Patterns and Anti-Patterns for CI/CD

patterns-antipatterns-cicd.md

Patterns and Anti-Patterns for CI/CD

The Developer Experience

• The developer journey
  • visualize devs' emotions during their workflow
• make sure to provide a good experience for your devs as well (not only for customers and users)

Working Models

• Pairing vs Review
• Good / bad User Stories

Source Code Management

• Feature branches vs. trunk based development
• embed trunk-based dev in your SW workflow

Versions & Releases

• Semantic Versioning
• Automating the versioning process?
• Traceability

Dev / Prod Parity

• Running stuff on dev workstations vs running stuff in CI/CD vs running stuff in Production
• Docker to the rescue
  • spin up all the things locally
  • provide containerized dev envs

The do script

• Automate all the things
• Use the same scripts in dev and in CI/CD
• Provide a inspiring developer experience
• e.g.
  • build locally (in a container)
  • run locally (in a container)
  • run tests
  • start dependencies (database...)
• run your pipeline logic during development, too

Pipelines that don't suck

What makes a good pipeline -> link to Mario's talk

• the pipeline is code
  • it's declarative
  • it's versioned with your code
• the pipeline is visual
• it scales
  • with project size
  • with number of builds
  • with number of repositories
• it is not some snowflake configuration in a clicking-only UI
• locally executable
  • see do script
• it should not be the super-complicated unicorn script that no developer ever wants to touch

Good Conventions

• Good READMEs
  • same structure
  • kept up-to-date
• have similar pipelines for similar projects
  • makes it easier for onboarding
  • devs are less scary to touch / repair things, because they know it

If possible: use SaaS solutions

• spend your time on the business value, not on fixing your tools
  • a CI/CD toolchain itself brings no business value
• easily speed up things by adding more powerful build agents (Cloud...)
• takes care of the ugly stuff
  • build agents for different architectures
  • cleaning up
  • resource management

CI/CD and security

• credentials management
  • inject at runtime (e.g. Vault)
• security scans
  • Docker images
  • libraries and dependencies
• securing the delivery process itself
  • again: Docker to the rescuee: signing images, trusted registries...

Autonomy over avoiding redundancy

• Find a good balance between reducing redundancy and keeping teams autonomous
• Strive for small components with less blast radius but faster release cycles
• avoid blocking of releases due to waiting on other people's code

Design for Continuous Delivery

• Idempotence (re-running stuff should do no harm)
• Avoid any manual intervention
  • think about this right from the design phase
• Design for blue / green deployments
  • provide health endpoint

CI/CD as shared responisibility

• Antip-Pattern: "the one person taking care about the pipeline in the team"
• involve everybody, make the pipeline a "shared responsibility"
• bring it into tech huddles, make sure everyone in the team understands how things work
• involve client / PO, make sure they understand the importance of time spent on CI/CD and how this improves the team performance

Trunk-based development

• Kief's Blog Post

Credentials Handling / Security

• logging of passwords
• accessing credentials / vaults

Shell script issues

• about exit 0
• set -... pipefail