The best development organizations are adopting continuous delivery of features to production on a weekly or daily basis. Achieving this is not easy. Proper agile planning and seasoned developers are only the first steps. To reach the promised land, your entire DevOps process must be designed and tuned for incremental releases. These following best practices are required to achieve predictable, reliable releases in a process that can be sustained for the long run.
What is DevOps?
DevOps is commonly defined as a software development methodology that combines software development with IT operations. The goal is to shorten systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives. The methodology can be organized into the following stages:
Enterprise Software as a Service (SaaS) apps are not distributed like traditional software. They are continuously running services. So continuous delivery is all about updating the service with a set of changes. In public clouds like AWS and Heroku, this is done through pipeline stages (e.g., development, testing, staging, and production). In platforms like Salesforce, stages become sandbox environments, ephemeral scratch orgs, and production instances.
Agile planning is now de rigueur for enterprise development. For continuous delivery, ensure your user stories are sized correctly and that each story rolls up to an epic that represents a standalone feature. This enables your team to release bite-sized pieces of functionality that are consumable by users and traceable back to your release plan. Also, define acceptance criteria for use in the verify stage below so you know when something is complete.
There are a few practices of app creation that impact CD.
First, source code is not the only element of an enterprise solution. Schema, user interface, access control rights, and static resources like icons and images are all part of the creation process and should be managed just as diligently as source code. They should all be checked in to a version control system (VCS) as a single source of truth.
Second, ensure that developers are making changes in a segregated environment. In some low code platforms like Salesforce.com this becomes a challenge, but even in a database, multiple DBAs can step on each other’s changes when working in a shared environment.
Automated quality processes are difficult to implement for web apps, but are essential. Selenium is a great tool for testing functionality and should be part of your practice, but there are several verifications that should be made before you get to functional testing. Static code analysis tools like PMD are essential to ensure your development team is coding against a single style. Define a team style and enforce its use. Unit Test coverage is also essential. Incorporate them with a coverage of at least 75%. Finally, after these automated tests pass, implement a manual peer review. Old hands are able to spot opportunities for performance improvement where automated tools may not.
Packaging for CD is about capturing changes so they can be incrementally released into the next stage or environment. Dedicate a branch for each stage and bundle incremental changes into a promotion branch so you can leverage the merge conflict detection in your VCS.
Changes should be released in a defined pipeline with strict quality gates that ensure the verification steps and enforce the order of release stages. Developers should not be able to release from development and production bypassing integration and testing.
Also, minimize differences between stages. Smaller changes mean reliable, predictable releases.
Finally, automate promotions. This enables your team to validate the promotion scripts in integration, testing, and staging before releasing to production which decreases the likelihood of an unhappy surprise.
Automate configuration, especially for end-user access rights and make testing for proper configuration part of your verification process. Platforms like Salesforce have powerful profiles and permission sets that enable user access to only the right information. Improper configuration can expose personally identifiable information (PII), credit card numbers, or medical health data and get your company in the news.
Deployment to production does not mean features are visible to end users. Design code to support incremental releases. Place features behind a permission and release them when complete. Give admins a preference flag so they can enable features to their users when they are ready.
Most SaaS companies monitor service availability and performance. Excellent companies also monitor data access to detect improper configuration changes and monitor end-user feature usage which gives product managers visibility to their usage.
Enterprise SaaS applications have many moving parts and often manage sensitive information. Implementing these best practices will create predictable, reliable releases that minimize the likelihood of downtime, defects, and exposure of sensitive information.