Info

• Authors: Jez Humble, David Farley
• Type: Non-fiction; Practical/Instructive

Summary

• Introduces the deployment pipeline concept
• Persuades readers that the deployment pipeline is better than traditional software release
• Outlines prerequisites and steps for implementing the deployment pipeline

Outlines

• Ch. 1: The Problem of Delivering Software
• Ch. 2: Configuration Management
• Ch. 3: Continuous Integration
• Ch. 4: Implementing a Testing Strategy

Ranting

Chapter 1

• Recommends teams be "cross-functional" (pg 16)
• Every change does trigger gating, these are at least component tests
  • master is always "deployable" (for 190ish repos)
• We could maybe make better use of beta for integration tests
• We don't have "quality criteria" as part of the release process currently
  • We do do security review
• Scap does do smoke tests, could do more
• "Deployment pipeline" identified a lot of the same antipatterns
• Iterative process
  • "Meet frequently to improve the deployment cycle"
  • We don't really have this with MediaWiki folks currently
  • RelEng Office Hours?
• We don't have one command to setup an env
  • Are we missing benefits of version control and configuration management?
  • This makes local dev work hard

Antipatterns

• We are guilty of a few anti-patterns
  • Manual Deployment
  • We do a lot of "Deploying to a production-like environment only after development is complete" (antipattern) now

• There was a quote (pg 9) that rang true to me related to process subversion that was an antipattern. This is something that requires a cultural shift to overcome.

  As pressure increases the defined process for collaboration between the development and deployment teams is subverted in order to get the deployment done within the time allocated to the deployment team

Feedback and "Critial CI"

• We currently run what the book would term "accpetance tests" pre-merge
• The problem we've typically cited is it's hard to get a fix post-merge
• gating is the tool we use to stop things violating our acceptance ciriteria

Chapter 2

• There is no single version we can identify for what's in production for MediaWiki (this is in progress)
• We have IS.php and IS-labs.php, should we have an IS-dev.php?
• What should we expand existing scap smoke tests to cover?

Version Control

"Everything in version control"

• what about l10n?
• what about how to build a deployment directory?
• we have a lot of build scripts that only work in two envs (prod, beta) that handle all of this.

Configuration

• The "Cattle vs Pets" -- we don't have that
• The benefit of "random pieces of poorly understood" infra is not solved via configuration management -- now we have random pieces of poorly understood puppet.
• We add in configuration at deploy-time for services with scap3, this works well for them. I think this is also the model of k8s.

Environments

• There is very little visibility into our testing env (deployment-prep) for anyone
• We use Puppet to enforce existing state and tweak existing systems rather than provision from scratch

Chapter 3

Without CI, your application is broken until you prove otherwise. With CI, the default state of your application is working, albeit with a level of confidence that depnds upon the extent of your automated test coverge

The "short build" section is much less than we currently have

• "commit" stage is "test"
• "acceptance" stage is "gate-and-submit"
• some portion of "gate-and-submit" should likely become post-merge
• The problem with post-merge tests is how to fix them
• this is part of the cultural shift
• we haven't checked in with folks about this kind of thing...ever (as long as I've been around)

Development workspace

• Quibble was one idea to run test suite
• No workspace takes into account deployment currently
• composer for 3rd party deps

Bells and Whistles

• We don't have much visibility
• https://tools.wmflabs.html/ci/last_run.html is a pretty good dashboard, I think

Cultural Shifts

• We have this (possibly aside from TDD)
• I think we enforce this with gating, gating is our hammer

Distributed Teams

• Another place that we, in some ways, outpace the book
• We don't get all the benefits of a central CI-system (self-serve, metrics)
• What metrics should we be gathering as part of the deployment pipeline, right now?

it is essential that development teams can easily self-service new environments, configurations, builds, and deployments in an automated fashion (pg 76)

Distributed VCS

The pace of development tends to be faster on GitHub {{cn}}

Chapter 4

We generally class comprehensive as greater than 80% code coverage.

• Seems to be a huge emphasis on cucumber tests

Done badly, [acceptance tests] can inflict a significant cosst on your delivery team (pg 87)

• Why not devlopers writing tests

In our ideal project, testers collaborate with developers and users to write automated tests from the start of the project (pg 83)

• we use swagger tests as acceptance tests (deployment smoke tests) for services and mediawiki
• This really deemphasises unit/component tests, is this only because it's hard to explain in business terms? Do we have that problem?
• "NetFlix" pg 90 har har