Continuous Delivery: The Atlassian Way

Featured article by Derek Weeks, Vice President and DevOps Advocate, Sonatype

Sonatype’s Mark Miller (@TSWAlliance) caught up with Developer Advocate Ian Buchanan (@devpartisan) for our 2016 DevOps Leadership Series to discuss his experiences at Atlassian, including continuous delivery, ChatOps, and use of tools like Bamboo, Nexus, Puppet, and Datadog. We captured it on video https://www.youtube.com/watch?v=MgRaYKHGqeQor you follow our discussion below.

Ian Buchanan: I’m Ian Buchanan. I’m a Developer Partisan at Atlassian, which is developer advocacy for our developer tools.

Mark Miller: Ian, most people know Atlassian from solutions like JIRA and Bitbucket.

Ian Buchanan: Yeah, I focus mostly on Bitbucket and Bamboo. Bamboo’s our continuous integration and deployment tool.

Mark Miller: Good. One of the subjects we talked a little about at dinner last night is how Atlassian is using Nexus. Can you give us some background on that?

Ian Buchanan: Yeah, that’s right. Well, we’re a big Java shop. We have been for a very long time and have a lot of Maven dependencies for external reasons; we also store a lot of our own internally developed libraries in our Nexus repository.

Mark Miller: As far as a binary repository, are you using it for anything other than components?

Ian Buchanan: Not that I’m aware of. I know that we’ve recently started to get into Docker quite a bit and Nexus is a good fit for that as well. I don’t know the extent which we’re using Nexus for that purpose yet as Docker’s still quite new for us.

Mark Miller: What does your continuous integration pipeline look like?

Ian Buchanan: It certainly varies by product in the details. Of course, we have our own Continuous Integration product, Bamboo. Bamboo is the most pervasive tool we have.

For the Java stuff it’s pretty simple pipeline where libraries get built and published into Nexus so that they can be used downstream. We also have some interesting, newer cloud products that are built with Python. A lot of the deployments, whether they are Java or Python stuff, are handled by Bamboo’s deployment projects. They pull artifacts from Nexus and put them into production.

Mark Miller: Are you guys using continuous delivery in house for your workflow?

Ian Buchanan: We’re in an interesting position that I think I see a lot of companies in. We have some behind the firewall products (our server products) and then we also have cloud products. In the cloud side continuous delivery is used when we want to go very fast. But we also have to balance that with the approach we take for our server products so that they don’t fork terribly. We have continuous delivery up until there’s a product delivered. At that point, there is another kind of pick up — where the cloud products engage with other things like Puppet and Ansible to configure the environments with products that other people can pick up and run on premises.

Mark Miller: I was talking to your team in San Francisco. How are you guys using ChatOps with HipChat?

Ian Buchanan: I’ve been talking about ChatOps for quite some time. We do a lot of very interesting things with ChatOps. They play a very important part of our continuous delivery pipeline in that we publish build results in there. People can see when pull requests are ready and check those out. We get to see what’s happening from production as well. We have integration with Datadog; it tells us some of the monitoring things that are going on. It’s not just information coming into the chat room. There are also commands that folks can issue to make the continuous delivery pipeline move along. There are certain stages where you can type a command to our ChatOps and they will perform the necessary actions. Much of the deployment and change management happens in a ChatOps context.

Mark Miller: Anything coming up in the future you guys are working on that’d be fun?

Ian Buchanan: Well, a lot of the innovation really happens at our quarterly “Ship It” events. That’s where our developers spend 24 hours doing whatever kind of innovation interests them. A lot of time is spent scratching an itch they have. Some of the things that I saw there were about having more information coming back upstream, not just into the chat rooms, but into JIRA where more of the longer term tracking is going on. They’re experimenting a lot with putting more information into JIRA.

Mark Miller: Nice. Final question, if you were going to be a superhero, would it be dev, sec or ops?

Ian Buchanan: I’ve played dev roles and ops roles and I almost feel like I know those much more. But from a lot of the sessions at DevNexus, I have to feel like Sec is the superhero. They’re the superheroes because they solve some unsolvable problems in a lot of ways. But I don’t feel ready to play that role at the moment, myself.

Mark Miller: It’s interesting. I agree with you that they are unsung heroes. Most of the time they just get hammered for what they’re doing.

Ian Buchanan: That’s true. I was recently in a session about securing REST endpoints. The speaker went through problems with BASIC off, DIGEST off and J2EE … all of these things which we use in our products. At the end we’re left with, “what is the answer?”

Well, the answer is that for each of these, there are different problems. So we have to identify the right context. We have to understand where some things are broken, know that those things aren’t perfect, and design for that imperfection. That’s a mindset that we have to carry through dev, ops and sec. I hope more security folks step up and start telling those stories.

In early 2015, Derek Weeks led the largest and most comprehensive analysis of software supply chain practices to date across 106,000 development organizations. As a 20+ year veteran of the software industry, he has advised many leading businesses on IT performance improvement practices. Derek currently serves as vice president and DevOps advocate at Sonatype. Derek shares insights regularly across the socialsphere on Twitter, LinkedIn and online communities.