Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Top 10 pipeline mistakes - dotnetsheff

dotnetsheff meetup - 07 July 2020

  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Top 10 pipeline mistakes - dotnetsheff

  1. 1. Top 10 pipeline mistakes Giulio Vian — 7 July 2020 @giulio_vian https://www.getlatestversion.eu http://blog.casavian.eu https://www.slideshare.net/giuliov https://github.com/giuliov
  2. 2. Unsafe Secrets Sloppy handling of secrets Fix: use a safe store Security risk
  3. 3. Unsafe Secrets Wrong <add name="DefaultConnection" connectionString="Data Source=*omiss*;Initial Catalog=*omiss*;Persist Security Info=False;User ID=*omiss*;Password=*omiss* " providerName="System.Data .SqlClient"/> Correct GitHub Secrets Azure Pipelines Service Connections Azure Pipelines Secret Variables Jenkins Credentials AWS Systems Manager Parameter Store AWS Secrets Manager Azure KeyVault
  4. 4. Untraceable artifacts No artifact versioning Careless versioning Unrelated binary and source versions No links to work items or deployments Fixes: careful versioning, link artifacts
  5. 5. Untraceable Wrong .NET AssemblyVersion["1.0.*"] Maven <version>1.0.0</version> Correct Add #id and/or URLs in commits and work items Patch AssemblyInfo.cs Use VersionPrefix and Version with .NET Core Use Maven version plugin Add version data into .ps1 .sql .xml .yaml .json
  6. 6. Too specific Environment-specific deploy packages Fix: just stop doing, I mean, stop it
  7. 7. Too specific Wrong React App PUBLIC_URL Correct Ship you package to Artifactory, Nexus or else Deploy the same package to all environments (and patch config files along the way)
  8. 8. What, quality? No testing No quality scan Fix: add quality checks to your pipelines
  9. 9. What, quality? Wrong Correct linters SonarQube Checkmarx GitHub CodeQL WhiteSource OWASP ZAP Atlassian Crucible Veracode Fortify …
  10. 10. Bleeding edge Undeployable technology No agents Fix: ask and negotiate, do not assume
  11. 11. Galactic build Does too much Takes too much Slow feedback Fix: split the process
  12. 12. Flaky builds Same source different binaries Test randomly pass/fail Loose dependencies specifications Fixes: reproducible builds, drop flaky tests, pinpoint dependencies
  13. 13. Deterministic Builds .NET <PropertyGroup> <Deterministic>True</Deterministic> </PropertyGroup> msbuild /property:Deterministic=True Java <properties> <project.build.outputTimestamp>2020-05- 02T08:00:00Z</project.build.outputTimestamp> </properties>
  14. 14. Loose dependencies NuGet (4.9+) <PropertyGroup> <RestorePackagesWithLockFile>true</RestorePackages WithLockFile> </PropertyGroup> msbuild.exe /t:restore /p:RestoreLockedMode=true dotnet.exe restore –locked-mode
  15. 15. Too much of a good thing Too much versioning Fix: libraries ≠ deploy packages, use SemVer in full
  16. 16. Too much of a good thing SemVer https://semver.org/ 1.0.0-dev+sha.5114f85 Maven 1.0-SNAPSHOT
  17. 17. Implicit assumptions No conditions on agent requirements No checks on toolchain versions Magic agents (e.g. tools dropped in obscure corners) Fix: explicit tool checks
  18. 18. Implicit assumptions Wrong GitVersion.exe /output buildserver Correct dotnet tool install -g GitVersion.Tool dotnet gitversion
  19. 19. Untamed plugins Relying on dubious plugins/extensions Fix: autonomous pipelines
  20. 20. Best (worst?) Mistakes 1. Unsafe Secrets 2. Untraceable 3. Too specific 4. What quality? 5. Bleeding edge 6. Galactic build 7. Flaky builds 8. Too much of a good thing 9. Implicit assumptions 10. Untamed plugins
  21. 21. Unpardonable No pipeline at all
  22. 22. References Reproducible builds https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/compiler-options/deterministic-compiler- option https://maven.apache.org/guides/mini/guide-reproducible-builds.html https://zlika.github.io/reproducible-build-maven-plugin/ https://reproducible-builds.org/ Pin dependencies https://github.com/NuGet/Home/wiki/Repeatable-build-using-lock-file-implementation https://docs.npmjs.com/configuring-npm/package-locks.html https://docs.gradle.org/current/userguide/dependency_locking.html http://maven.apache.org/guides/introduction/introduction-to-dependency- mechanism.html#Dependency_Management Flaky tests https://docs.microsoft.com/en-us/azure/devops/pipelines/test/flaky-test-management https://docs.gitlab.com/ee/development/testing_guide/flaky_tests.html https://plugins.jenkins.io/flaky-test-handler/ SemVer https://semver.org/
  23. 23. Hardware spec: 1 KB RAM (16KB after upgrade) 4 KB ROM (8KB after upgrade) First computer Past Companies Communities Giulio Vian Senior DevOps Engineer
  24. 24. End of trasmissions 25