Automating the software delivery pipeline is a great idea—it saves time, costs less, and allows developers to focus on writing code that creates useful features. But the automation effort doesn’t come without its risks and challenges. Here are the top 5 challenges to look out for… and how to mitigate them.
1. The pipeline is a black box
When creating a fully automated pipeline, it’s vital to see what’s running now and where features are in the process of being delivered. The last thing you want is a black box that doesn’t give any insight into what’s going on.
The fastest way to create a black box is to write a script: scripted pipelines may already be hard to read for developers (even by the ones that wrote them)… and they are impossible to grok for non-devs. It’s not clear how to distill status and reports. And, beyond the dashboard showing “builds being green,” the only way to get insight is by logging into technical tools and inspecting log files and source code. Before you know it, you’re in scripting hell, and you have no visibility into what’s going on in the pipeline.
To remedy this, you can set up a pipeline using an Application Release Orchestration (ARO) platform. Application Release Orchestration oversees the myriad of tools in the toolchain and orchestrates the overall release pipeline, from planning to production. Choose a platform that creates a model of the automated delivery process and avoids the need for scripting, like the XebiaLabs DevOps Platform.
2. The pipeline is not reusable across the organization
DevOps is about getting things done, and is a bottom-up approach that empowers teams in the organization. As such, DevOps teams are encouraged to find solutions that work for them so they can get going quickly. However, beyond the startup level, organizations can’t afford too much trial-and-error, so they need to reuse known working solutions.
There’s a risk in rolling out an automated pipeline that is successful for one team, but also highly tailored to their needs. When used for other teams, this pipeline may cause more problems than it solves when it doesn’t fit those teams’ requirements. Moreover, the first team to accomplish a running pipeline (let’s call them our “DevOps Champions”) usually is highly motivated and focused on finding ways to improve software delivery. Other teams, in contrast, may be busy solving other concerns and may not have the skills or resources to build a pipeline from scratch. And so the risk surges that only the DevOps Champions, who are internally motivated to have a software delivery pipeline, will have a working one while other teams continue to struggle.
For larger organizations, look for a solution that is reusable across teams and easy to tweak to their needs. An enterprise ARO platform, like the XebiaLabs DevOps Platform, serves as a framework that provides reusable structure for the pipeline. It relieves teams who develop the pipeline of the burden of making it reusable and facilitating adoption of reusable pipelines by new teams.
3. The pipeline is not adaptable to changes
A big risk of scripted pipelines is that they work well for the happy path but break down when there are unforeseen changes. What happens if there’s an extra deliverable? Can we fit it in the existing pipeline, or do we need to create another one? Or, what if we want to scale up Production or introduce a live testing environment? How well does the pipeline cope with changes in the delivery environment?
Scripted pipelines, whether in code or drawn in a UI flow diagram, are brittle and generate a lot of rework when the inputs or outputs of the pipeline change.
Choose an ARO framework that encourages a model-driven approach that scales easily as you add and change applications and environments, and that allows you to create release and deployment plans that are reusable across different domains.
4. The pipeline doesn’t take security or compliance into account
The software delivery pipeline is usually developed by members of the DevOps team. Their job is to deliver features into Production by writing code, testing it, deploying it to a myriad of environments, and then monitoring it. But in any organization, sooner or later some additional concerns need to be taken into account: security and compliance.
Security concerns—who can do what and in what part of the process—need to be designed into the process from the start. Applying security checks on a running system usually means you’re too late, and it will be hard to introduce them.
Auditing and compliance reports are even further removed from the focus of the DevOps team but are of crucial importance for the continuous operation of a company.
Best practice is to take security and compliance into account from the start.
The XebiaLabs DevOps Platform provides a framework to build security and compliance options into your pipeline. Security is taken care of from the start and and out-of-the-box compliance and audit steps can be added at any time, without worrying about the integrity of the pipeline.
5. The pipeline ignores business processes that need to be shoehorned in
Finally there is the risk of over-automation. Just because you should never stop automating, doesn’t mean you should automate everything. For one, there will always be parts of the pipeline that potentially need manual intervention, like a confirmation to go live, the decision to roll back after performance problems, or some step in the pipeline that simply cannot be automated, such as an interactive user testing session. Rather than trying to automate the manual parts away or trying to shoehorn them into a script, strive to integrate them with the software delivery pipeline. By doing this, you’ll lift the software delivery pipeline out of the technical domain and connect it to the non-technical parts of the organization.
Leading pipeline orchestration products allow for a manual confirmation step. Make sure this step reaches the right audience and presents the right information. Better still, choose a solution that lets you integrate manual processes seamlessly with the automated, technical domain, like the XebiaLabs DevOps Platform.
Large organizations certainly face challenges as they automate their software delivery pipelines, but a good ARO solution, like the XebiaLabs DevOps Platform, helps them successfully address these challenges by:
- Providing end-to-end pipeline visibility for everyone in the software delivery chain.
- Offering a framework that allows teams across the organization to easily reuse pipelines.
- Enabling a model-driven approach that standardizes releases and deployments and scales easily to accommodate changes in applications and environments.
- Embedding security and compliance across the entire pipeline.
- Seamlessly integrating manual and automated processes.