Skip to main content

Notes on Building and Deploying Software

Builds and Deploys

Ideally a build and deploy should be a single step, included within the check out of the repository. Additionally the build should include and install pre-requisites if missing. You can safely assume the target OS is at least configured, but any missing packages should be installed as needed.

The core steps regardless of platform or technology follow a common pattern. A number of these steps can be performed asynchronously. For example, it is possible to run a suite of tests in parallel, rather than individually. This can save massive amounts of time. As a first approach perform all steps synchronously, only adjusting once stable.

  • Compile/Lint - Sync
  • Run Unit Tests - Async
  • Deploy - Async
    • Warm up (cache hits, web server)
    • Data (run migrations)
    • Configuration
    • Host Environment
  • Run Integration/Acceptance Tests - Async

This whole process should be executed regardless of environment. A local developer machine only differs to production in terms of topology. If you cannot execute the exact same process that you are performing upon commit, you can never be sure the commit will work. CI tooling should act as nothing more than an aggregation of stats and artefacts that are generated by invoking the build/deploy script.


A working software application can be decomposed into four components.

  • Executable code - your application.
  • Configuration - connection strings or credentials.
  • Host environment - target deployment machine.
  • Data - required data for use, or persistent stores such as databases.

If any of these change, trigger the feedback process as they can all change the behaviour of the application.


  • Aim to automate everything, but do it gradually over time. Aim for the bottlenecks to begin with if the task of automating the deployment pipeline is daunting.
  • Keep everything in source control. Never allow your CI tool to control your pipeline.
  • Don't check passwords or credentials into source control.

Speed is Key

  • Too long and people wont commit often.
  • Under thirty seconds is ideal. Faster is better.
  • Fail the build if the time exceeds a set threshold. You can use ratcheting to reduce this over time.
  • Monitor tests regularly and try to speed the slowest ones up.

Build and Deploy Etiquette

  • Don't check in on a broken build, unless you are fixing it.
  • Perform an update prior to commit and run the whole build/deploy process.
  • Never go home on a broken build, and ideally don't check in just before leaving.
  • Never deploy on Friday's or whenever there will be few developers around on hand, such as holiday periods.
  • Always be ready to revert to the previous version. If the fix takes longer than just simply reverting the changes, don't try and fix the build. Just revert.
  • Fail the build for architectural breaches such as a module referencing a module it shouldn't.
  • Fail the build for warnings or code style breaches. Warnings can hide serious problems.


  • Lock down production environments.
  • Treat test environments equally, these should also be locked down from manual changes.
  • If you cannot create your infrastructure from scratch via an automated process to begin with, implement access control so that any changes must be requested and logged.
  • Any changes should be back filled and tested. Use some form of audit or access control to manage these steps.


  • Use migrations to manage data. Have a version table that stores the schema version. Use migrations to roll forwards or roll back incrementally.
  • Each migration should have an "up" and a "down" step. For example, up adds a table, down removes it. Run these both before committing to make sure they work.
  • Migrations allow you to decouple the deployment of your application from the deployment of your database.
  • The use of views or stored procedures can add a layer of abstraction between applications and databases. This allows changes to the underlying DB to have a smaller, limited effect.


Popular posts from this blog

Constant Object Anti Pattern

Most constants are used to remove magic numbers or variables that lack context. A classic example would be code littered with the number 7. What does this refer to exactly? If this was replaced with DaysInWeek or similar, much clarity is provided. You can determine that code performing offsets would be adding days, rather than a mysterious number seven.Sadly a common pattern which uses constants is the use of a single constant file or object. The beauty of constants is clarity, and the obvious fact such variables are fixed. When a constant container is used, constants are simply lumped together. These can grow in size and often become a dumping ground for all values within the application.A disadvantage of this pattern is the actual value is hidden. While a friendly variable name is great, there will come a time where you will want to know the actual value. This forces you to navigate, if only to peek at the value within the constant object. A solution is to simple perform a refactor …

Three Steps to Code Quality via TDD

Common complaints and problems that I've both encountered and hear other developers raise when it comes to the practice of Test Driven Development are: Impossible to refactor without all the tests breakingMinor changes require hours of changes to test codeTest setup is huge, slow to write and difficult to understandThe use of test doubles (mocks, stubs and fakes is confusing)Over the next three posts I will demonstrate three easy steps that can resolve the problems above. In turn this will allow developers to gain one of the benefits that TDD promises - the ability to refactor your code mercifully in order to improve code quality.StepsStop Making Everything PublicLimit the Amount of Dependencies you Use A Unit is Not Always a Method or ClassCode quality is a tricky subject and highly subjective, however if you follow the three guidelines above you should have the ability to radically change implementation details and therefore improve code quality when needed.

DRY vs DAMP in Tests

In the previous post I mentioned that duplication in tests is not always bad. Sometimes duplication becomes a problem. Tests can become large or virtually identically excluding a few lines. Changes to these tests can take a while and increase the maintenance overhead. At this point, DRY violations need to be resolved.SolutionsTest HelpersA common solution is to extract common functionality into setup methods or other helper utilities. While this will remove and reduce duplication this can make tests a bit harder to read as the test is now split amongst unrelated components. There is a limit to how useful such extractions can help as each test may need to do something slightly differently.DAMP - Descriptive and Meaningful PhrasesDescriptive and Meaningful Phrases is the alter ego of DRY. DAMP tests often use the builder pattern to construct the System Under Test. This allows calls to be chained in a fluent API style, similar to the Page Object Pattern. Internally the implementation wil…