My team has this one shared component that gets involved in like every feature’s development. This year, we’re loading like 5 different features onto it, all with different timelines, and my head’s about to explode trying to figure out how to make it all fly.
How does everyone else do their software releases? Do you freeze prod and then do one big release later? Throw everything into prod during dev, hope no one sees the unreleased stuff, and just announce it later? Or something else entirely?
Don’t you have some sort of staging?
Typically there should be at least one stage before prod that is entirely internal and where all the components get combined for the first time.
Otherwise, if a new feature is added, it should be done in a way, that doesn’t affect components that don’t use the feature (yet). Of course that’s not always possible, but should be the aspiration. In that case, you could deploy a new version without affecting any other services.
Yeah we have a test stage where everything is mixed together. It’s just that we directly promote that test stage to prod so we can’t really separate all the features back out for prod without cherry-picking. The other idea we came up with was just letting test flow to prod and locking WIP stuff behind feature flags. I don’t think the security people would like that idea very much though…
…so you don’t have a test stage.
A test stage is for testing. If it’s not working there, it’s not going to prod.
Why not? How do your feature flags work?
Our flags are dynamic. Service basically reads them from an env var at runtime to determine if requests go through.
Security, at my place at least, has been very conservative about not launching stuff into prod until they’ve pentested in our test stage which has kinda forced us to do waterfall :|
Sounds rough. My fiancé does security, and from what I’ve gathered from him, the best time for security to get involved is at the design stage. They look over the proposal, give their input, and then nobody’s surprised at release time, and teams can follow agile practices. Obviously there’s still a review of the final product, but that can be done asynchronously after the fact to confirm that best-practices were followed.
Easy to say, hard to put into practice. Certainly depends on the kind of service your business provides.