Defining Standard Policies for a�Common DevOps Pipeline
Fatih Degirmenci
Principal Developer, Ericsson Software Technology
Co-chair, SIG Interoperability, Continuous Delivery Foundation
Technology Transformation
Continuous Delivery Ecosystem
Sample Pipeline
µService Pipeline
SCM
SCM
SCM
Team A
Team B
Team C
µService A
µService B
µService C�Pre-merge Activities
µService A
µService B
µService C�Post-merge Activities
SCM
SCM
SCM
Registry
Americas Rollout
EU Rollout
Static Code Analysis�Unit Test
Build
Dependency Scanning
Build
Smoke Tests
Performance Tests
Security Analysis
Canary Deployment
A/B Testing
Example Checks in Sample Pipeline
µService Pipeline
SCM
SCM
SCM
Team A
Team B
Team C
µService A
µService B
µService C�Pre-merge Activities
µService A
µService B
SCM
SCM
SCM
Registry
Americas Rollout
blocklist
privileges
ports
day/time�date
regulations
?
!
quality checks
EU Rollout
µService C�Post-merge Activities
Considerations
Quality
Security
Regulations
Functionality
Velocity
Innovation
Developer Experience
Business
Notes on Policy
Policy and Technology
Policies are defined by business
Technology deals with the implementation
Policy Driven CI/CD
µService Pipeline
SCM
SCM
SCM
Team A
Team B
Team C
µService A
µService B
µService C�Pre-merge Activities
µService A
µService B
µService C�Post-merge Activities
SCM
SCM
SCM
Registry
Americas Rollout
EU Rollout
Policy Framework
blocklist
privileges
ports
day/timedate
regulations
quality checks
Pipelines with Multiple CI/CD Technologies and Policy
µService Pipeline
SCM
SCM
SCM
Team A
Team B
Team C
µService A
µService B
µService C�Pre-merge Activities
µService A
µService B
µService C�Post-merge Activities
SCM
SCM
SCM
Registry
Americas Rollout
EU Rollout
CI/CD Technology X
CI/CD Technology Y
blocklist
privileges
ports
day/timedate
regulations
quality checks
Interactions with External Systems
µService Pipeline
SCM
SCM
SCM
Team A
Team B
Team C
µService A
µService B
µService C�Pre-merge Activities
µService A
µService B
µService C�Post-merge Activities
SCM
SCM
SCM
Registry
Americas Rollout
EU Rollout
External System
privileges
ports
day/time
regulations
CI/CD Technology X
CI/CD Technology Y
blocklist
quality checks
Challenges with Policy
Culture
Shared Understanding
Terminology
Best Practices
Focus
Technology
Interoperability
Adaptability
Policy Development and Lifecycle
3rd Party Systems
Addressing Challenges Collaboratively
SIG Interoperability
SIG Best Practices
SIG Events
End User Council
CDF SIG Interoperability – Policy Driven CD
Conclusions
Links
Thanks!