An empirical study on principles and practices of continuous delivery and deployment

Wittern

et al. 2017

Preprint

Self Cite

Abstract-Docker allows packaging an application with its dependencies into a standardized, self-contained unit (a so-called container), which can be used for software development and to run the application on any system. Dockerfiles are declarative definitions of an environment that aim to enable reproducible builds of the container. They can often be found in source code repositories and enable the hosted software to come to life in its execution environment. We conduct an exploratory empirical study with the goal of characterizing the Docker ecosystem, prevalent quality issues, and the evolution of Dockerfiles. We base our study on a data set of over 70000 Dockerfiles, and contrast this general population with samplings that contain the Top-100 and Top-1000 most popular Docker-using projects. We find that most quality issues (28.6%) arise from missing version pinning (i.e., specifying a concrete version for dependencies). Further, we were not able to build 34% of Dockerfiles from a representative sample of 560 projects. Integrating quality checks, e.g., to issue version pinning warnings, into the container build process could result into more reproducible builds. The most popular projects change more often than the rest of the Docker population, with 5.81 revisions per year and 5 lines of code changed on average. Most changes deal with dependencies, that are currently stored in a rather unstructured manner. We propose to introduce an abstraction that, for instance, could deal with the intricacies of different package managers and could improve migration to more light-weight images.

Section: B Build Analysismentioning

confidence: 99%

An empirical analysis of the Docker container ecosystem on GitHub

Cito

Wittern

et al. 2017

Preprint

Self Cite

“…There has been a multitude of research on the field of selective regression testing [8]. However, as we learned throughout the interviews of our two studies [2], [3], none of the companies used any tool resulting from this research. Instead, they either executed all tests or a subset based on intuition.…”

Section: Transitionsmentioning

confidence: 99%

“…CD influences many phases of traditional development processes [5] and is associated with several risk mitigation strategies for keeping the impact of issues low [3].…”

Section: A Overviewmentioning

confidence: 99%

“…The idea for this work evolved from two recently conducted studies -an analysis of the impact of cloud computing on software development processes [2], and a study on how the practices associated with continuous delivery and deployment found their way into the broad software industry [3]. In both studies, we conducted qualitative interviews with 25 and 20 professional software developers or release engineers, respectively, and validated the results by quantitative surveys with more than 450 (>290 and >180) practitioners in total.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards quality gates in continuous delivery and deployment

2016 IEEE 24th International Conference on Program Comprehension (ICPC)

Cito

Leitner

et al. 2016

Self Cite

Quality gates, steps required to ensure the reliability of code changes, are supposed to increase the confidence stakeholders have in a release. In today's fast paced environments, we have less time to perform the necessary precautions to minimize the risk of a faulty release. This leads to an inherent trade-off between risk of lower release quality and time to market. We provide a model for this tradeoff of release confidence and velocity that led to the formulation of 4 categories (cautious, balanced, problematic, madness), in which companies can be classified in. We showcase real examples of these categories as case studies based on previous empirical studies. We close by presenting possible transitions between categories that guide future research. Towards Quality Gates in Continuous Delivery and DeploymentGerald Schermann, Jürgen Cito, Philipp Leitner, and Harald C. Gall University of Zurich, Department of Informatics, Switzerland {schermann, cito, leitner, gall}@ifi.uzh.chAbstract-Quality gates, steps required to ensure the reliability of code changes, are supposed to increase the confidence stakeholders have in a release. In today's fast paced environments, we have less time to perform the necessary precautions to minimize the risk of a faulty release. This leads to an inherent trade-off between risk of lower release quality and time to market. We provide a model for this trade-off of release "confidence" and "velocity" that led to the formulation of 4 categories (cautious, balanced, problematic, madness), in which companies can be classified in. We showcase real examples of these categories as case studies based on previous empirical studies. We close by presenting possible transitions between categories that guide future research.

“…In cloud-based software engineering, practices such as Dev-Ops, continuous delivery, and continuous deployment, have recently reached mainstream acceptance in the developer community. A common feature of these practices is that they provide means for software houses to further speed up their release processes and to get their products into the hands of their users faster [22]. For cloud-based Software-asa-Service (SaaS) applications, this idea of "releasing faster" often comes in the form of wide-ranging automation, e.g., a deployment pipeline [2] that, fully automatedly, builds, tests, and pushes changes into production.…”

Section: Introductionmentioning

confidence: 99%

Bifrost

Proceedings of the 17th International Middleware Conference

Schöni

Leitner

et al. 2016

Self Cite

Live testing is used in the context of continuous delivery and deployment to test changes or new features in the production environment. This includes canary releases, dark launches, A/B tests, and gradual rollouts. Oftentimes, multiple of these live testing practices need to be combined (e.g., running an A/B test after a dark launch). Manually administering such multi-phase live testing strategies is a daunting task for developers or release engineers. In this paper, we introduce a formal model for multiphase live testing, and present Bifrost as a prototypical Node.js based middleware that allows developers to define and automatically enact complex live testing strategies. We extensively evaluate the runtime behavior of Bifrost in three rollout scenarios of a microservice-based case study application, and conclude that the performance overhead of our prototype is at or below 8 ms for most scenarios. Further, we show that more than 100 parallel strategies can be enacted even on cheap public cloud instances.