Build breakers, not gatekeepers! (PHPBenelux 2020)

Build breakers, not gatekeepers! (PHPBenelux 2020)

Traditional software development occurs in phases, where QA, security and other roles act as gatekeepers to production. This leads to silos, delays and doesn’t scale.

So, instead of waiting for a human to decide what is and isn’t valid, learn how to use automation to continuously enforce standards in your software. Let’s turn gatekeepers into build breakers!

2f4800411154a8c66dde489448a044d2?s=128

Michiel Rook

January 24, 2020
Tweet

Transcript

  1. BUILD BREAKERS! NOT GATEKEEPERS MICHIEL ROOK @MICHIELTCS

  2. @michieltcs STORY TIME!

  3. @michieltcs TRADITIONAL SOFTWARE DEV

  4. @michieltcs PHASES

  5. @michieltcs

  6. @michieltcs HUMAN GATEKEEPERS

  7. @michieltcs SILOS

  8. @michieltcs HANDOFFS

  9. @michieltcs

  10. @michieltcs COSTLY

  11. @michieltcs SLOW

  12. @michieltcs WASTEFUL

  13. @michieltcs DOESN'T SCALE

  14. @michieltcs

  15. @michieltcs INTEGRATE QUICKLY & OFTEN

  16. @michieltcs SMALL CHANGES

  17. @michieltcs CONTINUOUS FEEDBACK

  18. @michieltcs

  19. @michieltcs REDUCE RISK

  20. @michieltcs $ = REALIZED VALUE CREDITS TO @FGOULDING

  21. @michieltcs AUTOMATE REPETITIVE TASKS

  22. @michieltcs ELIMINATE ISSUES EARLY

  23. @michieltcs

  24. @michieltcs

  25. @michieltcs HIGHER QUALITY SOFTWARE

  26. @michieltcs SO...

  27. @michieltcs AUTOMATION

  28. @michieltcs AUTOMATION AUTOMATION

  29. @michieltcs AUTOMATION AUTOMATION AUTOMATION

  30. @michieltcs WE CAN & WE SHOULD

  31. @michieltcs Source: 2017 State Of DevOps report @michieltcs

  32. @michieltcs Aspect of So ware Delivery Performance* Elite High Medium

    Low Deployment frequency For the primary application or service you work on, how o en does your organization deploy code to production or release it to end users? On-demand (multiple deploys per day) Between once per day and once per week Between once per week and once per month Between once per month and once every six months Lead time for changes For the primary application or service you work on, what is your lead time for changes (i.e., how long does it take to go from code committed to code successfully running in production)? Less than one day Between one day and one week Between one week and one month Between one month and six months Time to restore service For the primary application or service you work on, how long does it generally take to restore service when a service incident or a defect that impacts users occurs (e.g., unplanned outage or service impairment)? Less than one hour Less than one daya Less than one daya Between one week and one month Change failure rate For the primary application or service you work on, what percentage of changes to production or released to users result in degraded service (e.g., lead to service impairment or service outage) and subsequently require remediation (e.g., require a hotfix, rollback, fix forward, patch)? 0-15%b,c 0-15%b,d 0-15%c,d 46-60% Source: 2019 State Of DevOps report
  33. @michieltcs 21 Accelerate: State of DevOps 2019 | How Do

    We Compare? ELITE PERFORMERS Comparing the elite group against the low performers, we find that elite performers have… frequent code deployments 208 TIMES MORE time to recover from incidents 2,604 TIMES FASTER lead time from commit to deploy 106 TIMES FASTER change failure rate (changes are 1/7 as likely to fail) 7 TIMES LOWER Throughput Stability Source: 2019 State Of DevOps report
  34. @michieltcs 60 Accelerate: State of DevOps 2019 | How Do

    We Improve Productivity? As Martin Fowler outlines,33 companies should be thoughtful about which so ware is strategic and which is merely utility. By addressing their utility needs with COTS solutions and minimizing customization, high performers save their resources for strategic so ware development e orts. We also see that elite performers automate and integrate tools more frequently into their toolchains on almost all dimensions. Although automation may be seen as too expensive to implement (we o en hear, “I don’t have time or budget to automate— it’s not a feature!”), automation is truly a sound investment.34 It allows engineers to spend less time on manual work, thereby freeing up time to spend on other important activities such as new development, refactoring, design work, and documentation. It also gives engineers more confidence in the toolchain, reducing stress in pushing changes. 33 Martin Fowler, MartinFowler.com, UtilityVsStrategicDichotomy. https://martinfowler.com/bliki/UtilityVsStrategicDichotomy.html 34 This is a site reliability engineering (SRE) best practice: reduce toil, which is work without productivity. Low Medium High Elite Automated build 64% 81% 91% 92% Automated unit tests 57% 66% 84% 87% Automated acceptance tests 28% 38% 48% 58% Automated performance tests 18% 23% 18% 28% Automated security tests 15% 28% 25% 31% Automated provisioning and deployment to testing environments 39% 54% 68% 72% Automated deployment to production 17% 38% 60% 69% Integration with chatbots / Slack 29% 33% 24% 69% Integration with production monitoring and observability tools 13% 23% 41% 57% None of the above 9% 14% 5% 4% AUTOMATION AND INTEGRATION BY PERFORMANCE PROFILE Source: 2019 State Of DevOps report
  35. @michieltcs HOW?

  36. @michieltcs BUILD BREAKERS

  37. @michieltcs AUTOMATED QUALITY GATES

  38. @michieltcs FAIL WARN PASS

  39. @michieltcs PIPELINES

  40. @michieltcs DEV BUILD / TEST CONTINUOUS INTEGRATION

  41. @michieltcs ACCEPTANCE PRODUCTION CONTINUOUS DELIVERY

  42. @michieltcs ACCEPTANCE PRODUCTION CONTINUOUS DELIVERY

  43. @michieltcs CODE IS ALWAYS IN A RELEASABLE STATE

  44. @michieltcs ACCEPTANCE PRODUCTION CONTINUOUS DEPLOYMENT

  45. @michieltcs EVERY VALID COMMIT GOES TO PRODUCTION

  46. @michieltcs DELIVERING VALUE TO USERS

  47. @michieltcs SAFELY & QUICKLY

  48. @michieltcs IN A SUSTAINABLE WAY

  49. @michieltcs FEEDBACK

  50. @michieltcs AUDIT LOG

  51. @michieltcs ENFORCING STANDARDS

  52. @michieltcs ENFORCING QUALITY

  53. @michieltcs @michieltcs

  54. @michieltcs @michieltcs

  55. @michieltcs @michieltcs

  56. @michieltcs TIME TO ZOOM IN

  57. @michieltcs DISCLAIMER!

  58. @michieltcs "VERIFICATION" STAGE

  59. @michieltcs DEV BUILD / TEST CONTINUOUS INTEGRATION

  60. @michieltcs LINTING

  61. @michieltcs phpcs --standard=PSR12 src

  62. @michieltcs STATIC ANALYSIS

  63. @michieltcs TESTING

  64. @michieltcs @michieltcs UNIT TESTS E2E / VISUAL TESTS INTEGRATION TESTS

    LOTS OF MANUAL TESTING E2E TESTS
  65. @michieltcs CONTINUOUS TESTING UNIT TESTS ACCEPTANCE TESTS E2E TESTS Cost

    Speed INTEGRATION TESTS
  66. @michieltcs CONTINUOUS TESTING UNIT TESTS ACCEPTANCE TESTS E2E TESTS Cost

    Speed Exploratory testing & user feedback Monitoring & alerting INTEGRATION TESTS
  67. @michieltcs UNIT TESTS

  68. @michieltcs CODE COVERAGE

  69. @michieltcs INTEGRATION TESTS

  70. @michieltcs Scenario: Link to related job Given a job exists

    And there are related jobs available When that job is viewed Then a list of related jobs is shown And each related job links to the detail page of the related job ACCEPTANCE TESTS
  71. @michieltcs ACCEPTANCE TESTS

  72. @michieltcs @michieltcs API CONTRACT TESTING

  73. @michieltcs @michieltcs UI TESTING

  74. @michieltcs @michieltcs VISUAL TESTING

  75. @michieltcs PERFORMANCE TESTS

  76. @michieltcs SECURITY

  77. @michieltcs DEPENDENCY SCANNING

  78. @michieltcs @michieltcs

  79. @michieltcs @michieltcs

  80. @michieltcs

  81. @michieltcs SAST

  82. @michieltcs

  83. @michieltcs

  84. @michieltcs

  85. @michieltcs CONTAINERS & IMAGES

  86. @michieltcs

  87. @michieltcs

  88. @michieltcs BUILD BREAKERS!

  89. @michieltcs https://gitlab.com/mrook/php-demo-pipeline

  90. @michieltcs

  91. @michieltcs FEEDBACK!

  92. @michieltcs NOW YOU

  93. @michieltcs AGREE ON STANDARDS

  94. @michieltcs SMALL STEPS

  95. @michieltcs

  96. @michieltcs LET'S TURN GATEKEEPERS INTO BUILD BREAKERS

  97. @michieltcs GOOD LUCK!

  98. @michieltcs INTERESTED IN MORE? @michieltcs

  99. @michieltcs THANK YOU FOR LISTENING! @michieltcs / michiel@michielrook.nl www.michielrook.nl