In the previous blog series, we covered the basic understanding of ERM and how it gets integrated with other ITIL processes in an enterprise.
While we know that release management is an integral part of DevOps, in this blog we will see how other DevOps practices help achieve a better ERM.
Release Management is about how releases are planned, scheduled, and managed throughout the software development lifecycle, and this remains true in the DevOps scenario too. In fact, the need for frequent releases, and speed-to-market without any compromise on quality and security, demands moving beyond traditional release management.
Let us look at some of the DevOps practices and how they help us strengthen the software releases.
Branching and merging strategy:
When teams look at faster deployment or working on parallel releases, implementing the right branching strategy would be the key. The branching strategy will not only focus on facilitating the development process but will also define how each feature, enhancement, or bug fix is released to production in a controlled manner. The right branching strategy, coupled with appropriate CICD automation and controls, helps in parallel development, optimizes development workflow, and facilitates a structured and faster release.
CICD automation helps orchestrate the entire build, test, and deploy cycle. This ensures that any code change is quickly and efficiently integrated with minimal manual intervention to reduce the delivery time. CICD automation also ensures that quality and security checks are typically done towards the product release timeframe and are built early into the system for faster feedback, thereby ensuring smoother releases. A few CICD orchestration tools also assist in building approvals into the pipeline, ensuring that wait for time and follow-ups surrounding manual approval throughout the lifecycle stages are minimized or eliminated entirely, hence speeding the release process.
With continuous validation practices, software testing is done in an integrated and collaborative approach. Before it can be released, the application software must pass several functional and non-functional testing steps. The key to ensuring software quality is to design the test strategy, create test plans, standardize the test environments, automate as many test cases as feasible, and lastly integrate into the CICD pipeline for automated execution and automated inspections. Furthermore, quality gates ensure validating coding standards, code coverage, and successful completion of various types of tests when implemented into the pipeline. This iterative testing till the release ensures that quality is embedded into the system and that any audit/compliance requirements for the release are met in an automated manner much earlier in the lifecycle.
Security is one of the most significant components of the release management validation process. DevSecOps assists in integrating security checks into the development and testing stages, resulting in the early discovery of security concerns (shift left) to help avoid code change later. There are various stages in ensuring the security of the application. Software Composition Analysis (SCA) helps identify open-source software vulnerabilities, license compliance, and maintainability issues. Static Application Security Testing (SAST) helps in detecting vulnerabilities in the source code. Both SAST and SCA can be integrated into the CI pipeline in the development stage. DAST (Dynamic Application Security Testing) on the other hand helps in detecting run-time vulnerabilities in the application and can be integrated into the CD pipeline.
The readiness and availability of various consistent and scalable environments for executing different stages are key to the validation of the application software to be released. DevOps practices around the integration of configuration management, infra-as-code, dynamic environments, container environments, etc. help teams build consistent environments as and when needed without any manual intervention. In addition to cost optimization, these practices help reduce complexity and human errors, build release confidence, achieve scalable infra and consistent infra and at a faster speed.
Auditing and Traceability:
The release management process necessitates auditing and traceability of requirements throughout its lifecycle. DevOps pipelines should build these auditing and logging so that the real-time status of the application across environments and lifecycle execution stages is available. Further, such audits and logs can make the compliance checks during the release process much smoother.
Deployment automation and strategy:
Continuous deployment automates the practice of deploying software to production quickly and efficiently. Deployment automation ensures that deployments are fast, consistent, and repeatable across the environments. This also helps achieve managed access control and traceability, which is an important compliance requirement for a successful release.
There are different deployment strategies available, and teams can choose the best one, based on the impact of changes to the system and the end-users. Some of the popular deployment strategies are blue-green, canary, rolling, recreate, etc. Every deployment strategy requires teams to also work on corresponding rollback strategies so that in case of release failures, the system can be brought to its previous working state most shortly and efficiently.
Monitoring and closed feedback:
The release process doesn’t stop at deploying application software to production. Monitoring and tracking the performance of the release, identifying issues, and generating action items for application teams to react to are critical to the release process. DevOps helps build monitoring throughout the software lifecycle and integrates with ALM tools to generate user stories for actionable items.
In the next series in this blog, we will look at tools that help orchestrate the entire release management process.