DevOps Unleashed with Git and GitHub E-Book

DevOps Unleashed with Git and GitHub

Automate, collaborate, and innovate to enhance your DevOps workflow and development experience

Yuki Hattori

DevOps Unleashed with Git and GitHub

Copyright © 2024 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Preet Ahuja

Publishing Product Manager: Vidhi Vashisth

Book Project Manager: Uma Devi

Senior Editor: Romy Dias

Technical Editor: Irfa Ansari

Copy Editor: Safis Editing

Proofreader: Romy Dias

Indexer: Tejal Daruwale Soni

Production Designer: Ponraj Dhandapani

Senior DevRel Marketing Executive: Linda Pearlson

DevRel Marketing Executive:Rohan Dhobal

First published: April 2024

Production reference: 1210324

Published by Packt Publishing Ltd.

Grosvenor House
11 St Paul’s SquareBirmingham
B3 1RB, UK

ISBN 978-1-83546-371-0

www.packtpub.com

Foreword

I have known Yuki Hattori from the InnerSource Commons Foundation for several years where, upon arrival, he stood up a local community for the foundation in Japan within a couple of months. He is one of the experts bringing Git and GitHub to teams. He is one of the rare people I know who can bridge the gap between collaboration best practices developed within open source and corporate structures.

Git and, by extension, GitHub have evolved into vital tools in software engineering – not only in the open source world but also in professional engineering teams ranging from development to operations. Both tools, however, shine in particular when adopting not only the technology itself but also the processes, cultures, and ideas that they were built upon.

More than two decades ago, open source was still the new kid that everyone was skeptical about. Even though several open source projects were already vital ingredients of several products, professional teams remained skeptical as to whether and how processes from the open source world could carry over to professional engineering. Over time, though, open source communities showed how to build bridges across not only teams but corporations, and not only floors but time zones and nation-states.

While you are trying to get started with DevOps collaboration, what are your strategies to reduce the friction between silos and help you thrive with a different team?

After reading Yuki’s book you will know how to apply these lessons to bridge the silos in your organization. You will understand how collaboration means gaining together by sharing the work to create a sound technological basis. The book will also give you an understanding of the tools that enable this collaboration. With InnerSource, it shows you a set of collaboration patterns that complement Git and GitHub, making their application much more effective within your organization.

Benefit from standing on the shoulders of giants: after reading this book, not only will you be able to build bridges within your organization, you will also have gotten a glimpse of how easy it can be to benefit from being more involved in the open source projects you use in your stack on a daily basis.

Isabel Drost-Fromm,

Founding Director of the InnerSource Commons Foundation, member of the Apache Software Foundation

To Xinlei, the source of joy and strength in my life

Contributors

About the author

Yuki Hattori, an architect at GitHub, showcases his hands-on expertise in DevOps and technical advice for enterprise clients. He began as a software engineer and progressed to cloud solution architect at Microsoft, overseeing cloud architecture and DevOps. A strong advocate for open source culture within an enterprise, he champions InnerSource adoption, serving as a board member of the InnerSource Commons Foundation. This nonprofit role drives global InnerSource adoption, breaking down organizational silos for innovation.

I want to thank the people who have been close to me and supported me, especially my wife, Xinlei, and my parents, Ken and Yumiko.

About the reviewers

Daniel Cho is a solutions engineer at GitHub Japan and has worked in various roles within the IT industry over the past 11 years, ranging from support to project management to pre-sales. He has presented at various local events in Japan and has also assisted with webinars that target a broader audience in Asia. His background in chemical engineering has helped give a different perspective throughout his years within the technology industry and he currently works closely with both traditional technology companies and non-technology companies to increase awareness of GitHub.

Yasuki Takami has worked supporting application development culture/infrastructure for more than 10 years, with 6 years specifically dedicated to DevSecOps culture acceleration in organizations. He started his career as an infrastructure engineer supporting developers’ efficiency and moved forward to support organizations in being more efficient and agile-like decision-making while building SaaS-based products in the market. He thinks it is more important to be secure than efficient to sustain DevOps organizations and culture.

I’d like to thank my family and friends, who understand the time and commitment it takes to research and test data that is constantly changing. Working in this field would not be possible without the supportive DevOps/InnerSource community that has developed over the last several years. Thank you to all of the trailblazers who make this field an exciting place to work each and every day. We are grateful for everything you do!

Sebastian Spier has worked as an individual contributor, agile coach, team lead, product owner, and director of engineering. Over his 15 years in the software industry, no matter the role or team, effective cross-team collaboration has been key for him to get things done at organizations of any size. Having seen first-hand how DevOps transforms the way that software is built and delivered, it is one of his key objectives to reduce the barriers between departments and teams so that they can jointly ship software in the most efficient way possible, continuously reducing the lead time to business impact.

Yoichi Kawasaki is a technology professional with extensive experience in software development, cloud computing, and technology advocacy, having worked with leading technology firms for over 20 years. Currently, he is employed by Postman as a technology evangelist, where he is responsible for driving Postman’s adoption in Japan. Beyond his professional engagements, he is an avid contributor to the tech community, speaking at conferences and meetups, co-authoring a book, and writing numerous technical articles focused on DevOps tools and developer productivity.

Table of Contents

Preface

Part 1: Foundations of Git, GitHub, and DevOps

1

DevOps and Developer Experience – Entering the World of Modern Development

DevOps – Accelerating the development cycle by reducing friction

Background on DevOps

What is NOT DevOps?

DevOps is culture

Soaring to excellence in DevOps practices

The next challenge

Developer experience – A strategy for developer excellence

Developer experience is a strategy

Elements that amplify DevOps and developer experience

Git – Where code collaborations begin

Imagining the world without version control

The history of Git

What is a VCS?

GitHub – The AI-powered developer platform

Powered by AI

Collaboration

Productivity

Security

Scale

Summary

Further reading

2

Getting Started with Git

Technical requirements

Getting started with Git

Git basics – Begin with a hands-on experience

Working with branches – The cornerstone of collaboration

The anatomy of Git – A beginner-friendly explanation of how Git works

The file lifecycle in Git

Behind the scenes – Git’s architecture

Git tree structure

Becoming a guru of Git communication

git commit – Revisiting the most important command

Control quality and quantity to be a good communicator

Summary

3

Advanced Git Usage for Team Collaboration

Technical requirements

Branching strategies for team collaboration

Why a branching strategy is important

Branch strategy and branch policy

Smaller and frequent versus larger and less frequent

Types of branch policies branch policies

Branch naming conventions – Discover the best practices for naming branches in Git

Ways to apply your changes on a branch

Merging vs rebasing

Exploring different ways to merge in Git

Navigating conflicts

Why conflict happens

How to merge conflicts in Git

How to resolve merge conflicts

Useful commands for supporting merge activities

Mastering better collaboration

Rolling back time

Organizing your working environment

Who did what? Great ways to help you debug

Versioning excellence

Summary

Part 2: GitHub Excellence and CI/CD Fundamentals

4

Elevating Team Collaboration with GitHub

Technical requirements

Getting started with GitHub

Setting up your GitHub account

Creating your first GitHub repository

Registering your SSH key

git remote – Connecting local and remote repositories

git push – Making your code count

Examining code on GitHub

git pull – Bridging local and remote work

git fetch – Syncing without disruption

Fetch versus pull

git clone – Bringing GitHub repos to your workspace

Forking – More than just copying code

Issues – Collaboration excellence at GitHub

What makes GitHub Issues unique

Crafting an issue – Essentials for a well-structured issue

Effective communication

Pull request excellence

What makes pull requests unique?

Crafting a pull request

Pull request review 101

Getting the best out of GitHub

GitHub Projects – Managing your issues and pull requests in one place

GitHub Codespaces – Transforming development workflows with cloud-based environments

GitHub Discussions – Fostering community and collaboration

GitHub repository excellence

Repository rules – Streamlining workflow and ensuring code quality

CODEOWNERS – Streamlined review and ownership

Issue and pull request templates

Summary

5

Driving CI/CD with GitHub

GitHub Actions – Mastering workflow automation

Comprehensive overview of GitHub Actions

Deep diving into GitHub workflow structure

GitHub Actions best practices

Deployment strategies

Blue-green deployment

Rolling deployment

Canary deployment

Feature release strategies

Feature flag

Release train

Summary

Further reading

Part 3: Beyond DevOps

6

Enriching DevOps Implementation

Leveraging metrics in DevOps

Four keys – DORA metrics

SPACE framework

Metrics at GitHub

DevSecOps – Security as a continuous matter

Security shift-left

Security features in GitHub

Scaling the collaboration

Why scaling collaboration is imperative

InnerSource – Distributed collaboration model

Setting up GitHub for scalable collaboration

Summary

Further reading

7

Accelerate Productivity with AI

AI innovation in coding

The impact of LLMs on coding

Understanding LLMs – A basic introduction

Application of LLMs in coding

Prompt and context

Exploring the capabilities and interaction with AI in coding

Code completion – The foundation of AI-powered coding

Code explanation

Strategies for maximizing AI efficiency

Be specific

Be context-aware

Be consistent

Summary

Further reading

8

Reflection and Conclusion

Reflecting on the journey through Git, GitHub, and DevOps – Enhancing the developer experience

Embracing AI in development — The next evolutionary step in software engineering

Concluding remarks

Index

Other Books You May Enjoy

Preface

Let’s dive into the world of DevOps with this essential guide, crafted for developers, operations professionals, and DevOps enthusiasts eager to master Git and GitHub. This book transcends mere theory and instructional content; it’s a treasure trove of practical wisdom and real-world applications, setting you on a path to mastering these crucial tools in modern software development and operations.

What sets this book apart:

Git and GitHub for DevOps is more than a book; it’s a comprehensive toolkit. Packed with expert tips, hands-on exercises, and insightful case studies, it’s the ultimate guide for anyone striving to excel in the dynamic world of DevOps.

Have you ever experienced a situation where you thought, “Oops, I made a mistake! This is embarrassing”? Even if it wasn’t really embarrassing, did it cause you to feel a little low or nervous?

Even though we’re advised to learn from our mistakes, we all want to avoid errors whenever possible.

The good news? The more you fail, the more you learn. There’s no such thing as learning without failure. Now, for some bad news. Git and GitHub, which you will learn about, are fundamentally systems designed to record changes. They are not built to easily hide your mistakes. In some circles, being proficient with Git is taken for granted, and not being able to use GitHub can even call into question your qualifications as an engineer. What’s worse, mistakes in automated DevOps pipelines can directly lead to production failures. A minor slip-up could be the gateway to much bigger errors. In a technological ecosystem that thrives on collaboration and rapid development, these tools and methodologies underpin modern engineering practices. Your desire for a comprehensive understanding of Git, GitHub, and DevOps is well-placed.

And this is the book that will meet that desire. It’s a book that empowers people in development teams to communicate effectively within their teams, teaching the fundamentals of modern team development to continually refine your products. Ultimately, it’s a book that will significantly enhance your developer experience.

But let’s be clear, perfection is a myth. However, excellence is undoubtedly achievable. In that way, this is not only a book about avoiding mistakes but also about embracing them and establishing a process, workflow, and culture that permits errors. It’s about understanding how to react, adapt, and grow when they inevitably happen. This is the essence of a thriving DevOps culture.

What’s essential is your openness to learn from your missteps, to communicate with your team openly about them, and to find collective solutions. Every mistake you make and learn from brings you one step closer to becoming not just a competent engineer but also an invaluable team player.

I hope you will find this book not just a guide to mastering Git, GitHub, and DevOps, but also a mentor in your professional growth. As you turn these pages, you’ll encounter real-world scenarios, practical exercises, and insights that will illuminate the path ahead. You’ll learn how to navigate the complexities of team collaboration tools, manage code in a shared environment, and streamline your development process.

Welcome to a journey of continuous learning, improvement, and collaboration. Welcome to the world of Git, GitHub, and DevOps mastery.

Who this book is for

This book is a comprehensive guide for those stepping into the dynamic world of DevOps, specifically tailored to cater to diverse roles within the industry. The book’s target audience encompasses the following:

What this book covers

Chapter 1, DevOps and Developer Experience – Entering the World of Modern Development, introduces DevOps and developer experience, highlighting their significance in modern software development. It provides foundational knowledge about these concepts, tools such as Git and GitHub, and their role in enhancing development processes.

Chapter 2, Getting Started with Git, offers a practical introduction to Git, emphasizing both its basic usage and the communication aspects essential for team development. It covers file management, branching, and the principles of collaboration in a Git-enabled engineering environment.

Chapter 3, Advanced Git Usage for Team Collaboration, focuses on advanced collaboration techniques. This chapter teaches how to manage commit history, handle complex branches, and resolve merge conflicts. It underscores strategies for effective code base management to boost team productivity.

Chapter 4, Elevating Team Collaboration with GitHub, explores GitHub’s role in DevOps, going beyond its identity as a code hosting platform. It covers GitHub features crucial for teamwork and collaboration, transitioning from traditional systems to modern DevOps practices.

Chapter 5, Driving CI/CD with GitHub, is an in-depth exploration of GitHub Actions. This chapter covers its core concepts, workflow optimization, and advanced deployment strategies such as blue-green and canary deployments, as well as feature release strategies.

Chapter 6, Enriching DevOps Implementation, takes a comprehensive look at DevOps, discussing the importance of metrics, the integration of security practices (DevSecOps), and strategies for scaling collaboration within organizations.

Chapter 7, Accelerate Productivity with AI, focuses on AI in software development. This chapter delves into tools such as GitHub Copilot and best practices for coding with AI assistance, including effective prompt crafting and AI-friendly programming principles.

Chapter 8, Reflection and Conclusion, reflects on the transformations brought about by technologies such as Git, GitHub, DevOps, and AI in software development, and considers the future impact of AI on software engineering practices.

To get the most out of this book

This book will involve working with commands in the terminal to understand Git more fundamentally. It is a good idea to have a beginner’s level understanding of terminal commands.

Software/hardware covered in the book

Operating system requirements

Git

Windows, macOS, or Linux

GitHub

Windows, macOS, or Linux

You will need a working environment with the latest Git version and a GitHub account to not only read this book but to really experience it.

Instructions for installing Git can be found in the book’s Git Repository (a link is available in the next section).

If you are using the digital version of this book, we advise you to type the code yourself or access the code from the book’s GitHub repository (a link is available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

Download the example code files

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/DevOps-Unleashed-with-Git-and-GitHub. If there’s an update to the code, it will be updated in the GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “For release preparation, a release branch is created from the develop branch.”

A block of code is set as follows:

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

Any command-line input or output is written as follows:

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “By clicking Explore workflows, You will get to the marketplace page and can look for GitHub Actions.”

Tips or important notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share your thoughts

Once you’ve read DevOps Unleashed with Git and GitHub, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781835463710

Part 1: Foundations of Git, GitHub, and DevOps

This part on modern software development begins by introducing DevOps and developer experience, underscoring their importance in today’s development landscape and offering foundational knowledge and theories. Then, it provides a hands-on introduction to Git, covering its basic functions and highlighting the communication aspects vital for team collaboration, including file management and branching. Finally, the discussion deepens to encompass advanced Git methodologies tailored for team collaboration, such as managing commit histories, handling complex branches, and resolving merge conflicts, all aimed at enhancing team productivity and effective code base management.

This part has the following chapters:

1

DevOps and Developer Experience – Entering the World of Modern Development

In this chapter, we will cover two main topics. First, we will address what DevOps is, the main subject of this book. Next, we will delve into developer experience, a strategy essential for maintaining and continually achieving success in DevOps within an organization. Within this context, we will also introduce the tools, Git and GitHub.

This chapter serves as a compass for those about to embark on learning about DevOps, tools, and collaboration practices for DevOps. It will establish foundational knowledge on the positioning of these concepts and practices and how they can enhance your development process.

We will cover the following main topics in this chapter:

DevOps – Accelerating the development cycle by reducing friction

Let’s get started by learning theDevOps fundamentals.

The world of technology has various terms. At times, such terms can be abstract, and people tend to apply various interpretations to a specific framework. DevOps is no exception. Additionally, when referring to DevOps, considering perspectives from an individual, team, and the entire organization can sometimes make it unclear how various components interact with each other.

We will review the basics of DevOps, clear up misconceptions, and touch on some of its typical practices. Now, before we dive into what DevOps is, let’s talk about how things used to be in the past.

Background on DevOps

Back in the day, software was essentially something you installed. So, for a product development team, all you needed were engineers who could develop and test it. Speaking of testing, it was all about squashing bugs before the release. Just imagine it for a moment; it was similar to the release of early video games, much like the Nintendo Entertainment System (NES) era. Once a game was shipped on a cartridge, there was no opportunity for updates or adding new features. Bugs that shipped with the game remained with the consumer forever. However, with the emergence of the Apache HTTP Server and the shift toward network communication, the need arose for IT Operations to manage this new paradigm.

In many cases, the IT Operations team specialized in IT operations. Their tools, culture, and even their objectives were different from those of the development team. The development team wanted to add features, while the IT team considered system stability their top priority. This was a contradiction.

Moreover, in the divided world of these two teams, when it came to deployment, it felt like tossing code over the wall. Developers would toss a perfectly deployable artifact to the IT Operations team on the other side of the wall. However, for some reason, the IT Operations team would receive something incomplete and non-functional for the production environment, leading to exhaustion as they struggled to deploy and maintain it somehow:

Figure 1.1 – Engineers tossing code over the wall

In recent years, there has been remarkable technological advancement, and its influence has permeated well beyond the realm of software, touching virtually every industry. Why is this the case? This is because software development plays a pivotal role in the strategies of organizations, regardless of their size, in modern business management. Companies affected by this technological wave find themselves in a competitive landscape where the focus is on delivering swift, cutting-edge, and reliable products to their customers.

Despite the possibility of significant changes in market conditions and customer needs in less than a year, releasing software only a few times annually is not sufficient. We cannot afford delays in software releases due to friction between internal silos. A silo denotes an isolated system, process, or department that lacks integration or communication with other parts, potentially causing inefficiencies. We must find a way to streamline the process from product development to operation. This is where a completely new development methodology, organizational structure, and culture come into play.

DevOps emerges as a methodology born from this very scenario. It represents a fusion of development and operations, where development and operations teams collaborate as a unified entity to instill a shared culture, refine processes, and deploy tools, all in the pursuit of expediting releases, enhancing overall product quality, gathering customer feedback, and ultimately providing better and faster service to customers. This, in turn, leads to more effective market performance.

What is DevOps?

The term DevOps is a blend of the words Developmentand Operations.

So, is DevOps simply about fostering collaboration between the development and operations teams?

While that’s part of the story, the reality is often more complex. There’s usually a disconnect between these two teams, each having their unique priorities and objectives. Merely bringing them together may enhance their relationship and mutual understanding to a degree, but that’s often insufficient for effective collaboration. In essence, DevOps transcends just integrating roles or teams; it represents a broader cultural shift within the organization. It is about aligning priorities, streamlining workflows, and, ultimately, breaking down silos that hinder effective communication and progress.

In brief, DevOps is the union of people, process, and tools to continually provide value to end users and is fundamentally a cultural shift:

Figure 1.2 – DevOps is the union of people, process, and tools

“I see. I understand. DevOps is all about people, process, and tools.”

Many people think they understand it here and move on to implementing an automation pipeline for DevOps. But wait. Simply replacing these elements alone will not ensure the success of a DevOps initiative. For DevOps to be successful, you need to know more about what it is, what it is not, and why it is.

In reality, the definition of DevOps is quite broad. Consequently, the concept of Dev*Ops, an extended form of DevOps, has been rapidly expanding recently. Various derivative approaches such as DevSecOps and BizDevOps have been proposed, leading to a multitude of perspectives on what DevOps encompasses.

Unfortunately, there is no universally accepted, precise definition of DevOps, and how to do something called DevOps is answered differently by different people. Consequently, misconceptions and inaccurate interpretations about DevOps are common, often leading to disputes. And sometimes, people do not want to talk about it when it comes time to talk about doing DevOps, even though it is so important!

Figure 1.3 – DevOps is like the elephant in the room that often goes unaddressed

What is NOT DevOps?

Often, when defining what DevOps is, it might be easier to indicate what is NOT DevOps rather than trying to specify what DevOps truly is. Let’s clear up a typical misunderstanding here.

DevOps is NOT just about a tool, technology, or product

There are numerous tools available in the market that can be applied to DevOps. Many cloud and tool vendors promote them by saying, “With this tool, you can build a DevOps workflow,” or “This tool is essential for a DevOps team.”

When many people hear the term DevOps, some of them think of cloud technologies such as Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP), or technologies such as Docker and Kubernetes. Furthermore, Kubernetes’ ecosystem also includes many components such as Istio, Flux, Helm, Envoy, and Prometheus. There are several platforms, including GitHub Actions, CircleCI, and Jenkins, that facilitate continuous, fast, and frequent releases. The world of monitoring tools is equally diverse. If you are not yet acquainted with these names, it might take some time to understand their nuances and benefits.

However, even if you master these tools and follow well-known architectures or success stories, that does not mean you have achieved DevOps. Because people and process always exist behind the tool, and just changing tools will not change them.

In reality, it is not uncommon to see waterfall-style development even while using tools branded with the name DevOps. Respecting existing complex company rules by inserting multi-step approval processes into automated workflows, restricting customer releases to once every 3 months to avoid changing accounting or security checks, or having the infrastructure team manage containers created by the app team using a platform built with the modern orchestration system, Kubernetes—doing all these things will only increase the operational burden and confusion rather than creating business value.

Ultimately, achieving significant business goals and transformations requires changes in people, organizations, and processes. Then, is DevOps about transforming individuals and organizations?

DevOps is NOT just specific individuals, teams, or roles

DevOps is a reality, but the term itself is somewhat of a buzzword. Companies hire engineers for these new activities with titles such as DevOps Engineer or DevOps Architect, and they even refer to their teams as DevOps teams. People who think they cannot do DevOps themselves may even make the mistake of trying to outsource DevOps to DevOps partners.

When you look at this situation, it might seem like DevOps refers to specific individuals, teams, or roles, but that’s not the case. In many instances, these terms simply refer to roles such as super infrastructure engineers, super developers, or just cloud engineers.

Companies do this because, in order to respond quickly to evolving business needs and achieve rapid releases, they require new technologies and automation. Moreover, they often have to manage complex platforms that include both existing and new components. This includes making the most use of GitHub Actions, which is covered in this book. Areas that used to involve manual installation in the infrastructure domain, configuration through screens, or CLI operations now require to be under version control with Git and the configuration and management of automated workflows.

However, in practice, DevOps deals with even more complex matters. It is not just about mastering these tools and technologies or configuring roles for them. In reality, it requires strong leaders who can lead transformation within existing systems and organizations. Often, they engage in actions that go beyond the broad framework of DevOps. Many of the individuals I have seen who have truly achieved DevOps are pursuing larger goals rather than just the implementation of DevOps.

DevOps is essentially a journey to transform organizations that deal with a variety of complex technologies and products, and it is not about simply adding people with new skills to existing teams or changing team or job definitions.

So, if DevOps is not merely a tool nor solely about people and organization, does a process specifically termed DevOps exist?

DevOps is NOT just a process

DevOps teams often engage in iterative development over short cycles of 2-3 weeks, commonly called sprints, and hold stand-up meetings every morning. This is true, and by adopting DevOps, you may incorporate processes that adhere to Agile process and Scrum best practices. These are methodologies in software development that divide each functionality into smaller parts and drive development through numerous short cycles.

So, is DevOps an evolved concept of Agile or Scrum, or does it encompass them? The answer to this question is both yesand no.

DevOps broadens the scope to not just focus on software development like Agile, but also extends to the release of software, gathering feedback, and improvements. These principles and philosophies apply throughout the Software Development Life Cycle (SDLC). Teams focus on the entire life cycle of the product, not just on developing new features or designing web components:

Figure 1.4 – The eight phases of a DevOps life cycle

However, the ultimate goal of DevOps is not to introduce a new process itself.

DevOps has a wide range of practices. Specific practices will be elaborated on from Chapter 5 onward, but not all these practices can be equally applied to every team. For example, an environment that needs to deploy applications to numerous servers such as Microsoft is different from a situation where a small application is deployed to an EC2 instance. The practices to be applied also differ between a service with a user base of 1 million and a service with a user base of 1,000.

Let’s consider Agile, quoting from Andy Hunt’s blog:

Agile methods ask practitioners to think, and frankly, that’s a hard sell. It is far more comfortable to simply follow what rules are given and claim you are “doing it by the book.” It is easy, it is safe from ridicule or recrimination; you will not get fired for it. While we might publicly decry the narrow confines of a set of rules, there is safety and comfort there. But of course, to be agile or effective is not about comfort.

This idea applies to DevOps as well. In order to frequently and swiftly release customer-centric developments, offer a reliable service, and ultimately make a significant impact on the business, you need to tackle problems from a broader perspective than just tools, people, and process.

DevOps is culture

So, DevOps is more than just a fusion of development and operations, specific roles, processes, tools, technology, or products. But, people often simplify it as people, process, and tools.

So, what is DevOps, really?

Let’s turn to the words of Patrick Debois, a prominent figure in the DevOps community, for clarity:

My current definition of Dev*Ops: everything you do to overcome the friction created by silos ... All the rest is plain engineering.

In today’s era of cloud technology, both cutting-edge companies and traditional enterprises, along with start-ups, can readily access the same environments. Even AI-powered tools are available at an affordable cost.

Ultimately, what hinders your team and business progress is friction, and this friction often arises within silos that encompass people, process, and tools.

DevOps, at its core, represents a cultural shift and an approach designed to eliminate friction among the silos within an organization. It entails a shift in mindset, habits, and culture.

DevOps principles

So, what exactly constitutes a DevOps culture? Let’s delve into the core principles of DevOps to gain a more comprehensive understanding of what this culture truly entails.

Customer-centric

Every action in every process should aim to provide value to the customer.

Focusing on the customer while building and maintaining software enables quicker and more relevant feature delivery. Short feedback loops contribute to fine-tuning the product in alignment with user needs, reducing risks, and maximizing value at the lowest possible cost. By focusing on the customer’s needs, the ultimate goal becomes efficiently solving real-world problems, making it easier to prioritize tasks, manage backlogs, and streamline resource allocation, making operations efficient and cost-effective. Ultimately, this sets the stage for long-term business success by better meeting market demands and user expectations.

In DevOps, being customer-centric is not just a catchphrase; it is a necessity.

Creating with the end in mind

Understanding customer needs and addressing real-world problems should take precedence over operating on mere assumptions. This advocates for a holistic strategy where teams synchronize both developmental and operational tasks to satisfy customer requirements. This includes a grasp of the product’s entire life cycle, from its inception and development through to its deployment and ongoing support, making certain that the final deliverable genuinely benefits the end users.

Neglecting customer needs from the beginning can result in a technically impeccable product that, nonetheless, misses the mark in terms of user satisfaction and problem-solving capability. This principle acts as a constant cue to align all technological endeavors with business goals and user expectations, ensuring that the final product is not only functional but also valuable and relevant to the audience.

Cross-functional autonomous teams

At the core of successful DevOps implementation is the indispensable strategy of forming autonomous, cross-functional teams. Unlike traditional engineering setups, where developers, operations, and Quality Assurance (QA) specialists operate in distinct compartments, DevOps champions the dissolution of these barriers. The key takeaway here is not just the formation of diverse teams but making these teams autonomous—capable of overseeing a product or feature from inception to delivery.

Why is this essential? The answer lies in agility and efficiency. When a team possesses a range of skills, from coding and testing to deployment and design—and even a nuanced understanding of the business—the speed of decision-making accelerates. This replaces the sluggish and cumbersome chain of command inherent in hierarchical systems with a culture of prompt, accountable action.

The elimination of these organizational bottlenecks not only speeds up the workflow but also cultivates a culture of ownership and accountability. The team does not have to wait for external departments or higher-ups to make decisions; they have the collective skill set and the empowerment to address challenges head-on.

By dissolving silos that often cause friction within organizations, autonomous, cross-functional teams serve as the linchpin for smooth DevOps operations. The result is a streamlined process that facilitates quick responses to changes and fosters a culture of collaboration and responsibility. This is not just a nice-to-have feature of modern engineering; it is a foundational strategy for any enterprise aiming to successfully implement DevOps.

Continuous improvement

Continuous improvement serves as the bedrock of DevOps, offering both technical and cultural advantages that are indispensable for modern software development and operations. On the technical side, it enables qualities such as reliability, adaptability, and efficiency of software delivery processes through ongoing analysis of performance metrics and utilization of automated workflows. These features not only make the end product robust but also contribute to resource optimization and quicker feature delivery. Culturally, continuous improvement fosters a collaborative environment, ensuring accountability, encouraging a learning culture, and ultimately aiding in the breakdown of organizational silos. It also aligns strategically with improved developer experience.

The importance of continuous improvement becomes even clearer when viewed through the lens of feedback loops, which act as the nervous system of the DevOps life cycle. These loops enable real-time monitoring and provide actionable metrics that feed directly into continuous improvement initiatives. By regularly assessing system performance, user engagement, and other Key Performance Indicators (KPIs), organizations can quickly adjust their strategies and ensure long-term success. This dynamic, data-driven approach is essential in today’s fast-paced technology landscape, making continuous improvement not just a best practice but a fundamental requirement for competitive survival.

Automation

In traditional development models, development and operations have often been two separate silos. The developers focused on writing code and building applications, while operations focused on deployment and maintenance. This disjointed approach often led to delays, inefficiencies, and friction between the two teams.

Continuous Integration/Continuous Delivery (CI/CD) emerged as the crucial bridge to connect these two worlds. With CI, code changes from multiple contributors are frequently merged into a shared repository, where automated tests are run to detect errors and inconsistencies as swiftly as possible. This encourages a more collaborative environment by making it easier to identify issues early in the development cycle. CD ensures the code is always ready for deployment, eliminating lengthy freeze periods where no new features could be added because a release was pending.

Manual processes are not only prone to errors but also act as a significant drag on speed and efficiency, the very issues DevOps aims to resolve. Before automation was broadly adopted, system admins would manually configure servers, a cumbersome and error-prone process. Also, developers would often find it challenging to replicate the ops environment for testing, leading to the notorious “It works on my machine” syndrome.

Automation, in this context, is not a luxury but a necessity. Automated scripts handle tasks from code testing to deployment, ensuring that the process is as standardized as possible, thereby eliminating many of the errors and delays associated with manual intervention.

Soaring to excellence in DevOps practices

The basic concept of DevOps has been covered so far. In fact, the concept of DevOps has been continuously evolving. Some concepts are positioned as what should have been originally included or what was originally included but have not been discussed. These may carry different labels than DevOps.

Let’s look at some particularly important ideas within this context. These are beneficial concepts to incorporate into the culture of DevOps.

DevSecOps

DevSecOps is an approach that integrates security elements into the DevOps framework. In this methodology, security is considered a crucial aspect from the initial stages of development. The aim is to deliver software that is both efficient and secure in a timely manner.

Traditionally, security was often handled by separate specialized teams and was generally addressed in the final stages of the development cycle. Many instances occurred where vulnerabilities were identified post-development, causing delays in software releases. By adopting a shift-left approach to security, it is possible to significantly reduce the cost of corrections. In the DevSecOps context, shift-left refers to the practice of integrating security measures earlier in the SDLC, ideally during the design and development phases. By addressing security concerns from the outset, teams aim to identify and mitigate vulnerabilities more efficiently, reducing the costs and risks associated with late-stage fixes. The shift-left approach emphasizes proactive security rather than reactive, ensuring that applications are secure by design. The remediation costs for security issues that emerge during the operational phase can be prohibitively high. Moreover, this late-stage focus puts customer data at risk and can harm a company’s reputation.

According to the National Institute of Standards and Technology (NIST), addressing flaws during the production phase can be 30 times more costly, and this cost can escalate to 60 times more when dealing specifically with security-related defects:

Figure 1.5 – Graph of the relative cost to fix bugs based on time of detection provided by NIST

What stands out in DevSecOps is the concept of treating security not as an endpoint but as a continuous state. For example, in the past, it was common to do static code analysis or check off security considerations in a security sheet during releases or technical adoptions. However, as release cycles have accelerated and technology continues to evolve rapidly, manually checking all security aspects each time has become impractical. DevSecOps addresses this issue by employing automated tools to ensure a continuous state of security. This allows for rapid response when new vulnerabilities are discovered.

In this sense, DevSecOps could be defined as integrating security processes and tools into the DevOps process, creating a culture in which developers can also consider security, treating security as a state rather than an artifact at a specific point in time, and creating a state in which processes, environments, and data are always preserved so that security and innovation can be compatible.

DevSecOps is particularly critical for companies that utilize Open Source Software (OSS). Nowadays, most businesses actively use some form of OSS, and this software may contain unknown vulnerabilities. By incorporating DevSecOps principles and checking for these in workflows on a weekly basis, it is possible to detect these vulnerabilities early on and quickly make corrections:

Figure 1.6 – DevSecOps emphasizes security within the DevOps life cycle

Overall, DevSecOps aims to incorporate security throughout the development-to-operations life cycle, facilitating more secure and efficient software development. This integrated approach allows for the coexistence of business and security.

Infrastructure as Code

Infrastructure as Code (IaC) is a methodology for managing and provisioning system infrastructure, including network configurations and server settings, through code. This is automated by specialized configuration management software. Traditionally, tasks such as server setup and network configuration were performed manually by humans, following procedural documents. This manual approach posed several problems, including the complexity and time-consuming nature of the tasks, a high risk of human error, and potential inconsistencies between procedural documents and the actual environment. These issues become particularly exacerbated in large-scale systems, making manual management unsustainable.