SLIDE 1
IT’S NOT CONTINUOUS DELIVERY
If you can’t deploy to production right now
1
WHO AM I?
Ken Mugrage ThoughtWorks Technology Evangelist @kmugrage
2
ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right - - PowerPoint PPT Presentation
ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right - - PowerPoint PPT Presentation
ITS NOT CONTINUOUS DELIVERY If you cant deploy to production right now 1 WHO AM I? Ken Mugrage ThoughtWorks Technology Evangelist @kmugrage 2 THE THOUGHTWORKS STORY 2015 2006 2009 2013 2000 2003 Gauge ThoughtWorks Studios
SLIDE 2
SLIDE 3
THE THOUGHTWORKS STORY
3
2000
Legendary computer scientist Martin Fowler joins TW as Chief Scientist First Agile project delivered
2003
Project for Dixons, UK – Distributed Agile across UK, India, Canada, US, Aus
2006
ThoughtWorks Studios started
2002
Martin takes Continuous Integration mainstream TW takes the lead in creating CruiseControl
2004
Testing Tools:
- Selenium,
- NUnit
Gartner on TW:
- Enables users to do
things they could not do before
- Has business impact;
not just technology for the sake of it
2008
Cruise launch Twist launch 300+ clients 16 offices Mingle customers in 25 countries Forrester: TW is one of 5 cos to make a difference to App Dev
2001
Agile Manifesto written by Martin &
- thers
2007
Mingle launch 25th TW book published: TW Anthology
2009
Adaptive ALM™ Mingle 3.0
‘90s
Hundreds of App Dev projects
2010
Go launch 400 ThoughtWorks Studios customers in 30+ countries
2013
Mingle SaaS launch
2014
Snap launch Go Open Sourced
2015
Gauge replaces Twist
SLIDE 4
WHY THIS TALK
4
SLIDE 5
THERE IS NO TRY
5
SLIDE 6
WHY CONTINUOUS DELIVERY?
6
We follow these principles: Our highest priority is to satisfy the customer through early and continuous delivery
- f valuable software.
Welcome changing requirements, even late in
- development. Agile processes harness change for
the customer's competitive advantage. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale.
SLIDE 7
PARTIALLY “DONE” MIGHT STILL BE USEFUL
7
SLIDE 8
PARTIALLY “DONE” MIGHT STILL BE USEFUL
7
SLIDE 9
PARTIALLY “DONE” MIGHT STILL BE USEFUL
7
SLIDE 10
RESPOND TO SECURITY ISSUES
At the time of disclosure, some 17% (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords. The Electronic Frontier Foundation, Ars Technica, and Bruce Schneier all deemed the Heartbleed bug "catastrophic". Forbes cybersecurity columnist Joseph Steinberg wrote, "Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet. https://en.wikipedia.org/wiki/Heartbleed
8
SLIDE 11
CODE MANAGEMENT
Working with your version control system
9
SLIDE 12
FEATURE BRANCHING
10
http://martinfowler.com/bliki/FeatureBranch.html
SLIDE 13
FEATURE BRANCHING
11
http://martinfowler.com/bliki/FeatureBranch.html
SLIDE 14
FEATURE BRANCHING
12
http://martinfowler.com/bliki/FeatureBranch.html
SLIDE 15
CODE MANAGEMENT
Recommended CI practices
13
SLIDE 16
CODE MANAGEMENT
Recommended CI practices
Everyone commits to trunk at least daily
13
SLIDE 17
CODE MANAGEMENT
Recommended CI practices
Everyone commits to trunk at least daily Automated tests are run for every commit
13
SLIDE 18
CODE MANAGEMENT
Recommended CI practices
Everyone commits to trunk at least daily Automated tests are run for every commit Avoid branches
13
SLIDE 19
RELEASING INCOMPLETE WORK
How to deliver faster than you can finish a feature
14
SLIDE 20
FEATURE TOGGLES
15
SLIDE 21
FEATURE TOGGLES
15
before function calculateTax(){ // current implementation lives here }
SLIDE 22
FEATURE TOGGLES
15
before function calculateTax(){ // current implementation lives here } after function calculateTax(){ var useNewAlgorithm = false; // useNewAlgorithm = true; // UNCOMMENT IF YOU ARE WORKING ON THE NEW SR ALGORITHM if( useNewAlgorithm ){ return enhancedSplineReticulation(); }else{ return oldFashionedSplineReticulation(); } } function oldFashionedTaxCalculation(){ // current implementation lives here } function enhancedTaxCalculation(){ // TODO: implement better SR algorithm }
Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html
SLIDE 23
FEATURE TOGGLES
16
Pete Hodgson - http://martinfowler.com/articles/feature-toggles.html
SLIDE 24
PIPELINES YOU SHOULD BE INCLUDING
17
SLIDE 25
SECURITY TESTING
18
SLIDE 26
SECURITY TESTING
Test before you commit
Have you included private keys? Authentication tokens?
18
SLIDE 27
SECURITY TESTING
Test before you commit
Have you included private keys? Authentication tokens?
Static Application Security Testing (SAST)
According to one Sonatype study “of the 106 component ‘parts’ used in a typical application, on average 24 have known cyber vulnerabilities, which are rated either critical or severe."
18
SLIDE 28
SECURITY TESTING
Test before you commit
Have you included private keys? Authentication tokens?
Static Application Security Testing (SAST)
According to one Sonatype study “of the 106 component ‘parts’ used in a typical application, on average 24 have known cyber vulnerabilities, which are rated either critical or severe."
Dynamic Application Security Testing (DAST)
Tools that run against your code are a good start, but they aren’t accessing the application like a user.
18
SLIDE 29
PERFORMANCE TESTING
19
https://en.wikipedia.org/wiki/Software_performance_testing
SLIDE 30
PERFORMANCE TESTING
Load testing
Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
19
https://en.wikipedia.org/wiki/Software_performance_testing
SLIDE 31
PERFORMANCE TESTING
Load testing
Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
Stress testing
Stress testing is normally used to understand the upper limits of capacity within the system.
19
https://en.wikipedia.org/wiki/Software_performance_testing
SLIDE 32
PERFORMANCE TESTING
Load testing
Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
Stress testing
Stress testing is normally used to understand the upper limits of capacity within the system.
Soak testing
Soak testing, also known as endurance testing, is usually done to determine if the system can sustain the continuous expected load.
19
https://en.wikipedia.org/wiki/Software_performance_testing
SLIDE 33
PERFORMANCE TESTING
Load testing
Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
Stress testing
Stress testing is normally used to understand the upper limits of capacity within the system.
Soak testing
Soak testing, also known as endurance testing, is usually done to determine if the system can sustain the continuous expected load.
Spike testing
Spike testing is done by suddenly increasing the load generated by a very large number of users, and observing the behavior of the system.
19
https://en.wikipedia.org/wiki/Software_performance_testing
SLIDE 34
PIPELINE STRATEGIES
Recommended practices
20
SLIDE 35
PIPELINE STRATEGIES
Recommended practices
20
Build (CI)
SLIDE 36
PIPELINE STRATEGIES
Recommended practices
20
Build (CI) Integrate
SLIDE 37
PIPELINE STRATEGIES
Recommended practices
20
Build (CI) Integrate Verify
SLIDE 38
PIPELINE STRATEGIES
Recommended practices
20
Build (CI) Integrate Verify Deploy
SLIDE 39
RUN AS MUCH AS POSSIBLE IN PARALLEL
21
Unit Test Functional Test Load Test Staging Production Spike Test Stress Test Soak Test
SLIDE 40
MANAGING RISK
22
SLIDE 41
DEPLOYMENT PATTERNS
23
SLIDE 42
DEPLOYMENT PATTERNS
Canary release
A technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody.
23
SLIDE 43
DEPLOYMENT PATTERNS
Canary release
A technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody.
Dark launching
The practice of deploying the very first version of a service into its production environment, well before release, so that you can soak test it and find any bugs before you make its functionality available to users.
23
http://martinfowler.com/bliki/CanaryRelease.html http://www.informit.com/articles/article.aspx?p=1833567&seqNum=2
SLIDE 44
FEEDBACK LOOPS
24
SLIDE 45
FEEDBACK LOOPS
Create useful logging for everything
24
SLIDE 46
FEEDBACK LOOPS
Create useful logging for everything Run (some of) your tests against production
24
SLIDE 47
FEEDBACK LOOPS
Create useful logging for everything Run (some of) your tests against production Configure monitoring alerts to make sure people pay attention to them
24
SLIDE 48
OPTIMIZE FOR RECOVERY
25
SLIDE 49
OPTIMIZE FOR RECOVERY
Mean time between failures (MTBF) is the predicted elapsed time between inherent failures
- f a system during operation.
25
SLIDE 50
OPTIMIZE FOR RECOVERY
Mean time between failures (MTBF) is the predicted elapsed time between inherent failures
- f a system during operation.
Mean Time To Repair (MTTR) is a basic measure of the maintainability of repairable items. It represents the average time required to repair a failed component or device.
25
https://en.wikipedia.org/wiki/Mean_time_to_repair https://en.wikipedia.org/wiki/Mean_time_between_failures
SLIDE 51
SUMMARY
It’s not Continuous Delivery if you can’t deploy right now Practice good CI habits Use things like feature branches to deploy incomplete work
26
SLIDE 52
THANK YOU
To learn more about ThoughtWorks CD Products http://www.thoughtworks.com/products/
27