Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Build Breakers, Not Gatekeepers (DevOpsCon Munich 2020 - Keynote)

Build Breakers, Not Gatekeepers (DevOpsCon Munich 2020 - Keynote)

Traditional software development occurs in phases, where QA, security and other roles act as gatekeepers to production. This leads to silos, delays and doesn’t scale.

So, instead of waiting for a human to decide what is and isn’t valid, learn how to use automation to continuously enforce standards in your software. Let’s turn gatekeepers into build breakers!

2f4800411154a8c66dde489448a044d2?s=128

Michiel Rook

December 09, 2020
Tweet

Transcript

  1. BUILD BREAKERS! NOT GATEKEEPERS MICHIEL ROOK @MICHIELTCS

  2. @michieltcs TRADITIONAL SOFTWARE DEV

  3. @michieltcs

  4. @michieltcs HUMAN GATEKEEPERS

  5. @michieltcs HANDOFFS

  6. @michieltcs COSTLY

  7. @michieltcs WASTEFUL

  8. @michieltcs DOESN'T SCALE

  9. @michieltcs

  10. @michieltcs CONTINUOUS & MANY SMALL CHANGES

  11. @michieltcs SHIFT LEFT

  12. @michieltcs ELIMINATE ISSUES EARLY

  13. @michieltcs

  14. @michieltcs HOW?

  15. @michieltcs AUTOMATION

  16. @michieltcs Source: 2017 State Of DevOps report @michieltcs

  17. @michieltcs 60 Accelerate: State of DevOps 2019 | How Do

    We Improve Productivity? As Martin Fowler outlines,33 companies should be thoughtful about which so ware is strategic and which is merely utility. By addressing their utility needs with COTS solutions and minimizing customization, high performers save their resources for strategic so ware development e orts. We also see that elite performers automate and integrate tools more frequently into their toolchains on almost all dimensions. Although automation may be seen as too expensive to implement (we o en hear, “I don’t have time or budget to automate— it’s not a feature!”), automation is truly a sound investment.34 It allows engineers to spend less time on manual work, thereby freeing up time to spend on other important activities such as new development, refactoring, design work, and documentation. It also gives engineers more confidence in the toolchain, reducing stress in pushing changes. 33 Martin Fowler, MartinFowler.com, UtilityVsStrategicDichotomy. https://martinfowler.com/bliki/UtilityVsStrategicDichotomy.html 34 This is a site reliability engineering (SRE) best practice: reduce toil, which is work without productivity. Low Medium High Elite Automated build 64% 81% 91% 92% Automated unit tests 57% 66% 84% 87% Automated acceptance tests 28% 38% 48% 58% Automated performance tests 18% 23% 18% 28% Automated security tests 15% 28% 25% 31% Automated provisioning and deployment to testing environments 39% 54% 68% 72% Automated deployment to production 17% 38% 60% 69% Integration with chatbots / Slack 29% 33% 24% 69% Integration with production monitoring and observability tools 13% 23% 41% 57% None of the above 9% 14% 5% 4% AUTOMATION AND INTEGRATION BY PERFORMANCE PROFILE Source: 2019 State Of DevOps report
  18. @michieltcs BUILD BREAKERS

  19. @michieltcs AUTOMATED QUALITY GATES

  20. @michieltcs FAIL

  21. @michieltcs WARN

  22. @michieltcs PASS

  23. @michieltcs WARN PASS FAIL

  24. @michieltcs PIPELINES

  25. @michieltcs DEV BUILD / TEST CONTINUOUS INTEGRATION

  26. @michieltcs BUILD BUILD BREAKERS WARN PASS FAIL WARN PASS FAIL

    WARN PASS FAIL WARN PASS FAIL
  27. @michieltcs TIME TO ZOOM IN

  28. @michieltcs CODE QUALITY & STANDARDS

  29. @michieltcs phpcs --standard=PSR12 src CODE STYLE (PHPCS, Checkstyle)

  30. @michieltcs STATIC ANALYSIS (Findbugs, PHPStan)

  31. @michieltcs TESTING

  32. @michieltcs @michieltcs UNIT TESTS E2E / VISUAL TESTS INTEGRATION TESTS

    LOTS OF MANUAL TESTING E2E TESTS
  33. @michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS COST SPEED

  34. @michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS Exploratory testing

    & user feedback Monitoring & alerting COST SPEED
  35. @michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS Exploratory testing

    & user feedback Monitoring & alerting COST SPEED 70% 20% 10%
  36. @michieltcs UNIT TESTS (PHPUnit, JUnit, TestNG)

  37. @michieltcs CODE COVERAGE

  38. @michieltcs INTEGRATION TESTS (PHPUnit*, Spring TestContext, RestAssured)

  39. @michieltcs @michieltcs UI TESTING (Cypress, Selenium)

  40. @michieltcs @michieltcs CONTRACT TESTING (Pact, Dredd)

  41. @michieltcs SECURITY

  42. @michieltcs DEPENDENCY SCANNING & UPDATING

  43. @michieltcs @michieltcs

  44. @michieltcs @michieltcs GITHUB INTEGRATION (Renovate, Dependabot)

  45. @michieltcs VULNERABLE DEPENDENCIES (Snyk, Whitesource, Nexus)

  46. @michieltcs STATIC APPLICATION SECURITY TESTING

  47. @michieltcs SAST (Fortify, RIPS, Sonarqube, Coverity)

  48. @michieltcs CONTAINERS & IMAGES

  49. @michieltcs CONTAINER IMAGE SCANNING (Clair, Twistlock)

  50. @michieltcs PERFORMANCE

  51. @michieltcs PERFORMANCE TESTS (JMeter, Gatling, Locust)

  52. @michieltcs 1. DETERMINE BASELINE 2. AGREE ON SOFT / HARD

    LIMITS 3. RUN IN PIPELINE TO CALC % UP/DOWN
  53. @michieltcs OTHER AREAS

  54. @michieltcs MUTATION TESTING

  55. @michieltcs APPROVALS & WORKFLOWS

  56. @michieltcs ACCESSIBILITY

  57. @michieltcs DEPLOYMENTS

  58. @michieltcs ....

  59. @michieltcs TIPS

  60. @michieltcs AVOID FLAKEY TESTS

  61. @michieltcs NO TEST SUITE DETECTS EVERY ISSUE

  62. @michieltcs WATCH YOUR BUILD TIME

  63. @michieltcs ENSURE FAST FEEDBACK

  64. @michieltcs @michieltcs

  65. @michieltcs @michieltcs

  66. @michieltcs FEEDBACK!

  67. @michieltcs NOW YOU

  68. @michieltcs AGREE ON STANDARDS

  69. @michieltcs BUILD A PIPELINE

  70. @michieltcs TAKE SMALL STEPS

  71. @michieltcs LET'S TURN GATEKEEPERS INTO BUILD BREAKERS!

  72. @michieltcs THANK YOU FOR LISTENING! @michieltcs / michiel@michielrook.nl www.michielrook.nl