If you are reading this, you’ve probably been in a deep code freeze that started 2-3 months ahead of Black Friday. Code freezes are common across industries, not just to developers building e-commerce applications, but also across applications in the fintech, advertising, caching, and antifraud domains to name a few.
During code freezes, nothing new happens and everything is dedicated to testing and strengthening existing platforms, existing software versions, and existing workflows. This causes significant technical debt as features, improvements, and new code in various areas are delayed. So now that Black Friday is over — what will you do?
At Rookout, we like to think of Black Friday as the happy new year for our code! This is a great time to shake the dust out of your application, unfreeze those CI/CD pipelines, and get back to being productive.
Update Your Code
We all use an extensive amount of open source to accelerate time-to-market and reduce development costs, open source sometimes making up 80% of our modern applications! So while it’s a natural tendency to focus on the 20% of proprietary code, it’s just as important to make sure our open source libraries and frameworks are updated. According to Veracode’s June 2021 report, 80% percent of libraries used in software are never updated, even though 92% percent of open source library flaws can be fixed with a simple update.
Key reasons to update your code:
- Out-of-date dependencies have a higher chance of breaking.
- Updating open source helps avoid known vulnerabilities.
- Updating your code means getting the latest capabilities out of your suppliers, projects, and services.
Unfreeze Your CI/CD Pipelines
For a substantial amount of time, there have been no automation processes pushing new versions of the application to deployment and testing. But that doesn’t mean no new code’s been written! Chances are you can expect a tidal wave of updates after the code freeze is over, and so prioritizing what needs to get done is critical.
Tips to Managing the Load after Unfreezing Your CI/CD Pipelines:
- Craft a set of prioritization criteria! Hold meetings to determine which functions get first priority — usually the ones that are solving pressing business concerns.
- Make sure the appropriate people have the capacity to deploy, test, and troubleshoot issues and outages, even in production.
- Involve your DevOps team earlier. Clearing technical debt includes new functional features side by side with new non-functional features. When it comes to the latter, this is the time your DevSecOps people must be on their toes.
- When non-functional Monitoring, Logging, Tracing (MLT) mechanisms and tools are injected and introduced — it is important to set reviews with the relevant infra and scrum teams to observe the new collected data and insights and verify those improvements are indeed addressing the needs.
Test Test Test
The modern, agile pace of work is quicker than ever before — but it also utilizes complex tech stacks that have the potential to create problems. Distributed and segmented teams, combined with agile methodologies, may create situations where no one is in charge of end-to-end testing.
Now is the time to make sure that you have a designated person or team that owns this process and takes advantage of the modern tooling available today for QA and test engineers, in order to ensure the delivery of higher quality code.
In addition, this testing team will probably want to embrace chaos engineering to make sure the application is resilient enough to cope with random events like losing a server or a few microservices.
Even after taking all the above precautions, not every unexpected outage can be avoided. These outages can be devastating to a business, whether transactions are lost or we simply fail to meet a pre-defined SLA. This is why it’s more important than ever to invest in Observability so we can better understand the health and state of our systems and applications.
Adopt a Dynamic Observability Tool
In a dynamic and complex cloud native environment, the only way to maintain the velocity and quality of a cloud native application is to be able to collect metrics, logs, and traces on-demand and then visualize them in a way that enables instant understandability. Unfortunately, traditional observability tools require developers to write more code and redeploy the application each time new data needs to be extracted.
That’s why we are seeing the rise of dynamic observability tools that can deliver real-time answers to real-time questions. These tools leverage tracepoints, aka “non-breaking breakpoints,” to debug production issues on the fly — an emerging technology that disrupts the way we collect data today.
Such tools allow engineers to dynamically instrument a line of code, to switch on a logline, or to collect a debug snapshot of local variables and stack traces. This dynamic instrumentation is made possible by using bytecode manipulation, which means that data can be extracted without having to stop or redeploy the application.
If you follow these tips, you’ll be ready to draft your “After black Friday” to-do plan! You’ll have your hands full with software updates, CI/CD clean up, proactive testing, and of course modern observability — but what you’ll get in exchange is happy customers leading into the holiday season :)
Feature image via Pixabay.