From the Pipeline v17.0

This entry is part 17 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

The Top 5 Considerations for Creating a Successful Cloud-Based Pipeline

The article posted by Even Glazer covers the top five considerations for creating and running an automated, cloud-based pipeline. He advises anyone looking to implement a pipeline to consider the constraints of your organization, particularly around data security policies. The top five considerations area: (1) Consider Your Business Needs First, (2) Develop Your Cloud-Based Pipeline as Part of Your Apps, (3) It’s All About Continuous Improvement, (4) Enable Self Service Features, and (5) Track Your Pipeline, Microservices and Compliance Policies.

Patterns of Distributed Systems

Another mammoth post that can be turned into a book chapter on Martin Fowler’s site. This time, guest author Unmesh Joshi takes us through a set of patterns he observed in mainstream open source distributed systems. Several of these patterns are works in progress but the article itself is well worth a read.

“Distributed systems provide a particular challenge to program. They often require us to have multiple copies of data, which need to keep synchronized. Yet we cannot rely on processing nodes working reliably, and network delays can easily lead to inconsistencies. Despite this, many organizations rely on a range of core distributed software handling data storage, messaging, system management, and compute capability. These systems face common problems which they solve with similar solutions. This article recognizes and develops these solutions as patterns, with which we can build up an understanding of how to better understand, communicate and teach distributed system design.”

Code Coverage Best Practices

Another great post from the Google Testing blog about code coverage. They openly question whether or not code coverage alone reduces defects and a high % of coverage being responsible for higher quality in test coverage. Chasing a specific number does not mean the application under test is of good quality. Instead, it’s important to use a risk-based approach to testing and ensuring that all deployments are gated by code coverage.

“We have spent several decades driving software testing initiatives in various very large software companies. One of the areas that we have consistently advocated for is the use of code coverage data to assess risk and identify gaps in testing. However, the value of code coverage is a highly debated subject with strong opinions, and a surprisingly polarizing topic. Every time code coverage is mentioned in any large group of people, seemingly endless arguments ensue. These tend to lead the conversation away from any productive progress, as people securely bunker in their respective camps. The purpose of this document is to give you tools to steer people on all ends of the spectrum to find common ground so that you can move forward and use coverage information pragmatically. We put forth best practices in the domain of code coverage to work effectively with code health.”

Searchiiiiiing, Seek And Locate…But Only With Appropriate Attributes for Automation

Another great post by everyone’s favorite metal-loving test automation architect Paul Grizzaffi. In his latest post, Paul discusses one of the big drawback of UI-based automation: attributes used for locating elements. Sometimes the only access we have to an application is via the UI, so we must interact with elements that can be typed into, pressed or click, and need their values to be inspected. Sometimes third-party tools (such as Salesforce or SiteCore or Oracle Cloud) have dynamically built elements that make attributes difficult to nail down. We can instead use “data” attributes to add arbitrary attributes to an HTML element to help automation developers locate elements and make UI-based automation a little less brittle.

WebDriverIO for Javascript Automation Testing

Joe Colantonio walks us through the various implementation of WebDriverIO for automation testing. WbDriverIO is a javascript-based testing tool that uses Selenium. People typically use WebDriverIO if they don’t want to build their own framework from scratch and they want some additional features not provided in vanilla Selenium. The article provides a list of these features along with several podcast interviews on the subject for those looking to learn more.

Slaying the Leviathan: Containerized Execution of Test Automation-part 1

This entry is part 1 of 2 in the series Slaying the Leviathan

Introduction

In this three-part series on test automation, I will explain how to utilize Docker, a Ruby/Cucumber web framework, and Jenkins to run parallel test automation within Docker containers.

All of the code shown in this series is accessible on GitHub here. This repository contains all Docker and Test Automation components necessary to follow along and complete the same steps on your machine. If you plan on following along, you will need to install Docker, JenkinsGit, and Ruby

After you’ve installed the necessary prerequisites, go ahead and pull down the suite from GitHub. Navigate to the directory in the terminal where you want this framework to reside and run the command: ‘git clone https://github.com/jerren1122/docker_web_repo.git

If the command executes correctly, you should now have the docker_web_repo pulled down onto your local machine. In order for the later functionality to work I would ensure that the root folder of the framework has the name sample_cucumber.

Framework Introduction

Before we start with Docker, it’s important to understand how the framework functions when running locally. Completing the following steps provides a level of insight into the steps/components necessary for the framework to run.

  • Step one has completed as we have cloned the repo from GitHub.
  • Navigate to your terminal and type in ruby -v, which returns the version number of Ruby installed on your machine. If it doesn’t, the Path environment variable needs to be updated to include the location of the Ruby executable. I am running Ruby 2.6.6, my path to the Ruby executable would be C:\Ruby26\bin.
  • In the terminal, navigate to the directory where you pulled down the docker_web_repo, type in ‘gem install bundler‘, allowing you to utilize bundler’s ability to install all the gems listed in the Gemfile of the repo.
  • Now input ‘bundle install‘ which pulls all the gems listed in the Gemfile down from https://rubygems.org.
  • Navigate here and download the ChromeDriver of the same version number as Chrome on your machine.
  • Once the ChromeDriver has been downloaded, place it in the bin directory of the version of Ruby you installed.
  • This suite utilizes Rake tasks to run, for more information about Rake tasks click here. For this blog post, all you have to do is set an environment variable and run the Rake task. First, input set or_tags=regressioninto your terminal and then type rake features:default. You will should see the output that the regression is running. No browser will visibly open because the suite is running in headless Chrome.

We now have a checklist of the environmental setup to be completed for this web repository to execute automated tests. 

Additional Functionality

Another powerful facet of this framework is the code in lib/utilities/dynamic_tags.rb. This code allowed the tests in the suite to be split into sections and ran in parallel. All this code required at runtime is for environment variables set for total_number_of_builds and build_number

This code worked by replacing a tag (by default @regression) with the tag @split_builds for a subset of the tests corresponding to the build_number provided as an environment variable.

Docker 101

The best overview is provided by the folks at Docker here. For our purposes, it’s important to understand the following.

At a high level, Docker allows for multiple processes to run on a single host. Each processes have a unique Host name, IP address and File System. Shared between them are the Hosts Operating System, CPU, and Memory. This is very similar to what a Virtual Machine is; however, one difference is that Virtual Machines have their own operating system.

Additionally, Docker offers methods of storing and deploying these processes. All of the setup necessary to run a process is stored as a Docker image. The Docker image is a snapshot of what you want the environment to look like for the process to run successfully.

The Docker image is constructed, utilizing a set of steps, housed within a Dockerfile.

Lastly, when we deploy a running instance of these images, which we call a “container” in the Docker world.

Conclusion and Next Steps

In this first blogpost of a three-part series, we executed the framework locally on our machine and became familiar with some of the components in the framework. Additionally, we have explored what Docker is, conceptually.

In the next blogpost, we dive into the actual implementation of Docker and how it interacts with the testing framework.

From the Pipeline v16.0

This entry is part 16 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

Best Books to Learn Automation Testing

The following is a list of ten books to help anyone learning automation testing. Some of the books included are industry standards such as “Clean Code” by Bob Martin and “Refactoring” by Martin Fowler. Dot Graham is represented twice with a couple of classics in “Software Test Automation” and “Experiences of Test Automation”. Probably one of the best jumping off points is “Continuous Testing for DevOps Professionals” because it’s an anthology series with many well-known automation developers each publishing a chapter.

Defensive Design Strategies to Prevent Flaky Tests

Flaky tests are those tests that alternate between passing and failing due to poor automation code, test data issues, or environment instability. Investigation of flaky tests takes away valuable time from investigating true failures. Flaky tests can be unit tests, integration tests, or UI tests. One of the recommendations is to not make assumptions about the data you can’t verify. Tests should examine the current state, make a change to the system, and then examine the new state.

5 Tips to Take Your DevOps Pipeline Beyond the Basics

“The goal of a DevOps pipeline is to create a continuous workflow that includes the entire application lifecycle. But too often, people focus only on the tools and automating everything, not stopping to think whether their processes could further improve performance and efficiency. Let’s look at some common challenges to continuous delivery and then learn five tips for refining your DevOps pipeline and taking it to the next level.”

Specification by Example, 10 Years Later

Gojko Adzic takes a look at “Specification by Example” 10 years on. He recently conducted a survey to discover what’s changed in the industry since releasing the book. The summary is from many of the people who follow Gojko and industry experts. They looked at areas such as using executable specifications, writing style for requirements, tooling selection, and extent of automation.

How to Automate Video Game Tests

Joe Colantonio conducted an interview with Shane Evans over GameDriver, a way to conduct automated testing in games that goes beyond Unit Testing. GameDriver allows for automation of playtesting, which is useful because most integration testing and playtesting are done manually in the game industry. With the shift to CI/CD as a standard practice, game developers need to test more quickly. The interview takes you through the architecture of GameDriver, a simple example, and a game test recorder.

From the Pipeline v15.0

This entry is part 15 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

IEEE Spectrum Ranked the Top Trending Programming Languages

Python earned the top spot of programming languages as ranked by IEEE based on 11 metrics from 8 sources. The study found that Javascript has greater volume but is used primarily for web applications, whereas Python has become a general-purpose scripting language. One of the interesting metrics used was the number of job openings on indeed (not sure why LinkedIn was not used instead), which had Java at #1 followed by Javascript, C#, and Python. This article was quite helpful in understanding trends in the industry.

Value Stream Mapping: How to See Where You’re Going By Seeing Where You Are

Steve Pereira posted an experience report on Value Stream Mapping from his involvement with 3 different organizations over the past year. A value stream is the sequence of activities an organization undertakes to deliver on a customer request. The sequence is displayed visually to depict information and material flow. This is a great example of three different mapping exercises and the value provided through value stream mapping (VSM).

VSM DevCon

As a follow-up on the post above, VSM DevCon recently hosted a virtual conference on value streams. They posted all the recorded videos from the event (free to view). Details below: “As software development, delivery and performance become more complex due to modern architectures, value streams can help organizations unlock the bottlenecks and eliminate process waste to continuously improve how they work and deliver better experiences to their customers. Value stream management concepts are critical when the product changes frequently due to opportunities in the markets, the materials change due to the complexity of modern software architectures and means of delivery, and the output is often changing based on customer demands and expectations.”

Comparing 4 Top Cross-Browser Testing Frameworks

Eran Kinsbruner examines several of the most popular testing frameworks used for webapp testing. He compares Cypress to Selenium to Puppeteer to the recently released Microsoft Playwright. Overall Selenium is the most flexible to use but does require more programming knowledge than the other three.

Technical Debt: 5 Ways to Manage It

This article offers five ways to help manage technical debt within a team or an organization. In the post, the author recommends a team look to reframe software development strategy (new code standards, TD tracking, agile approach that promotes TD removal), integrate metrics into development (code coverage for unit tests, bug counts, etc.), test more frequently within a release cycle, maintain a knowledge base for standards & practices, and conduct regular refactoring sessions.

Slaying the Hydra: Modifications and Next Steps

This entry is part 5 of 5 in the series Slaying the Hydra

In this final installment of “Slaying The Hydra”, I discuss modifications that can easily be made to the suite for scalability, based on the resources available.

Additionally, I provide an overview on how we can expand and improve on the ideologies introduced in this series for a future series.

Run Time Parameters

In our example we only have one parameter browser specifying whether we want to run the test automation in a Chrome or IE browser. In enterprise test automation frameworks, the run time parameters included are often more exhaustive, allowing for more dynamic usage of the suite.

To modify the suite for additional run time parameters, we first modify the parameters of the Jenkins Pipeline job itself by selecting ‘Add Parameter‘ and then configure the meter to fit our needs.

This image has an empty alt attribute; its file name is image-1024x326.png

Additionally we modify the build job portions of our pipeline to pass the parameter selected in the pipeline job to the build of the test_runner job. This is done by expanding the parameters to include whatever additional values we want to pass into the test_runner job (note: the browser value is returned via params.browser).

Lastly, within the test_runner job we modify the input parameter, in so, the value from the Jenkinsfile is passed successfully to the build of the job.

Additional Executors and Machines

The really nice thing about this suite and the related code is the ability to execute equally well with 20 tests split between 2 executors, or 2000 tests split between 20 executors.

If we want to increase the number of executors utilized we complete the following steps:

Step One: Pipeline Changes

First, we increase the parallel portion of the pipeline to equal the number of executors you have available. For every new portion, ensure the build_number and total_builds values are updated and accurate values.

In the pipeline, the parameters for the report_consolidation job in the consolidation stage will need to be modified to include the build_number parameters for each machine_consolidation job executed.

Step Two: Node Changes

If the executor is a machine not connected to Jenkins, I would reference this Linux Academy post for connecting the machine to Jenkins.

In our test_runner job we have specified @local as the tag to locate when finding nodes that can run a build of this job.

This image has an empty alt attribute; its file name is image-4-1024x54.png

Therefore, we navigate Manage Jenkins > Manage Nodes > Corresponding Node and set the Labels value to @local.

This image has an empty alt attribute; its file name is image-6-1024x25.png

One note, a singular machine in some cases will be able to handle multiple executions on its own. For example, if you are running remote web browsers via a cloud partner, a singular machine will be able to execute multiple instances of the framework without risk of impacting other tests because the browser is remote.

In this case we could alter the # of executors value in Manage Jenkins > Manage Nodes > Corresponding Node.

Step Three: Job Changes

In our clear_workspace job and our workspace_consolidation job within the node parameter we have to include the additional node as a default nodes option.

If this step is skipped from the clear_workspace job, you will see confusing results since the locations that consolidate testing results on the newly added node(s) would never get cleared out and retain the data from previous test executions.

If this step is skipped from workspace_consolidation job, the results from the execution jobs executed on that machine would not be included in reporting.

Additionally in the report_consolidation job, the parameters would be modified to include all parameters passed in from the pipeline representing all of the runs of the workspace_consolidation job.

This concludes the parallel test automation utilizing single threaded execution nodes. If you have questions or issues when attempting to set this up, don’t hesitate to reach out.

The logical place from here is to create an example completing the same sort of parallelization utilizing Docker. This will allow us to complete similar work, without as heavy of an overhead, and we can add some containerization experience to our belts.

From the Pipeline v14.0

This entry is part 14 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

The State of Open Source Testing: Key Findings on BDD

A consortium of companies joined together to conduct a survey of more than 1,800 technology professionals, most of them in the QA space, to create “The State of Open Source Testing” survey results. Their findings were (1) Writing good Gherkins requires practice, (2) Living Documentation is a hidden gem, (3) SpecFlow and Cucumber are the tools of choice, (4) BDD is used in pieces, and (5) BDD projects run with 50% higher efficiency.

Data Toxicity and Automatic Number-Plate Recognition (ANPR) – Take Five for CyberSecurity

Wolf Goerlich has been posting great videos on Cyber Secrurity in a series called “Take Five” (because the videos are five minutes). In the associated video he talks about a leak of license plates from a automated photo recognition system; he shares what “data toxicity” means and three things a company can do about toxic data.

Top 75 Automation Testing Blogs & News Websites To Follow in 2020

The following is a list of the most popular automation test blogs to follow in 2020 as ranked by Feedspot. Their team ranked the blogs based on relevancy, industry focus, posting frequency, social media follow counts & engagements, domain authority, age of the blog and Alex traffic report.

Enterprise Test Automation: 4 Ways to Break Through the Top Barriers

“How can mature companies with complex systems achieve the level of test automation that modern delivery schedules and processes demand? There are four strategies that have helped many organizations finally break through the test automation barrier: Simplify automation across the technology stack, end the test maintenance nightmare, shift to API testing, and choose the right tools for your needs.”

A Digital Jobs Program to Help America’s Economic Recovery

Google has started an online jobs program to teach people skills to shift careers. The program is called “Grow with Google” and will encompass multiple Google Career Certificates, funding need-based scholarships, $10 million in job training grants, and Google will consider the certificates the equivalent of a four-year degree for related roles. The new certificates will be in Data Analytics, Project Management, and User Experience (UX) Design. These programs don’t require a degree or prior experience to enter.

Book Club: The Phoenix Project (Chapters 30-35)

This entry is part 8 of 8 in the series Phoenix Project

The following is a chapter summary for “The Phoenix Project” by Gene Kim for an online book club.

The book club is a weekly lunchtime meeting of technology professionals. As a group, the book club selects, reads, and discuss books related to our profession. Participants are uplifted via group discussion of foundational principles & novel innovations. Attendees do not need to read the book to participate.

Chapters 26-29 HERE

Background on the Phoenix Project

“Bill, an IT manager at Parts Unlimited, has been tasked with taking on a project critical to the future of the business, code named Phoenix Project. But the project is massively over budget and behind schedule. The CEO demands Bill must fix the mess in ninety days or else Bill’s entire department will be outsourced.

With the help of a prospective board member and his mysterious philosophy of The Three Ways, Bill starts to see that IT work has more in common with a manufacturing plant work than he ever imagined. With the clock ticking, Bill must organize work flow streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited.

In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Readers will not only learn how to improve their own IT organizations, they’ll never view IT the same way again.”

The Phoenix Project

Chapter 30

Bill joins Erik at MRP-8.

Erik reveals he was a Special Forces officer in the US Army.

“A manufacturing plant is a system. The raw materials start on one side, and a million things need to go just right in order for it to leave as finished goods as scheduled out the other side. Everything works together. If any work center is warring with the other work centers, especially if Manufacturing is at war with Engineering, every inch of progress will be a struggle.”

Erik

“takt time” is the cycle time needed in order to keep up with customer demand. If any operation in the flow of work takes longer than the takt time, you will not be able to keep up with customer demand. The feedback loop must go back to product definition, design, and development.

Erik points out the most profitable items made in the plant have the longest setup and process times. To solve the problem, they developed a machine that combined four work centers into one, eliminating over thirty manual, error-prone steps, completely automating the work cycle.

Bill is challenged to decrease IT’s changeover time and enable faster deployment cycle time. Erik expects 10 deployments a day.

“Dev and Ops working together, along with QA and the business, are a super-tribe that can achieve amazing things. . . Until code is in production, no value is actually being generated, because it’s merely WIP stuck in the system. He kept reducing the batch size, enabling fast feature flow. . . He automated the build and deployment process, recognizing that infrastructure could be treated as code, just like the application that Development ships.”

Erik

Jez Humble and Dave Farley codified the practices and principles that enable multiple deployments per day in the book “Continuous Delivery”.

Deployment Pipeline: entire value stream from code check-in to production. Everything in version control — not just code but everything required to build the environment. Automate the entire environment creation process.

Erik tasks Bill with moving Brent to a team that will automate the build process.

“Stop focusing on the deployment target rate. Business agility is not just about raw speed. It’s about how good you are at detecting and responding to changes in the market and being able to take larger and more calculated risks.”

Erik

Features are always a gamble. So the faster features are pushed to market and tested, the better off a company is at adapting.

Chapter 31

SWAT Team kick-off meeting led by Chris. Steve has authorized a small team to deliver the promotion functionality and do whatever it takes to make a positive impact on the holiday shopping season.

The chief concern is the deployment process and the way Parts Unlimited is building the environments.

Chris is shocked at the “ten deploys per day” request, but Patty thinks the idea is solid; they can deploy bug fixes and performance enhancements. The company could enable Marketing to make their own changes to content or business rules or enabling faster experimentation and A/B split testing.

Development and Operations start to generate all the steps needed to deploy a feature

Development examples: automated tests in Dev, creating QA environment that matches dev, deploying code into it, executing tests, deploying & migrating to a stage environment, load testing.

Operations examples: preparing new server instances, loading and configuring the operating system, databases, and applications’ making all the changes to the networks, firewalls, and load balancers.

Bill marks each step where IT had problems with deployments in the past; almost all steps are marked.

Patty creates a “Value Stream Map” on the whiteboard. She writes the time-commitment for each step and whether the step requires wait time.

Patty suggests focusing on environments and code packaging process.

Brent proposes creating a common automated script for building the dev, qa, and prod environment.

New requirement for IT: at the end of each Sprint, the deployable code AND the environment must be checked into version control.

New process for IT: someone is responsible for package creation and Dev handoff — generate and commit the packaged code to trigger an automated deployment into the QA environment.

“Brent, if it’s okay with you and everyone else, I’d like to invite you to our team sprints, so that we can get environment creation integrated into the development process as early as possible. At each three-week sprint interval, we not only need to have deployable code but also the exact environment that the code deploys into, and have that checked into version control, too.”

Chris

Chapter 32

Bill reflects on how different software engineers are today than when he was coming up through the ranks. They are more loose and less likely to follow process.

The SWAT Team calls themselves “Unicorn”. The objective is doing whatever it takes to deliver effective customer recommendations and promotions.

Project Unicorn had a code base completely decoupled from Phoenix.

The first challenge was to start analyzing customer purchase data. The team created a completely new database, using open source tools with data copied from Phoenix and order/inventory management systems.

Decoupling from other projects made changes easier and did not put other projects at risk.

Unicorn team developers were using the same OS, library versions, databases, database settings, etc.

Brent goes missing from the team for two days and can’t be contacted. Brent has been taken to a secret off-site to discuss breaking up the company. He believes a split will be a complete nightmare.

“Dick and the finance team rushed me out the door yesterday morning to be a part of a task force to create a plan to split up the company. Apparently, this is a top priority project, and they need to figure out what the implications to all the IT systems are.”

Brent

Bill schedules a meeting with Steve Masters to discuss the off-site.

Bill believes Brent is someone who has the respect of developers, has enough deep experience with IT infrastructure, and can describe what the developers need to build. Steve agrees to “bring Brent home”.

Chapter 33

Sarah demands to have Brent returned in an angry email to the Chairman of the Board.

Meanwhile, the Unicorn promotion report takes much longer to execute. One of the developers recommends using cloud compute instances. Maggie looks into cloud providers and Security works to identify risks with sending customer data to the cloud. During the Demo, the team reports they can deploy easily to the cloud with the automation in place.

Maggie demos the promotions offering system and proposes to do an e-mail campaign to one percent of the customers (as a trial before Thanksgiving).

The marketing campaign is a success, with over 20 percent of the respondents going to the website and six percent making a purchase. The conversion rates are 5x higher than any prior campaign.

Steve Masters publicly congratulates the entire team on the marketing success.

John reports the security fixes for Unicorn are much easier than Phoenix.

“After being forced to automate our security testing, and integrating it into the same process that William uses for his automated QA testing, we’re testing every time a developer commits code. In many ways, we now have better visibility and code coverage than any of the other applications in the company!”

John

Developers only have read-only access in production and security tests are integrated into the build procedure. The automated controls help resolve the SOX-404 audit findings.

Only a single issue — promotions for out of stock items — temporarily halted deployment, but was fixed within a day.

Chapter 34

The high traffic to the Parts Unlimited website on Thanksgiving led to a Sev-1 emergency because the e-commerce systems were going down.

The team puts more servers into rotation and turned off computationally-intensive features.

Taking down the real-time recommendations can be disabled with a configuration setting in minutes.

Bill calls in the entire team to the office on Black Friday. Store Managers are having trouble handling the volume of requests from Unicorn promotions. To fix the problem, the team will deploy a web page for store personnel to type in the coupon promotion code to automate the cross-shipment from our warehouses. They will also create a new form on the customer account web page to get items delivered directly to them.

At a Monday meeting with Steve Masters, he reports the in-store and web sales are breaking records.

“I want to congratulate you for all your hard work. It has paid off beyond my wildest expectations. Thanks to Unicorn, both in-store and web sales are breaking records, resulting in record weekly revenue. At the current run rate, Marketing estimates that we’ll hit profitability this quarter. It will be our first profitable quarter since the middle of last year.”

Steve

Chris reports the team can do daily deployments and they can also do A/B testing all the time — so the company is faster responding to the market.

Bill proposes setting up all new teams just like the Unicorn team for fast deployments. Steve commends them all for their work.

“If we’re done congratulating ourselves, I’ve got a business wake-up call for you. Earlier this month, our largest retail competitor started partnering with their manufacturers to allow custom build-to-order kits. Sales of some our top selling items are already down twenty percent since they launched this offering.”

Sarah

The team is next charged with creating “build-to-order kits” with their manufacturing partners.

The next day, Wes says the change Sarah requested would be difficult because their original system is an outsourced mainframe application. To make the change, their outsourced will need six months to gather requirements and nine months to develop & test.

In a meeting with Steve, the team propose to break contract with the outsourcing company early at a cost of $1M and regain control of the MRP application & underlying infrastructure.

With MRP in-house, development could build an interface to Unicorn. The manufacturing capability could be moved from “build to inventory” to “build to order”.

One risk is the outsourcer may have changed the codebase. The outsourcer could also make the transition difficult. John also needs to remove access from the staff who are not being retained.

Sarah does not like the proposal, and wants approval from the board & Bob Strauss. Steve reminds Sarah who she works for, which quiets her.

“I think we need to check with Bob Strauss and get full board approval before we undertake a project this big and risky. Given the previous performance of IT, this could jeopardize all of our manufacturing operations, which is more risk than I think we should take on. In short, I personally do not support this proposal.”

Sarah

“Remember that you work for me, not Bob. If you can’t work within that arrangement, I will need your immediate resignation.”

Steve

Chapter 35

There are few Sev-1 incidents and Bill spends most of his time coaching his managers through two-week improvement cycles according to the Improvement Kata.

The team is closing their monitoring gaps, refactored or replaced the top ten fragile artifacts for stability, and the flow of planned work is fast.

Bill also deployed Project Narwhal (Simian Army Chaos Monkey) that routinely creates large-scale faults, thus randomly killing processes or entire servers.

Development and IT Operations worked together to make their code & infrastructure more resilient to failures.

John similarly started a project called “Evil Chaos Monkey”  that would exploit security holes, fuzz applications with malformed packets, try to install backdoors, gain access to confidential data, and other attacks.

Steve Masters hosts a party at his home and asks Bill to arrive an hour early.

The company will have a record-breaking quarter. The average order size hit a record after Project Unicorn delivered.

Sarah has decided to look for other options elsewhere and is on a leave of absence.

The last few months, Bill has been interviewing candidates for CIO. He feels most would revert the changes the company has made the last few months. Bill puts Chris forward for the position.

Steve explains that Bill was the unanimous choice to take the position, but he won’t be getting the job.

Steve wants Bill to do rotations in sales & marketing, manage a plant, get international experience, manage the relationships with critical suppliers, and manage the supply chain. Erik will be his mentor. If successful, Bill will be moved into the COO role.

“In ten years, I’m certain every COO worth their salt will have come from IT. Any COO who doesn’t intimately understand the IT systems that actually run the business is just an empty suit, relying on someone else to do their job.”

Steve

IT should either be embedded into business operations or into the business.

The rest of the IT Management and executive staff arrive at Steve’s home for the party. They gift Bill with a bronzed “craptop”.

Erik will not become a board member, but instead will be a large investor in the company. He wants to create a hedge fund that invests in companies with great IT organizations.

Erik charges Bill to write “The DevOps Cookbook” to show how IT can regain the trust of the business.

“I want you to write a book, describing the Three Ways and how other people can replicate the transformation you’ve made here at Parts Unlimited. Call it The DevOps Cookbook and show how IT can regain the trust of the business and end decades of intertribal warfare. Can you do that for me?”

Erik

The group assembled reflects much more than Dev or Ops or Security. It’s Product Management, Development, IT Operations, and Information Security all working together and supporting one another.

From the Pipeline v13.0

This entry is part 13 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

Unit Testing is Overrated

In this recent post the author argues that focus on unit tests is in many cases a complete waste of time. In the example-heavy piece, it’s argued that unit tests are only useful to verify pure business logic inside a given function because of external dependencies mean the implementation is often replaced with abstractions or writing data to systems means that test is technically a unit test (and would need to be abstracted as well to make it a unit test). The post is definitely worth a read.

Beyond the Cache with Python

Guy Royse explores the usage of Redis beyond caching. Redis can be used as a queue by pushing new items to the end of the list. Redis can also be used to subscribe to and publish events as well as data streaming, as a search engine, and a primary database. The examples are all in Python and taken from Guy’s popular Bigfoot data he uses at conferences. The article also links to a GitHub account to check out the code.

How to Achieve Automated Accessibility Testing

“Accessibility testing is a type of testing done to ensure that your apps are usable by as many people as possible. Automated accessibility testing helps expedite your release cycle and identify issues early.” Eran Kinsbruner shows how a team can make accessibility testing an upfront concern and shows an example how to automate the testing using Jenkins, GitHub, Selenium, Axe, and Perfecto. The post also includes a webinar to see how automated accessibility testing can be achieved.

Working with BDD Remote Part 3: Make Living Documentation Accessible

Gojko Adzic’s third installment in BDD remote work. In the post, he advocates to make easy access scenarios as part of the living documentation for testing, in particular exploratory testing (as an example). One example he provides is using Azure Devops with SpecFlow “LivingDoc”, which renders feature files in Azure Devops with filtering and linking capabilities. There are other tools for Jira. The ultimate goal is making this material readily to all members of the team.

Best Selling DevOps Books

This is a compiled list of the best-selling DevOps books of all time according to book Authority. As expected, the DevOps Handbook, Accelerate, and The Phoenix Project top the list.

Book Club: The Phoenix Project (Chapters 26-29)

This entry is part 7 of 8 in the series Phoenix Project

The following is a chapter summary for “The Phoenix Project” by Gene Kim for an online book club.

The book club is a weekly lunchtime meeting of technology professionals. As a group, the book club selects, reads, and discuss books related to our profession. Participants are uplifted via group discussion of foundational principles & novel innovations. Attendees do not need to read the book to participate.

Chapters 21-25 HERE

Background on the Phoenix Project

“Bill, an IT manager at Parts Unlimited, has been tasked with taking on a project critical to the future of the business, code named Phoenix Project. But the project is massively over budget and behind schedule. The CEO demands Bill must fix the mess in ninety days or else Bill’s entire department will be outsourced.

With the help of a prospective board member and his mysterious philosophy of The Three Ways, Bill starts to see that IT work has more in common with a manufacturing plant work than he ever imagined. With the clock ticking, Bill must organize work flow streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited.

In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Readers will not only learn how to improve their own IT organizations, they’ll never view IT the same way again.”

The Phoenix Project

Chapter 26

Bill’s team will conduct business process owner interviews for “understanding customer needs and wants,” “product portfolio,” “time to market,” and “sales pipeline”.

John researches the business SOX-404 control environment.

Meeting with Ron Johnson, VP of Sales. He is the owner of the sales pipeline and sales forecast accuracy.

The Sales Forecast Accuracy starts with a revenue target. Ron’s team always misses the target because it’s not obtainable.

Parts Unlimited does not know what its customers want. The company has too much product that will never sell and never enough of product that does sell.

“It’s a crappy way to run a company. It demoralizes my team, and my top performers are quitting in droves. Of course, we’ll replace them, but it takes at least a year for replacements to perform at full quota capacity. Even in this lousy economy, it takes too long to find qualified sales people.”

Ron Johnson

Sales Forecast Accuracy is jeopardized by poor understanding of customer needs and wants.

Sales Pipeline — challenging for salespeople to get information from the Customer Relationship Management (CRM) system.

Bill wants money for the monitoring to enforce control policies to ensure incidents like the phone outage won’t happen again.

Establishing what applications / infrastructure are fragile to Sales, they can prioritize preventive work to ensure revenue is not hurt.

Maggie owns the merchandising and pricing roadmaps for Parts Unlimited. She’s the business sponsor for half the IT projects.

“Ultimately, the way I measure our understanding of customer needs and wants is whether customers would recommend us to their friends. Any way you cut it, our metrics aren’t very good.”

Maggie

Data in the order inventory and management system are almost always wrong.

Maggie wants accurate and timely order information from the stores and online channels. That data can be used for marketing campaigns that continually do A/B testing of offers, find the ones that our customers jump at.

The information can be used to drive the production schedule to manage the supply and demand curves.

“In these competitive times, the name of the game is quick time to market and to fail fast. We just can’t have multiyear product development timelines, waiting until the end to figure out whether we have a winner or loser on our hands. We need short and quick cycle times to continually integrate feedback from the marketplace.”

Maggie

“The longer the product development cycle, the longer the company capital is locked up and not giving us a return. Dick expects that on average, our R&D investments return more than ten percent. That’s the internal hurdle rate. If we don’t beat the hurdle rate, the company capital would have been better spent being invested in the stock market or gambled on racehorses.”

Maggie

Maggie dislikes the three-year lead time on projects. They should be six to twelve months. Phoenix cost $20M/3Yrs. There is intense competition for IT in supporting projects. Given the WIP and capital locked into Phoenix, the project should have never been approved.

Chapter 27

Phone and MRP systems need predictive measures that include compliance with the change management process, supervision and review of production changes, completion of scheduled maintenance, and elimination of all known single points of failure.

John introduces the idea of CIA — confidentiality, integrity, and availability.

For Marketing Needs and Wants: Support weekly and eventually daily reporting of orders and percentage of valid SKUs created by Marketing.

Excerpt from the Phoenix Project.

“Seems pretty obvious to me. We need to come with the controls to mitigate the risks in your third column. We then show this table to Ron and Maggie, and make sure they believe that our countermeasures help them achieve their objectives. If they buy it, we work with them to integrate IT into their performance measures”

John

The company used to have the CIO attend the quarterly business reviews but stopped inviting him after negative feedback.

The company must consider IT Risks as Business Risks, otherwise the company will miss their objectives.

Bill proposes to integrate risks into leading indicators of performance. The goal is to improve business performance and get earlier indicators of whether the company will achieve them.

The company is moving too slowly with too much WIP and too many features in flight. The releases must be smaller and shorter and deliver cash back faster. Bill proposes meeting for three weeks with each business process owner to identify business risks posed by IT to integrate them into leading indicators of performance. He also proposes meeting with Dick & Chris about Phoenix to improve throughput.

From the audit-compliance side, John excitedly reports back on his findings.

Faye, a Financial Analysts who works in Finance, created SOX-404 control documents. They show the end-to-end information flow for the main business processes in each financially significant account.

“The control being relied upon to detect material errors is the manual reconciliations step, not in the upstream IT systems.” – Faye’s document

John wants to rebuild the compliance program from scratch. He proposes to: 

  1. drastically reduce the scope of the SOX-404 compliance program 
  2. root cause analysis of production vulnerabilities
  3. flag all systems in scope for compliance audits to avoid changes that risk audit and create on-going documentation for auditors
  4. reduce the size of PCI compliance program by eliminating anything that stores or processes cardholder data
  5. pay down technical debt in Phoenix

“We quickly agree to pair up people in Wes’ and Chris’ group with John’s team, so that we can increase the bench of security expertise. By doing this, we will start integrating security into all of our daily work, no longer securing things after they’re deployed.”

Bill

Chapter 28

The number of Sev-1 outages this month is down by more than two-thirds. Incident recovery time is reduced by half.

Improving the production monitoring of the infrastructure and applications, IT knows about incidents before the business does.

The project backlog has been reduced by eliminating unneeded security projects from audit preparation and replacing them with preventive security projects.

Bill comes to the conclusion that IT Operations work is similar to planned work. The team is mastering the First Way: curbing the handoffs of defects to downstream work centers, managing the flow of work, setting the tempo by our constraints, and understanding what is important versus what is not.

Sarah’s group is trying to make unauthorized purchases for online or cloud services. Her team has four instances of using outside vendors and online services. 

Sarah’s vendors will cause Parts Unlimited to break their customer privacy regulations and potentially state privacy laws. One vendor uses a database technology that is not secured.

“The first problem is that both projects violate the data privacy policy that we’ve given our customers,” John says. “We repeatedly promise that we will not share data with partners. Whether we change that policy or not is, of course, a business decision. But make no mistake, if we go ahead with the customer data mining initiative, we’re out of compliance with our own privacy policy. We may even be breaking several state privacy regulations that expose us to some liability.”

John

Sarah has been able to get away with murder because she has the strategy that Steve needs, whereas Steve is execution-focused.

During the next Phoenix deployment, one of the critical database migration steps failed. Brent made a change to a production database that no one knew about. This change was one of Sarah’s side projects.

The Dev and QA environments don’t match the production environment. The team still manages to finish the deployment before the stores open. Patty sends out a list of known errors to look out for, an internal web page for the latest Phoenix status, and instructions on how to report new problems. The service desk is on standby and both dev & ops teams are on-call.

Chapter 29

Steve Masters is happy with the state of IT even though the latest Phoenix Deployment went in late. 

“I am very proud to be a part of this team that is obviously working together better than ever, trusting one another, and getting incredible results.”

Steve

Sarah is caught in the meeting having started unauthorized IT projects.

“Supporting those projects also requires an incredible amount of work. We’d need to give your vendors access to our production databases, explain how we’ve set them up, do a bunch of firewall changes, and probably over a hundred other steps. It’s not just as easy as signing an invoice.”

Bill

Sarah announces that Board Member Bob Strauss believes the company should be split up and leaves the room in a huff.

Erik challenges the group to master the Second Way: creating constant feedback loops from IT Operations back into Development, designing quality into the product at the earliest stages.

“In any system of work, the theoretical ideal is single-piece flow, which maximizes throughput and minimizes variance. You get there by continually reducing batch sizes. You’re doing the exact opposite by lengthening the Phoenix release intervals and increasing the number of features in each release. You’ve even lost the ability to control variance from one release to the next.”

Erik

Bill proposes to pause deployments until they can figure out how to keep environments synchronized.

Erik proposes that work only flows forward. With rework and long release cycles, the team will never hit the internal rate of return.

“The flow of work should ideally go in one direction only: forward. When I see work going backward, I think ‘waste.’ It might be because of defects, lack of specification, or rework. . . Regardless, it’s something we should fix.”

Steve

Bill proposes a SWAT Team to deal with the Phoenix capacity issues, with that team tasked with delivering features that hit revenue goals.

The features are focused on customer recommendations and promotions that match the customer profile from consumer data.

From the Pipeline v12.0

This entry is part 12 of 36 in the series From the Pipeline

The following will be a regular feature where we share articles, podcasts, and webinars of interest from the web.

6 Ways to Secure Buy-in For Your DevOps Journey

This article by Scott Carey is an excellent summary of talks at the recent DevOps Enterprise Summit. The first way is “start with people, not technology”, by conducting value stream mapping exercises to identify key business outcomes and processes. “Land and expand” is about finding the first product team or workload to deliver success and then expand to other teams. “Coach, don’t dictate” is about having empathy for the teams being supported in the transition, especially those who haven’t made the journey yet in their careers. “Making it safe to try” is about establishing an environment where it’s alright to fail fast by establishing psychological safety. “Measure, measure, measure” means establishing the telemetry to monitor outcomes and having a shared understanding of success. Lastly, “leveraging a change in management” is about taking advantage of a fresh start to promote DevOps practices.

50 Quick Ideas to Improve User Stories

 Several years ago Gojko Adzic published a series of books on testing, user stories, retrospectives, and impact mapping. These books are great resources to help a team or organization improve in their respective areas. Gojko has also turned the “Fifty Quick Ideas to Improve Your User Stories” into a free reference card deck under the creative commons license. Great reference material for any BA.

Metrics and Scrum

Doc Norton has been consistently featured on “From the Pipeline” for good reason: he’s one of the brightest minds in tech and unafraid to take on sacred cows. In his most recent post, he examines metrics associated with Scrum. What makes the post fascinating is although the Scrum guide does not explicitly mention metrics, the guide does have several points of measurement: in monitoring goals, in monitoring sprints, and increments, from which implicit metrics can be derived.

Design Patterns in Test Automation

Another great post from Anand Bagmar about test automation. In the lengthy post with many citations, he walks the reader through essentials of test automation from building a framework to common designer patterns, to challenges associated with the page-object pattern. Bookmark this article for future reference!

Deception and Estimation: How We Fool Ourselves

This brief blog post by Linda Rising to accompany a conference talk raises an interesting point about our built-in biases in estimating software projects. “Research shows that the best estimates come from a high-level comparison of the current project to others of a similar nature. Yet most estimation in software development comes from a bottom-up approach, by looking at the complexity of unknown components and then adding up the pieces to produce a view of the whole.”