Why Continuous Delivery in Your Development Practice
It is a holiday week, you’re on call, and you just got a notification about a new Log4j vulnerability with a CVSS score of 10.0. There is a fix available, but it requires applying a patch to your MuleSoft runtime. How do you apply the patch and have the confidence that your applications won’t fail? Do you blindly apply and hope for the best? Do you delay applying the patch and leave yourself exposed? Let’s take a look at a solution called continuous delivery that can help you in this situation.
What is Continuous Delivery (CD)?
Continuous delivery is a software development practice where code is automatically prepared for release to production. With continuous delivery, the deployment pipeline provides a push button process that quickly and automatically builds, deploys, and tests the application. Then it responds with feedback about the state of the application. The constant feedback from the deployment pipeline increases the reliability of the code, building trust with your stakeholders. The rapid feedback also increases the speed and effectiveness of your development process.
Capabilities of a Good Continuous Delivery Process
A good continuous delivery process will have these three capabilities:
- Automated builds and deployments
- Automated infrastructure as code
- Automated unit and integration tests
Automating your builds and deployments ensures they are done in a consistent manner. For instance, you can automate the build of a new container and the deployment of the new container to the elastic container service (ECS) on AWS. With an automated build and deployment process, you don’t have to worry about a single person handling the builds and deploys for your applications. Having an automated process in place improves the consistency and reliability of your builds, which allows you to trust any of your developers to make changes to the code and get the application deployed correctly.
Automating your infrastructure with infrastructure as code (IaC) solutions such as Terraform allows you to make changes to your infrastructure with confidence. Using IaC allows you to quickly recover from environment configuration issues. It has the added benefit of making your infrastructure and changes to it testable as well. With IaC, you have the ability to create the infrastructure your application is dependent on at deployment time, so you know it will be available when your application needs it.
Automating unit and integration tests allow you to easily run a full complement of tests each time there is a change to your application or the infrastructure it is running on. Not only should the tests be automated, but they should actually test that your application is working properly, so well-written tests are required. Testing will give you the peace of mind you need when making an unexpected change to your application.
Applying Continuous Delivery with MuleSoft
If you are not following continuous delivery practices using the Log4j example, you would need to manually apply the patch to your MuleSoft runtime, then manually execute tests on each of your applications to validate the patch doesn’t break anything. If your tests aren’t automated, you will need to pull in somebody who knows how to test the applications to complete the tests and gain confidence that the patch is good. If your organization isn’t used to frequently updating your runtime and deploying applications, you may also need to wait for additional approvals to move the patch into production. All of the delays are times your applications are left exposed to the exploit.
If you’re following continuous delivery practices, the process is faster. You can modify your configuration management code and check those changes into git which will trigger one of your pipelines and apply the patch for the vulnerability to your runtime. You can then trigger your application pipelines to run their verification tests against that environment. If the tests are successful, you can be sure that your application will run successfully with the patch applied and you can continue promoting the patch to the runtime to your other environments in the exact same way using your pipeline. With continuous delivery practices in place, your application will be built and deployed, your infrastructure will be updated, and everything will be tested so you can be confident you won’t get a call in the middle of the night with a problem. Continuous delivery can save you precious hours (or days) in exposure time. It will reduce the time spent waiting for manual tests and cut the time spent waiting for approvals. You’ll be able to trust that, if the tests are successful, your application will run correctly.
If you have any additional questions on the importance of continuous delivery, please contact us. We’d be happy to help.