SKILup Day: CI/CD Event Recap
SKILup Day: CI/CD on April 21, 2022, offered a day full of sessions, yoga, networking, a sponsor hall and even a DevOps-inspired mixology class! The one-day virtual conference featured “how-to” lessons and insight from speakers Bill Manning, BMK Lakshminarayanan, Bryan Finster, Carl Caum, Dan McKinney, Logan Donley, Manuel Schuller, Paul Bruce, Pawel Piwosz, Samer Akkoub, Tracy Bannon, Tracy Ragan, Turja Narayan Chaudhuri, and Vishnu Vasudevan.
If you missed the CI/CD SKILup Day, never fear! We’ve got you covered with a round-up of the top themes from the sessions and conversations around this incredibly important topic.
Why Devote a Full Day of Learning to CI/CD?
Most of us have implemented some level of Continuous Integration and Continuous Delivery. We might believe we have it all sorted out, but research shows we still have much work to do, particularly in security and deployments. In addition, a cloud-native architecture utilizing microservices will disrupt CI/CD as we know it.
SKILup Day speakers covered several trending themes, including securing your pipelines, effectively planning CI/CD, and leveling up your processes for the future of CI/CD. We’ll review the key discussion points that emerged throughout the day in this post.
Planning and Setting Up CI/CD Pipelines
A key theme among speakers at this SKILup Day was introducing the audience to various aspects of planning for CI/CD.
DevOps Institute Ambassador Samer Akkoub of Gitlab shared best practices and advice during his session, “6 Tips for Building Agile CI/CD Pipelines.” Akkoub explained how to make pipelines faster, easier to manage, and more reusable, using tips and hints on how to best structure the DevOps Pipeline. He also shared insight into pitfalls to avoid, including monolithic pipelines.
During the session, “How to Integrate the Software Bill of Materials Into the CI/CD Process,” DevOps Institute Ambassador Manuel Schuller of Wipro presented that the Bill of Material (BoM) is not just the knowledge needed to recreate a particular release. Rather, in DevOps, it is all of the application and environment information, tools, and specific branch and version of the software built, typically stored in an escrow account. Schuller explored how a BoM can be built, how it integrates with CI/CD process, and what are the characteristics, market standards and the purpose of the BoM. He also gave insight into market standards and trends for managing the BoM.
DevOps Institute Ambassador Pawel Piwosz of EPAM Systems explored the “architecture of CI/CD” during his session, “Best Practices for Planning CI/CD at the Enterprise Level.” Piwosz did a deep dive on CI/CD design processes for the project, team and organization. He also addressed how to talk with Stakeholders about CI/CD when designing the backbone of a DevOps-driven organization.
Looking for more CI/CD inspiration? Read: CI/CD Round-up: 5 Key Insights from Industry Experts
Securing CI/CD Pipelines
Various sessions also detailed how to secure CI/CD pipelines.
In 2021, there was a 650% increase in software supply chain attacks. Bill Manning of JFrog said, “Gone are the days of developers finding libraries to do their jobs without the thought of consequence. While the best place to stop this is at the developer level, with methods like “shift left,” you need to ensure that your CI/CD pipeline is protected.” In his session, “Oh No, Another Vulnerability! Securing Your Pipeline Builds and Deployments,” Manning detailed how to ensure that your binaries are safe and compliant without affecting development velocity. He emphasized that “better builds lead to more secure software.” He then discussed the fastest and easiest way for Root Cause Analysis (RCA) and remediation.
Vishnu Vasudevan of Opsera shared key insights in his session, “How to Integrate Security and Quality Into Your CI/CD Pipelines and What KPIs to Measure.” Vasudevan presented how Developers can take security and quality into their own hands, empowered by automation tools. He dove into how to seamlessly integrate security and quality into your CI/CD pipeline, add approval gates at every step of the pipeline, and reduce vulnerabilities and improve collaboration with the right KPIs.
Dan McKinney of Cloudsmith shared practical tips and advice during his session “The Future is Continuous: Integration, Packaging and Delivery.” He highlighted software supply chain security implications for CI/CD processes and pipelines. He shared software supply chain security implications for CI/CD processes and pipelines. He explained what it takes to secure, build and deploy software pipelines, followed by an introduction to “Continous Packaging.”
Get Certified: DevOps Engineering Foundation
Upskilling for the Future of CI/CD
Many speakers explored what the next generation of CI/CD will look like in the future.
In the session, “Introducing Preview Environments Into Your CI/CD Pipelines,” Logan Donley of CloudBees highlighted how live previews could take your CI/CD process to the next level. He said, “you’ll learn that adding these preview environments to your workflow is easier than ever.” He then demonstrated how to implement preview environments and important considerations when adopting live previews.
DevOps Institute Ambassador Turja Narayan Chaudhuri of EY GDS shared real-world experience during the session, “Google Uses Monorepo, and I Don’t – Here’s Why.” In his session, Chaudhuri indicated that repository structure is one of the most important decisions that an engineering team needs to make. He explained that teams tend to follow a similar pattern in most enterprises as to their choice of mono-repo VS multi-repo. Google switched to mono-repo, which means all their projects and code is stored in a single, large repository. He then shared real-life examples and experiences from implementing these topics, the context, challenges, and advantages of each of the two approaches.
Paul Bruce of Tricentis presented the session “Transform Your Continuous Testing with (Open)Telemetry.” Bruce shared practical advice and tips on getting started using OpenTelemetry in your code bases and explained how OpenTelementry applies to both software systems and testing processes. He said, “except for instrumented unit testing, it’s often hard to know exactly what’s going wrong when your tests fail, especially when our systems are now highly distributed and involve multiple APIs, micro-frontends, and 3rd-party services.” He also argued that versioning across these dependencies and complex rollout processes further obfuscates what is going wrong when tests fail. He proposed that additional context dramatically improves actionable outcomes of testing.
Finally, Tracy Ragan of Deploy Hub shared key insights during the session, “Software Supply Chain Principles for Cloud-Native Architecture.” Ragan pointed out that microservices have become the raw material across organizational siloes, impacting project management, development, DevOps pipelines and security. She then dove into principles to consider when beginning to address the hardening of a software supply chain across the organization, automated via pipelines.
Graphic Summaries
For a quick recap, check out the sketches below.
What’s Next?
There are plenty of events, webinars, and in-person opportunities on the calendar. Check out the full DevOps Institute event calendar: https://www.devopsinstitute.com/events/
Get DevOps Certified
Now more than ever, organizations need DevOps professionals with validated skills and knowledge to support their digital transformation. At DevOps Institute, we have identified nine core competencies and offer eleven certifications to help advance your DevOps career and grow professionally.
DevOps Institute offers various certifications that explore CI/CD practices. Learn more and get certified: https://www.devopsinstitute.com/certifications/
Access even more resources by becoming a member of DevOps Institute today.