it s not continuous delivery
play

ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right - PowerPoint PPT Presentation

ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right now 1 WHO AM I? Ken Mugrage ThoughtWorks Technology Evangelist @kmugrage 2 THE THOUGHTWORKS STORY 2015 2006 2009 2013 2000 2003 Gauge ThoughtWorks Studios


  1. IT’S NOT CONTINUOUS DELIVERY If you can’t deploy to production right now 1

  2. WHO AM I? Ken Mugrage ThoughtWorks Technology Evangelist @kmugrage 2

  3. THE THOUGHTWORKS STORY 2015 2006 2009 2013 2000 2003 Gauge ThoughtWorks Studios Adaptive ALM™ Mingle SaaS Legendary Project for Dixons, UK – replaces launch started computer scientist Distributed Agile across Twist Mingle 3.0 Martin Fowler joins UK, India, Canada, US, TW as Chief Aus Scientist ‘90s 2001 2007 2008 2014 Hundreds of First Agile project Agile Manifesto 2004 Mingle launch Cruise launch App Dev 2002 2010 delivered written by Martin & Twist launch Snap launch projects Testing Tools: 25th TW book others Martin takes Continuous Go launch • Selenium, published: TW Go Open 300+ clients Integration mainstream • NUnit Anthology Sourced 16 offices 400 ThoughtWorks Studios customers in TW takes the lead in Gartner on TW: Mingle customers in 25 30+ countries creating CruiseControl • � Enables users to do countries things they could not do before � Forrester: TW is one of 5 • � Has business impact; co � s to make a not just technology for the difference to App Dev sake of it � 3

  4. WHY THIS TALK 4

  5. THERE IS NO TRY 5

  6. WHY CONTINUOUS DELIVERY? We follow these principles: Our highest priority is to satisfy the customer through early and continuous delivery of valuable software. Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale. 6

  7. PARTIALLY “DONE” MIGHT STILL BE USEFUL 7

  8. PARTIALLY “DONE” MIGHT STILL BE USEFUL 7

  9. PARTIALLY “DONE” MIGHT STILL BE USEFUL 7

  10. RESPOND TO SECURITY ISSUES At the time of disclosure, some 17% (around half a million) of the Internet's secure web servers certi fi ed by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords. The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug "catastrophic". Forbes cybersecurity columnist Joseph Steinberg wrote, "Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial tra ffi c began to fl ow on the Internet. https://en.wikipedia.org/wiki/Heartbleed 8

  11. CODE MANAGEMENT Working with your version control system 9

  12. FEATURE BRANCHING http://martinfowler.com/bliki/FeatureBranch.html 10

  13. FEATURE BRANCHING http://martinfowler.com/bliki/FeatureBranch.html 11

  14. FEATURE BRANCHING http://martinfowler.com/bliki/FeatureBranch.html 12

  15. CODE MANAGEMENT Recommended CI practices 13

  16. CODE MANAGEMENT Recommended CI practices Everyone commits to trunk at least daily 13

  17. CODE MANAGEMENT Recommended CI practices Everyone commits to trunk at least daily Automated tests are run for every commit 13

  18. CODE MANAGEMENT Recommended CI practices Everyone commits to trunk at least daily Automated tests are run for every commit Avoid branches 13

  19. RELEASING INCOMPLETE WORK How to deliver faster than you can fi nish a feature 14

  20. FEATURE TOGGLES 15

  21. FEATURE TOGGLES before function calculateTax(){ // current implementation lives here } 15

  22. FEATURE TOGGLES before function calculateTax(){ // current implementation lives here } after function calculateTax(){ var useNewAlgorithm = false; // useNewAlgorithm = true; // UNCOMMENT IF YOU ARE WORKING ON THE NEW SR ALGORITHM if( useNewAlgorithm ){ return enhancedSplineReticulation(); }else{ return oldFashionedSplineReticulation(); } } function oldFashionedTaxCalculation(){ // current implementation lives here } function enhancedTaxCalculation(){ // TODO: implement better SR algorithm } Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html 15

  23. FEATURE TOGGLES Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html 16

  24. PIPELINES YOU SHOULD BE INCLUDING 17

  25. SECURITY TESTING 18

  26. SECURITY TESTING Test before you commit Have you included private keys? Authentication tokens? 18

  27. SECURITY TESTING Test before you commit Have you included private keys? Authentication tokens? Static Application Security Testing (SAST) According to one Sonatype study “of the 106 component ‘parts’ used in a typical application, on average 24 have known cyber vulnerabilities, which are rated either critical or severe." 18

  28. SECURITY TESTING Test before you commit Have you included private keys? Authentication tokens? Static Application Security Testing (SAST) According to one Sonatype study “of the 106 component ‘parts’ used in a typical application, on average 24 have known cyber vulnerabilities, which are rated either critical or severe." Dynamic Application Security Testing (DAST) Tools that run against your code are a good start, but they aren’t accessing the application like a user. 18

  29. PERFORMANCE TESTING https://en.wikipedia.org/wiki/Software_performance_testing 19

  30. PERFORMANCE TESTING Load testing Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a speci fi c expected load. https://en.wikipedia.org/wiki/Software_performance_testing 19

  31. PERFORMANCE TESTING Load testing Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a speci fi c expected load. Stress testing Stress testing is normally used to understand the upper limits of capacity within the system. https://en.wikipedia.org/wiki/Software_performance_testing 19

  32. PERFORMANCE TESTING Load testing Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a speci fi c expected load. Stress testing Stress testing is normally used to understand the upper limits of capacity within the system. Soak testing Soak testing, also known as endurance testing, is usually done to determine if the system can sustain the continuous expected load. https://en.wikipedia.org/wiki/Software_performance_testing 19

  33. PERFORMANCE TESTING Load testing Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a speci fi c expected load. Stress testing Stress testing is normally used to understand the upper limits of capacity within the system. Soak testing Soak testing, also known as endurance testing, is usually done to determine if the system can sustain the continuous expected load. Spike testing Spike testing is done by suddenly increasing the load generated by a very large number of users, and observing the behavior of the system. https://en.wikipedia.org/wiki/Software_performance_testing 19

  34. PIPELINE STRATEGIES Recommended practices 20

  35. PIPELINE STRATEGIES Recommended practices Build (CI) 20

  36. PIPELINE STRATEGIES Recommended practices Build (CI) Integrate 20

  37. PIPELINE STRATEGIES Recommended practices Verify Build (CI) Integrate 20

  38. PIPELINE STRATEGIES Recommended practices Verify Build (CI) Integrate Deploy 20

  39. RUN AS MUCH AS POSSIBLE IN PARALLEL Functional Unit Test Staging Production Test Load Test Spike Test Stress Test Soak Test 21

  40. MANAGING RISK 22

  41. DEPLOYMENT PATTERNS 23

  42. DEPLOYMENT PATTERNS Canary release A technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody. 23

  43. DEPLOYMENT PATTERNS Canary release A technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody. Dark launching The practice of deploying the very fi rst version of a service into its production environment, well before release, so that you can soak test it and fi nd any bugs before you make its functionality available to users. http://martinfowler.com/bliki/CanaryRelease.html http://www.informit.com/articles/article.aspx?p=1833567&seqNum=2 23

  44. FEEDBACK LOOPS 24

  45. FEEDBACK LOOPS Create useful logging for everything 24

  46. FEEDBACK LOOPS Create useful logging for everything Run (some of) your tests against production 24

  47. FEEDBACK LOOPS Create useful logging for everything Run (some of) your tests against production Con fi gure monitoring alerts to make sure people pay attention to them 24

  48. OPTIMIZE FOR RECOVERY 25

  49. OPTIMIZE FOR RECOVERY Mean time between failures (MTBF) is the predicted elapsed time between inherent failures of a system during operation. 25

Recommend


More recommend