This is the final installment of our series covering the DevOps Fundamentals: Implementing Continuous Delivery (LFS261) training course from The Linux Foundation. So far, we have looked at:
This time we’ll cover automated testing. There are nine principles; these are based on work by Elisabeth Hendrickson, Pivotal’s Vice President of Data R&D, who did a brilliant presentation on Agile testing overview.
This is a very important part of the Continuous Delivery pipeline, and an important way of thinking about how things need to be done.
Change the adversarial mindset to a collaboration mindset.
Change the dev then test mindset to test and dev mindset.
Instead of having a test team, you have an everyone tests team.
Test early, test often, and shorten the feedback loop.
Tests should have reasonable expectations.
Fix bugs when you find them.
Reduce test documentation, automate the expectation.
Done means released and tested.
Test implement vs. implement test
Test-driven development (TDD) means you write tests before you write the code. Tests should always be running. That includes every commit, nightly functional testing, smoke tests and stability testing, performance testing, zero configuration, zero downtime, and more. Watch the following video for details:
Now let’s see how automated testing plays out. In the full training course, we talk about system testing, performance testing, load testing, security testing, even configuration management, like behavior-driven testing (BDD). The point is that there is a lot of opportunity for testing, and the list goes way beyond this.
In the example of Google, as shown in the video below, there are some interesting statistics from a few years ago related to automated testing. They have 4,000+ projects in active development, with 5500+ code submissions per day, and more than 75 million test cases run daily — that number is more than 100 million now.
Another area that is really getting hot is DevSecOps. There is a lot there: security testing, SQL injection, cross-site scripting, unprotected redirects, remote code execution — all the things that need to be caught in a post- or pre-deployment.
It used to be that software bugs were evaluated by one group, and another group evaluated security bugs, or security vulnerabilities, or security defects. Now, everything is in the same place. It includes both the delivery of software and the security in the pipeline as it is happening. DevSecOps is a hot topic, and there’s some fascinating stuff going on all over the globe with this.
That wraps up our series previewing the DevOps Fundamentals training course. You can, of course, watch the video below for more details, and you can access all the free sample chapter videos now.
This course is written and presented by John Willis (@botchagalupe), who has worked in the IT management industry for more than 35 years.