A Testing Strategy for SAP Commerce: The Pyramid, the Platform Specifics, and the Gates
Testing so quality is built in, not inspected: the pyramid applied to the platform, ImpEx fixtures, the CCv2 pipeline gates, and non-functional testing.
Daniel Weber
SAP Commerce DevOps & Cloud Reliability Engineer
SAP Commerce Cloud, Kubernetes, CI/CD, deployments, autoscaling, monitoring, and disaster recovery.
Quality on a commerce project is either baked in or bolted on, and the delivery framework guide is blunt about which works: baked in. That means a testing strategy that runs continuously, catches regressions cheaply, and gates deployments, not a QA phase at the end that discovers in week twelve what a unit test would have caught in week one. SAP Commerce has its own testing texture (the type system, ImpEx fixtures, the CCv2 pipeline's built-in gates, JUnit-style tests against the platform) that shapes how the standard test pyramid applies. This guide is the strategy: the layers of testing and what each catches, the platform-specific fixtures and gates, and the non-functional testing that upgrades and migrations especially depend on (the migration-testing and go-live guides pick those up).
The Pyramid, Applied to Commerce#
The test pyramid (many fast unit tests, fewer integration tests, fewer still end-to-end tests) applies, with platform specifics at each layer:
Unit tests (the broad base). Fast, isolated, testing one service or converter with its dependencies mocked. This is where the service layer guide's discipline pays off: a service with injected, interface-typed dependencies is unit-testable with mocks; one that does static bean lookups or news-up collaborators is not. Unit tests run in seconds, catch logic errors immediately, and should cover the business logic in your services and populators exhaustively. If your unit test coverage is thin because "the platform makes it hard to test," the real problem is usually service-layer design that fights injection.
Integration tests (the middle). Testing against the actual platform: the type system, the persistence layer, real FlexibleSearch, real interceptors. These use the platform's JUnit tenant support (the @IntegrationTest style) to run against a real (test-tenant) database, so they catch what mocks cannot: a query that is wrong against the real schema, an interceptor that fires unexpectedly, a type-system assumption that does not hold. Slower than unit tests, so fewer of them, targeted at the persistence and integration seams where real-platform behavior matters.
Functional and end-to-end (the peak). Testing whole flows through the running application: a checkout end to end, an OCC API contract (the OCC contract guide's consumer-driven testing), a storefront journey via browser automation (Playwright/Selenium against the storefront). Few, slow, and high-value: they validate that the assembled system works, catching integration issues the lower layers miss. Keep them focused on the critical journeys (search, PDP, cart, checkout, the go-live guide's monitored paths), because a bloated end-to-end suite is slow and flaky, and flaky tests get ignored, which defeats the point.
The shape matters: heavy at the base (fast, cheap, exhaustive unit tests), light at the peak (slow, expensive, focused end-to-end). An inverted pyramid (mostly end-to-end, few unit) is slow, brittle, and expensive to maintain, and it is the anti-pattern teams drift into when service-layer design makes unit testing hard.
Platform-Specific Fixtures: ImpEx and Demo Data#
Commerce tests need data, and the platform's own mechanisms are the right fixtures:
- ImpEx for test data (the ImpEx guide): integration tests set up their type-system fixtures with ImpEx, the same declarative format the application uses, so the test data is realistic and maintainable. A test that hand-constructs models in Java is verbose and drifts from how data really arrives; an ImpEx fixture reads like the data it represents.
- Test-tenant isolation: integration tests run against a test tenant so they do not pollute shared data, and clean up after themselves (or run transactionally and roll back, the transactions guide's rollback-mode pattern that the hAC scripting console also uses).
- Realistic data shapes: the migration-testing guide's "test on production-shaped data" applies down to integration tests where data shape matters (a query's behavior on a wide localized catalog differs from a thin one). Fixtures that mirror production's shape catch what toy data hides.
The CCv2 Pipeline Gates#
CCv2's build and deployment pipeline (the continuous delivery and Cloud Portal guides) is where the strategy becomes enforcement:
- The build runs the test suites, and a red build does not deploy. This is the gate that makes "quality baked in" real: tests that do not run in the pipeline are tests that rot. Wire unit and integration tests into the build so every commit is validated.
- Promotion gates between environments: builds move environment to environment only with the appropriate tests green (the go-live guide's promotion discipline), and the pipeline must deliver to test environments faster than developers produce changes, or CI becomes the bottleneck people learn to bypass.
- Automated functional tests against a deployed environment: the end-to-end suite runs against a real deployed build (a test environment, or the eval-server pattern), catching what unit and integration tests cannot, before a human ever runs manual acceptance.
- Code quality gates alongside tests: static analysis and coverage thresholds (the coding standards and code review guides) run in the same pipeline, so quality is measured, not hoped for.
Non-Functional Testing: The Production-Readiness Gates#
Functional tests prove it works; non-functional tests prove it is fit for production, and these are the gates upgrades, migrations, and go-lives hinge on:
- Performance and load testing on production-shaped data in a production-like environment: measured against the baseline (the performance engineering guide), with any degradation resolved before production. For upgrades and migrations, this is comparing migrated-versus-source (the migration-testing guide); for new builds, it is validating the NFR targets (the NFR catalog guide).
- Security testing: the security suite plus an independent penetration test against the release candidate (the security hardening and go-live guides), because your customizations are the attack surface the platform's own testing never saw.
- Regression testing: the full suite against the production candidate, the gate that confirms nothing broke, run throughout the project but exhaustively before go-live.
- Acceptance testing: the business users who will operate the system run their acceptance criteria (the delivery framework and staffing guides) and sign off; the human gate on the release candidate.
The sequencing the migration-testing guide establishes generalizes: get the foundational tests (unit, integration, regression, and for migrations, data) green first, then run the parallel production-readiness gates (performance, security, acceptance), because there is no point load-testing a build that fails regression.
Test Discipline That Lasts#
A strategy is only as good as its maintenance:
- Tests are code: reviewed, refactored, and kept green. A perpetually-failing or skipped test is worse than no test, because it trains the team to ignore red.
- An eval or test per meaningful change (this repo's own contract, and a healthy commerce project's): a change without a test is a regression waiting to happen, and the test is what lets the next person change the code safely.
- Fast feedback: the unit-heavy pyramid, the pipeline running on every commit, and flaky end-to-end tests fixed or quarantined, so the team trusts the suite enough to act on it.
- Coverage of the risk, not a number: chase coverage of the logic that matters (checkout, pricing, the money paths), not a percentage that rewards testing getters. The pyramid's base should be dense where the business risk is.
Checklist#
- Test pyramid shaped correctly: dense fast unit tests, targeted integration tests, focused end-to-end
- Service-layer design (injection, interfaces) enables real unit testing; not an inverted pyramid
- Integration tests run against the real type system and persistence with ImpEx fixtures and test-tenant isolation
- End-to-end tests cover the critical journeys (search, PDP, cart, checkout, OCC contracts), kept lean
- Unit and integration tests wired into the CCv2 build; red build blocks deploy; promotion gates enforced
- Automated functional tests run against a deployed environment; code-quality gates in the same pipeline
- Non-functional gates: performance/load on production-shaped data, security plus pen test, full regression, business acceptance
- Foundational tests green before parallel production-readiness gates run
- Tests maintained as code; a test per meaningful change; coverage aimed at business risk, not a percentage
Testing is how "quality baked in" stops being a slogan and becomes a property of the codebase. Build the pyramid right, fixture with ImpEx against the real platform, gate the pipeline, and run the non-functional tests that decide production-readiness, and quality becomes something the system continuously proves about itself rather than something a QA phase scrambles to establish at the end. The estates whose launches are boring are the ones whose tests were exhaustive; the two are the same fact seen twice.