Release automation: All about the pipeline

Published: March 8th, 2018

To many, release automation is that last stage of the DevOps pipeline, when software is made public. Yet, to many, release automation remains largely misunderstood and so is not as widely utilized in organizations that claim to be agile and doing DevOps.

“I don’t know if people are recognizing the benefits of application release automation just yet,” said Tracy Ragan, CEO and co-founder of OpenMake, which offers automation from build to release.

One person who does understand the benefits of application release automation is Tom Sherman, divisional vice president of DevOps at health insurance management company HCSC. “In mid-2016, we started a project to move all of our applications onto a release automation platform. We’ve been able to move about 400 applications to implement a release automation process for them.

We have automated the process of building the application and then doing the deployments. We’re seeing a lot of benefits in doing that in terms of speed and resources saved, as they don’t have to work like they had to do in a manual release process, particularly on the infrastructure side — the teams that used to have to support us by loading our applications out onto servers and so forth.”

Bob Evans, director of applications engineering at email delivery service SparkPost, sees the benefit of getting new features out to customers more quickly. “This is crucial because it allows an organization to get feedback during the development cycle and iterate accordingly,” he said, adding “I don’t believe you should take operations out of the equation, it’s just their responsibilities shift. DevOps puts more ownership and success of the overall service on the team. It also empowers team members to address issues before adding more features.”

Automation is used in many areas of IT, from test and build automation on the developer side to automating steps in IT operations. Yet some fear remains. As Electric Cloud’s CTO Anders Wallgren noted, “Release automation managers have a bit of ‘we’re different. We’re a duck-billed platypus, you can’t possibly automate what we do. It can’t possibly work for us, we’re different.’ All of the usual kinds of phrases come out when you start to dig in at particular organizations. There’s a little bit of fear there for this kind of stuff. We like other companies have had to work through that a little bit.”

Not only a fear of losing their jobs, but a fear of turning over the keys to a machine that in their minds could lead to releasing broken or bug-filled software. Release managers, Wallgren said, should spend more time talking with the people who’ve created the functionality upstream and downstream. “They still seem to not really be getting it yet. They say, ‘Look, if we automate everything, what if something goes wrong, are we going to release software that doesn’t work?’ All the usual reasonable fears that people have.”

And who are these release managers? “I have seen several instances where people that work in the release management arena are a little bit divorced from the details of what it takes to get a release out the door,” Wallgren said. “What I mean by that is often times, they’re project managers, and I don’t mean that in a perjorative way; they’re there. Their job is to herd the cats. We all know how much fun that is. Sometimes, the notion of automation to them is a little bit scary, for a number of reasons. Sometimes it maybe dives into the technical areas a little too much, and a kind of nervousness about, well, am I going to be necessary if we automate everything. That silo is starting to learn about this and figure out what it means to them.”

They’re also not necessarily exposed to the innards of the releases, he said. “Some release managers are more like product owners; they understand what’s coming in the release, what’s in there, why it’s in there, they have their finger on the pulse. Other release managers are like, ‘I wait until people tell me what to do and then I rubber-stamp it and it goes.’ I’m probably exaggerating on that, but there is a bit of that.”

To script, or not to script
In most organizations today doing continuous integration and deployment (CI/CD) — the precursor to release automation — the use of scripts remains prevalent. Some, though, see the use of scripts as hampering CI/CD due to scripts being static in nature and unable to adapt across pipelines. “We all have a waterfall approach to CD; scripts come from waterfall,” OpenMake’s Ragan said. “It is still built around states. In dev, test and production, it’s a very fast waterfall approach, but it’s still waterfall. When the build runs, kick off tests. If the tests pass, go to production.”

She recalled a time before the overhyped need for speed when organizations had the luxury of time to tweak scripts to adapt to different environments. Today, she said, “people need repeatable deployment processes from dev to test to production very quickly.” On the speed issue, she opined, “Companies need the choice to be fast or not. What they all need, though, is to be responsive to their market.”

HCSC’s Sherman said repeatable processes provide reliability, but believes scripts have remained valuable. “Anything that you script, you’re executing the process the same way every time you do it, which eliminates some errors that we were seeing in the manual process. When you had different support staff working with you they might not have remembered a step that had to be executed, or the sequence of the steps that had to be executed in a particular order to make it work. The scripting takes that risk away from your process.”

He went on to say that “the way that our process works is that the scripts are created ahead of time and we’re executing the scripts over and over again when we do a deployment. Once you get the scripts created it is an asset that you manage just like any other piece of code, and you version it and test it and implement a new version of it so you’re getting a consistent execution of that script every time.”

Sherman acknowledged that scripts are labor-intensive, to a certain extent, but HCSC looks at tools “that do things more from a configuration standpoint, where you can configure within the tool the way you want to execute your deployment. That’s sort of the next generation of our platform, to take some of the scripting out of the equation and put it into a tool that’s got more ability to have the configuration built in to the execution.

“But those tools are expensive and you’ve got to figure out where you need that level of automation or where the script is adequate,” he continued. “We’re not seeing a lot of volatility in our scripts once we’ve got them set up and they’re working. They’re not requiring a lot of maintenance right now, so we’re not as concerned about that at this point in time. There is a place… we did make a decision on, that we did not want to put into the scripts and we wanted to go to a next-generation tool. So there is definitely a niche for that, and we’re just seeing whether that’s something we want to do on an enterprise level or is it something where we make the tool that does the scripting a part of our business and then go to the next-generation tools. That’s the analysis we’re doing right now.”

All about the pipeline
So, versioning scripts is helpful, but what happens when test, staging and production environments change, as they always do? According to SparkPost’s Evans, “I think building a pipeline that can adapt to changes is key. However sometimes having different load and performance profiles, and hardware constraints makes verifying certain features/fixes tough in different environments.”

OpenMake’s Ragan agreed, saying “to be repeatable, [the flow] has to go across the pipeline. Application release automation allows developers to decide what gets consumed in test and production, and adds security features.”

Yet release automation is “kind of all over the place,” Wallgren said. “Some companies don’t have a release step in their pipeline. They say, if it makes it through the pipeline, it goes straight into release automatically. They don’t have release managers.”

He called release management “a kind of Maginot line. It’s the last defense against releasing things that can hurt them.”

It’s a culture thing
HCSC’s Sherman described the hurdles and roadblocks to implementing release automation.

“It was a difficult project to get started and get through the first couple rounds of it. The other complication I think we had was that our applications, as we went through the analysis, are not all the same, so we had a lot of one-off things that we had to account for, but once we got a process built and an assembly line kind of approach to it, it went pretty smoothly and we really gathered some momentum and were able to do the second half of the project much more quickly than the first half went.

“We had some issues with engagement.. getting the teams to buy into the process. Then we had issues with staffing on my side, of getting the right people who could do the work in place, and then there’s always a problem here of competing priorities. The teams that we were working with had big customer projects that they were working on and we had to fit our work into that.”

Sherman did note that HCSC leadership was committed to making release automation happen as part of a larger organizational digital transformation. “That really helped us turn the corner by having that backing that this was an important project that needed to be done. That really made it work,” he said.

SparkPost has had some form of release automation since it launched in 2015, Evans said. “It was an evolution and over time more pieces of the process were streamlined. We knew in order to be agile and ship features to our customers that release automation was a must. We prioritized critical path and layered in more capabilities as we grew in volume and features. Being an on-premise company before, we had some legacy processes that hindered some of the rollout of the pipeline initially. We also had a new set of challenges as we started rolling out our next-generation architecture in 2017. Our development process changed as well because previously we were working towards quarterly releases. Most features stopped at a test environment until closer to release. Now we release pieces of features to production as they are ready and ship multiple times a day.”

In the world of automation, Wallgren said, “You have to ask the question, ‘what goes wrong today, and how do you deal with that?’ If you can automate it, and it does the same thing every time … then why is that not better? Sometimes you have to push people on that and challenge their assumptions.”

So, when everything is automated, does release management go away in the future? “I don’t think so,” said Wallgren. “But… can questions that release managers want the answers to be populated automatically? Yes.”

Article Tags

CI/CD, continuous delivery, continuous integration, DevOps, release automation, software

About David Rubinstein

David Rubinstein is editor-in-chief of SD Times.

View all posts by David Rubinstein

Cookie	Duration	Description
cf_use_ob	past	Cloudflare sets this cookie to improve page load times and to disallow any security restrictions based on the visitor's IP address.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__atuvc	1 year 1 month	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__atuvs	30 minutes	AddThis sets this cookie to ensure that the updated count is seen when one shares a page and returns to it, before the share count cache is updated.
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.

Cookie	Duration	Description
__gads	1 year 24 days	The __gads cookie, set by Google, is stored under DoubleClick domain and tracks the number of times users see an advert, measures the success of the campaign and calculates its revenue. This cookie can only be read from the domain they are set on and will not track any data while browsing through other sites.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_S6PB8V57DG	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_846073_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_jsuid	1 year	This cookie contains random number which is generated when a visitor visits the website for the first time. This cookie is used to identify the new visitors to the website.
at-rand	never	AddThis sets this cookie to track page visits, sources of traffic and share counts.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
iutk	5 months 27 days	This cookie is used by Issuu analytic system to gather information regarding visitor activity on Issuu products.
uvc	1 year 1 month	Set by addthis.com to determine the usage of addthis.com service.
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
WMF-Last-Access	1 month 14 hours 26 minutes	This cookie is used to calculate unique devices accessing the website.

Cookie	Duration	Description
__Host-GAPS	2 years	This cookie allows the website to identify a user and provide enhanced functionality and personalisation.
_pxhd	session	Used by Zoominfo to enhance customer data.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
loc	1 year 1 month	AddThis sets this geolocation cookie to help understand the location of users who share the information.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
__gpi	1 year 24 days	No description
__Secure-YEC	1 year 1 month	No description
_heatmaps_g2g_100754890	10 minutes	No description
_techvalidate_session	session	No description
cf_7166_id	20 years	No description
cf_7166_person_last_update	session	No description
f5avraaaaaaaaaaaaaaaa_session_	session	No description available.
GoogleAdServingTest	session	No description
Gyazo_cfwoker	7 years 2 months 17 days 7 hours	No description
incap_ses_451_2783402	session	No description
incap_ses_769_2783402	session	No description
loglevel	never	No description available.
m	2 years	No description available.
nlbi_2783402	session	No description
prism_252377639	1 month	No description
TS011605d9	session	No description
ustream-guest	session	No description available.
visid_incap_2783402	1 year	No description
xtc	1 year 1 month	No description

AI

AI and Software Development

Observability

Guide to Observability

CI/CD

A guide to CI/CD

Cloud Native

Cloud Native Content

Data

A Guide to Data

Test

Automation

Mobile

Mobile Testing

API

Sponsored by Parasoft

Performance

Load & Performance Testing

DevSecOps

A Guide to DevSecOps

Enterprise Security

A Guide to Security

Supply Chain Security

Supply Chain Security

Dev Manager

Dev Managers Content

Agile

A Guide To Agile

Value Stream

A Guide To Value Stream

Productivity

A Guide To Productivity

DevOps

DevOps Content

Microservices

A Guide to MicroServices

AI

AI and Software Development

Value Stream Management

A Guide To Value Stream

Release automation: All about the pipeline

Article Tags

Subscribe to SDTimes

About David Rubinstein

Related Articles

GitLab Duo Chat released as part of GitLab 16.11

Report: As DevOps adoption nears 100%, these factors determine maturity

CircleCI enables automated rollbacks in latest offering: CircleCI releases

Analyst View: What’s new, what’s now, and what’s next in platform engineering