The findings and recommendations have mainly been picked up throughout the interviews and workshops. We conducted this part as targeted group interviews focusing on the 6 main areas of the metric model.

On the first day, after the initial Continuous Delivery presentation, we had an exercise where all attendees together were asked to illustrate the process from the point where a requirement or a change request arrives until the implemented result can be accessed by the end-users.

The participants were also equipped with stickers with 6 different pictograms representing: Wait state, unplanned work, manual work, conflicts, queued work and anything that needs repair.

The result was discussed during the workshop and then used as a reference point during the various discussions on the following day.

Build

Note:
The following is a curated mix of illustrative findings from various anonymized reports

It builds on my machine

Builds and tests run on individual developer’s self-maintained machines and workspaces, as no standard image for this exists. This results in an undesirable “Well, it works on my machine” scenario. One developer can have a hard time redoing another developer’s work. The team suffers from a lot of false negatives. Builds fail often. Not because the code is broken, but because the build environment is.

Use a clean standardized image for the toll gate job

Code changes should be built and tested on a standard and clean image. The image should be maintained by the team. This prevents local configuration from tampering with the builds, making them deterministic and consistent.

Developers use reference image

Ideally, there should be no difference between a developer’s environment and that of the toll gate. This is achieved by making it easy for developers to spin up the standard image to run their builds, allowing them to easily produce the same result as the toll gate job.

Final delivery to customer is not automated

The image given to the customer is generated before final test in a non-reproducible way. It is built manually based on an already running device with an other, older image. It is modified by manipulating files within the device before a final image snapshot. Conceptually the image could be broken during the creation process.

Automate image creation

Any release artifact should always be possible to reproduce without any doubt. It should be scripted 100%. Programmable and immutable.

Make the image generation stateless

A product to a customer should always be generated from scratch in order not to propagate error prone states. It should also always be reproducible through a declarative pipeline.

Automatically test the image

The automatically generated image is tested as part of a pipeline. You want to extend the pipeline as far down the release process as possible.

Release process is, to a large extent, manual

The majority of the release process located in the Front Office is a manual one, which is costly, lengthy and error prone, e.g. the image creation, release notes, support site updates, etc.

Design the release process for automation

It is important that each step is designed for automation. Make sure the physical resource are available and enabled for automatic deployment. It relates to servers, but also devices that they can be claimed, started and the execution evaluated.

Script each single step to enable automatic execution

Identify the process steps that are manual, entirely or even partially so. Automate step by step and integrate them into the pipeline.

Build script is an plaster on the monolith

The build script is created to handle the monolith by plastering each of the subsystem builds into a single step. The different subsystems have different build technologies (e.g. Maven and Scons), but in order to make it all work as a monolith it is wrapped with shell script.

Split the monolith and add dependency management of the artifacts

Splitting the monolith into subsystems and implementing true dependency management makes the build script obsolete. It simply vanishes. Please refer to the architecture cards for more information.

Localization files are introduced late in the release process, leading to unexpected UI changes

Localized text in the UI can cause the UI controls to change in some unexpected manner, e.g. resizing of buttons due to translated texts being longer than their original. Commit-stop is the point where no further features, and thus no new text, gets added. Translation can take up to one month and arrives fairly late in the release process.

Create requirements for localization subcontractor

Create criteria or a framework that helps these text translators adhere to font type, font size, etc. This gives them the opportunity to react early and discuss with you any problematic translations.

This will minimize, or even completely avoid, nasty surprises near the end of the release process.

Manual process to create a buildable workspace

It is not possible to start building from a clean checkout. You have to checkout two repositories and create a symlink in order to be able to build the software. It is a hidden dependency.

Create a ‘thin shell’ repository which contains the dependency between these repositories. In SVN it is called an external, in Git it is called submodules. You could also pull the dependencies from Artifact Management system if the repositories have their own pipeline and definition of done. The implementation depends on the technology. The important point is the dependencies are managed and versioned.

The pipeline scripts contain domain specific logic

Your pipeline scripts are bloated with domain specific logic and setup. Much of the script relates to setting up environments and requirements to build the software. The pipeline scripts become large and unmanageable.

Keep domain logic out of pipeline scripts

Consider your pipeline definition as configuration rather than a script to help keep it lean. Avoid building logic into the pipeline script that has nothing to do with either CI system’s interface, execution or reporting. Remember that all the logic you put in these scripts is also something developers would need to run at their desk, should they want to recreate runs locally. The pipeline script makes for a poor place to document these setup steps

Note:
The following is a curated mix of illustrative findings from various anonymized reports

Artifact management system configuration not optimal

The setup used in Artifact management is not as the tool is designed and intended for. The intended root structure is projects and on top of that a semantic structure with package and semantic version below. The current setup abuses the root structure as it is both the project and version which means that newcomers are confused and the root structure is polluted and grows as more releases are produced. The structure you’ve set up requires advanced logic in your build scripts rather than just simple SemVer logic.

Implement best practice structure

Store the artifacts in a hierarchical tree structure. It should also be done for non-Java artifacts if there is no explicit reason to not do so. Always respect the intent of a tool. Read the manual again, follow some of the tutorials for the tool. It will make the automation of the dependency management less complex if there is a consistent structure for addressing the artifacts.

Note:
The following is a curated mix of illustrative findings from various anonymized reports

Release Notes are manually created

The release notes are handled in Confluence. It is a manual process and it is time consuming. The Jira issues are extracted and post-processed for the final release note. It is glue-on quality - not built-in quality. The release note cannot be generated based on a meta-system like Jira alone. It does not have the source revision time record. Jira issues and releases in Jira do not understand relationship of changes in the SCM system.

Design your Jira issues for data extraction

It is important to configure you schema in Jira, so it stores all needed information about the logical change. Add a status which tells if it should be listed in the release note. Not every task should be listed in a release note that the end user sees. Add a field for end-user description which can be extracted if public.

Generate different release note for different stakeholders

The different stakeholders will have different needs. At least it makes sense to have two generated release notes. One for R&D which is used for meta data quality checks and used to monitor ‘release-readiness’. The second is a public release note which is reporting what external stakeholders need to know. Meaning, which features have been implemented and which publicly known errors have been corrected.

Create your release note as a record of your SCM system

The only correct place to initialize your release note is from your SCM system as it is ‘the’ one and only truth about this particular revision compared to previous revision/releases.

Use a release note generator based on SCM system (M)

Given that the systems and process are designed for automation the report can be generated. Any changes to data for the release note is changed/added/removed at the root source of the information. This means that the release note can be regenerate based on the updated data.

Add the generator to the pipeline

Add the release note generation to the pipeline. It then becomes artifact as any other product generated as part of the pipeline. It will be an important artifact for the tester and product owner as it shows exact progress of the software for later promotion decisions on this particular revision.

Use the R&D release note as a consistency check (S)

As part of the release gate it is possible to monitor the release readiness where the release DoD is programmed/implemented. This is to harvest traceability and use it as a consistency check.

The consistency checks could look something like the following

  • Do all SCM change-sets have a related Jira issue
  • Are all the Jira issues in a correct status
  • Do we have all the changes related to all the Jira issues for this release
  • Do the change sets, based on the Jira issues, have the needed reviews in the correct status

Security review process and documentation is manual

The security review is needed for the safety reaction of the device. Changes to these algorithms are related to a special and mandatory review that needs to be documented and signed-off as part of the release process. The review is not tool-aided and is currently documented in the Jira issue. It is a manual process to gather the reviews to create the document that is signed by the security-officer.

Implement a solid review process and automatically generate the documentation

It is advised to implement Crucible/FishEye(already available) as the front-end for the review. It handles the statuses of the reviews. Given the data and status is available in the Atlassian suite it is possible to auto generate the review report ready for signature.

An option is to use PAC as a foundation, it’s an open source tool that can be extended to also generate the review report.

Test

Version Control

DevOps

Architecture & Design

Organization & Culture