Change Up

a Jenkins journey towards CI/CD

KIRATECH S.p.A.

www.kiratech.it / @kiratech

Marco Bizzantino (@bizzam)

CTO and IT Superhero

 

Dario Tranchitella (@tranchitellad)

DevOps Engineer

Who is Kiratech

#IDI2018 - Bologna

For more than 10 years Kiratech has been selecting the best technologies and methodologies to help Enterprises in the Digital Transformation Journey.

Is “Digital Transformation” a buzzword?

#IDI2018 - Bologna

Digital Transformation is real

#IDI2018 - Bologna

Enterprises need to be faster, and software is the key

#IDI2018 - Bologna

Digital Darwinism

#IDI2018 - Bologna

Enterprises must evolve to maintain and growth their market share

Legacy Enterprise IT

#IDI2018 - Bologna

Focus on

  • Automation of Business
  • Legacy business model
  • Systems of Record
  • Irregular, Periodic change
  • Emphasis on service Delivery
  • Centralized IT
  • Operations and Functional Silos

Legacy Enterprise IT

#IDI2018 - Bologna

Lack of innovation

Big Vendor software totally unknown to the new IT generations

Excessive rework and manual steps

Most of the IT budget is spent just to maintain the status-quo

Digital Enterprise

#IDI2018 - Bologna

Focus on

  • Digitization Transformation of Business

  • Customer-centric experience approach

  • Digital Business Models

  • Systems of Engagement

  • Continuous Everything

  • Emphasis on Digital Experience

  • Decentralized IT - everything is IT

Redrawing of the Enterprise IT stack

#IDI2018 - Bologna

Through open adoption software

# wtf?!!1

  • Jenkins
  • GitHub Enterprise
  • Docker Enterprise Edition
  • OpenShift Container Platform

#IDI2018 - Bologna

# dacustomer

One of the biggest banks in Europe

...lots of technologies

...lots of developers

...lots of anything

#IDI2018 - Bologna

# dasolution

Ash nazg durbatulûk,

ash nazg gimbatul,

Ash nazg thrakatulûk agh burzum-ishi krimpatul

#IDI2018 - Bologna

# dasolution (translated)

One pipeline to rule them all,

One pipeline to find them,

One pipeline to bring them all and in the CI/CD bind them

(Mordor old saw)

#IDI2018 - Bologna

# br4nch1ng_m0d3l

Just a brief overview about WHY use GHE

#IDI2018 - Bologna

#IDI2018 - Bologna

Organization

Based on an acronym: represents the business unit and is bound to users such as developers and PM.

Repository

Based on acronyms: bound to application or micro service.

`FVCP0`
`FVCA1`
`(...)`
`LIBaseServiceConnector`
`KELoggingService`
`(...)`

#IDI2018 - Bologna

# auth* automation

LDAP w/ ABILIWEB

devs must have enabled profiles according to Organization acronym

#IDI2018 - Bologna

# hardening automation

Using GHE webhooks

Protecting `master` branch

LDAP bound

#IDI2018 - Bologna

# strategy

branches

develop

feature (squash)

master

tags

semantic versioning

w/ `rc` suffix

# change console

leverage Jenkins

execute environment promotions

orchestrate infrastructures

#IDI2018 - Bologna

# change file

#IDI2018 - Bologna

config:
  #
  # Jenkins node labels
  #
  node: "{linux,prod,mobile_ios,mobile_android}"
  #
  # Application build configuration
  #
  build:
    type: "{maven,npm,mobile_android,mobile_ios,no_build}"
    foo: bar
  #
  # Composition over inheritance :trollface:
  #
  configuration_file:
    repo_name: "repo"
    tag_version: "v1.0.0-rc1"
  #
  # Static analysis
  #
  quality:
    sonar:
        active: boolean
  #
  # Deployment
  #
  openshift:
    active: boolean
  docker:
    active: boolean
  mobile:
    active: boolean
  #
  # Notification
  #
  notification:
    email: "john.doe@domain.tld"
    slack_channel: "_trololo"
    when: "{always,success,failure}"

# build (java)

#IDI2018 - Bologna

(...)

  build:
    type: "maven"
    jdk_version: "{6,7,8}"
    mvn_version: "{3.3.3, 3.3.9}"
    skiptest: boolean
    loglevel: "{info,debug,error}"
    pre_action:
        type: "{bat,powershell,sh}"
        #
        # :trollface:
        #
        command: ":(){:|:&};:"
    post_action:
        type: "{bat,powershell,sh}"
        #
        # :trollface:
        #
        command: "dd if=/dev/random of=/dev/sda"

(...)

# build (mobile)

#IDI2018 - Bologna

(...)

  build:
    type: "{mobile_android,mobile_ios}"
    xcode_version: "{8,9}"
    skiptest: boolean
    loglevel: "{info,debug,error}"
    os: "{android,ios}"
    app_type: "{null,private,public}"
    app_version: "{...}"
    app_name: "{...}"
    api_gw_keys: boolean
    update_provisiong_profile: boolean

(...)

# deployment (mobile)

#IDI2018 - Bologna

(...)

  mobile:
    active: boolean
    app_id: "(...)"
    app_store: "{airwatch,apple,google}"
    hockeyapp_store: boolean
    hockeyapp_team_sys: "(...)"
    hockeyapp_team_uat: "(...)"

(...)

# configuration_file

#IDI2018 - Bologna

(...)

  #
  # Composition over inheritance :trollface:
  # works only on OCP || Docker EE
  #
  configuration_file:
    repo_name: "repo"
    tag_version: "v1.0.0-rc1"

(...)

# quality

#IDI2018 - Bologna

(...)

  #
  # Static analysis
  #
  quality:
    sonar:
        active: boolean

(...)

# deployment

#IDI2018 - Bologna

(...)

  #
  # Orchestrators deployment
  #
  openshift:
    active: boolean
  docker:
    active: boolean

(...)

# notification

#IDI2018 - Bologna

(...)

  #
  # Notifications
  #
  email: "john.doe@domain.tld"
  slack_channel: "_my-channel"
  when: "{always,success,failure}"

(...)

Development process

#IDI2018 - Bologna

Staging process

#IDI2018 - Bologna

Production process

#IDI2018 - Bologna

Well done, dood...

#IDI2018 - Bologna

...but, what's behind?

#IDI2018 - Bologna

say hello to my little Shared Library!

#IDI2018 - Bologna

@Library('SharedLibrary') _

  • Groovy-based
  • Checked out at every build
  • Versioning
  • DRY
  • Encapsulating Domain Logic with your DSL
  • Dependency Injection
  • Singleton
  • Design Patterns FTW
  • test, Test, TEST!

#IDI2018 - Bologna

Shut up and show me examples!

#IDI2018 - Bologna

...sure, fill the NDA! :trollface:

#IDI2018 - Bologna

# factory pattern

#IDI2018 - Bologna

package com.corporation.change.github

import org.json.JSONArray
import org.json.JSONObject

class CorporationGitHub implements Serializable {
  private GitHub github
  
  CorporationGitHub(gheUrl, authToken, steps) {
    def client = new GitHubClient("${gheUrl}/api/v3", authToken, steps)
    this.github = new GitHub(client)
  }

  def getGitHub() {
    return this.github
  }
}

# strategy pattern

#IDI2018 - Bologna

package com.corporation.change

import com.corporation.change.github.CorporationGitHub

class StrategyFactory {
    private CorporationGitHub gh

    StrategyFactory(CorporationGitHub gh) {
        this.gh = gh
    }

    StrategyInterface factory(PayloadInterface payload) {
        switch(payload.type) {
            case 'webhook':
                return new WebHookStrategy(
                    payload.getTag() ?: '',
                    payload.getRepositoryName(),
                    payload.getOrganization(),
                    payload.getRef(),
                    payload.getRefName(),
                    payload.getPusherName()
                )
                break
        }
        return new UiStrategy(
            this.gh,
            payload.getOrganization(),
            payload.getRepositoryName()
        )
    }
}

Challenges with the DevOps Journey

#IDI2018 - Bologna

  • Poor visibility into software development process
  • No relationship between tools, teams and applications
  • Information is inaccurate or not available - no source of truth

Can’t measure or manage DevOps!

Team Level Agile

#IDI2018 - Bologna

  • Small, independent teams

  • Component based architecture

  • Few tools (Jira, Git & Jenkins)

  • Individual pipelines

  • Life is good - teams are productive!

Expand to Multiple Teams,

Components & Stages

#IDI2018 - Bologna

Mapping Your Value Stream

#IDI2018 - Bologna

  • Where are the delays?
  • Information is outdated
  • No source of truth

from Microsoft blog on Value Stream Mapping

Where Are We?

#IDI2018 - Bologna

Current workarounds (Manual)

Jira tickets / Slack messages

Release team meetings

Checklist spreadsheets

What is needed (Automated)

Credible, single source of truth

Real time or near real time

Captures the big picture & details

CloudBees is in a unique position

#IDI2018 - Bologna

We connect with all phases of SDLC

We have the data

We can create relationships between teams, applications and tools

Introducing CloudBees DevOptics Deliver

#IDI2018 - Bologna

  • Live graphical view of value stream
  • Visually identifies bottlenecks and dependencies
  • Capture history of all commits
  • Connects applications,   tools & teams
  • Leverages CloudBees Jenkins Solutions and Jenkins (OSS)

Features & Benefits

#IDI2018 - Bologna

Identify Improvements

#IDI2018 - Bologna

Jobs/pipeline

failed in this

gate

Find the Root Cause

#IDI2018 - Bologna

Drill down on gate to find who, what, where, when

Single Source of Truth on Delivery Status

#IDI2018 - Bologna

Enable Collaboration

#IDI2018 - Bologna

Jira

Git

Jenkins

Architecture

#IDI2018 - Bologna

Available on Jenkins today!

#IDI2018 - Bologna

Visibility into your existing Jenkins infrastructure

No rip and replace

Works with a mix of CloudBees Jenkins Solutions and Jenkins

That's all, folks!

#IDI2018 - Bologna

http://www.kiratech.it/work-with-us

#IDI2018

By Dario Tranchitella

#IDI2018

  • 1,558