. They can be updated in a centralized manner and then deployed as developers update code.

Data-Driven

Underpinning continuous testing is data generation and analysis. By creating the appropriate data for specific scenarios you want to execute, you can better simulate the scenario instead of relying on production data sources.

Building the Right DevOps Test Automation Ecosystem

It’s important to fully understand the DevOps phases and when to start using the right tools for the best results. There are also various tried and true CI/CD pipeline tools or solutions in the market that support your DevOps deployment. Some of these tools for the automotive industry include:

• Parasoft
• Jenkins
• GitHub
• GitLab
• Azure DevOps
• Bitbucket
• Bamboo
• Docker (containers)

Security Test Automation for Automotive Software Development

You may have heard the term, DevSecOps, before. This is the practice of integrating security into the DevOps workflow. It requires a mindset shift in teams to integrate security tools and practices into this methodology.

Adopting security into your workflow is paramount as security has become very important for many auto manufacturers. Regulatory requirements from WP.29 by the UNECE and the need to incorporate security processes from standards like ISO 21434 necessitate it.

Incorporating security into the CI/CD phases is shown in the figure above, as well as where test methods can be applied.

Continuous Integration in Automotive Software

One of the core components of DevOps is Continuous integration. CI is the merging of code features, fixes, or small changes backed by processes that include version control and software build automation.

Automated procedures will vary for developer teams based on project scope, priorities, tools used, budget, and other factors.

In a nutshell, the typical workflow starts with developers creating a branch to work from. Developers perform a pull request, write code, and make changes every day—several times a day. A push or commit for the code change is made, which creates a merge request.

The code is pushed into a repository like Git, typically within a DevOps platform like GitLab. GitLab will run a pipeline for each commit on the developer’s branch. In other words, it will build the code and run automated test scripts (static analysis, unit testing, code coverage, and so on). Docker images may also be used to fulfill the pipeline. Once the code has been verified, it will be merged into the main branch.

Other code hosting platforms like GitHub are also commonly used and can host self-hosted runners. These runners can be physical servers, virtual machines, or container images, and run on-premise or on a public cloud, like Google Cloud.

Test Automation Workflow

Automation is not enough anymore. That’s why continuous testing works in tandem with automation in DevOps to deliver better results, shorter lifecycles, and fewer bugs. It allows teams to pivot quickly—a necessary trait in today’s world of ever-changing requirements and updates.

How Do You Construct the Pipeline?

Creating your own automotive CI/CD DevOps pipeline will depend on your team, workflows, project, and the like. But in general, constructing the pipeline hinges on some key aspects.

1. Identifying the target hardware, software purpose, and expected results.
2. Knowing possible risk factors, security vulnerabilities, and problems.
3. Establishing automated testing by identifying which tests can and should be automated and applying them accordingly.
4. Utilizing the right tools that best help developers address updates, bugs, and overall workflows.
5. Creating documentation around the system for transparency and easier communication among team members.

What Triggers the Pipeline?

When a developer has created new code or finished a fix, committing it into the repository triggers testing with both an incremental build test and a static analysis test on the unit. Developers can use these results to refactor as required.

Developers can also trigger project-wide builds manually or at certain times during work hours. This would start a complete static analysis run followed by a regression test suite featuring new and updated unit tests.

Integration Points for Automated Testing

With a particular focus on static analysis and unit testing, test automation plays the most integral role in the code, build, and test phase of the SDLC.

• Code. In terms of coding standard compliance, quality, and security, static analysis tools are essential. As an example, automotive software conforming to MISRA C or C++ requires clean reports at coding and check-in to ensure continuous compliance.
• Build. This stage triggers static analysis tools and initiates regression tests. This provides a complete scope of the software with precision for error location and data for future testing.
• Test. This stage sees teams address failed regression tests and test newly added features. Regression and other test results drive the planning cycle.

Integrating vital quality and security checks require static analysis tools.

How Containers Improve Automotive Software Development

Development teams know that CI/CD workflows can function the same, regardless of whether they are containerized or not. But containers allow DevOps teams to deploy applications more easily, as well as patch and scale them to an organization’s needs. In essence, containers accelerate development, testing, and production as applied within Agile and DevOps utilization.

When it comes to managing complex development environments, especially in the safety-critical space, teams usually struggle with the following challenges.

• Synchronizing upgrades for the entire team to a new version of a tool like a compiler, build toolchain, and so on.
• Dynamically reacting to a new security patch for the library or software development kit (SDK).
• Assuring consistency of the toolchain for all team members and the automated infrastructure (CI/CD).
• Ability to version the development environment and restore it to service the older version of the product that was certified with the specific toolchain.
• Onboarding and setting up new developers.

All of these problems can be solved using containers.

Conclusion

Any strategy that reduces time to market, costs, and makes things easier for development teams is a win-win-win situation. Adopting the Agile methodology and shifting left toward CI/CD DevOps is a necessity for modern automotive industry developers. But not all tools on the market for this purpose are created equally.

Why Is Parasoft Good for CI/CD DevOps in Automotive Development?

Parasoft presents a unique solution to your CI/CD DevOps needs. Our tool auto-generates data reports, features an intuitive UI that is beginner-friendly, assists with end-to-end system testing, and more. Eliminate questions about tool qualification or struggles with record keeping. Track progress using intelligent reporting and dashboards that provide data across unit testing, static analysis, and other metrics.

Our solutions maintain the standards and certifications required for safety-critical software. What’s more, Parasoft users benefit from a flexible, centralized web-based interface to browse results when integrating into CI/CD workflows. The dynamic web-based reporting dashboard uses our Process Intelligence Engine to offer quality-of-life features like:

• Source code navigation
• Customizable reporting widgets
• Advanced analytics
• Advanced filtering

“MISRA”, “MISRA C” and the triangle logo are registered trademarks of The MISRA Consortium Limited. ©The MISRA Consortium Limited, 2021. All rights reserved.