This article is to record a discovery about SDK testing article, very good, recommend.

  • Source: NetEase Yidun
  • Original link:…

I’ve been blessed with all kinds of SDKS since I started testing, so what is an SDK? According to the following LOGICAL diagram of the SDK, it is a development kit embedded with various apps or Web applications to provide software services for third-party developers, including SDK interfaces, development documents and Demo examples. Ensuring the quality of the SDK and other content is a daily part of QA in order to be with the user.

Demo is a tool used by THE SDK provider to sample how to invoke the interface to achieve specific functions, which can help third-party developers intuitively feel the access effect of SDK. QA can also use Demo to quickly and effectively cover the mainstream interfaces and business scenarios of SDK by manual or UI automation during testing, but this scheme is more suitable for THE SDK that focuses on UI interface. For some SDKS that attach great importance to the internal logic of the interface and even have no UI interface itself, THE SDK interface is the most important part of the test, and it is far from enough to rely only on the coverage of Demo level. The pain points are mainly reflected in the following aspects:

  1. Demo development time: a well-designed Demo may meet the test requirements to the greatest extent, but the development of related functions is time-consuming and the time of problem exposure lags behind;

  2. SDK access test cannot be covered: Demo provided by development is directly used for testing, unable to truly understand the development document and simulating the whole process of customer access to SDK;

  3. The SDK test environment is not pure: In order to facilitate the test of the newly added demo-related configuration codes, it is easy to affect the test environment of the SDK itself, which increases the complexity of finding and locating problems.

  4. Insufficient SDK test scenarios: Demo has limited coverage of interfaces and business scenarios, unable to fully cover input and output parameter verification of interfaces and various internal abnormal branches;

  5. Passive SDK testing: SDK provides services in the form of to-B and cannot directly interact with C-end clients. Specific effects depend on third-party applications, so the testing is passive.

  6. SDK cannot grayscale: SDK cannot invade third-party applications. Online grayscale, crash, memory leak and other tools cannot be used to perceive and recall online abnormalities in advance.

  7. SDK pays attention to quality: THE quality requirements of SDK are higher than those of third-party apps, which is the sum of the quality requirements of all B-side clients accessing SDK.

In retrospect, when demo-based UI automation didn’t do a good job for the project, it was natural to turn to API testing at the middle of the testing pyramid. How does the SDK automate API testing, and how does it achieve continuous integration?

1. SDK API automation

1.1 Project Architecture

SDK is a software development kit embedded with third-party applications, common types include JSSDK, AndroidSDK, iOSSDK, wechat mini program, Baidu mini program, quick application, etc. The SDK API test project architecture is shown in Figure 2:

At the beginning of the test, we can integrate the SDK with Demo according to the official development documents and output test cases through the test framework. After the SDK is initialized, the API interface is invoked to upload data to the Server, and the data is stored in HBase for subsequent data acquisition and assertion comparison. Finally, the test result is output. In the whole process of automated testing, the bottom testing framework determines the quality of the upper use case architecture. Facing the various kinds of testing tools in the market, how should we choose?

1. Provide testing framework: suitable for behavior-driven (BDD) testing style, write test codes according to business codes and organize test cases;

  1. Provides an assertion mechanism for determining whether the test case output is as expected;

  2. Generate test results: after the execution of the use case, the test results can be clearly displayed, including the cause of the failure of the use case;

  3. Quick execution of use cases: support one-click quick execution of all or a single use case, convenient test execution;

  4. Support for environment isolation: Each test case run or environment variable preparation process is isolated from each other and cannot depend on each other;

  5. Have active community: Mature testing framework and active community, in the subsequent use of difficulties to find a quick and easy solution.

Based on the above criteria, we were able to choose the APPROPRIATE API automation testing framework for our project for different SDKS. For example, the AndroidSDK can choose Junit, Mockio, Roboletric, AndroidJunitRunner and other test frameworks according to figure 3 below to determine whether to rely on android libraries, whether to mock, whether to use third-party frameworks, etc. JSSDK can choose Jest, Jasmine, Mocha, etc., and iOSSDK can choose XCtest, Kiwi and other testing frameworks to achieve API automation testing of each SDK.

1.2 Access Test

Access testing is the most neglected part of our daily SDK testing, but it causes serious problems, mainly including the following aspects:

1.2.1 Access Documents

A good official access document allows third-party developers to access the product without resorting to technical support, improving the user experience of the product and improving the conversion rate. In the access test, we should use the thinking of black box test to judge whether the access document is clear and effective, whether each method can achieve the expected results, whether each field is required to describe is correct, etc. In addition, from the perspective of internal developers, we should analyze whether the fields of each method are redundant, whether the synchronous asynchronous callback is correct, whether it meets customer needs, etc. In addition, we can also provide some common abnormal access help documents to reduce repeated invalid communication between different customers and technical support personnel for the same problem, enhance user experience and improve the work efficiency of technical support personnel.

1.2.2 Security Issues

The security of SDK access method is also one of the contents we will test. The solution that the SDK is uniformly stored on the external public platform and dynamically loaded by the customer through code is obviously much less secure than the solution that the SDK is provided to the customer by technical support on the internal private platform. At the code level, we should pay attention to whether the SDK provided to external customers has been confused and hardened, and pay special attention to whether the iOSSDK code confusion level will affect the launch of third-party applications and lead to Apple’s rejection of approval.

At the product level, we shall pay attention to productNumber, businessId, secretId, secretKey, token, nonce and other parameter isolation issues to ensure that different products are not attacked replay information is not leaked, etc. For AppSDK, we also need to pay extra attention to the issue of new permissions, and try to use the least permissions to obtain the maximum effect, so as to avoid the incompatible defects of third-party applications caused by permissions.

1.2.3 Packaging Problems

No matter third-party applications or SDK itself, problems such as signature, version and resource files exist in the packaging process, which requires cross-compatibility tests before and after. On the premise that the released version of SDK is release, we should pay attention to whether there is any conflict when the third-party application adopts debug and release mode to sign and integrate SDK, whether SDK itself can achieve multi-channel packaging and whether SDK supports package name packaging in Chinese and English.

As a technician, I should always keep sensitive to information and pay attention to the latest developments of each end system. Ensure compatibility between SDK and third-party applications for compileSdkVersion, buildToolsVersion, minSdkVersion, targetSdkVersion, iOS Deployment Target, etc. Avoid the crash caused by batch incompatibility of new system, new model and new API caused by official system upgrade.

1.3 Interface Test

Interface testing is the core of SDK API automation testing and an important part of TestSuites. A good set of test cases can cover the most business scenarios at the lowest cost, help the project find problems early, shorten the project iteration cycle, and improve the robustness of the system. In general, we can design interface test cases in the following two ways: multipurpose and SDK-specific. \

1.3.1 Multi-terminal Common Interface Test Scenario

The multi-terminal common interface test scenario in the preceding figure includes input and output parameters. It applies to any interface type, including HTTP/HTTPS on the server, SDKS on the client, and interfaces of various types. Into the test from the parameters name, quantity, and the three angles of parameter selection, the equivalence class division, boundary value analysis, special value calibration, all values traversal white-box testing mind will all types of parameters for the division, in the test, we can review the development code while understand the product requirements, as far as possible to ensure that the interface into the precision of parameter.

From the two response perspectives of normal and abnormal requests, the test can ensure that all kinds of response codes and response information description are correct and convenient for problem location, and increase the ambiguity to reduce the attack of black production customers. In addition, we also need to pay attention to whether the mechanism of exception capture and timeout retry is perfect, so as to improve the request accuracy rate and improve user experience.

1.3.2 SDK Specific Interface Test Scenario

Figure 5 | SDK special interface test scenarios

In the process of SDK interface testing, we should not only consider the general interface testing scenarios, but also cover as many scenarios as possible from different user perspectives. As shown in Figure 5, these scenarios include but are not limited to SDK context instance tests, product/business state tests, compile packaging tests, initialization timing tests, initialization times tests, local cache tests, and so on. If there are 1000 Hamlets in the eyes of 1000 readers, there will be countless different ways of use among countless SDK users. Only by accumulating accumulation in practice and taking various abnormal control measures can we provide customers with all kinds of anomalies and better services.

02 SDK Continuous integration

This is the end of SDK API automation testing, but we can’t stop there, we are looking forward to SDK API automation testing into the continuous integration solution of the project. When the developer submits the new code and completes the unit test, Jenkins is immediately triggered to perform the SDK API automated test task for smoke regression. After passing the test, the testing process is triggered to inform QA to officially enter the test stage. In the testing stage, QA can complete a new round of functional testing by modifying and writing SDK API test cases. In addition, ONLINE real-time monitoring of SDK can be realized through online configuration of SDK API automated test. SDK continuous integration scheme is shown in Figure 6:

2.1 Continuous Execution

The CONTINUOUS integration scheme of SDK API relies on Jenkins. When developers submit the changed code to the warehouse to generate a new SDK, Jenkins can be triggered to perform automatic test cases of the existing SDK API to conduct smoke self-test to ensure the normal function of the main process of the new VERSION of SDK. In any testing stage, we can also select Git construction branch and SDK version pool version by Jenkins in a parameterized way, install Demo on target device or browser after automatic clean and build, automatically execute various test cases and output the results. In addition, through Jenkins’ scheduled task setting, online real-time monitoring and testing of SDK API can be easily realized, and online problems can be found in the first time to ensure the stable operation of online SDK.

2.2 Test Report

After the Completion of the Jenkins task, it is easy to see the results of a single test through the build log, but each time you need to open and log in Jenkins, which is not friendly to the scheduled task and other members of the project. Jenkins’ team has been thinking about this problem for a long time, and its rich built-in plug-ins, Editable Email Notification and Allure, provide a perfect solution. Editable Email Notification can be used to send emails with contents in the specified format and attachments to the specified mailbox after the completion of Jenkins task. Allure allows multiple languages such as Java, Python, JavaScript, Ruby, Groovy, PHP, Net, SCala, and More to integrate single test reports and visually present them to users. For specific access methods, please refer to Baidu. The final sample results are shown in Figure 7 and 8:

03 summary

The above methodology has been implemented in the anti-cheating project of YIDun and achieved remarkable results. We have implemented anti-cheating JSSDK, AndroidJunitRunner and XCTest API automated testing schemes respectively through Jasmine, AndroidJunitRunner and XCTest frameworks. The output of nearly 100 scenario use cases covers the entire main flow of the anti-cheating project. On the basis of de-demotization, the SDK packaging process and test scene were automated, which not only improved the test efficiency by 99%, but also found 13 crash classes, requirement classes, cache classes and other defects that were difficult to be discovered depending on Demo tests successively, as shown in the figure below.

In addition, Jasmine is integrated with Karma framework to achieve one-click serial automation of JSSDK in Chrome, Firefox, Safari, Edge, IE and H5. Also through Total Control to achieve the AndroidSDK batch connection, installation, execution, uninstall and other devices of the SDK API automation. Compared with UI automated testing, SDK API automated testing is more effective, stable and practical, which is a practice worthy of further exploration.




Although the SDK API automated testing and continuous integration ends here, there are still infinite possibilities in the future, for example, how to achieve client-specific testing to solve performance problems on the basis of SDK automated testing. Welcome to continue to pay attention to and discuss SDK test system together.