Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab

Abstract

An effective and efficient application of Continuous Integration (CI) and Delivery (CD) requires software projects to follow certain principles and good practices. Configuring such a CI/CD pipeline is challenging and error-prone. Therefore, automated linters have been proposed to detect errors in the pipeline. While existing linters identify syntactic errors, detect security vulnerabilities or misuse of the features provided by build servers, they do not support developers that want to prevent common misconfigurations of a CD pipeline that potentially violate CD principles ("CD smells"). To this end, we propose CD-Linter, a semantic linter that can automatically identify four different smells in pipeline configuration files. We have evaluated our approach through a large-scale and long-term study that consists of (i) monitoring 145 issues (opened in as many open-source projects) over a period of 6 months, (ii) manually validating the detection precision and recall on a representative sample of issues, and (iii) assessing the magnitude of the observed smells on 5,312 open-source projects on GitLab. Our results show that CD smells are accepted and fixed by most of the developers and our linter achieves a precision of 87% and a recall of 94%. Those smells can be frequently observed in the wild, as 31% of projects with long configurations are affected by at least one smell.

Original language	English
Title of host publication	ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Editors	Prem Devanbu, Myra Cohen, Thomas Zimmermann
Publisher	Association for Computing Machinery (ACM)
Pages	327-337
Number of pages	11
ISBN (Electronic)	9781450370431
DOIs	https://doi.org/10.1145/3368089.3409709
Publication status	Published - 2020
Event	28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020 - Virtual, Online, United States Duration: 8 Nov 2020 → 13 Nov 2020

Publication series

Name	ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Conference

Conference	28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020
Country/Territory	United States
City	Virtual, Online
Period	8/11/20 → 13/11/20

Keywords

Anti-pattern
Configuration
Continuous Delivery
Continuous Integration
DevOps
Linter

Access to Document

10.1145/3368089.3409709

Cite this

Vassallo, C., Proksch, S., Jancso, A., Gall, H. C., & Di Penta, M. (2020). Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab. In P. Devanbu, M. Cohen, & T. Zimmermann (Eds.), ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 327-337). (ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering). Association for Computing Machinery (ACM). https://doi.org/10.1145/3368089.3409709

Vassallo, Carmine ; Proksch, Sebastian ; Jancso, Anna et al. / Configuration smells in continuous delivery pipelines : A linter and a six-month study on GitLab. ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. editor / Prem Devanbu ; Myra Cohen ; Thomas Zimmermann. Association for Computing Machinery (ACM), 2020. pp. 327-337 (ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering).

@inproceedings{e5db47737e9c41219d4840259830e685,

title = "Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab",

abstract = "An effective and efficient application of Continuous Integration (CI) and Delivery (CD) requires software projects to follow certain principles and good practices. Configuring such a CI/CD pipeline is challenging and error-prone. Therefore, automated linters have been proposed to detect errors in the pipeline. While existing linters identify syntactic errors, detect security vulnerabilities or misuse of the features provided by build servers, they do not support developers that want to prevent common misconfigurations of a CD pipeline that potentially violate CD principles ({"}CD smells{"}). To this end, we propose CD-Linter, a semantic linter that can automatically identify four different smells in pipeline configuration files. We have evaluated our approach through a large-scale and long-term study that consists of (i) monitoring 145 issues (opened in as many open-source projects) over a period of 6 months, (ii) manually validating the detection precision and recall on a representative sample of issues, and (iii) assessing the magnitude of the observed smells on 5,312 open-source projects on GitLab. Our results show that CD smells are accepted and fixed by most of the developers and our linter achieves a precision of 87% and a recall of 94%. Those smells can be frequently observed in the wild, as 31% of projects with long configurations are affected by at least one smell.",

keywords = "Anti-pattern, Configuration, Continuous Delivery, Continuous Integration, DevOps, Linter",

author = "Carmine Vassallo and Sebastian Proksch and Anna Jancso and Gall, {Harald C.} and {Di Penta}, Massimiliano",

year = "2020",

doi = "10.1145/3368089.3409709",

language = "English",

series = "ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering",

publisher = "Association for Computing Machinery (ACM)",

pages = "327--337",

editor = "Prem Devanbu and Myra Cohen and Thomas Zimmermann",

booktitle = "ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering",

address = "United States",

note = "28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020 ; Conference date: 08-11-2020 Through 13-11-2020",

}

Vassallo, C, Proksch, S, Jancso, A, Gall, HC & Di Penta, M 2020, Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab. in P Devanbu, M Cohen & T Zimmermann (eds), ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Association for Computing Machinery (ACM), pp. 327-337, 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020, Virtual, Online, United States, 8/11/20. https://doi.org/10.1145/3368089.3409709

Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab. / Vassallo, Carmine; Proksch, Sebastian; Jancso, Anna et al.
ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ed. / Prem Devanbu; Myra Cohen; Thomas Zimmermann. Association for Computing Machinery (ACM), 2020. p. 327-337 (ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Configuration smells in continuous delivery pipelines

T2 - 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2020

AU - Vassallo, Carmine

AU - Proksch, Sebastian

AU - Jancso, Anna

AU - Gall, Harald C.

AU - Di Penta, Massimiliano

PY - 2020

Y1 - 2020

N2 - An effective and efficient application of Continuous Integration (CI) and Delivery (CD) requires software projects to follow certain principles and good practices. Configuring such a CI/CD pipeline is challenging and error-prone. Therefore, automated linters have been proposed to detect errors in the pipeline. While existing linters identify syntactic errors, detect security vulnerabilities or misuse of the features provided by build servers, they do not support developers that want to prevent common misconfigurations of a CD pipeline that potentially violate CD principles ("CD smells"). To this end, we propose CD-Linter, a semantic linter that can automatically identify four different smells in pipeline configuration files. We have evaluated our approach through a large-scale and long-term study that consists of (i) monitoring 145 issues (opened in as many open-source projects) over a period of 6 months, (ii) manually validating the detection precision and recall on a representative sample of issues, and (iii) assessing the magnitude of the observed smells on 5,312 open-source projects on GitLab. Our results show that CD smells are accepted and fixed by most of the developers and our linter achieves a precision of 87% and a recall of 94%. Those smells can be frequently observed in the wild, as 31% of projects with long configurations are affected by at least one smell.

AB - An effective and efficient application of Continuous Integration (CI) and Delivery (CD) requires software projects to follow certain principles and good practices. Configuring such a CI/CD pipeline is challenging and error-prone. Therefore, automated linters have been proposed to detect errors in the pipeline. While existing linters identify syntactic errors, detect security vulnerabilities or misuse of the features provided by build servers, they do not support developers that want to prevent common misconfigurations of a CD pipeline that potentially violate CD principles ("CD smells"). To this end, we propose CD-Linter, a semantic linter that can automatically identify four different smells in pipeline configuration files. We have evaluated our approach through a large-scale and long-term study that consists of (i) monitoring 145 issues (opened in as many open-source projects) over a period of 6 months, (ii) manually validating the detection precision and recall on a representative sample of issues, and (iii) assessing the magnitude of the observed smells on 5,312 open-source projects on GitLab. Our results show that CD smells are accepted and fixed by most of the developers and our linter achieves a precision of 87% and a recall of 94%. Those smells can be frequently observed in the wild, as 31% of projects with long configurations are affected by at least one smell.

KW - Anti-pattern

KW - Configuration

KW - Continuous Delivery

KW - Continuous Integration

KW - DevOps

KW - Linter

UR - http://www.scopus.com/inward/record.url?scp=85097126417&partnerID=8YFLogxK

U2 - 10.1145/3368089.3409709

DO - 10.1145/3368089.3409709

M3 - Conference contribution

AN - SCOPUS:85097126417

T3 - ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

SP - 327

EP - 337

BT - ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering

A2 - Devanbu, Prem

A2 - Cohen, Myra

A2 - Zimmermann, Thomas

PB - Association for Computing Machinery (ACM)

Y2 - 8 November 2020 through 13 November 2020

ER -

Vassallo C, Proksch S, Jancso A, Gall HC, Di Penta M. Configuration smells in continuous delivery pipelines: A linter and a six-month study on GitLab. In Devanbu P, Cohen M, Zimmermann T, editors, ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Association for Computing Machinery (ACM). 2020. p. 327-337. (ESEC/FSE 2020 - Proceedings of the 28th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering). doi: 10.1145/3368089.3409709