with your stakeholders, for example security, operations and release management to take your CI/CD pipeline to the next level.
Polishing the Generated Pipeline
The CI/CD pipeline is an essential element of DevOps that helps teams consistently and continuously deliver value, at a faster pace and with lower risk. You can enhance the generated pipeline to align with your process and organizational policies. You can fully automate the testing, validation, and delivery of your software in multiple environments in production, or set up a semi-automated pipeline with approvals and gates. You may even want to raise the level of quality, security and progressive exposure of new features.
Here are a few pointers to get you started:
• Greenlighting and gates: Refine your release pipeline with
a set of gates in pre- and post-deployment options that inte- grate signals from monitoring systems and other external services (bit.ly/2E549uG).
• Analyze open source projects: Continuously analyze and measure technical quality, with SonarCloud and VSTS, from your project down to each method (bit.ly/2J4v0ea).
• Security validation: Continuously secure solutions within the CI/CD Pipeline. Address secure infrastructure, validate security, scan open source components for vulnerabilities, and monitor for attacks (bit.ly/2Gmczjg).
• New release deployment: Use deployment rings to pro- gressively expose a new release, and fine-tune releases in production with feature flags (red.ht/2GTsQNC).
The Importance of Package Management
If you’re thinking about ways to deliver more value more quickly to your end users, then you’re probably using packages (such as NuGet, npm and the like). Packages and DevOps have a symbiotic relationship. Package management is focused on delivering addi- tional value through packaged products to the CI/CD pipeline and empowering build and release automation. In VSTS, the Package Management extension is designed to be a seamless part of your DevOps pipeline, making it easier to responsibly use packages from public sources, and faster to create and share packages of your own.
Figure 5 Pipeline View on Visual Studio Team Services 46 msdn magazine
The easiest way to add some Package Management magic to your DevOps pipeline is with upstream sources, which connect your Package Management feed to public sources like nuget.org and npmjs.com. There are a couple big advantages to using packages from these sources through Package Management:
• Every time you use a package, a saved copy is kept in your feed, which means you’re protected from incidents like the left-pad imbroglio (see bit.ly/2pO1Do5), public source outages and whatever else the world may throw at you. All you need to keep your pipeline flowing is your VSTS package feed.
• In your feed, you can see all the saved copies and their provenance, so you can filter and see exactly which packages you’ve used from where.
DevOps isn’t a destination, it’s a journey of continuous, rapid improvement.
Starting with package management takes just two steps. First, install Package Management and create a feed, as shown at bit.ly/ 2GDj5W9. By default, the new feed is automatically set up with upstream sources for nuget.org and npmjs.com. Then, configure Visual Studio (bit.ly/2pR3aZZ) or npm (bit.ly/2J2xVUq) to use your new feed. From there, it’s business as usual. When getting started, you can run a clean build to force your packages to be saved into the feed.
Wrapping Up
Look for the Web version of this article at msdn.com/magazine/mt846654, with additional information and infographics. And expect additional coverage as we explore new and future features. We believe that transparency helps build empathy and trust, and more important, enables you to take incremental steps to adopt products and improve your process. Bookmark our timeline (bit.ly/2uv25fM), watch for future articles, and look for announcements at the upcoming Microsoft Build and Inspire events. At this point, we can mention that we’re working on a few interesting enhancements for DevOps Projects, including expanding Azure VM Resources, adding support for Go and Ruby, and extending support for databases.
Now that we’ve introduced DevOps Projects and covered the magic behind the scenes, you should feel confident exploring ways to enhance your CI/CD pipelines. Remember, DevOps isn’t a destination, it’s a journey of continuous, rapid improvement. n
Willy-Peter Schaub is a program manager in VSTS, working at Microsoft Vancouver in beautiful British Columbia. Since the mid-80s, he’s been striving for simplicity and maintainability in software engineering. You can follow him on LinkedIn at aka.ms/willysli or on Twitter: @wpschaub.
alex MullanS is a program manager in VSTS, making it easier and faster for teams to share and reuse code. You can follow him on Twitter: @alexmullans.
thankS to the following technical experts for reviewing this article: ALM | DevOps Rangers, Gopinath Chigakkagari, Atul Malaviya
Visual Studio Team Services