How to modernize your SDLC from TFS to Jenkins/Git

1. Our Journey
Modernizing the SDLC
Nicholas Carpenter
07/13/2019

2. 1. Who is HMS Eliza
2. Why Modernize
3. SDLC Toolset Selection
4. The Transition
1. SCM and Branching
2. Dependency Management Strategy
3. Scalable CI System
5. Challenges
6. Demo, Next Steps, and Roadmap your
own project
7. Questions
2

3. 3
Quick Facts
• Mission: Keep healthcare costs down
• Customers
• Payers
• Providers
• PBMs
• Main business lines
• Coordination of Benefits (CoB)
• Payment Integrity (PI)
• Pop Health
• Care Management
• Healthcare Communications
• Publicly traded (HMSY)
• $600M Revenue
• 2500 people

4. 4
Located in Danvers, MA
Acquired by HMS April 2017
200 People & $60M Revenue
Healthcare Communications at
Scale
Print & All Digital Channels
All Workloads in AWS

5. Why Modernize
5

6. Why
Technical Debt
 Binaries in source control
 Eccentric build workflows
 Branching Strategy and enforced builds
 Lack of versioning
 Painful dependency tree
 Lack of code ownership
Desired:
 Fast feedback loops
 Platform for KPIs (UT, SA, IT, PT, CC, etc)
 Well defined path to production
 Standardized build processes
 Lower TCO of CI/SCM
 Enforced code reviews
 Dependency Management Redux – Nuget
 Namespace Issues and hard transitive reqs
 Versioned artifacts 6

7. SDLC Toolset
Selection
7

8. SCM
Git Technology because it’s the industry
leading standard
Which vendor?
 Choice came down to:
 28 points
 28 points
8

9. Continuous
Integration
Which vendor/product?
Which platforms are required
Choice came down to:
 37 points
 30 points 9

10. Artifact
Repository
Choices
 Which vendor/product?
File Share
10

11. Toolset
Selection
11

12. The Transition
12

13. SCM: From
TFS
13
 TFS Leave Behind Strategy
 Leave history behind
 Read-Only Mode
 Lock parts of TFS projects as they are moved to Git
 Process in place for backporting while transitioning to Git
 One branch in TFS could become multiple Git repositories.

14. SCM: From
TFS
14
 Migrate from VS 2015 to 2017
 Migrate to the Nuget Package Reference Format
 Including version ranges for middle of the stack
 Lock files for top of the stack
 Migrate to
 Break up solutions into ‘N’ Git repositories
 Change Namespaces
 Create shared AssemblyInfo file for versioning multiple
CSPROJs.
 Start at the bottom of the stack, and work your way up

15. SCM: Git
Branching
Strategy
15
Gitflow Workflow
Diagram

16. SCM: Code
Reviews and
Quality
Gates
16
 Require CI signoff
 Require code review
 CODEOWNERS
 Require up to date branches
 Restrict who can push/merge

17. Dependency
Management
: C#
17
Diagram
Nuget Dependency Management

18. Jenkins:
Architecture
18
Key Requirements
 Scalable
 Pipelines to define our CI/CD processes
Design
 Automation first approach
 Technologies we would like to use:
 Jenkins Master - Stateless
 Jenkins development environment can be
stood up in as little as 30 minutes.

19. Jenkins:
Architecture
19
Diagram

20. CI:
Architecture
20

21. CI:
Architecture
21

22. Jenkins:
Architecture
22

23. Jenkins:
Architecture
23
 Key AWS Components
 Jenkins Infrastructure jobs
 Kickstarting AWS ASG
 ECS instance warmup
 Weekly restart of master
 Jenkins Library:
 Templated pipeline code for alike repositories:
 Nuget
 Web application
 Generic C# solution - Zip
 ClickOnce application
 Python CloudFormation resource

24. Jenkins:
Jenkinsfile
24
Nuget Repository

25. 25
Jenkins
Architecture:
Takeaways
Uses the Amazon Elastic Container
Service Jenkins plugin
Jenkins Stateless
 All builds push artifacts to Artifactory
 Build numbers are not used
 Jenkins master is configured entirely with
init.groovy.d scripts, no manual
configuration.
Development environment dynamically
changes build job configurations to not
impact production.
 IE – do not build branches automatically

26. Challenges
26

27. Challenges
Transitioning from TFSVC to Git and
branching strategy
Versioning
150+ Git repositories
 Naming Conventions
 Repository Dividing lines
 Git Repository Settings
Unit Tests vs Integration Tests
Code Ownership
Manual Testing
Jenkins Windows Images
Scale down ECS Instances
27

28. Demo, Next Steps
and Roadmap
28

29. Demo
Developer use case:
 Create a branch
 Make a modification
 Open a PR
 Merge the PR
 See the develop build push to Artifactory
 See the branches automatically get built
 Quality Gates today:
 Dependency version enforcement
 MSBuild Warnings
 Unit Tests and Code Coverage
 Branching Strategy
29

30. Next Steps
Metric collection and radiating
Creating a Capability Maturity Model
(CMM) and start to quantify and track
KPIs
SonarQube Static Analysis
Static Application Security Testing
(SAST)
Visual Studio 2019 and Windows Server
2019 containers
Integration Testing – Automated Test
Environment Provisioning
30

31. Roadmap
 What is the technical debt in your code base? What anti-
patterns are active? Design for them.
 Binaries in SCM
 Versioning
 Etc.
 Company’s objectives?
 KPI’s to start measuring?
 Build speed
 Etc.
 Determine your toolset – SCM, CI and Artifact management
 SCM infrastructure online
 Determine how you will manage 100’s of repositories
 Naming convention, permissions, CI integration, Branch
Protections
 CI Infrastructure online
 Manage Stateful-ness and Stateless-ness
 Isolated per build containers – no leakage
 Artifact management
 Dependency management design and tight CI integration
 Configuration management design and tight Artifact management
integration – properties, searching etc.
 Organizational alignment
 Buy in to new SDLC processes
 KPI measurement for success
 Transition team in place for full transition to new environment
31

32. Questions?
32

33. Enterprising healthcareEnterprising healthcare