This week there were two main developments on the DevOps Practices work:
- we kicked off the planning for the deployment pipeline, which will test our containerisation hypothesis
- we have continued our engagement with wider teams, especially infrastructure and security on our cloud and containerisation work.
Last week we got agreement for our general approach and had started to pull together a list of high level needs (for more detail: https://blogs.hackney.gov.uk/hackit/devops-practices-w-c-09-02-19). This week we sat down with the team to try and turn this list into our first sprint. Although we set aside 2 and a half hours for this, we did not get to the stage of having a full planned sprint 1 for our Deployment Pipeline.
However we did manage a lot. We first started by prioritising the list of needs. We went through them all and prioritised the top 10 to discuss further. This resulted in some really good back and forth discussions about the value that we would deliver such as should we be focused on optimising speed or getting other testing right. In line with our general focus on quality over speed we focused on further testing.
We then built out our list of needs into full stories focusing on the impact of meeting these needs. Our final list of 11 (one got split into two) user stories was:
- As a developer, I want to automate deployment so that I can deploy a set of code changes quickly.
- As a developer, I want to prevent secrets from being distributed in the open so that our services remain secure.
- As a developer, I want to know that no vulnerabilities through code changes have been introduced so that our services remain secure.
- As a developer I want automated accessibility testing so that are services are usable by all our users.
- As a developer, I want to know that no vulnerabilities from 3rd party libraries have been introduced so that our services remain secure.
- As a technical architect, I want reusable components that I can utilise to build a pipeline for my project quickly so that I can ensure code is delivered to the standards expected by HackIT
- As a developer I want automated load testing so that I am confident that the service can cope with peak demand
- As a service owner, I want visibility of quality measures (build metrics, automated test reports) so that I am reassured the automation is working
- As a technical architect want to know that code being written conforms to best standards and is follows the development style at HackIT so that it is supportable, scalable and consistent.
- As a technical architect, I want a consistent naming convention for all objects (code repositories, infrastructure, libraries) so that people can find their way around and understand the architecture of the code
- As a developer, I want a way for our technical documentation to be generated automatically from our code base so that I don’t have to remember to update documentation every time a change is made
At this point they are quite developer heavy. I think this makes sense in the current context of separating our Terraform infrastructure from our applications but it is something that we are aware of and will be keen to redress the balance as we go further forward. Let us know if you have any feedback on these as they are still open to being refined.
Once we had done this we agreed our definitions of done and acceptance criteria for five of these stories.
We have continued to engage with a number of teams to feed into this alpha. People from the infrastructure team are going to be participating in the pipeline work. This upcoming week I will be working through the backlog with them to feed into our discussions on Friday. We have continued to engage regarding cloud capacity and these discussions have helped to refine our thinking on cloud procurement.
We are in a really good place to square the circle between keeping the infrastructure team and their skills a part of whatever cloud we procure, while acknowledging that not everything that they are responsible for will be cloud hosted in the foreseeable future.
We are also working alongside the security team to feed into the deployment pipeline and also to see if we make sure we can embed a culture of security being baked into development.
The team are meeting on Thursday to break down our prioritised stories (with acceptance criteria) into actionable tasks. We will also continue to explore our strategy around procuring a primary cloud supplier.
As always any feedback is much appreciated.