At Mirabeau we are very cloud native and love to automate. The primary reason for this is to speed up the time-to-market for our clients and to make sure we offer their customers a great digital experience. In other words, being able to conduct changes to your platform swiftly without any performance degradation or regression issues.
Over the years I worked closely with my colleagues to shape our way of working resulting in a model which we call the “six pillars for automation”. It contains basic principles which must be followed to be successful with continuous delivery. The model contains the following pillars: Maintainability, Reliability, Agility, Functionality, Performance and - very important, especially now with GDPR - Security
In this first blog about our automation experiences, I will present a closer look at the six different pillars.
To maintain your platform with little effort, your software code needs to be of a good quality. To achieve this, continuous testing of the code quality of your digital platform is required. Make sure you have automated code quality checks in place and test against industry and project specific standards.
The use of version control allows you to create triggers on new code commits and merge requests. Using CI/CD pipelines supplied by various GIT webservices, such as GitHub, Bitbucket and Gitlab, allows you to validate code early by running linters, code analyzers and even security and performance tests.
And by using a thought-through source control branching and merging strategy, it can be ensured that required code reviews are taking place.
Setting up the right CI/CD pipeline is key for:
- Automated code quality checks
- Code quality standards & code reviews
- Unit testing
Using log analysis tools and proper monitoring metrics allows detection of possible faults at early stages. A disastrous breakdown of the application can be prevented or mitigated. Historical data can be used to determine the right metrics to trigger an alarm.
To ensure environment changes and code deployments don’t cause any unwanted results, these actions should be automated as much as possible. The same automated process should be used for non-production and production environments.
And with a so-called Xperience Level Agreement you make the experience of your platform measurable and insightful by designing key performance objectives with your team.
Having a reliable platform depends highly on:
- Predictive Monitoring
- Xperience Level Agreements
- Automated build & deploys
I often experience that a key element in successful speeding up your time to market is agility. Your organization needs to be Agile to be able to deliver features every week or even every day, to ensure teams respond quickly to technological advancements and changing needs of your customers. This also includes a DevOps way of working where different disciplines work closely together in one team.
In most cases, I use a Continuous Delivery maturity model to get a feeling about the current maturity level and next steps to implement. A few highlights of this model are shown in the matrix below:
|1. Entrant||2. Novice||3. Experienced||4. Mature||5. Expert|
|Clarification||Chaos, there is nothing||Managed, but no Continuous Delivery||Steady release frequency, increasable||DevOps is focal point||Continuous Value Delivery|
|Time to market||Very long||Long||Average||Short||Very short|
The Agile way-of-working covers:
- Continuous Delivery Maturity Model
- Feedback & Evaluation Cycles
To ensure functionality will not break and will keep working as expected after every release, you need to have a test strategy and plan. You can’t afford hours of manual testing because this will block your delivery pipeline. Using tooling like Selenium, functional tests can be automated. With the right reporting setup, failed tests can be analyzed fast and code fixes can be implemented quickly.
Always make sure your tests cover a diversity of use cases. If you’re building a website, for example, you should test for different browsers and devices.
Developers should be able to run functional tests locally as much as possible. Early detection and fixing of broken functionality helps speeding up the CI/CD Process.
Functionality testing consists of:
- Test strategy & planning
- Automatic functional testing
- Test reporting
- Multi-browser / device tests
Optimization is often pushed to the back and looked at only after functionality is being added. In my opinion, this is not always the best choice. The success of an application may depend highly on its performance. As an example, adding new functionality into a webshop - for allowing more user convenience - may look like a good idea. But if this increases the load times of a page by just half a second, you might have the reverse effect.
This is why I always recommend running performance tests as part of the CI/CD pipeline. Functional tests written for automatic testing can even be reused for this purpose. Tools like Blazemeter, Taurus, New Relic and Dynatrace will help you compare the results to your baseline tests and allows you to pinpoint the bottlenecks.
Performance testing can be broken down into:
- Application (regression) performance testing
- Load testing
- Static code performance analysis
This last pillar is not the least important one. It covers a broad area both on the platform and application level. To ensure no data is being leaked, encryption should be in place on all possible levels (in transit and in rest). Especially with GDPR, you should be aware of the data flows and minimize the storage and transit of sensitive data where possible. A strictly followed procedure should be set up around the management of user accounts and permissions. Use the ‘principle of least privilege’ for both network access and permission policies. All these examples are focused mostly on the platform your application is running on, but the application code also plays an important role in security. Use periodic penetration tests to make sure your code is compliant.
At Mirabeau we cover this pillar with:
- The Mirabeau security portfolio
- Risk profiles
- Continuous security testing
- GDPR (AVG)
Being aware of the six pillars will help you grow in the journey to continuous delivery as a company.
The first three pillars focus more on defining the right way of working, whereas the last three focus mostly on automated testing and analysis. Automation is key for faster time-to-market and there are a lot of tools out there that can help you accomplish this.
Stay tuned for new articles about successful automation examples.