Build Breakers, Not Gatekeepers (DevOpsCon Munich 2020 - Keynote)

Slide 1

Slide 1 text

BUILD BREAKERS! NOT GATEKEEPERS MICHIEL ROOK @MICHIELTCS

Slide 2

Slide 2 text

@michieltcs TRADITIONAL SOFTWARE DEV

Slide 3

Slide 3 text

@michieltcs

Slide 4

Slide 4 text

@michieltcs HUMAN GATEKEEPERS

Slide 5

Slide 5 text

@michieltcs HANDOFFS

Slide 6

Slide 6 text

@michieltcs COSTLY

Slide 7

Slide 7 text

@michieltcs WASTEFUL

Slide 8

Slide 8 text

@michieltcs DOESN'T SCALE

Slide 9

Slide 9 text

@michieltcs

Slide 10

Slide 10 text

@michieltcs CONTINUOUS & MANY SMALL CHANGES

Slide 11

Slide 11 text

@michieltcs SHIFT LEFT

Slide 12

Slide 12 text

@michieltcs ELIMINATE ISSUES EARLY

Slide 13

Slide 13 text

@michieltcs

Slide 14

Slide 14 text

@michieltcs HOW?

Slide 15

Slide 15 text

@michieltcs AUTOMATION

Slide 16

Slide 16 text

@michieltcs Source: 2017 State Of DevOps report @michieltcs

Slide 17

Slide 17 text

@michieltcs 60 Accelerate: State of DevOps 2019 | How Do We Improve Productivity? As Martin Fowler outlines,33 companies should be thoughtful about which so ware is strategic and which is merely utility. By addressing their utility needs with COTS solutions and minimizing customization, high performers save their resources for strategic so ware development e orts. We also see that elite performers automate and integrate tools more frequently into their toolchains on almost all dimensions. Although automation may be seen as too expensive to implement (we o en hear, “I don’t have time or budget to automate— it’s not a feature!”), automation is truly a sound investment.34 It allows engineers to spend less time on manual work, thereby freeing up time to spend on other important activities such as new development, refactoring, design work, and documentation. It also gives engineers more confidence in the toolchain, reducing stress in pushing changes. 33 Martin Fowler, MartinFowler.com, UtilityVsStrategicDichotomy. https://martinfowler.com/bliki/UtilityVsStrategicDichotomy.html 34 This is a site reliability engineering (SRE) best practice: reduce toil, which is work without productivity. Low Medium High Elite Automated build 64% 81% 91% 92% Automated unit tests 57% 66% 84% 87% Automated acceptance tests 28% 38% 48% 58% Automated performance tests 18% 23% 18% 28% Automated security tests 15% 28% 25% 31% Automated provisioning and deployment to testing environments 39% 54% 68% 72% Automated deployment to production 17% 38% 60% 69% Integration with chatbots / Slack 29% 33% 24% 69% Integration with production monitoring and observability tools 13% 23% 41% 57% None of the above 9% 14% 5% 4% AUTOMATION AND INTEGRATION BY PERFORMANCE PROFILE Source: 2019 State Of DevOps report

Slide 18

Slide 18 text

@michieltcs BUILD BREAKERS

Slide 19

Slide 19 text

@michieltcs AUTOMATED QUALITY GATES

Slide 20

Slide 20 text

@michieltcs FAIL

Slide 21

Slide 21 text

@michieltcs WARN

Slide 22

Slide 22 text

@michieltcs PASS

Slide 23

Slide 23 text

@michieltcs WARN PASS FAIL

Slide 24

Slide 24 text

@michieltcs PIPELINES

Slide 25

Slide 25 text

@michieltcs DEV BUILD / TEST CONTINUOUS INTEGRATION

Slide 26

Slide 26 text

@michieltcs BUILD BUILD BREAKERS WARN PASS FAIL WARN PASS FAIL WARN PASS FAIL WARN PASS FAIL

Slide 27

Slide 27 text

@michieltcs TIME TO ZOOM IN

Slide 28

Slide 28 text

@michieltcs CODE QUALITY & STANDARDS

Slide 29

Slide 29 text

@michieltcs phpcs --standard=PSR12 src CODE STYLE (PHPCS, Checkstyle)

Slide 30

Slide 30 text

@michieltcs STATIC ANALYSIS (Findbugs, PHPStan)

Slide 31

Slide 31 text

@michieltcs TESTING

Slide 32

Slide 32 text

@michieltcs @michieltcs UNIT TESTS E2E / VISUAL TESTS INTEGRATION TESTS LOTS OF MANUAL TESTING E2E TESTS

Slide 33

Slide 33 text

@michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS COST SPEED

Slide 34

Slide 34 text

@michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS Exploratory testing & user feedback Monitoring & alerting COST SPEED

Slide 35

Slide 35 text

@michieltcs @michieltcs UNIT TESTS E2E TESTS INTEGRATION TESTS Exploratory testing & user feedback Monitoring & alerting COST SPEED 70% 20% 10%

Slide 36

Slide 36 text

@michieltcs UNIT TESTS (PHPUnit, JUnit, TestNG)

Slide 37

Slide 37 text

@michieltcs CODE COVERAGE

Slide 38

Slide 38 text

@michieltcs INTEGRATION TESTS (PHPUnit*, Spring TestContext, RestAssured)

Slide 39

Slide 39 text

@michieltcs @michieltcs UI TESTING (Cypress, Selenium)

Slide 40

Slide 40 text

@michieltcs @michieltcs CONTRACT TESTING (Pact, Dredd)

Slide 41

Slide 41 text

@michieltcs SECURITY

Slide 42

Slide 42 text

@michieltcs DEPENDENCY SCANNING & UPDATING

Slide 43

Slide 43 text

@michieltcs @michieltcs

Slide 44

Slide 44 text

@michieltcs @michieltcs GITHUB INTEGRATION (Renovate, Dependabot)

Slide 45

Slide 45 text

@michieltcs VULNERABLE DEPENDENCIES (Snyk, Whitesource, Nexus)

Slide 46

Slide 46 text

@michieltcs STATIC APPLICATION SECURITY TESTING

Slide 47

Slide 47 text

@michieltcs SAST (Fortify, RIPS, Sonarqube, Coverity)

Slide 48

Slide 48 text

@michieltcs CONTAINERS & IMAGES

Slide 49

Slide 49 text

@michieltcs CONTAINER IMAGE SCANNING (Clair, Twistlock)

Slide 50

Slide 50 text

@michieltcs PERFORMANCE

Slide 51

Slide 51 text

@michieltcs PERFORMANCE TESTS (JMeter, Gatling, Locust)

Slide 52

Slide 52 text

@michieltcs 1. DETERMINE BASELINE 2. AGREE ON SOFT / HARD LIMITS 3. RUN IN PIPELINE TO CALC % UP/DOWN

Slide 53

Slide 53 text

@michieltcs OTHER AREAS

Slide 54

Slide 54 text

@michieltcs MUTATION TESTING

Slide 55

Slide 55 text

@michieltcs APPROVALS & WORKFLOWS

Slide 56

Slide 56 text

@michieltcs ACCESSIBILITY

Slide 57

Slide 57 text

@michieltcs DEPLOYMENTS

Slide 58

Slide 58 text

@michieltcs ....

Slide 59

Slide 59 text

@michieltcs TIPS

Slide 60

Slide 60 text

@michieltcs AVOID FLAKEY TESTS

Slide 61

Slide 61 text

@michieltcs NO TEST SUITE DETECTS EVERY ISSUE

Slide 62

Slide 62 text

@michieltcs WATCH YOUR BUILD TIME

Slide 63

Slide 63 text

@michieltcs ENSURE FAST FEEDBACK

Slide 64

Slide 64 text

@michieltcs @michieltcs

Slide 65

Slide 65 text

@michieltcs @michieltcs

Slide 66

Slide 66 text

@michieltcs FEEDBACK!

Slide 67

Slide 67 text

@michieltcs NOW YOU

Slide 68

Slide 68 text

@michieltcs AGREE ON STANDARDS

Slide 69

Slide 69 text

@michieltcs BUILD A PIPELINE

Slide 70

Slide 70 text

@michieltcs TAKE SMALL STEPS

Slide 71

Slide 71 text

@michieltcs LET'S TURN GATEKEEPERS INTO BUILD BREAKERS!

Slide 72

Slide 72 text

@michieltcs THANK YOU FOR LISTENING! @michieltcs / [email protected] www.michielrook.nl