Steady Integration/Steady Supply (CI/CD) software program – that means options that groups use to construct, take a look at and deploy functions – has come a good distance over the previous decade. Whereas organizations as soon as cobbled collectively CI/CD pipelines utilizing disparate open supply instruments, they now have a plethora of end-to-end, vendor-supported enterprise CI/CD platforms that they’ll use as a substitute. As a result of these options provide all the pieces groups have to ship software program, they’re easier to deploy and handle.
But, whereas there are clear advantages to adopting an enterprise CI/CD platform, migrating to at least one might be troublesome. It poses a variety of challenges, equivalent to the danger of CI/CD pipeline downtime and safety and compliance challenges.
That’s why companies migrating to newer CI/CD options ought to method the method with an in depth, step-by-step plan. Right here’s a have a look at the challenges to navigate, together with recommendations on the right way to make CI/CD migration as clean as attainable.
To floor the dialogue, I’ll deal with migrating to GitHub Enterprise, a CI/CD platform from GitHub, the software program growth platform now owned by Microsoft. GitHub Enterprise is the choice that I’m seeing increasingly more companies select in my work serving to corporations to modernize their IT and software program supply practices.
Challenges to GitHub Enterprise migration
As a complete CI/CD platform that’s accessible as a completely hosted answer, GitHub Enterprise is comparatively simple to make use of when you’ve migrated to it. The problem, although, is getting your code into the platform, together with making the method adjustments mandatory to start utilizing the answer rather than a legacy CI/CD suite.
Specifically, count on to face challenges that embrace:
- Software supply delays: A drawn-out, time-consuming migration course of interprets to downtime for CI/CD operations – which signifies that your builders gained’t have the ability to push out software updates. This will in the end hurt the enterprise as a result of customers aren’t receiving characteristic enhancements whereas your CI/CD pipelines are in transition.
- Efficiency dangers: Failure to decide on the fitting GitHub Enterprise deployment technique, and to configure the answer in an optimum means, may decelerate CI/CD efficiency and cut back developer productiveness because of points like inadequate infrastructure assets for constructing and testing functions.
- Coaching necessities: Expert software program builders can sometimes be taught to make use of a brand new CI/CD platform simply sufficient, however there’s nonetheless an upskilling requirement. It’s necessary to not overlook the necessity to present builders with time to be taught GitHub Enterprise (or whichever answer you might be migrating to).
- Safety and compliance: To mitigate dangers just like the injection of malicious code into your functions, it’s crucial to implement entry controls in the course of the migration course of that forestall unauthorized customers from accessing the brand new CI/CD platform.
Finest practices for a clean GitHub Enterprise migration
The excellent news is that with the fitting method, migrating to GitHub Enterprise or an analogous CI/CD platform doesn’t need to be risk-prone. The next finest practices may also help to streamline the method.
1. Select the fitting internet hosting possibility
Like many CI/CD platforms, GitHub Enterprise is out there in two fundamental kinds: A totally managed, cloud-based possibility and a model that customers can set up and handle utilizing their very own infrastructure.
Usually, the totally managed answer tends to be the higher alternative as a result of it considerably reduces setup and upkeep effort on the a part of customers. Nonetheless, the self-hosted possibility could also be higher for organizations that want better management over their CI/CD atmosphere. This tends to be very true for companies in verticals like finance and insurance coverage, the place safety and compliance mandates could also be simpler to satisfy when the group runs CI/CD software program by itself infrastructure (and subsequently has better management over how delicate knowledge is managed and secured).
2. Configured granular entry insurance policies
Like most trendy CI/CD suites, GitHub Enterprise offers entry management options that companies can use to find out who can do what inside CI/CD instruments. For instance, you can provide some builders read-only entry to supply code, whereas permitting others to switch it. GitHub Enterprise additionally helps environment-based entry settings, that means you’ll be able to configure totally different ranges of entry for a similar customers throughout dev/take a look at and manufacturing environments.
As a finest observe, reap the benefits of these granular entry management choices by assigning totally different entry rights to every crew that makes use of your CI/CD platform. For instance, you may need an admin crew whose privileges prolong to altering the configuration of GitHub Enterprise, whereas one other crew that merely makes use of the platform has a lesser stage of entry.
3. Use OpenID Connect with combine with cloud environments
GitHub Enterprise presents an identification administration possibility that leverages OpenID Join (OIDC) to combine with third-party cloud environments.
While you reap the benefits of this characteristic, you’ll be able to robotically run workflows (like software builds) on public cloud infrastructure with out having to retailer cloud entry credentials as long-lived GitHub secrets and techniques, which presents a considerable safety threat. As well as, this method robotically creates a log of GitHub workflows and motion executions, which you should use for audit and monitoring functions.
4. Leverage single sign-on
One other method to streamline the migration into GitHub Enterprise is to combine the platform with whichever single sign-on (SSO) supplier (like Microsoft Entra or Energetic Listing) your enterprise already makes use of. Ideally, you’ll additionally allow multi-factor authentication (MFA) by way of your SSO answer so as to add one other layer of safety.
This method eliminates the necessity to handle GitHub Enterprise entry credentials individually out of your current accounts. It additionally reduces the burden positioned in your IT crew in the course of the migration as a result of as a substitute of getting to “reinvent the wheel,” they’ll merely use a sign-on answer that already exists.
5. Doc widespread duties
To ease the educational curve for builders as they migrate to GitHub Enterprise, doc widespread duties – equivalent to the right way to migrate code from native repositories or one other CI/CD platform into GitHub Enterprise.
That is one other tactic that eliminates the necessity to your crew to reinvent the wheel repeatedly; as a substitute of forcing every engineer to determine the right way to migrate on their very own, everybody can comply with a prescribed plan.
6. Publish workflow patterns
Going a step additional, think about as properly publishing detailed steps on the right way to use key options in GitHub Enterprise which might be more likely to be necessary for all your groups. For instance, you’ll be able to element the right way to create pull requests or construct Docker photographs within the platform, or the right way to execute Infrastructure-as-Code (IaC) deployments.
Right here once more, this technique reduces the educational curve and helps get your crew up and working on the brand new platform as rapidly as attainable.
7. Automate widespread workflows utilizing GitHub Actions
Going even additional, you’ll be able to create totally automated workflows for widespread duties utilizing GitHub Actions, a characteristic that permits you to set off automated operations throughout varied elements of your CI/CD pipeline. For example, you’ll be able to robotically set off an software construct after code has been checked in, or robotically start testing after the construct is full.
Extremely complicated workflows that will differ between initiatives or groups usually are not nice candidates for such a automation, however core routines might be totally automated, making it even simpler to your crew to start utilizing the brand new platform.
