Continuous Integration
Continuous Integration
Embedded Files
CI/CD methodologies are often sold in isolation of their legacy forebears; but in practice, Release Managers must somehow coordinate deliverables from multiple technologies. Often the ‘core’ system is a legacy task horse which spawns interfaces and synchronized databases to support the newer technologies.
Effective release management of hybrid functional solutions requires a process infrastructure that can facilitate traceability and ensure consistency and sufficiency of governance practices.
In all but the newest enterprises, business functionality is delivered with a mix of legacy and newer applications delivered as an integrated whole.
Changes [Epics & Story’s] / Defects represent a non technical description of a change and often also record the authorization to proceed.
Code from multiple systems is developed, unit tested and then committed into a code repository.
A release / product increment will be an accumulation of multiple changes from concurrent projects / maintenance activities. These are accumulated and tagged at an application level for each deployment.
The release package to be delivered will be an assembly of multiple legacy and new applications (potentially a different mix for each release deployment)
Governance of CI/CD
Governance of CI/CD
The objectives of process governance over an integrated and automated build and deployment process are equivalent to a more manual process. The difference lies in how those controls are exercised and to what extent automated verifications can replace human scrutiny and approvals.
Authorization – any change to application code or being applied to application data must be linked to a record that can demonstrate that the change has been authorized by business or IS management.
Traceability – each delivery of functionality must be capable of being explained as corresponding to an authorized change request. Both testers and end-users must be able to understand what has been delivered to them.
Ownership – decisions as to backlog priority; resilience and quality of system design; quality of the solution developed and production readiness must be owned by an identified person or body and documented to ensure that the directions are executed as intended.
Segregation of Duties – no one person or group should be capable of dominating the solution delivery process. Authorizing; developing; validating and deploying technical solutions should be under segregated control.
Independent review / verification – every change must be subject to the scrutiny and approval of someone other than the originator.
Least Privilege – process automation brings process structure, relatability and consistency. Access to modify processes or deliverables outside of the managed interfaces should be strictly regulated and thoroughly documented.
Page updated
Google Sites
Report abuse