Continuous integration and continuous delivery (CI/CD) are the gold standards of software development but they can be challenging to achieve. GitLab’s Auto DevOps feature is designed to make the CI/CD process much easier with baked-in best practices and automation that will move code seamlessly through the entire development lifecycle. Mark Pundsack, VP of product strategy, demonstrated how straightforward – and customizable – Auto DevOps is during our company-wide meeting, Contribute 2019. Here’s what you need to know to get started with Auto DevOps.
It’s a shift… left
“Auto DevOps is a CI/CD pipeline that we have defined for you,” Mark says. “It’s basically all these best practices that we want to encourage everybody to have, and we believe are a good baseline for software development.” The goal is to have everyone set up to do CI/CD, but not just the bare minimum CI/CD, he says. “Like most people when they create a project, they start with running tests. That's the natural thing for CI. And then maybe they'll even get into CD, but they're not going to do things like code quality analysis and security analysis. And we really believe in the shift left movement. If you look at everything as a pipeline, we want to take security and things like that which are stuck at the end and we want to move them as far left as possible. We believe you should be checking for security even on your first deploy. So we said, okay, let's put all that in there and make a script that says this is everything that you should be doing, so let's just do it for you.”
The roots of Auto DevOps can be found in previous versions of GitLab which offered Auto Deploy. “We evolved [Auto DevOps] as the company evolved to have more and more capabilities around the DevOps lifecycle,” Mark explains. Today, Auto DevOps tackles 12 software development steps automatically. Customers wanting more flexibility can choose the Composable Auto DevOps option, where the template can easily be modified to suit the requirements.
The Auto DevOps process
Auto DevOps begins with language detection using Heroku buildpacks. While not all languages are supported, a build is created and tested automatically for the supported languages, Mark explains. Auto DevOps uses the open source version of Code Climate to do code quality analysis and the results are displayed in the merge request when a change is made. After that, it’s time for security testing; including dependency scanning, license management, and container scanning. “All those things kick off again right from your first deploy,” Mark says. “We’re really taking shifting left seriously there.”
At this point developers are able to auto review applications. And once that review app is available Auto DevOps will kick off dynamic application security testing (DAST). “It tries to detect security vulnerabilities in your running application,” Mark says. Finally Auto DevOps will auto deploy to either staging or production depending on how its configured. “From the first push it just automatically does all this stuff all the way – from deployment to production – which is pretty great.”
An app in production will get automatic browser performance testing which both challenges the application and records the results. Auto monitoring is also running so users can easily track response times, error rates, and even things like CPU and memory utilization. “All of this happens without any configuration whatsoever and that's really, that's why we put ‘auto’ in front of all of these,” Mark says. “It's really almost all the capabilities of our DevOps lifecycle thrown in by default.”
Watch Mark demonstrate exactly how Auto DevOps works in the video below: