Embracing DevOps Release Management

Embracing DevOps Release Management
Foreword
Contributors
About the author
About the reviewers
Preface
   Who this book is for
   What this book covers
   To get the most out of this book
   Download the example code files
   Conventions used
   Get in touch
   Share Your Thoughts
   Download a free PDF copy of this book
Part 1: Understanding the Software Development Life Cycle and Its Design
1
Understanding the Software Development Life Cycle
   Defining SDLC and looking at its seven phases
      1. Planning and Analysis
      2. Define Requirements
      3. Design
      4. Development
      5. Testing
      6. Deployment
      7. Maintenance
      Defining some commonly used terms
   SDLC versus other life cycle management methodologies
      Software development Life Cycle versus systems development life cycle
      SDLC versus release management
      SDLC versus ALM (application Life Cycle management)
      SDLC versus PDLC (product development life cycle)
      SDLC versus SRLC (software release life cycle)
      Release management versus change management
      Release management versus project management
   Summary
   Questions
2
A Brief Introduction to Release Management
   What is release management, and how did it evolve?
      Definitions
      A brief history of release management
      The evolution from software to release management
   Dissecting the release management life cycle
      Request
      Plan
      Design and Build
      Testing
      Deployment
      Post-deployment
   Summary
   Questions
3
What Are the Various SDLC Release Management Models?
   The ITIL model
      ITIL 3
      ITIL 4
   The waterfall model
   The iterative model
   The V-model
   The spiral model
   The big bang model
   The agile model
   The DevOps model
   Summary
   Questions
Part 2: The Advantages of DevOps Release Management
4
What Problems Does DevOps Release Management Try to Solve?
   Exploring automated testing, deployment, and change management
      Automated testing
      Automating deployment
      Automating change management
   Reducing potential risks and accelerating the release of software products
   Streamlining the release process so that it becomes standardized
   Improving metrics and KPIs for successful releases
      Four critical DevOps metrics
   Summary
   Questions
5
Understanding What Makes DevOps Release Management Unique
   DevOps is holistic
   DevOps integrates CI/CD, QA, security, and feedback
   DevOps incorporates business teams into the development process
   The three ways of DevOps
      The first way – flow/systems thinking
      The second way – amplify feedback loops
      The third way – a culture of continual experimentation and learning
   How do traditional release management methodologies stack up against DevOps?
   A case study of how DocuSign transitioned from Agile to DevOps
      The genesis of DocuSign
      The transformation to DevOps
      Obstacles encountered by DocuSign’s product team
   Summary
   Questions
6
Understanding the Basics of CI/CD
   The ABCs of CI/CD
      What is a CI/CD pipeline?
   What is continuous integration (CI)?
      Selecting the right CI tool for your operations
   What is continuous delivery (CD)?
      What is infrastructure as code (IaC)?
      The continuous delivery pipeline
      The difference between continuous delivery and continuous deployment
      How GitOps fits in with continuous delivery
   What is continuous testing?
   The DevOps transformation of Capital One
      Capital One’s DevOps transformation strategy
      Creating cross-functional teams
      Leveraging microservices architecture
      Building an on-demand infrastructure on AWS
      Automating delivery pipelines using Jenkins
      Governance within Capitol One’s CI/CD pipelines
      Implementing chaos engineering
      Embedding security principles in DevOps workflows
      What can we learn from Capital One’s DevOps transformation?
   Summary
   Questions
7
A Practical Pipeline for Technical Release Managers
   Provisioning the AWS infrastructure
      Prerequisites
      Step 1 – fork the repository
      Step 2 – create a default VPC
      Step 3 – create an HTTP rule in the default security group
      Step 4 – create an ECR registry
      Step 5 – create an ECS cluster
      Step 6 – create an ECS task definition
      Step 7 – create an ECS service
   Configuring the GitHub Actions workflow
      Prerequisites
      Step 1 – configure the necessary GitHub repository variables and secrets
      Step 2 – kick off a GitHub Actions workflow
      Step 3 – analyze deployment logs
      Step 4 – observe the deployed application running in AWS ECS
   Summary
   Resources
   Questions
8
How CI/CD Pipelines Enforce Good DevOps Release Management
   Understanding CI/CD governance
      The OWASP Top 10 CI/CD Security Risks
      Speed-to-market versus governance
      Three common paths to CI/CD governance
      Common CI/CD governance obstacles
      Creating an enterprise CI/CD governance model
   Understanding branching strategies
      Choosing a branching strategy
      Common DevOps branching strategies
      How to choose your branching strategy
   Exploring release pipelines
      Tasks
      Artifact store
      Configuration store
      Logging
      Workflow execution
      The difference between deployment and release
   Understanding change management
      Implementing a change approval process
      Obstacles to implementing change approval
      Methods to enhance the change approval process
   Summary
   Questions
Part 3: Develop a Culture of DevOps in Your Organization’s Release Management Strategy
9
Embracing DevOps Culture in Your Release Management Strategy
   Faster and cheaper doesn’t always mean better
      Never compromise on quality
      Project timelines are negotiable
      The problem of perception in DevOps
      DevOps is more than just tools and processes
   Adopting the CALMS approach
      Culture
      Automation
      Lean
      Measurement
      Sharing
      What to keep in mind when adopting CALMS for DevOps
   It takes time to develop a DevOps mindset
   Summary
   Questions
10
What Does Receiving Support from Leadership and Stakeholders Look Like?
   Making investments in people and technology that are deftly aligned
   Why empowerment, ethics, trust, and patience are 
highly valued
      Communication in a DevOps environment
      Understanding why building trust is the key to your success
      Leaders of DevOps establishments require soft skills
   Offering the team autonomy, ownership, 
and shared responsibility
   Making customer feedback the center of every strategy
      What is a feedback loop?
      Collecting customer feedback the DevOps way
      Incorporating customer feedback into your decision-making processes
   Summary
   Questions
11
Overcoming Common Pitfalls in DevOps Release Management
   Having a carefully designed change management process
      Employees must comprehend the rationale for change management initiatives
      Executives operate outside of their comfort zone, while others...
      Leaders aren’t candid about the difficulties they face
      Employee temperaments are resistant to change
   Following a release checklist
      Successful releases go far beyond following a checklist
   Exploring 10 common pitfalls of DevOps release management
      A lack of support from leadership
      Thinking DevOps is mainly about tools
      Treating DevOps and CI/CD as the same thing
      Quality as an afterthought
      Lacking dashboarding and reporting, or having too much
      Selecting the wrong metrics to measure project success
      Leaving others behind as you move forward with DevOps
      Converting to microservices from old infrastructure and design
      Deciding to automate the wrong processes
      A quiet customer is a happy customer
   Summary
   Conclusion
   Questions
Appendix
   The OWASP Top 10 CI/CD Security Risks
      Insufficient Flow Control Mechanisms (CICD-SEC-1)
      Inadequate Identity and Access Management (CICD-SEC-2)
      Dependency Chain Abuse (CICD-SEC-3)
      Poisoned Pipeline Execution (CICD-SEC-4)
      Insufficient Pipeline-Based Access Controls (CICD-SEC-5)
      Insufficient Credential Hygiene (CICD-SEC-6)
      Insecure System Configuration (CICD-SEC-7)
      Ungoverned Usage of 3rd Party Services (CICD-SEC-8)
      Improper Artifact Integrity Validation (CICD-SEC-9)
      Insufficient Logging and Visibility (CICD-SEC-10)
   Value stream mapping
      Waste
      Value
      Continuous flow and continuous improvement
   Release management templates
      Software release checklist
      Business specification document
      Software Requirements Specification (SRS)
      Requirement traceability matrix document
      Use case document
   Answers to chapter questions
      Chapter 1
      Chapter 2
      Chapter 3
      Chapter 4
      Chapter 5
      Chapter 6
      Chapter 7
      Chapter 8
      Chapter 9
      Chapter 10
      Chapter 11
   Glossary of terms
      A
      B
      C
      D
      E
      F
      G
      H
      I
      J
      K
      L
      M
      N
      O
      P
      R
      S
      T
      U
      V
      W
      Y
Index
   Why subscribe?
Other Books You May Enjoy
   Packt is searching for authors like you
   Share Your Thoughts
   Download a free PDF copy of this book