Continuous Delivery practices applied to a multi-cloud product born in 2013, through constant evolution of the pipelines to deliver software reliably and manage operations without fear.
© EngineeringYet anotherContinuous Delivery talkGiovanni Toraldo / Solution DeveloperEngineering D.HUBIncontro Devops 2021 #idi2021CONTINUOUS DELIVERY
View Slide
© EngineeringAbout meOpen sourceRemote-firstsoftware developer / devopsSolution developer in Engineering D.HUBOften teleported into the 14th century 🛡⚔🎯CONTINUOUS DELIVERY / BIOGiovanni Toraldo
© EngineeringAbout CloudesireWhitelabel marketplaceSaaS billingChannel managementIaaS, PaaS, SaaS catalog2012 - R&D project2013 - Cloudesire.com2016 - Tim Venture seed 600K2020 - Engineering acquisitionCONTINUOUS DELIVERY / BIO
© EngineeringAntipatterns are everywhere– Manual deployments are a waste of time– Infrequent deployments cause late feedback– Manual configuration of environments leads to configuration drift– Manual testing leads to regressions– Can we do better?CONTINUOUS DELIVERY / THEORY
© EngineeringWhat Continuous Delivery can do– Short cycles– Reliability– Early feedback– Market pressure– Customer satisfactionCONTINUOUS DELIVERY / THEORY
© EngineeringContinuous Delivery phasesCONTINUOUS DELIVERY / THEORY
© EngineeringHow we do achieve our goal?CONTINUOUS DELIVERY / PRACTICES
© EngineeringBacklog‒ One place for high-level issues (epic, stories)‒ Focus on describing the problem you want to solve, not solutions● Developers knows what is good for you‒ Prioritization as a contract with stakeholders‒ Commit for a plan and try to stick with it (#noestimates)‒ Current status should be transparent● Feedback to non-developers when releases happens● Meetings are ok but everyone happy and no meetings is betterCONTINUOUS DELIVERY / PRACTICES
© EngineeringAutomated testing / TDD– Probably the most underrated practice for achieving velocity‒ Writing tests is HARD for newcomers‒ Maintaining test suites is HARD for everyone (e.g.: flappers)‒ Still, it’s worth the time‒ Optimize build times to avoid slow feedback‒ Tests give hints on how a function should workCONTINUOUS DELIVERY / PRACTICES
© EngineeringContinuous integration‒ Treat it like your best friend, you can rely on it‒ Ensure that you are not going to break everything in a single move‒ Repetitive tasks belongs to here● Compile code● Execute regression tests● Generate documentation● Publish new artifactsCONTINUOUS DELIVERY / PRACTICES
© EngineeringCode reviews‒ Spot bugs before reaching users‒ Share ownership and abandon blame culture‒ Meet specifications‒ Keep the bar high‒ Written trail of design decisions‒ Asynchronous feedback‒ Mentor juniors without doing anything specialCONTINUOUS DELIVERY / PRACTICES
© EngineeringPackaging / Distribution‒ A strict requirement for automated releases‒ Every commit is a release candidate‒ Standard packaging (e.g. Docker)‒ Central artifacts repository (Nexus, Artifactory)● Accessible from all the execution environmentsCONTINUOUS DELIVERY / PRACTICES
© EngineeringAutomated releases‒ Every environment should be a prod-like environment● Have at least a test environment for every prod environment‒ Repeatable procedures reusable in every environment‒ Rollback should be easy as a standard release‒ Releases should be tracked somewhere (GIT, CI)‒ Releases must not affects customersCONTINUOUS DELIVERY / PRACTICES
© EngineeringFeedback loop‒ Automatic deployment to one prod-like environment‒ Release daily on staging environments‒ Ask for explicit feedback after changes fromtester/QA/stakeholders‒ Meaningful and searchable application logs‒ Proactively monitor exceptions and errorsCONTINUOUS DELIVERY / PRACTICES
© EngineeringInfrastructure as code‒ Forgot SSH commands or clicking buttons‒ Repeatable procedures‒ Standardization‒ Objects Inventory‒ Document without actually writing documentationCONTINUOUS DELIVERY / PRACTICES
© EngineeringMicroservices architectures‒ Maintaining a unique codebase has exponential difficulty● Divide et impera‒ Requires a trained release pipeline‒ Avoid repeating yourself via:● Boilerplate projects● Shared libraries● Automated updates● DOCUMENTATIONCONTINUOUS DELIVERY / PRACTICES
© EngineeringWhat’s in our toolboxCONTINUOUS DELIVERY / TOOLING
© EngineeringGithub‒ GIT repository hosting‒ Lightweight issue management● There is a label for everything● Type: Bug, new feature, change feature, operations, devops● Priority: P1, P2, P3, P4● Effort: light, medium, high, epic● Workflow: in-progress, ready-for-staging, test, ready, awaiting-feedback, blocked● Topic: UI/UX, billing, ERP...● Customer● Stalebot that warns and close inactive issue for more than 3 months‒ Documentation as markdown files‒ Planning via weekly milestones● Internal dashboard to track milestones progressCONTINUOUS DELIVERY / TOOLING
© EngineeringInternal dashboard for milestones trackingCONTINUOUS DELIVERY / TOOLING
© EngineeringDependabot‒ Automatic dependencies updates for your repositories on Github‒ PR get opened automatically with changelog between versions‒ Triggered weekly by a schedule on early monday● PR are already built and ready to be merged‒ Security updates with links to CVEs‒ Supports most dependency management tools and Dockerfile‒ Enabled on all repositories via TerraformCONTINUOUS DELIVERY / TOOLING
© Engineering.github/dependabot.ymlversion: 2registries:maven-internal-releases:type: maven-repositoryurl: https://repo.cloudesire.com/repository/internalusername: ${{secrets.MAVEN_USER}}password: ${{secrets.MAVEN_PASS}}updates:- package-ecosystem: mavendirectory: /cloudesire-rootschedule:interval: weeklyday: sundayregistries:- maven-internal-releasesassignees:- gionn- malteo- package-ecosystem: dockerdirectory: /cloudesire-root/cmwschedule:interval: weeklyday: sundayassignees:- gionn- malteoCONTINUOUS DELIVERY / TOOLING
© EngineeringDependabot automated pull requestCONTINUOUS DELIVERY / TOOLING
© EngineeringCircleCI‒ Cloud CI services better than in-house:● Scalability● Predictable pricing‒ Batteries included compared to Jenkins‒ A bit of downsides:● Not so configurable (e.g. tests parallelization)● Can’t add new projects via API● Docker integration slightly cumbersome since beginning‒ Reuse pipeline configuration via ORBCONTINUOUS DELIVERY / TOOLING
© EngineeringCircleCI ORB exampleCONTINUOUS DELIVERY / TOOLING
© EngineeringCircleCI workflow diagramCONTINUOUS DELIVERY / TOOLING
© EngineeringCircleCI job detailCONTINUOUS DELIVERY / TOOLING
© EngineeringSonar (static analysis)‒ Catch bugs automatically‒ Discovery and learn (why is this an issue?)‒ Enforce standards (quality gates)‒ Applied systematically for every project‒ Reports integrated in PR (developer edition)‒ Security audits (Hotspots)CONTINUOUS DELIVERY / TOOLING
© EngineeringTerraform (Infrastructure as code)‒ Supports many providers:● Iaas: AWS, Azure, GCP, ...● Saas: Cloudflare, Github, ...● API: Vault, ...‒ Follow common development workflow● PR● Code review● CI pipelinesCONTINUOUS DELIVERY / TOOLING
© EngineeringAutomated terraform plan on pull requestsCONTINUOUS DELIVERY / TOOLING
© EngineeringCircleCI workflow for terraform repositoryCONTINUOUS DELIVERY / TOOLING
© EngineeringChef (configuration management)‒ Still the configuration management tool after 8+ yrs‒ Provision new production environment in 30 minutes● script to generate new chef environments‒ Nightly integration tests on cloud infrastructure‒ Provision can run from CI or developers boxCONTINUOUS DELIVERY / TOOLING
© EngineeringGraylog‒ Centralized logs collection● Applications via GELF● Syslog● Docker logs‒ Elasticsearch monthly indexes● configurable retention‒ Full-text search on every field, cross-environmentCONTINUOUS DELIVERY / TOOLING
© EngineeringSentry‒ Push applications exceptions via API‒ Aggregate similar exceptions‒ Mark as Resolved● Flagged as regression if found again‒ Mark as Ignored for n time‒ Searchable‒ Slack integration● Each component in a different channel● Only for new errors, regressions or repeated errors in a timeframeCONTINUOUS DELIVERY / TOOLING
© EngineeringSentry issue exampleCONTINUOUS DELIVERY / TOOLING
© EngineeringHow to releaseCONTINUOUS DELIVERY / RELEASE
© EngineeringStep 1: open a release PR on ops repo via Merger script‒ Select which chef environment you want to update‒ Iterate on all the platform components installed on the environment to:● Retrieve the latest successful build of master branch on CircleCI● Compare build number with currently installed docker image version● CI deploy jobs tag docker images with build number● If a new version is available, compare current and previous commit-id on Github● Parse commits to search for PR and referenced github issues‒ Open a pull request with version changes on chef environment● Branch name is always `release-envName`● PR body contains the changelog for every components and links to issue● Issues are linked via a redirector domain to avoid references spamCONTINUOUS DELIVERY / RELEASE
© EngineeringExample Release PRCONTINUOUS DELIVERY / TOOLING
© EngineeringStep 2: PR review, approve, merge, provision‒ Follows the standard development workflow (review, approve, merge)‒ When building master, CI pipeline detect if the built commit is:● A release PR generated by Merger● A generic PR with a label `deploy/envName`‒ Run Chef sequentially on all the nodes of the environmentCONTINUOUS DELIVERY / RELEASE
© EngineeringStep 3: profit‒ If the release fails, the CI send an email to release owners and exceptions arepushed to sentry/slack‒ If the release is successful:● The release PR get labeled as `deployed` and a comment is left with the link ofthe build● Every referenced issue in the release PR body receive a comment stating that arelease is just happened● If the referenced issue had a label:● `workflow/ready-for-staging` is replaced by `workflow/test`● `workflow/ready` the issue is closedCONTINUOUS DELIVERY / RELEASE
© EngineeringRelease schedule via CircleCI‒ Release PR are automatically opened following a weekly schedule:● Main staging environment every weekday until friday● Main demo environment on friday, copying main staging versions● Main production environment on monday, copying main demoversions● Secondary (clients) staging environment on different day of theweek, copying main production versions● Secondary (clients) production environment on different days of theweek, copying from their staging environmentCONTINUOUS DELIVERY / RELEASE
© EngineeringWrap-up‒ Continuous delivery is a game changer when developingproducts‒ Try to continuously improve, one step at a time‒ Automate all the thingsCONTINUOUS DELIVERY / SUMMARY
© Engineeringwww.eng.itEngineering Ingegneria Informatica SpA@EngineeringSpagruppo.engineeringLifeAtEngineeringThanks!Giovanni Toraldo@gionn
gionn
uhooi
ogiwarat
tosite
umsys
yamotuki
loic425
kojipole
m_coder
dunglas
okaharuna
ninoid
shibe23
lara
addyosmani
jlugia
mraible
malarkey
robhawkes
danielanewman
stephaniewalter
paulrobertlloyd
iamctodd
kastner
eileencodes