1.6

Released in version 1.6 (03 March 2020)

CI/CD improvements

Continuous integration is critical to building good quality software. So we are always looking for ways to making it easier to set up a CI pipeline, while at the same time keeping things configurable so that it can cover many different use cases and development processes. These are the changes that we made:

• Added an option to always execute a step in a pipeline. For example, a notification email should be sent even if a code review failed.
• The timeouts per step are now customizable. If a certain job is expected to last long it is now easy to increase the timeout.
• The code review job now only downloads and reviews a model it there is a new commit
• Pipelines on commit use the branch configured on the automation tab of CI/CD and overrule a branch configured on a job
• Simplified the Mendix cloud tab – CICD polls a lot of data from sprintr which was presented in this tab. Because this data is already available in sprintr we removed it from the UI, only keeping the parts that have a use in CI/CD e.g. savepoints which can be restored.

With all of these improvements, the CICD tool is close to being officially released and hopefully, it will lose the preview status very soon.

Twenty new code review rules. Yes, 20!

With this release, the focus was mostly on security and performance rules. Taking inspiration from expert webinar series, mendix best practices, and community blogs we identified the most common security violations and performance issues that Mendix apps run into and devised rules to detect them.

PERFORMANCE

1. Not/or expressions in XPath should be avoided when the path goes over an association
2. Retrieves over the same association should be grouped together
3. Dropdown reference selectors should be used sparingly
4. Event handler after should have fast action
5. Event handler before should have fast actions
6. Calculated attributes should only have fast actions
7. Page button synchronous microflows should only have fast actions
8. Page data source microflows should only have fast actions
9. Page on change microflows should only have fast actions
10. Page widget microflows should only have fast actions
11. Many-to-many associations should have owner “Default”
12. Checking for empty on associations should be done without retrieving
    
    SECURITY
    
13. Anonymous users should only be allowed to create non-persistent entities
14. Unlimited string attributes should not be editable by anonymous users
15. Entity access should be applied when generating documents
16. Retracted Mendix versions should not be used
17. Constants should not be exposed to the client
18. Published Rest and Web services should require authentication
    
    RELIABILITY
    
19. Lists should not be modified during iteration
20. Custom error handling should not be “Continue”

Other improvements and fixes:

• Rule Lists operations should be passed different arguments – changed to not consider union and intersect as they have a legitimate use for removing duplicates
• Rule Return expressions for a flow should be different – changed to not consider return values the same if they were modified before the return. Modification can be changing a variable, an object or a list.