The document discusses continuous integration and deployment practices. It begins by describing environments like local, development, test, and production. It then discusses manual deployment processes and the teams involved, including developers, DBAs, sysadmins, and QA. The presentation advocates automating deployments through pipelines that build, run metrics and tests, package, and deploy code. It emphasizes making the code environment-agnostic and managing dependencies. Overall, the document promotes practices for continuous integration and deployment that help software work reliably through faster feedback and deployment.
The document discusses implementing continuous delivery for PHP applications deployed to AWS. It covers topics like using the latest stable version of PHP, solid object-oriented design principles, automated testing tools for PHP, build automation with Jenkins and Phing, application monitoring, and infrastructure automation with AWS services like EC2, RDS, and Elastic Beanstalk. Continuous delivery is presented as a solution to dysfunctional code deployments and lack of sleep by establishing automated, reliable deployment processes.
Inconvenient Truth(s) - On Application Security (from 2007)Dinis Cruz
This document discusses inconvenient truths about software security. It notes that there are no standardized security metrics, making it difficult for customers to assess security. It also draws parallels between global warming and the growing impact of insecure software. The document argues that secure software does not currently make business sense for vendors due to a lack of incentives. It warns that society's heavy dependence on software leaves it vulnerable if attacker business models evolve to more effectively monetize exploiting insecure systems at scale. Overall, the document presents several inconvenient realities about the current state of software security.
New Era of Software with modern Application Security v1.0Dinis Cruz
(as presented at Codemotion Rome 2016)
This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
Tanya Janca gives a presentation on how to integrate security practices into a developer's sprint cycle to push security left. She recommends automating security tools and processes as much as possible, tuning tools to reduce false positives, and breaking security activities into smaller pieces. She also emphasizes inviting developers and operations teams to participate in security activities and providing them feedback and training on security tools and best practices. The goal is to enable dev and ops teams to develop securely as part of their standard work.
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
This document discusses moving to a continuous deployment model to improve software security. It argues that the traditional release-based model is harmful, especially for security, as it results in long delays between when code is written and deployed. Continuous deployment aims to deploy small changes frequently, with developers pushing their own code to production. This gets developers more invested in the quality and security of the code they write. It also allows faster fixing of bugs and security issues when they are found. The document outlines steps to gradually implement continuous deployment and address common concerns about its impact on quality, compliance, and customers.
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
In graph we trust: Microservices, GraphQL and security challenges - Mohammed A. Imran
Microservices, RESTful and API-first architectures are rage these days and rightfully so, they solve some of the challenges of modern application development. Microservices enable organisations in shipping code to production faster and is accomplished by dividing big monolithic applications into smaller but specialised applications. Though they provide great benefits, they are difficult to debug and secure in complex environments (different API versions, multiple API calls and frontend/backend gaps etc.,). GraphQL provides a powerful way to solve some of these challenges but with great power, comes great responsibility. GraphQL reduces the attack surface drastically(thanks to LangSec) but there are still many things which can go wrong.
This talk will cover the risks associated with GraphQL, challenges and solutions, which help in implementing Secure GraphQL based APIs. We will start off with introduction to GraphQL and its benefits. We then discuss the difficulty in securing these applications and why traditional security scanners don’t work with them. At last, we will cover solutions which help in securing these API by shifting left in DevOps pipeline.
We will cover the following as part of this presentation:
GraphQL use cases and how unicorns use them
Benefits and security challenges with GraphQL
Authentication and Authorisation
Resource exhaustion
Backend complexities with microservices
Need for tweaking conventional DevSecOps tools for security assurance
Security solutions which works with GraphQL
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon
This document summarizes a presentation about security testing for containerized applications. It discusses performing static analysis on code, dependencies, and Docker images using open source tools like Bandit, Brakeman, Find Security Bugs, TSLint, OWASP Dependency Track, and Clair. It also covers dynamic analysis using passive and active scanning with OWASP Zap. The presentation demonstrates running these security tests on a sample Lolcode application and integrating the tests into a CI/CD pipeline using OWASP Glue. It provides resources for learning more about security testing of containerized apps.
The document discusses the debate around whether or not to write tests for iOS apps. It presents arguments on both sides of the debate, including that tests are not needed, take too much time, and are often broken by new OS releases. It also notes that testing is hard, particularly for UI, but provides tips for better testing practices like writing isolated, fast, and self-verifying tests. The document concludes by offering suggestions for developers who are not writing tests, such as layering code and following principles like YAGNI (You Aren't Gonna Need It).
The document discusses implementing continuous delivery for PHP applications deployed to AWS. It covers topics like using the latest stable version of PHP, solid object-oriented design principles, automated testing tools for PHP, build automation with Jenkins and Phing, application monitoring, and infrastructure automation with AWS services like EC2, RDS, and Elastic Beanstalk. Continuous delivery is presented as a solution to dysfunctional code deployments and lack of sleep by establishing automated, reliable deployment processes.
Inconvenient Truth(s) - On Application Security (from 2007)Dinis Cruz
This document discusses inconvenient truths about software security. It notes that there are no standardized security metrics, making it difficult for customers to assess security. It also draws parallels between global warming and the growing impact of insecure software. The document argues that secure software does not currently make business sense for vendors due to a lack of incentives. It warns that society's heavy dependence on software leaves it vulnerable if attacker business models evolve to more effectively monetize exploiting insecure systems at scale. Overall, the document presents several inconvenient realities about the current state of software security.
New Era of Software with modern Application Security v1.0Dinis Cruz
(as presented at Codemotion Rome 2016)
This presentation will start with an overview of the current state of Application Insecurity (with practical examples). This will make the attendees think twice about what is about to happen to their applications. The solution is to leverage a new generation of application security thinking such as: TDD, Docker, Test Automation, Static Analysis, cleaver Fuzzing, JIRA Risk workflows, Kanban, micro web services visualization, and ELK. These practices will not only make applications/software more secure/resilient, but it allow them to be developed in a much more efficient, cheaper and productive
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
Tanya Janca gives a presentation on how to integrate security practices into a developer's sprint cycle to push security left. She recommends automating security tools and processes as much as possible, tuning tools to reduce false positives, and breaking security activities into smaller pieces. She also emphasizes inviting developers and operations teams to participate in security activities and providing them feedback and training on security tools and best practices. The goal is to enable dev and ops teams to develop securely as part of their standard work.
Faster Secure Software Development with Continuous Deployment - PH Days 2013Nick Galbreath
This document discusses moving to a continuous deployment model to improve software security. It argues that the traditional release-based model is harmful, especially for security, as it results in long delays between when code is written and deployed. Continuous deployment aims to deploy small changes frequently, with developers pushing their own code to production. This gets developers more invested in the quality and security of the code they write. It also allows faster fixing of bugs and security issues when they are found. The document outlines steps to gradually implement continuous deployment and address common concerns about its impact on quality, compliance, and customers.
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
In graph we trust: Microservices, GraphQL and security challenges - Mohammed A. Imran
Microservices, RESTful and API-first architectures are rage these days and rightfully so, they solve some of the challenges of modern application development. Microservices enable organisations in shipping code to production faster and is accomplished by dividing big monolithic applications into smaller but specialised applications. Though they provide great benefits, they are difficult to debug and secure in complex environments (different API versions, multiple API calls and frontend/backend gaps etc.,). GraphQL provides a powerful way to solve some of these challenges but with great power, comes great responsibility. GraphQL reduces the attack surface drastically(thanks to LangSec) but there are still many things which can go wrong.
This talk will cover the risks associated with GraphQL, challenges and solutions, which help in implementing Secure GraphQL based APIs. We will start off with introduction to GraphQL and its benefits. We then discuss the difficulty in securing these applications and why traditional security scanners don’t work with them. At last, we will cover solutions which help in securing these API by shifting left in DevOps pipeline.
We will cover the following as part of this presentation:
GraphQL use cases and how unicorns use them
Benefits and security challenges with GraphQL
Authentication and Authorisation
Resource exhaustion
Backend complexities with microservices
Need for tweaking conventional DevSecOps tools for security assurance
Security solutions which works with GraphQL
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon
This document summarizes a presentation about security testing for containerized applications. It discusses performing static analysis on code, dependencies, and Docker images using open source tools like Bandit, Brakeman, Find Security Bugs, TSLint, OWASP Dependency Track, and Clair. It also covers dynamic analysis using passive and active scanning with OWASP Zap. The presentation demonstrates running these security tests on a sample Lolcode application and integrating the tests into a CI/CD pipeline using OWASP Glue. It provides resources for learning more about security testing of containerized apps.
The document discusses the debate around whether or not to write tests for iOS apps. It presents arguments on both sides of the debate, including that tests are not needed, take too much time, and are often broken by new OS releases. It also notes that testing is hard, particularly for UI, but provides tips for better testing practices like writing isolated, fast, and self-verifying tests. The document concludes by offering suggestions for developers who are not writing tests, such as layering code and following principles like YAGNI (You Aren't Gonna Need It).
The document discusses improving code quality through effective code review processes. It outlines common coding mistakes like redundant code, long or deeply nested functions, large modules, poor comments, and hardcoding. It recommends following best practices like coding guidelines, centralized server communication, and the single responsibility principle. The document also discusses measuring and reducing code complexity, avoiding memory leaks, optimizing images, static code analysis, and profiling to improve code quality.
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
This document summarizes Frans Rosén's presentation on attacking modern web technologies. It discusses vulnerabilities in AppCache that allowed files to be cached and executed across domains. It also describes issues with upload policies for cloud storage services like AWS S3 and Google Cloud that could allow overwriting or reading arbitrary files if not properly configured. Finally, it presents examples of how cross-site scripting could occur through improper validation of user-supplied data sent via postMessage between domains.
Lessons Learned in Test Automation From ZombielandMatt Barbour
This document provides lessons learned about end-to-end testing based on metaphors from zombie movies. It discusses how end-to-end tests should expect failures like distributed systems due to real-world chaos. Tests need to balance being performant, accurate, repeatable, and meaningful. It provides tips for testing such as using dependency management, controlling all data, avoiding slow test methods, and sharing open-source testing tools and techniques with the community.
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
This document discusses value-driven threat modeling, a lightweight approach to threat modeling that prioritizes security based on business value. It advocates for developers to integrate threat modeling into their workflow by focusing on the core questions of what is being built, what could go wrong, how to address issues, and ensuring quality. Specific techniques discussed include using acceptance criteria, security unit tests, abuser stories, and a threat pyramid. The approach aims to make threat modeling quicker and more natural for developers while still addressing important security risks. Some limitations are that it may miss threats and relies on developer experience, requiring an embedded security champion for complex systems.
This document discusses defending against ransomware and provides recommendations. It begins by establishing the problem of ransomware growth and costs. It then recommends (1) blocking common file types at email gateways and Outlook, (2) blocking macros in Office documents, (3) changing file associations of script types to open in Notepad instead of executing, (4) using Group Policy to prevent changes from Windows updates, and (5) disabling dangerous Word features like DDE links. Implementing these free solutions can help block the majority of ransomware attacks.
Moving to a DevOps mode - easy, hard or just plain terrifying? - Daniel Bryan...JAXLondon2014
The document discusses moving to a DevOps model and describes it as both easy and terrifying. It advocates breaking down silos between development and operations teams by emphasizing common goals, shared responsibility, and standard technology. The benefits of DevOps include faster reaction times for businesses and extending agility across IT organizations.
JAX London 2014 "Moving to DevOps Mode: easy, hard or just plain terrifying?"Daniel Bryant
DevOps - is it for you? Heard about the wonderful ways it could benefit your organisation, but put off by the scary stories? Can you really make the transition to DevOps, and is it worth it? Listen and learn from two DevOps practitioners about their hands-on experiences in making the change. Covering a range of real life examples, this talk will explain the real business benefits to be had from using DevOps techniques, as well as the technical and personal aspects involved.
Whether it’s a small team within a startup or one of hundreds within a large organisation, this talk has practical advice on how to approach the challenge, what critical changes need to be considered, and what tools and processes are best suited for the situation. The adoption of DevOps is a game changing event for the industry. Learn why and learn how you can benefit from it too.
This talk was presented with Steve Poole (@spoole167) at JAX London, October 2014
This document provides an overview of IT career paths and skills needed to be successful in the industry. It discusses popular roles like database administrator, developer, and project manager. It also covers important development skills and tools like programming languages (C#, JavaScript), frameworks (Angular, React), version control (GitHub), and databases (SQL Server, MySQL). The document emphasizes learning through online courses, communities, and investing time, money and effort in self-improvement. It also discusses agile methodologies like Scrum and emphasizes object-oriented programming concepts in C# like classes, inheritance, encapsulation and polymorphism.
This document discusses how to be a better code reviewer. It begins by defining code review and describing different types of code review like formal inspections, pull requests, and pair programming. It then provides general rules for code reviewing like managing time, providing quick feedback, and making it about improving code not blaming authors. The document outlines areas a reviewer should focus on like best practices, architecture, security, and performance. It concludes by presenting tools that can help with code review and automation.
Test Driven Development on Android (Kotlin Kenya)Danny Preussler
This document discusses test-driven development (TDD) and its application to Android development. It begins with an introduction to TDD, outlining its core principles and benefits. It describes the "red, green, refactor" process and emphasizes writing tests before code. It addresses challenges with testing Android code, such as dependencies on framework classes, and recommends strategies like wrapping classes to isolate dependencies. Finally, it outlines the benefits of TDD such as reduced bugs, improved design, and increased productivity over the long run despite initial slower development.
- Twitter relies heavily on open source software and contributes a significant amount of code back to the open source community.
- In 2011, Twitter created an Open Source Office to direct all open source efforts related to compliance, standards, and engineering outreach.
- The Open Source Office established review processes, licensing guidelines, and development best practices to manage open source code in a transparent and compliant manner while still facilitating contributions and collaboration.
This document outlines a structured approach for debugging distributed systems. It begins with observing and documenting what is known about the problem. The next steps involve creating a minimal reproducer, debugging the client and server sides, and checking DNS, routing, and network connections. Traffic and messages should be inspected, with a focus on eliminating potential issues on the client side first. The process concludes by wrapping up with documentation of findings, impacts, and lessons learned to prevent future issues. Several tools are recommended for each step to aid in debugging distributed systems effectively.
End-to-end performance testing, profiling, and analysis at RedisFilipe Oliveira
High-performance (as measured by sub-millisecond response time for queries) is a key characteristic of the Redis database, and it is one of the main reasons why Redis is the most popular key-value database in the world.
To continue improving performance across all of the different Redis components, we've developed a framework for automatically triggering performance tests, telemetry gathering, profiling, and data visualization upon code commit.
In this short presentation, we describe how this type of automation and "zero-touch" profiling scaled our ability to pursue performance regressions and to find opportunities to improve the efficiency of our code, helping us (as a company) to start shifting from a reactive to a more proactive performance mindset.
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
The document discusses test-driven development (TDD) on Android. It covers:
- The history and principles of TDD, including writing failing tests first and then only producing code to pass those tests.
- How TDD works in practice using the "red-green-refactor" process of writing a failing test, passing code, then refactoring.
- Benefits of TDD like fewer bugs, easier refactoring, and faster long-term development.
- Considerations for testing Android code, such as using mockable classes and avoiding direct testing of activities/fragments.
DESIGN West 2013 Presentation: Accelerating Android Development and DeliveryDavid Rosen
This document discusses accelerating the Android development process. It begins by noting the widespread use of Android and the challenges of slow builds and testing. It then outlines techniques for speeding up builds and Compatibility Test Suite (CTS) execution, including using more efficient build tools, dependency optimization, and test parallelization. Faster development cycles can be achieved through an integrated continuous delivery solution that applies these acceleration strategies and provides end-to-end process visibility.
OnAndroidConf 2013: Accelerating the Android Platform BuildDavid Rosen
Presented at the OnAndroidConf, October 22 2013, http://www.onandroidconf.com/sessions.html
Abstract:
Optimizing the Android build environment to perform at world-class level is a big challenge for many Android device and chipset makers today. Churning through thousands of platform builds per week requires laser-focus on high-performance infrastructure and tooling. If you’re looking at improving your overall engineering and developer productivity, the software build use case is an obvious area to prioritize.
This technical talk will focus on the following aspects of the Android platform build:
Common Android platform build challenges and opportunities with real-life production references
The various Android build use cases and their needs – full integration and release builds, developer incremental builds
Evolution of the Android build and codebase with trends and statistics
Detailed technical analysis of the Android platform build, highlighting opportunities for improvements
Proposed solutions and technical tricks to optimize an Android software build environment
200,000 Lines Later: Our Journey to Manageable Puppet CodeDavid Danzilio
Slides from a talk I gave at PuppetConf 2015.
Abstract: I joined Constant Contact in the Spring of 2014 to help transform their Puppet infrastructure. Constant Contact was a very early adopter of Puppet and had a hard time keeping up with changes to the language. When I got to Constant Contact we were stuck on a very old version of Puppet 2.7 because our code was heavily dependent on inheritance and dynamic scoping. There was no separation of data and code and 99% of the Puppet modules in use in the environment were homegrown. With over 267,000 lines of ancient code, I was completely overwhelmed with how to get us up to speed. This talk is about how we managed to accomplish this incredible feat in just over a year.
All too often front-end JavaScript code has been considered a second class citizen, and when treated without due care and attention it can be buggy and hard to maintain. This attitude is changing though, and thanks to the rapid growth in popularity of JavaScript as a first-class language, there is a large and expanding ecosystem of tools that a developer should know to make their client-side code as “clean” as the rest of their stack.
This talk aims to introduce and discuss how to implement modularisation, functional idioms and testing in JavaScript in an idiomatic way, to allow you to code JavaScript to a higher quality and, ultimately, more sustainably.
The document discusses improving code quality through effective code review processes. It outlines common coding mistakes like redundant code, long or deeply nested functions, large modules, poor comments, and hardcoding. It recommends following best practices like coding guidelines, centralized server communication, and the single responsibility principle. The document also discusses measuring and reducing code complexity, avoiding memory leaks, optimizing images, static code analysis, and profiling to improve code quality.
OWASP Poland Day 2018 - Frans Rosen - Attacking modern web technologiesOWASP
This document summarizes Frans Rosén's presentation on attacking modern web technologies. It discusses vulnerabilities in AppCache that allowed files to be cached and executed across domains. It also describes issues with upload policies for cloud storage services like AWS S3 and Google Cloud that could allow overwriting or reading arbitrary files if not properly configured. Finally, it presents examples of how cross-site scripting could occur through improper validation of user-supplied data sent via postMessage between domains.
Lessons Learned in Test Automation From ZombielandMatt Barbour
This document provides lessons learned about end-to-end testing based on metaphors from zombie movies. It discusses how end-to-end tests should expect failures like distributed systems due to real-world chaos. Tests need to balance being performant, accurate, repeatable, and meaningful. It provides tips for testing such as using dependency management, controlling all data, avoiding slow test methods, and sharing open-source testing tools and techniques with the community.
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
This document discusses value-driven threat modeling, a lightweight approach to threat modeling that prioritizes security based on business value. It advocates for developers to integrate threat modeling into their workflow by focusing on the core questions of what is being built, what could go wrong, how to address issues, and ensuring quality. Specific techniques discussed include using acceptance criteria, security unit tests, abuser stories, and a threat pyramid. The approach aims to make threat modeling quicker and more natural for developers while still addressing important security risks. Some limitations are that it may miss threats and relies on developer experience, requiring an embedded security champion for complex systems.
This document discusses defending against ransomware and provides recommendations. It begins by establishing the problem of ransomware growth and costs. It then recommends (1) blocking common file types at email gateways and Outlook, (2) blocking macros in Office documents, (3) changing file associations of script types to open in Notepad instead of executing, (4) using Group Policy to prevent changes from Windows updates, and (5) disabling dangerous Word features like DDE links. Implementing these free solutions can help block the majority of ransomware attacks.
Moving to a DevOps mode - easy, hard or just plain terrifying? - Daniel Bryan...JAXLondon2014
The document discusses moving to a DevOps model and describes it as both easy and terrifying. It advocates breaking down silos between development and operations teams by emphasizing common goals, shared responsibility, and standard technology. The benefits of DevOps include faster reaction times for businesses and extending agility across IT organizations.
JAX London 2014 "Moving to DevOps Mode: easy, hard or just plain terrifying?"Daniel Bryant
DevOps - is it for you? Heard about the wonderful ways it could benefit your organisation, but put off by the scary stories? Can you really make the transition to DevOps, and is it worth it? Listen and learn from two DevOps practitioners about their hands-on experiences in making the change. Covering a range of real life examples, this talk will explain the real business benefits to be had from using DevOps techniques, as well as the technical and personal aspects involved.
Whether it’s a small team within a startup or one of hundreds within a large organisation, this talk has practical advice on how to approach the challenge, what critical changes need to be considered, and what tools and processes are best suited for the situation. The adoption of DevOps is a game changing event for the industry. Learn why and learn how you can benefit from it too.
This talk was presented with Steve Poole (@spoole167) at JAX London, October 2014
This document provides an overview of IT career paths and skills needed to be successful in the industry. It discusses popular roles like database administrator, developer, and project manager. It also covers important development skills and tools like programming languages (C#, JavaScript), frameworks (Angular, React), version control (GitHub), and databases (SQL Server, MySQL). The document emphasizes learning through online courses, communities, and investing time, money and effort in self-improvement. It also discusses agile methodologies like Scrum and emphasizes object-oriented programming concepts in C# like classes, inheritance, encapsulation and polymorphism.
This document discusses how to be a better code reviewer. It begins by defining code review and describing different types of code review like formal inspections, pull requests, and pair programming. It then provides general rules for code reviewing like managing time, providing quick feedback, and making it about improving code not blaming authors. The document outlines areas a reviewer should focus on like best practices, architecture, security, and performance. It concludes by presenting tools that can help with code review and automation.
Test Driven Development on Android (Kotlin Kenya)Danny Preussler
This document discusses test-driven development (TDD) and its application to Android development. It begins with an introduction to TDD, outlining its core principles and benefits. It describes the "red, green, refactor" process and emphasizes writing tests before code. It addresses challenges with testing Android code, such as dependencies on framework classes, and recommends strategies like wrapping classes to isolate dependencies. Finally, it outlines the benefits of TDD such as reduced bugs, improved design, and increased productivity over the long run despite initial slower development.
- Twitter relies heavily on open source software and contributes a significant amount of code back to the open source community.
- In 2011, Twitter created an Open Source Office to direct all open source efforts related to compliance, standards, and engineering outreach.
- The Open Source Office established review processes, licensing guidelines, and development best practices to manage open source code in a transparent and compliant manner while still facilitating contributions and collaboration.
This document outlines a structured approach for debugging distributed systems. It begins with observing and documenting what is known about the problem. The next steps involve creating a minimal reproducer, debugging the client and server sides, and checking DNS, routing, and network connections. Traffic and messages should be inspected, with a focus on eliminating potential issues on the client side first. The process concludes by wrapping up with documentation of findings, impacts, and lessons learned to prevent future issues. Several tools are recommended for each step to aid in debugging distributed systems effectively.
End-to-end performance testing, profiling, and analysis at RedisFilipe Oliveira
High-performance (as measured by sub-millisecond response time for queries) is a key characteristic of the Redis database, and it is one of the main reasons why Redis is the most popular key-value database in the world.
To continue improving performance across all of the different Redis components, we've developed a framework for automatically triggering performance tests, telemetry gathering, profiling, and data visualization upon code commit.
In this short presentation, we describe how this type of automation and "zero-touch" profiling scaled our ability to pursue performance regressions and to find opportunities to improve the efficiency of our code, helping us (as a company) to start shifting from a reactive to a more proactive performance mindset.
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
The document discusses test-driven development (TDD) on Android. It covers:
- The history and principles of TDD, including writing failing tests first and then only producing code to pass those tests.
- How TDD works in practice using the "red-green-refactor" process of writing a failing test, passing code, then refactoring.
- Benefits of TDD like fewer bugs, easier refactoring, and faster long-term development.
- Considerations for testing Android code, such as using mockable classes and avoiding direct testing of activities/fragments.
DESIGN West 2013 Presentation: Accelerating Android Development and DeliveryDavid Rosen
This document discusses accelerating the Android development process. It begins by noting the widespread use of Android and the challenges of slow builds and testing. It then outlines techniques for speeding up builds and Compatibility Test Suite (CTS) execution, including using more efficient build tools, dependency optimization, and test parallelization. Faster development cycles can be achieved through an integrated continuous delivery solution that applies these acceleration strategies and provides end-to-end process visibility.
OnAndroidConf 2013: Accelerating the Android Platform BuildDavid Rosen
Presented at the OnAndroidConf, October 22 2013, http://www.onandroidconf.com/sessions.html
Abstract:
Optimizing the Android build environment to perform at world-class level is a big challenge for many Android device and chipset makers today. Churning through thousands of platform builds per week requires laser-focus on high-performance infrastructure and tooling. If you’re looking at improving your overall engineering and developer productivity, the software build use case is an obvious area to prioritize.
This technical talk will focus on the following aspects of the Android platform build:
Common Android platform build challenges and opportunities with real-life production references
The various Android build use cases and their needs – full integration and release builds, developer incremental builds
Evolution of the Android build and codebase with trends and statistics
Detailed technical analysis of the Android platform build, highlighting opportunities for improvements
Proposed solutions and technical tricks to optimize an Android software build environment
200,000 Lines Later: Our Journey to Manageable Puppet CodeDavid Danzilio
Slides from a talk I gave at PuppetConf 2015.
Abstract: I joined Constant Contact in the Spring of 2014 to help transform their Puppet infrastructure. Constant Contact was a very early adopter of Puppet and had a hard time keeping up with changes to the language. When I got to Constant Contact we were stuck on a very old version of Puppet 2.7 because our code was heavily dependent on inheritance and dynamic scoping. There was no separation of data and code and 99% of the Puppet modules in use in the environment were homegrown. With over 267,000 lines of ancient code, I was completely overwhelmed with how to get us up to speed. This talk is about how we managed to accomplish this incredible feat in just over a year.
All too often front-end JavaScript code has been considered a second class citizen, and when treated without due care and attention it can be buggy and hard to maintain. This attitude is changing though, and thanks to the rapid growth in popularity of JavaScript as a first-class language, there is a large and expanding ecosystem of tools that a developer should know to make their client-side code as “clean” as the rest of their stack.
This talk aims to introduce and discuss how to implement modularisation, functional idioms and testing in JavaScript in an idiomatic way, to allow you to code JavaScript to a higher quality and, ultimately, more sustainably.
1. A microservices delivery platform consists of a microservices platform combined with CI/CD pipelines. It allows delivering microservices through continuous integration and continuous delivery.
2. Example platforms rely on open source technologies from Netflix and use dozens of ECS clusters and hundreds of microservices across Java, .NET, and Node.js. CI/CD pipelines are shared through templates.
3. Lessons learned include making CI and CD pipelines distinguishable, updating templates is difficult, and generators save effort but require ownership and version management. Naming, cost tracking, documentation, and dedicated testing are also important.
App sec and quality london - may 2016 - v0.5Dinis Cruz
This document provides an overview of a 103 slide presentation on application security and software quality by Dinis Cruz. The presentation covers topics such as unit testing, threat modeling, containers, security testing tools, and techniques for building a modern security engineering organization. It emphasizes the importance of test-driven development, code coverage, and automation to both improve software quality and enable effective application security. The overall thesis is that application security can be used to define and measure software quality.
The document discusses the 12 factor app methodology for building scalable software-as-a-service applications. It begins with an introduction to 12 factor apps and their focus on principles like codebase, dependencies, configuration, backing services, build-release-run processes, port binding, concurrency and more. The rest of the document delves into each of the 12 factors in more detail, explaining their importance and providing examples.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1KRPXlL.
Brian Holt talks about what is React and is desirable; what are some specific things to pay attention to for performance when writing React; some general web performance tips; what are some lessons learned while helping write m.reddit.com using React. Filmed at qconsf.com.
Brian Holt is Senior UI Engineer at Netflix.
Best Practices for WordPress in EnterpriseTaylor Lovett
10up open sourced their WordPress Best Practices (PHP, JavaScript, tools, and workflows) in late 2014. As the Director of Web Engineering at 10up, I drove this project and am the lead contributor to the docs. These Best Practices allow developers to build sites that scale, perform, and are secure one sites receiving millions of page views per day. They also standardize development practices in such a way that facilitates team collaboration. This talk will highlight some important parts of the Best Practices and reveal some valuable tips about how we (10up) engineer some of the most complex and most viewed WordPress sites in the world.
The NRB Group mainframe day 2021 - DevOps on Z - Jerome Klimm - Benoit EbnerNRB
This document discusses approaches to implementing DevOps practices on the mainframe. It addresses cultural, technical, and organizational considerations, including modernizing developer tools, integrating source control management, and using metrics to measure productivity. A case study describes installing ISPW source control to reduce compilation and enable automated deployments. The document advocates treating the mainframe like other platforms by integrating it into enterprise-wide deployments.
The document discusses DevOps practices for running Episerver CMS in the cloud using Azure and Visual Studio Team Services (VSTS). It covers using VSTS for source control, work tracking, builds and releases. It also discusses using various Azure services like web apps, SQL databases, storage and service bus to host the Episerver CMS application. It describes authoring ARM templates for infrastructure as code and achieving continuous integration and continuous delivery of the application using VSTS and Azure.
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareChris Weldon
Many project teams have adopted unit testing as a necessary step in their development process. Many more use a test-first approach to keep their code lean. Yet, far too often these teams still suffer from many of the same impediments: recurrent integration failures with other enterprise projects, slow feedback with the customer, and sluggish release cycles. With a languishing feedback loop, the enterprise continues to put increasing pressure on development teams to deliver. How does an aspiring agile team improve to meet the demands of the enterprise?
Continuous integration is the next logical step for the team. In this talk, you’ll learn how continuous integration solves intra and inter-project integration issues without manual overhead, the value added by continuous integration, and how to leverage tools and processes to further improve the quality of your code. Finally, we discuss the gold standard of agile teams: continuous deployment. You’ll learn how continuous deployment helps close the feedback loop with your customers, increases visibility for your team, and standardizes the deployment process.
Continuous delivery requires more that DevOps. It also requires one to think differently about product design, development & testing, and the overall structure of the organization. This presentation will help you understand what it takes and why one would want to deliver value to your customers multiple times each day. #CIC
Jeff "Cheezy" Morgan Ardita Karaj
The document discusses best practices for database deployments. It recommends treating the database like code by putting it under source control and defining a repeatable deployment process. The process should include deploying the database prior to the application, validating changes via testing, and automating deployments. Regularly moving changes through development, testing, and production environments ensures tight integration between the database and application.
SharePoint Saturday Redmond - Building solutions with the future in mindChris Johnson
Chris Johnson, General Manager of Provoke Solutions in Seattle, gave a presentation on designing and building solutions with the future in mind. He discussed the changes in the SharePoint app model between farm solutions and sandbox solutions. He explained the new SharePoint app architecture using app types, scopes, and catalogs. He provided advice on transitioning existing customizations to the new approaches and emphasized designing solutions with flexibility and the future in mind.
So You Want to be an OpenStack ContributorAnne Gentle
Our very own Anne Gentle will go through how to contribute to OpenStack, the open source cloud computing project. What is OpenStack? In a sentence, OpenStack provides open source software for building public and private clouds. What does that mean? We're a collection of open source projects written in Python that integrate to help organizations deploy and run clouds for computing, networking, and storage. Here at Rackspace many of our public cloud services are maintained in OpenStack, and we also offer Private Cloud configuration and management for customers to have OpenStack running for them in their data center or ours.
She'll walk through:
What are all these projects?
Where would I begin?
Is it only coding that counts?
What's Stackforge?
What's Gerrit?
What's <fill-in-weird-code-name-here>?
Then we'll do a hands-on workshop to walk through the first-time contributor process. It's a set-it-and-forget-it process but can be intimidating.
Set up a Launchpad account and public key
Set up and install Git
Set up and install git-review
Set up Gerrit
Join the OpenStack Foundation
Sign the CLA
Find something to work on
Create a commit
Send it to review.openstack.org
Wait for reviews
Address reviewers comments
Patch your patch
Become an Active Technical Contributor to OpenStack
Win
This presentation gives a lot of insights into Jimdo's infrastructure that hosts 20 million websites. To enable our application developers to quickly launch and improve their services, we've created a platform called Wonderland that does all the infrastructure work them.
In this talk, I present the parts of Wonderland related to monitoring and logging. You can learn about our Prometheus setup as well as how we stream log messages from Docker to Logstash.
This document discusses scaling a web application, particularly those built with PHP and MySQL. It begins with introductions and then outlines various strategies for scaling applications and databases. For applications, it recommends profiling code and queries to identify bottlenecks, optimizing frameworks, caching, and monitoring. For databases, it suggests technologies like Memcached, database replication using master-slave, sharding, MySQL Cluster, and storage engines. The overall message is that scaling requires understanding applications and systems, identifying pain points, and having a plan to optimize performance as needs grow.
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)TestDevLab
A presentation about security of mobile apps by our senior quality assurance engineer Kristaps Felzenbergs. It was presented at TAPOST 2017 software testing conference.
Building an Open Source AppSec PipelineMatt Tesauro
Take the concepts of DevOps and apply them to AppSec and you have an AppSec Pipeline. Allow automation, orchestration and some ChatOps to expand the flow of your AppSec team since its not likely to get any bigger.
This document discusses best practices for using WordPress in an enterprise setting. It covers topics like caching, database queries, browser performance, maintainability, security, third party code, and team workflows. The presentation was given by Taylor Lovett, who is the Director of Web Engineering at 10up and a WordPress plugin creator and core contributor.
RubiOne: Apache Spark as the Backbone of a Retail Analytics Development Envir...Databricks
The retail industry has a long history of fierce competition leading to innovations in marketing and operational efficiencies; however, this rapid advancement has not always kept pace with the latest advances in technology. This is evident by the abundance of business analysts at large enterprise retailers who are often constrained more by their own IT departments than by a lack of expertise or problems to solve.
RubiOne was designed as a vertically-integrated big data analytics development environment for retail business analysts and data scientists, with Apache Spark as the cornerstone of the product. It allows retailers to make data-driven decisions going beyond traditional analytics tools such as SQL and Excel. Using Apache Spark as one of the primary tools to query data and perform analytics, issues such as package installation, computational resources, and scalability are seamlessly handled by RubiOne.
In this session, you will learn how Apache Spark can serve as a shared backbone for an entire suite of enterprise services such as credential management, continuous integration, ad-hoc interactive data exploration, and task automation, while still maintaining hard enterprise requirements around security, availability, and cost. Learn from our war stories and best practices around transparently scaling Apache Spark clusters with Kubernetes, managing service and user isolation, and monitoring accurate enough for both debugging and billing. Beyond the technical aspects, we’ll also share our experiences of working with a global enterprise retailer to drive adoption of a modern big data technology stack centered around Apache Spark.
Actualizar a nuevos frameworks, paradigmas, explorar en proyectos "greenfield" está genial, pero ¿y si el software que estás manteniendo lleva años funcionando y no lo puedes modificar así como así? ¿Puedes modernizarlo de alguna manera: procesos, automatización, testing...?
En esta charla compartiremos las experiencias de cómo una aplicación "legacy" ha ido evolucionando con el paso de los años sin tocar el core de la aplicación (Java + Struts + MySQL), simplemente optimizando los procesos mediante la automatización de tareas, virtualización de entornos y gestión de la configuración.
These slides mark the goals that we'd like to accomplish defining a QA team which eliminates the frictions with development teams. How much is achieved? Well, it's on our plans to follow it. But we do not know if we'll be able to make it possible
Este documento presenta una retrospectiva de la comunidad Software Craftsmanship CLM entre 2014 y 2017. Detalla el crecimiento en miembros de 32 a 87, el número de eventos celebrados cada año, la asistencia, los temas tratados y los ponentes. Además, incluye información sobre las ubicaciones y patrocinios de los eventos. Por último, propone objetivos futuros como encontrar un lugar fijo, aumentar la frecuencia de los eventos, convertirse en un GDG de Google y mejorar la visibilidad y el compromiso de los miembros.
Moving applications between environments is a well-known issue everyone suffers. Dev and Production environments are not always synchronised, or even up-to-date, so development teams have to deal with different versions of application runtimes. Therefore teams see how their development speed is decreased and they need more agility when developing new features or solving bugs. Trying to solve many of the problems described above, container virtualization is the most effective alternative nowadays, where Docker Inc has proposed a very good accepted solution. Replicating environments with exactly the same runtime and configuration is a must-have and Liferay Engineering is adopting Docker containers to do so. During the talk we’ll illustrate how Liferay teams are generating docker images on demand, allowing them to increase their development and bug-fixing speed.
This document provides an overview of containers and Docker. It discusses how containers provide a more efficient alternative to virtual machines by allowing multiple isolated applications to run on a single host machine and share the same Linux kernel. It describes how Docker provides a standard way to package applications into containers that can run anywhere regardless of the infrastructure. The document also introduces key Docker concepts like images, containers, and Docker Hub registry for sharing container images.
From Ansible's website: "Ansible is a radically simple IT automation engine that automates cloud provisioning, configuration management, application deployment, intra-service orchestration, and many other IT needs."
This introduction is based on ansible official docs, capturing most important information to make it easy to understand Ansible main concepts.
Éstas son las ideas que desde Software Craftsmanship Toledo (http://www.meetup.com/es-ES/Software-Craftsmanship-Toledo-ES) consideramos necesarias para disponer de una aplicación móvil moderna de las líneas de autobús urbano en la ciudad de Toledo, y no lo que actualmente tenemos.
The document discusses database versioning using FlywayDB. It describes how FlywayDB works by maintaining a metadata table to track the current schema version and searching the classpath for SQL or Java-based migration files sorted by version number. Migrations are applied in order to bring the database schema to the desired state. The document also covers executing FlywayDB via the command line, Maven, Ant, Gradle or API and provides examples of migration file naming conventions and syntax.
Comprar en Internet es un tema que a muchas personas les produce respeto. Con estas slides intentamos acercar el proceso de comprar online explicando las diferencias y similitudes con un proceso de compra tradicional.
En esta presentación damos a conocer las redes sociales que consideramos más exitosas de cara a potencia el autoempleo. Por ello mostramos unos conceptos básicos mínimos que ayudarán a conocer mejor cada una de ellas.
El objetivo de esta presentación es dar a conocer una pequeña muestra de las innumerables herramientas que tenemos a nuestra disposición para ser mucho más productivos, no sólo en el trabajo, sino en la propia auto-organización diaria, ya sea en ordenadores personales, como en tablets o teléfonos móviles.
Este documento presenta información sobre el desarrollo sostenible y la tecnología de software libre. Explica que el software libre promueve la sostenibilidad económica, social y ambiental al permitir el ahorro de costos, la independencia tecnológica, la colaboración comunitaria y un menor impacto ecológico. También identifica algunos inconvenientes como la falta de difusión y soporte, pero concluye que el software libre ofrece grandes beneficios al permitir que la tecnología evolucione de forma abiert
These are the slides of my volunteer time at COCEMFECLM, sharing my knowledge, sharing my time helping people with disabilities.
Thanks to Liferay, I can collaborate with my community to make their life better
Revolutionizing Visual Effects Mastering AI Face Swaps.pdfUndress Baby
The quest for the best AI face swap solution is marked by an amalgamation of technological prowess and artistic finesse, where cutting-edge algorithms seamlessly replace faces in images or videos with striking realism. Leveraging advanced deep learning techniques, the best AI face swap tools meticulously analyze facial features, lighting conditions, and expressions to execute flawless transformations, ensuring natural-looking results that blur the line between reality and illusion, captivating users with their ingenuity and sophistication.
Web:- https://undressbaby.com/
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
DDS Security Version 1.2 was adopted in 2024. This revision strengthens support for long runnings systems adding new cryptographic algorithms, certificate revocation, and hardness against DoS attacks.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
Deployments in one click!
1. D E P L O Y M E N T S I N
P R O D U C T I O N
W I T H O N E C L I C K
M A N U E L D E L A P E Ñ A P E Ñ A
S O F T WA R E C R A F T S M A N S H I P T O L E D O
2 0 1 5 . 0 4 . 3 0
http://www.improve-foundations.com/wp-content/uploads/2011/11/improve_solutions1.png
2. M A N U E L D E L A P E Ñ A
S O F T WA R E E N G I N E E R A T
L I F E R A Y, I N C .
@ M D E L A P E N YA
M O S T A C T I V E G I T H U B U S E R O N
# C L M
3. M E E T U P D R E S S - C O D E
• Ask me whenever you need
• Stop me if I’m speaking too fast
• Let’s have a conversation about it, but if it’s too long,
let’s have a beer after the meetup!
4. A B O U T T H I S M E E T U P
– S O F T WA R E C R A F T S M A N S H I P T O L E D O
“Fomentar y compartir las metodologías ágiles y
las buenas prácticas en Ingeniería del Software en
los procesos de desarrollo en Castilla-La Mancha.”
5. – J AV I E R G A R Z A S
“BUILDING SOFTWARE IS NOT LIKE BUILDING
HOUSES OR CARS”
http://www.javiergarzas.com/2011/02/diferencias-software-fabricacion-tradicional-1.html
http://www.javiergarzas.com/2011/02/diferencias-software-fabricacion-tradicional-2.html
http://static.flickr.com/2177/2155970334_f3b8da87d1.jpg
6. 0 . W H A T D O E S C I M E A N ( F O R M E ) ?
7. • Merge code/commits more frequently
• Deploy the code on different environments (for testing purpose)
• Strongly supported by (any kind of) testing
• CI is NOT a tool, is a practice
• Significant degree of discipline for all the team
• All team members are involved and collaborating to improve
software quality
0 . W H AT D O E S C I M E A N ( F O R M E ) ?
8. • Merge code/commits more frequently
• Deploy the code on different environments (for testing purpose)
• Strongly supported by (any kind of) testing
• CI is NOT a tool, is a practice
• Significant degree of discipline for all the team
• All team members are involved and collaborating to improve
software quality
0 . W H AT D O E S C I M E A N ( F O R M E ) ?
MANTRA: Software works all of the time, specially
just BEFORE and just AFTER your changes!
9. W H AT A R E W E G O I N G T O S E E ?
1. Environments
2. Deployments types
3. Manual Deployment: a short example
4. Automate it!
5. CI Best practices
10. 1 . E N V I R O N M E N T S
http://www.igst.com/img/tech/servervirtualization.jpg
16. W E A S D E V E L O P E R S …
1 . E N V I R O N M E N T S
• …want to move our code from our local computer to
production in the least possible time
Local > Dev > Test > Pre > Prod
• …want all of them be very very similar
• …want to collaborate more with Ops team, as we
don’t have many times access to several of those envs
17. 2 . D E P L O Y M E N T S
http://sd.keepcalm-o-matic.co.uk/i/keep-calm-and-deploy.png
18. • Frequency
• Annually
• Semiannually
• Quarterly
• Monthly
• Weekly
D E P L O Y M E N T T Y P E S
2 . D E P L O Y M E N T S
4 4 4 4 4 4 4 4 4 4 4 4 4
19.
20. • Completeness
• Full
• Partial
D E P L O Y M E N T T Y P E S
2 . D E P L O Y M E N T S
Monolith
100%
( M I C R O - ) S E R V I C E S D E P L O Y E D
0
7,5
15
22,5
30
20%
34% 12%
50%
70%
35%
68%
22%
35%
21. M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
22. • Who?
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
23. • Who?
• Customer (usually)
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
24. • Who?
• Customer (usually)
• Why?
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
25. • Who?
• Customer (usually)
• Why?
• Bug fixing
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
26. • Who?
• Customer (usually)
• Why?
• Bug fixing
• New functionalities
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
27. • Who?
• Customer (usually)
• Why?
• Bug fixing
• New functionalities
• When?
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
28. • Who?
• Customer (usually)
• Why?
• Bug fixing
• New functionalities
• When?
• Deployment policies
M O T I VAT I O N T O D E P L O Y
2 . D E P L O Y M E N T S
29. 3 . M A N U A L D E P L O Y M E N T
http://ep01.epimg.net/cultura/imagenes/2012/08/23/actualidad/1345709139_149007_1345712998_noticia_normal.jpg
30. • Web Application
• Java WAR (War ARchive)
• Tomcat
• MySQL DB
• FileSystem
E X A M P L E
3 . M A N U A L D E P L O Y M E N T S
31. PA C K A G E G E N E R AT I O N
3 . M A N U A L D E P L O Y M E N T S
• Fetch code from the repository
• Generate the package using…
• IDE ???
• command line tools
• Name the package
• v1.0.1, v3.3.7, v5.0.0 …
32. D E P L O Y T O …
3 . M A N U A L D E P L O Y M E N T S
• Send the package to Dev. environment
• Assert that it works as expected
• Manual or automated testing?
• Are there DB updates?
• Are there O.S. changes?
• Firewalls, WebServers, FileSystem…
• Which one is the next environment?
33. C O N F I G U R E E N V I R O N M E N T
3 . M A N U A L D E P L O Y M E N T S
• Configure Tomcat datasources…
• Configure Apache sites…
• Execute SQL upgrades on DB…
• Create the file system structure…
34. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
35. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
36. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
37. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
38. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
39. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
40. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
41. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
42. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
43. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
44. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
45. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
46. T E A M S I N V O LV E D
3 . M A N U A L D E P L O Y M E N T S
Developers
DBA’s
SysAdmins
QA
47. I just want to deploy the package to the
environment!!
http://www.city-data.com/forum/attachments/jacksonville/104205d1354214951-case-you-were-wondering-landing-
still-sheldon_cooper.jpg
48. 4 . A U T O M A T E I T !
http://homeinteriorsdesigns.info/wp-content/uploads/2014/07/automation-robot.jpg
49. N AT U R A L E V O L U T I O N
4 . A U T O M A T E I T !
• No server: compile by hand, fewer commits, painful integration
• Nightly builds: automated compile, maybe tests executions, daily
commits
• Continuous Integration: compile with every commit, test execution,
notifications on breakages. Possible deployment to dev/pre
environment
• Continuous Deployment: deployment to production, with one click
• Continuous Delivery: automatic deployment to production, with
every commit
50. W H AT T O A U T O M AT E
4 . A U T O M A T E I T !
• Configure the agnostic environment
• Build the software
• Quality metrics
• Tests execution
• Unit + Integration + Functional
• Deployment
• Everything?
51. T E A M S I N V O LV E D
4 . A U T O M A T E I T !
Developers
DBA’s
SysAdmins
QA
52. P I P E L I N E S
4 . A U T O M A T E I T !
http://www.jsg.utexas.edu/lacp/files/PGC_Pipeline_Data.jpg
53. P I P E L I N E S
4 . A U T O M A T E I T !
• Define the minimum valid steps
• I.e.: Build + Metrics + Test + Deploy
• Fail fast -> take actions ASAP
• Display to the whole team each step status
• Choose your automation tool, or build it
54. C O D E M A N A G E M E N T
4 . A U T O M A T E I T ! - P I P E L I N E S
• SCM
• NICE TO HAVE => distributed SCM (Git)
• SCM Server
55. – A N O N Y M O U S
“The code must be independent from the
environment”
https://katiegrusz.files.wordpress.com/2013/04/independent-woman-copy1.jpg
56. H A R D C O D E D E N V I R O N M E N T
4 . A U T O M A T E I T ! - P I P E L I N E S
57. H A R D C O D E D E N V I R O N M E N T
4 . A U T O M A T E I T ! - P I P E L I N E S
FORBIDDEN!!!
58. B U I L D P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Fetch a specific commit HASH, i.e. last one
• Reproduces the state of software at that point
• Compile
• Use command line tools
59. B U I L D P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Fetch a specific commit HASH, i.e. last one
• Reproduces the state of software at that point
• Compile
• Use command line tools
Why not being able to reproduce the state
of each HASH commit?
60. – @ T P R U M B S
“A programmer that doesn't explicit
dependencies, or automate his/her build, has not
suffered enough”
M A N A G E D E P E N D E N C I E S
4 . A U T O M A T E I T ! - P I P E L I N E S
61. M E T R I C S P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Static Analysis
• Integrate common-use tools
• Findbugs, PDM, CPD, Code Coverage, …
• Measure everywhere: on every peer-review
• Shall we create issues on our ticket system on each
detection?
62. T E S T P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Write tests!!!
• TDD is a choice, but not a requirement
• Make them fast, to execute it locally
• Test everywhere: on every peer-review
• Share tests results!
64. • Unit tests
• Isolated code
• Integration tests
• Relations between components
• Functional tests
• GUI tests + Exploratory Testing
• Non-Functional tests
• Performance, Security, User Experience, Usability
T E S T P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
65. PA C K A G E P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Your package represents the software in a specific
HASH commit
• Use command line/automated tools
• The package must be environment-agnostic!!!
• Promote the package between environments
66. D E P L O Y P H A S E
4 . A U T O M A T E I T ! - P I P E L I N E S
• Deploy the package to your runtime
• App server, host, virtual machine, etc.
• Something went wrong?
• Deploy previous commit, as you positively know is
safe
67. T O O L I N G
4 . A U T O M A T E I T !
• Own scripts
• Automation servers
• Jenkins, Go, Hudson…
• O.S. configurations
• Ansible, Chef, Puppet, Docker (Linux-kernel based)
69. D I S P L AY R E S U LT S
4 . A U T O M A T E I T !
• Each team member must know about pipeline status
• Create dashboards with aggregated test results:
• Tests failures
• Build statuses
• Committers that caused the breakage
70. 5 . B E S T P R A C T I C E S
http://www.sqlsoldier.com/wp/wp-content/uploads/2012/02/BestPractices.jpg
71. C O M M I T S T R AT E G Y
5 . B E S T P R A C T I C E S
• A commit = a point in the project’s History
• A commit should be…
• Small
• Significative
• Descriptive commit message
• Issue referenced in the commit message
• Will you remember its purpose 6 months later?
72. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
73. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
74. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
75. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
76. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#46 Enable email sending on backend
77. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
78. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
79. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
80. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#47 Update tests introduced by #45-b
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
81. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#47 Update tests introduced by #45-b
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
#47 Add tests to prevent regressions
82. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#47 Update tests introduced by #45-b
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
#47 Add tests to prevent regressions
Revert #46 Add Javadocs
83. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#47 Update tests introduced by #45-b
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
#47 Add tests to prevent regressions
Revert #46 Add ‘Send email’ button …
Revert #46 Add Javadocs
84. C O M M I T S E X A M P L E
5 . B E S T P R A C T I C E S
#45 Awesome functionality
#45 Create tests
#45 Refactor Service Layer
#47 Fix bug on View layer (caused by #45-a)
#47 Update tests introduced by #45-b
#46 Enable email sending on backend
#46 Add ‘Send email’ button on desktop
#46 Add Javadocs
#47 Add tests to prevent regressions
Revert #46 Enable email sending…
Revert #46 Add ‘Send email’ button …
Revert #46 Add Javadocs
85. R E L E A S A B L E C O M M I T S
5 . B E S T P R A C T I C E S
• If a single commit passes ALL the safety checks on the
pipeline… why not releasing in that state?
• Apply that sentence to commit history:
86. P E E R R E V I E W I N G
5 . B E S T P R A C T I C E S
• The more pairs of eyes over the code the better
• Learn by watching
• Experienced team members teach beginners
• Leverage the tools your SCM provides (pull requests)
• Pair programming if time-zone allows it
87. B R A N C H I N G
5 . B E S T P R A C T I C E S
• Never never never code on master branch
• Use ‘master’ branch as release, which IS ALWAYS stable!
• Have a ‘develop’ branch, which COULD be unstable
• Create feature branches for new commits
• Merge features into develop.
• Once ready to release, merge to master and tag
88. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
89. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
90. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
91. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
92. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
93. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
94. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
95. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
96. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
97. B R A N C H I N G : G I T F L O W
5 . B E S T P R A C T I C E S
Git-Flow: http://danielkummer.github.io/git-flow-cheatsheet/index.html
98. D O N ’ T C H E C K - I N O N A B R O K E N
B U I L D
5 . B E S T P R A C T I C E S
• Any day, 8:00. Your build is broken
• Got an email from the CI server?
• Solve errors as soon as possible, do not start anything new
• Identify the cause very quickly
• Best position to work out
99. D O N ’ T C H E C K - I N O N A B R O K E N
B U I L D
5 . B E S T P R A C T I C E S
Current breakages + your changes
Adding complexity for the build to be fixed
Different problems
More time to fix the build
Still want to check-in?
You’ll get used to seeing the build broken all the
time
http://www.pqmonthly.com/wp-content/uploads/2013/12/ani-1.png
100. A LWAY S R U N T H E T E S T S
5 . B E S T P R A C T I C E S
• Do you remember that every single commit should be
releasable and HAVE TO be small, significant,
isolated?
• It has to pass the tests locally
• It has to pass the tests on the pipeline on the CI
server too…
• with each commit or code submission!!!
101. W R I T E W E L L - W R I T T E N T E S T S
5 . B E S T P R A C T I C E S
• They will verify that the commit works as expected
• Test functionality…
• And loops, conditional, input values…
• Not only the Happy Path
• Did I say that you have to execute the tests? :-)
102. C O N T R O L L E D E N V I R O N M E N T
5 . B E S T P R A C T I C E S
• Developer machine: OS configurations, OS tuning, third
party libraries/drivers…
• CI Server: Same conditions. In every build. For
everyone.
• Repeatable results!!
• Centralized Information Repository
• Always display what is happening (CI logs,
notifications…)
103. WA I T F O R T H E T E S T S T O PA S S
5 . B E S T P R A C T I C E S
• Developers loop: start > work > finish??? > start
• Change of context very quickly
• Are you sure that your code works as expected?
• Are the test finding potencial bugs on it?
• If you don’t monitor the build, you cannot answer
those questions until it’s very late and expensive.
• Work for the build execution to be fast
104. A S S U M E E R R O R S
– A N O N Y M O U S
“Everyone can commit errors”
“Errors are an expected part of the process”
– A N O N Y M O U S
5 . B E S T P R A C T I C E S
105. N E V E R G O H O M E O N B R O K E N B U I L D S
5 . B E S T P R A C T I C E S
• Friday, 14:58. Your build is broken
• What to do?
• Leave the build broken and go
106.
107. N E V E R G O H O M E O N B R O K E N B U I L D S
5 . B E S T P R A C T I C E S
• Friday, 14:58. Your build is broken
• What to do?
• Leave the build broken and go
108. N E V E R G O H O M E O N B R O K E N B U I L D S
5 . B E S T P R A C T I C E S
• Friday, 14:58. Your build is broken
• What to do?
• Leave the build broken and go
• Leave late, trying to fix it
• Revert changes and try next week
109. N E V E R G O H O M E O N B R O K E N B U I L D S
5 . B E S T P R A C T I C E S
• Friday, 14:58. Your build is broken
• What to do?
• Leave the build broken and go
• Leave late, trying to fix it
• Revert changes and try next week
If you keep the build green, other developers will
be happy to pull safe code from SCM
110. D I S T R I B U T E D E X A M P L E
5 . B E S T P R A C T I C E S
111. B U I L D M A S T E R
5 . B E S T P R A C T I C E S
• Maintains the build
• Police it
• Write access to SCM
• Revert/Prioritize commits
• No personal offenses
• Critique the code!
• Accept rollbacks
https://s-media-cache-ak0.pinimg.com/236x/92/03/2a/92032a9e9ee898ac6106867421d81534.jpg
112. B U I L D M A S T E R D R A W B A C K S
5 . B E S T P R A C T I C E S
• Feeling of culprit if the build is broken
• Team starts seeing him/her as a punisher
• Role gets tired of being responsible for others
mistakes
• It’s not worth it pursuing people
• Team gets used to have a house-cleaner
https://s-media-cache-ak0.pinimg.com/236x/92/03/2a/92032a9e9ee898ac6106867421d81534.jpg
114. B E P R E PA R E D T O R E V E R T
5 . B E S T P R A C T I C E S
• Developers are selfish about their code
• Developers don’t like others criticizing their code
• Important! Not to blame the developer
• We are members of the same team
• For the sake of quality, revert to previous change set,
as it is safe. Why?
115. “Don’t be afraid, my friend… and revert”
- B R U C E L E E ? ? -
http://i2.asntown.net/9/bruce-lee-the-lost-interview.jpg
116. B E P R E PA R E D T O R E V E R T
5 . B E S T P R A C T I C E S
http://szokblog.pl/ShareImages/1345223838846.jpg
117. T I M E - B O X F I X I N G
5 . B E S T P R A C T I C E S
• Before reverting, try to fix it in a small amount of time
• 15 minutes?
• If you aren’t finished, revert to previous version
• Don’t be the sweeper or the last bullet and notify users
who broke the build, avoiding magical fixes.
• Put mechanisms the sooner: on each code review!
118. T U N E T H E N O T I F I C AT I O N S
5 . B E S T P R A C T I C E S
• No notifications are bad
• Bad notifications are worse
• Send the right email to the right people, otherwise
they will start ignoring CI notifications
• Manual email when reverting explaining why?
• Wall of shame? list of committers who wrote the build
119. D O N ’ T C O M M E N T FA I L U R E S
5 . B E S T P R A C T I C E S
120. D O N ’ T C O M M E N T FA I L U R E S
5 . B E S T P R A C T I C E S
• Always last resort, as it will hide real problems
• Apply these sample rules ASAP:
• Has a regression been found by the test? -> Fix the
code!
• Is one of the assumptions of the test no longer valid? ->
Delete it!
• Has the application really changed the functionality
under test for a valid reason? -> Update the test!
122. R E S P O N S I B I L I T Y
5 . B E S T P R A C T I C E S
• Take responsibility for all breakages resulting from
your changes.
• If you commit a change and all the tests you wrote
pass, but others break, the build is still broken.
• It’s usually a regression
• Fix all the tests not passing, asking component
leader for collaboration
124. T D D
5 . B E S T P R A C T I C E S
• It’s not a requirement!!
• Tests are essential to CI
• Create tests when developing a new piece of functionality or
fixing a bug:
• It’s an executable specification of the expected
behavior of the code to be written:
• Application design, Regression tests, Documentation of
the code
• Creates a safety net for future refactors
125. C O N C L U S I O N S
6 . S U M M A RY
• Discipline
• Luke, use the tools!
• Everyone can commit errors
• Wait for tests to pass
• Display what is happening
• Don’t be afraid of reverting
• Responsibility
• Tests/Pipeline stages as a safety net