When starting up a greenfield project, it’s easy to take advantage of the most modern development practices. But what about the rest of us, who are working on codebases greater than five minutes old? How do you take code that’s four years and hundreds of thousands of SLOC, and turn that into a lean, mean, continuous-deploying machine? In this SauceCon 2019 presentation, Melissa Benua walks through what continuous integration and deployment means for teams working on mature code bases, and what the roadmap looks like to get from a release cycle that may take weeks or months to one that deploys on-demand.
2. 5/7/2019
2
what is continuous delivery?
Source
Control
Code
Review
Build +
Test
Deploy
+
Monitor
@queenofcode #SauceCon 2019
why continuous delivery?
+50% market cap growth over time
-50% time remediating security issues
+2x likely to be recommended as a great place to work
@queenofcode #SauceCon 2019
3
4
3. 5/7/2019
3
what is a cd roadmap?
Where
you are
Where you
want to go
Reasonable path
between the two
@queenofcode #SauceCon 2019
pillars of concern
01 Source
Control
02 Quality 03 Deployment 04 Monitoring
@queenofcode #SauceCon 2019
5
6
4. 5/7/2019
4
source control practices
Level1
A source
control
system might
exist!
Level2
Inefficient
use of
branches –
either too
many levels,
or too few Level3
GitHub Flow
Level4
Main
trunkline
development
with
frequent
(daily)
commits to
master
@queenofcode #SauceCon 2019
quality practices
Level1
Few tests
No auto test
runs
Don’t all
pass
‘It works on
my machine’
Level2
Unit tests
auto run
Test suites
are reliable
Manual
integration
tests
Level3
>60% unit
test
coverage
Automatic
int tests
Manual
specialty
tests
Level4
Fully auto
regr tests
Specialty
test runs
(perf,
security, UI,
etc)
@queenofcode #SauceCon 2019
7
8
5. 5/7/2019
5
deployment practices
Level1
Builds
sometimes
deployed
from a
developer’s
machine
Level2
Builds
created from
an auto
build system
Level3
Components
are able to
deploy
independent
from the
whole
Level4
Infrastructure
as code
(containers)
@queenofcode #SauceCon 2019
monitoring practices
Level1
Logs exist on
individual
servers
Level2
Centralized,
searchable
logs
Level3
Some
metrics
collected,
but adhoc
per-
developer
Level4
Standard
metrics,
alerts,
structured
log data
@queenofcode #SauceCon 2019
9
10
6. 5/7/2019
6
continuous delivery stages
STAGE 4
Full Automation
STAGE 3
Significant Automation
STAGE 2
Early Automation
STAGE 1
Very Manual
Automated Builds
Automated Staging
Manual Deployments
Automated-ish Builds
Manual Staging
Manual Deployments
Automated Builds
Containerized Staging
Push-Button
Deployments
Automated Builds
Automated Staging
Automated Deployments
@queenofcode #SauceCon 2019
step 1: self assessment
Source
Control
1 - None
2 - Inefficient
3 - GitHub
Flow
4 - Trunkline
Quality
1 - None
2 - Unit Tests
3 - Integration
Tests
4 - Specialty
Tests
Deployment
1- Manual
2 - Auto
Builds
3 - Service
Builds
4 - Container
Builds
Monitoring
1 - Server
Logs
2 - Central
Logs
3 - Metrics
4 - Structured
Tracing
Delivery Stage
4 - Manual
8 - Early Auto
12 - Semi Auto
16 - Full Auto
@queenofcode #SauceCon 2019
11
12
7. 5/7/2019
7
step 2: goal assessment
What’s the standard in
our industry?
Do we have any internal
blockers?
Do we have any external
or regulatory blockers?
Do we have customer
blockers?
@queenofcode #SauceCon 2019
step 3: plot your map
Are all four tires in
the same condition?
Do we have enough
fuel in the tank?
Do we have the necessary
licensing and authorization?
Do we have the
correct size engine?
@queenofcode #SauceCon 2019
13
14
8. 5/7/2019
8
Key Takeaways
Don’t let the tail wag the
dog – capabilities beget
behavior
Know the pillars, and
where your team is on
them; stay balanced
Be honest about the
investment your team can
make
Make the ‘right’ thing
easy, and success will
follow
@queenofcode #SauceCon 2019
thank you!
@queenofcode #SauceCon 2019
15
16