Are you ready to automate continuous deployment in CI/CD?

Many companies have rushed to implement continuous integration and continuous delivery (CI/CD) pipelines to streamline their software development workflows. Far fewer have taken the extra step of automating continuous deployment, a practice of using CI/CD pipelines to push changes into production continuously. Naturally.

The idea of ​​pushing code into production as often as daily or hourly gives me chills. In fact, several years ago I wrote an article about the disadvantages of continuous deployment. Another article, “when the responsible DevOps teams should increase the frequency of deployment”, questions the hypothesis that more frequent deployments are better.

However, a lot has changed over the past few years, and many more devops teams are adopting the skills, practices, and tools to automate reliable, high-quality deployments. This article explains the differences between continuous delivery and continuous deployment, then offers five things devops teams should do before automating continuous deployment in their CI/CD pipelines.

Continuous Delivery vs Continuous Deployment

Kulbir Raina, agile and devops leader at Capgemini, shares a definition that helps us differentiate continuous delivery from continuous deployment. He says, “Continuous delivery is the end-to-end automated flow of software releases to production, while continuous deployment is the automated process that pushes software from that flow to post-continuous integration into production via a pre-tested process.

Automating production deployments carries more risk because the results impact the business, customers, and end users. If a DevOps team decides to automate deployments, the deployment process should include continuous testing and robust error handling. Otherwise, a deployment could create performance issues, unreliable systems, security vulnerabilities, and flaws found in production.

Mike Saccotelli, Director of Software Engineering at SPR, adds, “The main difference between an organization using a continuous delivery model and a continuous deployment model is the level of maturity and sophistication of their build and deployment processes.” .

Devops teams can use the following checklist to prepare to upgrade CI/CD pipelines for continuous deployment.

1. Assess business benefits

Continuous deployment, in principle, can be applied to many applications and even in the most regulated industries. Tim Lucas, co-founder and co-PDG of Buildkite, says: “Continuous deployment can be adopted by project, and the best organizations set objectives to move as many projects as possible to this model. Even in finance and regulated industries, the majority of projects can adopt this model. We’re even seeing self-driving car companies rolling out continuously. »

While DevOps teams can implement continuous deployment in many projects, is the question where does it offer a solid profitability analysis and significant technical advantages? The projects that frequently deploy features and fixes, and where modernized architecture simplifies automation, are the most promising to move on to continuous deployment.

2. Prepare the development team

Lucas shares some of the prerequisites that should be part of the software development process before moving to a continuous deployment model. He says, “Continuous deployment is true agility, the fastest way from code change to production. This requires always keeping the master branch in a shippable state, automating testing, and having high-quality tooling you can trust.

Some of the development responsibilities and disciplines for developers looking to automate continuous deployment include:

Saccotelli adds, “Continuous deployment relies on a development team having a more mature understanding of quality code so that this process can succeed. If the code is poor or untested, it will create an unreliable system and quickly push bugs and vulnerabilities into production.

3. Prepare the operations team

This causes the CI/CD pipeline to run and deploy the new code to production. Does that mean the DevOps teams are clear, their work done, and everyone can upgrade to the next release?

Not so fast. Despite all the work developers do to ensure builds don’t break, automate code testing, and control what code is activated in production, there is always a risk that a deployment could cause production issues. Monitoring business services, applications, and systems is an operational responsibility within devops, and their skills to support continuous deployments begin long before enabling deployment automation. Best practices include the following:

  • Use infrastructure as code and containers to ensure consistent infrastructure configurations across development, test, production, and other environments.
  • Use application- and system-level monitoring tools that also load and analyze observability data created by applications and microservices.
  • Choose an AIOps platform that integrates monitoring, alerting, and observability data across the entire stack, from applications to microservices and data stores, and correlates events into manageable incidents.
  • Configure canary builds to control failover and traffic to new deployments and reduce the risk of more difficult failover strategies.
  • Have a robust set of security tools, including API gateways, web application firewalls, container security, threat monitoring, and sensitive data monitoring that mitigate risk in enterprise environments. highly dynamic applications.

4. Integrate ITSM and workflows across teams and tools

We’re not done yet, even with all the development and operations skills instituted. Let’s say the devops team commits code, continuous deployment moves change to production, and application performance monitoring tools are working. How quickly will the right devops team members be alerted so they can triage incidents, investigate the root cause, and resolve issues quickly?

Lucas shares that “irregular testing is the #1 risk” when moving to continuous deployment. He cites unreliable CD/CD tools, poor monitoring of production and on -call practices, as well as the absence of a real partnership between engineering and IT as other risks.

Without workflows and integrations between monitoring, AIOps, IT service management (ITSM), agile and communication tools, a devops team’s time to respond and resolve issues can lag behind at its deployment speeds. This gap can create moments of stress and erode the partnership between development and operations. A good practice is to ensure that IT tools and workflow are integrated, so that DevOps teams can follow all the problems created by continuous deployments.

5. Define decision thresholds and risk-based KPIs

Kristin Baskett, Director of Product Marketing at Copado, provides an essential element needed for continuous deployments. She declares: “Although it is imprudent automation to hinder a system, the right automation helps organizations achieve the flexibility and the consistency they need to really benefit from DevOps. When developers can integrate code automatically, collaboration improves. And by investing in test automation and quality gateways, organizations can innovate faster, with less risk.

In addition to test automation, Baskett mentions the establishment of quality barriers that should be extended to other risk assessments. When a build triggers continuous deployment, quality portals implement business rules to determine which deployments can go into production and which may require compliance review or management approval.

Other management best practices that support continuous deployments include developing devops key performance indicators (KPIs), formalizing feedback loops, and developing communication strategies.

Continuous deployments can yield many business and technology benefits, but disciplined DevOps teams and IT organizations should ensure best practices and tools are in place before using automation to increase deployment frequencies.

Copyright © 2022 IDG Communications, Inc.

Jack L. Goldstein