$30 off During Our Annual Pro Sale. View Details »

Build Breakers, Not Gatekeepers (DevOpsCon Munich 2020 - Keynote)

Michiel Rook
December 09, 2020
Programming
2
75

Build Breakers, Not Gatekeepers (DevOpsCon Munich 2020 - Keynote)

Traditional software development occurs in phases, where QA, security and other roles act as gatekeepers to production. This leads to silos, delays and doesn’t scale.

So, instead of waiting for a human to decide what is and isn’t valid, learn how to use automation to continuously enforce standards in your software. Let’s turn gatekeepers into build breakers!

Michiel Rook

December 09, 2020
Tweet

More Decks by Michiel Rook

See All by Michiel Rook
Dealing with change in event sourced applications (ConFoo 2023)
mrook
1
68
Safety science - a primer (ConFoo 2023)
mrook
0
120
Learning in production (or why Apollo 11 nearly failed)
mrook
1
57
Real-world Continuous Delivery: Learn, Adapt, Improve (ConFoo 2020)
mrook
1
93
Empowering teams using mission command
mrook
1
210
Database schema migrations with zero downtime (Continuous Lifecycle London 2019)
mrook
1
400
Effective leadership in Agile/DevOps environments (ConFoo 2019)
mrook
0
150
I deploy on Fridays (and maybe you should too) (ConFoo 2019)
mrook
2
240
I deploy on Fridays (and maybe you should too)
mrook
0
600

Other Decks in Programming

See All in Programming
MVP開発をするための要求の詰め方/How to think about requirements for MVP development
misatokii
0
150
緊急SOS!KubernetesのCompletedな10万Jobぜんぶ消す
tk3fftk
2
350
net/httpからnet.Connを掘り起こす
hiroyaonoe
1
450
個人から始める開発生産性向上
takamin55
1
230
インターフェースのラッパーを作る際の落とし穴 / Go Conference mini 2023
mazrean
0
270
Input object ではじめる入力値検証/input-value-validation-using-input-object
sanfrecce_osaka
0
210
長年運用されている Web サービスと 通信をするクライアントを Go で作ってみた話
commojun
0
410
アクセシビリティを理解するとフロントエンドのテストが楽になる!
nano72mkn
1
1.9k
第42回ロボティクス勉強会:実環境を手軽にシミュレータ環境に持ってくるpointcloud2gazebo
atinfinity
0
980
Expert Tech Talk!〜ニフティスペシャリスト対談〜 - NIFTY Tech Day 2023
niftycorp
0
130
OpenTelemetry の Trace を中心としたパフォーマンス改善
rmatsuoka
0
520
Open Source - A Journey of Contribution and Collaboration
ivargrimstad
0
960

Featured

See All Featured
Six Lessons from altMBA
skipperchong
18
2.7k
The Power of CSS Pseudo Elements
geoffreycrofte
56
4.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
185
15k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Ruby is Unlike a Banana
tanoku
93
10k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.5k
A Modern Web Designer's Workflow
chriscoyier
688
190k
A Tale of Four Properties
chriscoyier
150
22k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.7k
Why Our Code Smells
bkeepers
PRO
329
56k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.8k

Transcript

  1. BUILD BREAKERS!
    NOT GATEKEEPERS
    MICHIEL ROOK
    @MICHIELTCS

    View Slide

  2. @michieltcs
    TRADITIONAL SOFTWARE DEV

    View Slide

  3. @michieltcs

    View Slide

  4. @michieltcs
    HUMAN GATEKEEPERS

    View Slide

  5. @michieltcs
    HANDOFFS

    View Slide

  6. @michieltcs
    COSTLY

    View Slide

  7. @michieltcs
    WASTEFUL

    View Slide

  8. @michieltcs
    DOESN'T SCALE

    View Slide

  9. @michieltcs

    View Slide

  10. @michieltcs
    CONTINUOUS & MANY
    SMALL CHANGES

    View Slide

  11. @michieltcs
    SHIFT LEFT

    View Slide

  12. @michieltcs
    ELIMINATE ISSUES EARLY

    View Slide

  13. @michieltcs

    View Slide

  14. @michieltcs
    HOW?

    View Slide

  15. @michieltcs
    AUTOMATION

    View Slide

  16. @michieltcs
    Source: 2017 State Of DevOps report
    @michieltcs

    View Slide

  17. @michieltcs
    60 Accelerate: State of DevOps 2019 | How Do We Improve Productivity?
    As Martin Fowler outlines,33 companies
    should be thoughtful about which so ware
    is strategic and which is merely utility. By
    addressing their utility needs with COTS
    solutions and minimizing customization,
    high performers save their resources for
    strategic so ware development e orts.
    We also see that elite performers automate and
    integrate tools more frequently into their toolchains
    on almost all dimensions. Although automation
    may be seen as too expensive to implement (we
    o en hear, “I don’t have time or budget to automate—
    it’s not a feature!”), automation is truly a sound
    investment.34 It allows engineers to spend less
    time on manual work, thereby freeing up time
    to spend on other important activities such as
    new development, refactoring, design work, and
    documentation. It also gives engineers more
    confidence in the toolchain, reducing stress
    in pushing changes.
    33 Martin Fowler, MartinFowler.com, UtilityVsStrategicDichotomy.
    https://martinfowler.com/bliki/UtilityVsStrategicDichotomy.html
    34 This is a site reliability engineering (SRE) best practice: reduce toil, which is work without productivity.
    Low Medium High Elite
    Automated build 64% 81% 91% 92%
    Automated unit tests 57% 66% 84% 87%
    Automated acceptance tests 28% 38% 48% 58%
    Automated performance tests 18% 23% 18% 28%
    Automated security tests 15% 28% 25% 31%
    Automated provisioning
    and deployment to
    testing environments
    39% 54% 68% 72%
    Automated deployment
    to production
    17% 38% 60% 69%
    Integration with
    chatbots / Slack
    29% 33% 24% 69%
    Integration with production
    monitoring and observability
    tools
    13% 23% 41% 57%
    None of the above 9% 14% 5% 4%
    AUTOMATION AND INTEGRATION
    BY PERFORMANCE PROFILE
    Source: 2019 State Of DevOps report

    View Slide

  18. @michieltcs
    BUILD BREAKERS

    View Slide

  19. @michieltcs
    AUTOMATED QUALITY GATES

    View Slide

  20. @michieltcs
    FAIL

    View Slide

  21. @michieltcs
    WARN

    View Slide

  22. @michieltcs
    PASS

    View Slide

  23. @michieltcs
    WARN PASS
    FAIL

    View Slide

  24. @michieltcs
    PIPELINES

    View Slide

  25. @michieltcs
    DEV BUILD / TEST
    CONTINUOUS INTEGRATION

    View Slide

  26. @michieltcs
    BUILD
    BUILD BREAKERS
    WARN
    PASS
    FAIL
    WARN
    PASS
    FAIL
    WARN
    PASS
    FAIL
    WARN
    PASS
    FAIL

    View Slide

  27. @michieltcs
    TIME TO ZOOM IN

    View Slide

  28. @michieltcs
    CODE QUALITY &
    STANDARDS

    View Slide

  29. @michieltcs
    phpcs --standard=PSR12 src
    CODE STYLE
    (PHPCS, Checkstyle)

    View Slide

  30. @michieltcs
    STATIC ANALYSIS
    (Findbugs, PHPStan)

    View Slide

  31. @michieltcs
    TESTING

    View Slide

  32. @michieltcs
    @michieltcs
    UNIT
    TESTS
    E2E /
    VISUAL TESTS
    INTEGRATION
    TESTS
    LOTS OF MANUAL TESTING
    E2E TESTS

    View Slide

  33. @michieltcs
    @michieltcs
    UNIT TESTS
    E2E TESTS
    INTEGRATION TESTS
    COST SPEED

    View Slide

  34. @michieltcs
    @michieltcs
    UNIT TESTS
    E2E TESTS
    INTEGRATION TESTS
    Exploratory
    testing & user
    feedback
    Monitoring
    & alerting
    COST SPEED

    View Slide

  35. @michieltcs
    @michieltcs
    UNIT TESTS
    E2E TESTS
    INTEGRATION TESTS
    Exploratory
    testing & user
    feedback
    Monitoring
    & alerting
    COST SPEED
    70%
    20%
    10%

    View Slide

  36. @michieltcs
    UNIT TESTS
    (PHPUnit, JUnit, TestNG)

    View Slide

  37. @michieltcs
    CODE COVERAGE

    View Slide

  38. @michieltcs
    INTEGRATION TESTS
    (PHPUnit*, Spring TestContext, RestAssured)

    View Slide

  39. @michieltcs
    @michieltcs
    UI TESTING
    (Cypress, Selenium)

    View Slide

  40. @michieltcs
    @michieltcs
    CONTRACT TESTING
    (Pact, Dredd)

    View Slide

  41. @michieltcs
    SECURITY

    View Slide

  42. @michieltcs
    DEPENDENCY SCANNING &
    UPDATING

    View Slide

  43. @michieltcs
    @michieltcs

    View Slide

  44. @michieltcs
    @michieltcs
    GITHUB INTEGRATION
    (Renovate, Dependabot)

    View Slide

  45. @michieltcs
    VULNERABLE DEPENDENCIES
    (Snyk, Whitesource, Nexus)

    View Slide

  46. @michieltcs
    STATIC APPLICATION
    SECURITY TESTING

    View Slide

  47. @michieltcs
    SAST
    (Fortify, RIPS, Sonarqube, Coverity)

    View Slide

  48. @michieltcs
    CONTAINERS & IMAGES

    View Slide

  49. @michieltcs
    CONTAINER IMAGE SCANNING
    (Clair, Twistlock)

    View Slide

  50. @michieltcs
    PERFORMANCE

    View Slide

  51. @michieltcs
    PERFORMANCE TESTS
    (JMeter, Gatling, Locust)

    View Slide

  52. @michieltcs
    1. DETERMINE BASELINE
    2. AGREE ON
    SOFT / HARD LIMITS
    3. RUN IN PIPELINE TO
    CALC % UP/DOWN

    View Slide

  53. @michieltcs
    OTHER AREAS

    View Slide

  54. @michieltcs
    MUTATION TESTING

    View Slide

  55. @michieltcs
    APPROVALS & WORKFLOWS

    View Slide

  56. @michieltcs
    ACCESSIBILITY

    View Slide

  57. @michieltcs
    DEPLOYMENTS

    View Slide

  58. @michieltcs
    ....

    View Slide

  59. @michieltcs
    TIPS

    View Slide

  60. @michieltcs
    AVOID FLAKEY TESTS

    View Slide

  61. @michieltcs
    NO TEST SUITE
    DETECTS EVERY ISSUE

    View Slide

  62. @michieltcs
    WATCH YOUR BUILD TIME

    View Slide

  63. @michieltcs
    ENSURE FAST FEEDBACK

    View Slide

  64. @michieltcs
    @michieltcs

    View Slide

  65. @michieltcs
    @michieltcs

    View Slide

  66. @michieltcs
    FEEDBACK!

    View Slide

  67. @michieltcs
    NOW YOU

    View Slide

  68. @michieltcs
    AGREE ON STANDARDS

    View Slide

  69. @michieltcs
    BUILD A PIPELINE

    View Slide

  70. @michieltcs
    TAKE SMALL STEPS

    View Slide

  71. @michieltcs
    LET'S TURN GATEKEEPERS
    INTO BUILD BREAKERS!

    View Slide

  72. @michieltcs
    THANK YOU FOR LISTENING!
    @michieltcs / [email protected]
    www.michielrook.nl

    View Slide