DevOps in Modern Software Development: 8 New Tips

Let’s go over the definition of DevOps, a short for “Development” and “Operations,” is a set of practices, principles, and cultural philosophies aimed at improving and accelerating the processes of software development, deployment, and operation.

DEVELOPMENT AND OPERATION

It focuses on bridging the gap between development teams: responsible for creating software apps, and operations teams: responsible for deploying and maintaining those apps in production environments.

The goal of DevOps is to create a collaborative and efficient environment where software can be developed, tested, and deployed rapidly and reliably.

In traditional software development approaches, development and operations teams often work separately, leading to communication gaps, slower releases, and potential conflicts.

DevOps aims to overcome these challenges by fostering better communication, collaboration, and automation across the entire software development lifecycle.

• Collaboration

DevOps means and promotes a culture of collaboration between development, operations, and other relevant teams, ensuring everyone is aligned towards common goals.

Let’s delve deeper into the concept…

Collaboration in DevOps:

Collaboration is at the heart of DevOps and is essential for achieving its goals of faster, more reliable software delivery.

It involves breaking down the traditional barriers between development, operations, and other relevant teams, fostering a culture of shared responsibility and communication.

1. Cross-Functional Teams: it encourages the formation of cross-functional teams that consist of members, such as developers, operations engineers, testers, security experts, and business stakeholders.

These teams work together from the beginning of a project to its deployment and maintenance, ensuring that everyone’s expertise is leveraged throughout the entire process.

2. Shared Goals: Collaboration is driven by shared goals. Instead of working in isolation with their own objectives, teams collaborate to achieve a common objective: valuable software to end-users.

This shared goal minimizes conflicts and aligns efforts towards a unified purpose.

3. Open Communication: Transparent and open communication is key.

Teams hold regular meetings, discussions, and knowledge-sharing sessions to ensure that information flows freely.

This prevents misunderstandings, encourages the sharing of ideas, and promotes a culture of continuous improvement.

4. Breaking Silos: DevOps aims to break down the silos that often exist between development and operations teams.

By promoting cross-functional collaboration, teams can address issues holistically and make informed decisions that benefit the entire software delivery process.

5. Early Involvement: Operations teams are involved early in the development process, often during design and planning phases.

This ensures that infrastructure requirements, security considerations, and deployment strategies are considered from the outset.

6. Automating Communication: Automated tools and processes can facilitate collaboration.

Chat platforms, issue tracking systems, and version control repositories provide a central location for teams to discuss, track, and document work.

7. Learning from Feedback: Feedback loops are an integral part of DevOps collaboration.

Teams continuously gather feedback from users, monitoring systems, and incident reports. This feedback informs improvements in the software and processes.

8. Continuous Improvement: Collaboration leads to a culture of continuous improvement.

Teams work together to identify bottlenecks, inefficiencies, and areas for enhancement. This iterative approach drives innovation and ensures that the software delivery pipeline evolves over time.

• Automation:

Devops automation involves automating repetitive tasks, such as testing, building, and deployment, to reduce errors and accelerate the release process.

1. Continuous Integration (CI): involves automatically integrating code changes into a shared repository multiple times a day.

Automated build and test processes are triggered with each code commit, ensuring that new code doesn’t break existing functionality and reducing integration issues.

2. Continuous Deployment (CD): CD takes CI a step further by automatically deploying code changes to production or staging environments after passing automated tests.

This minimizes manual intervention and speeds up the release process.

3. Infrastructure as Code (IaC): IaC is the practice of managing and provisioning infrastructure using code and automation tools.

This eliminates manual configuration of servers, networks, and other infrastructure components, reducing errors and ensuring consistency.

4. Automated Testing: Automation is used to conduct various types of tests, such as unit tests, integration tests, and regression tests.

Automated testing helps identify bugs and issues early in the development process, improving software quality.

5. Configuration Management: Automated configuration management tools enable teams to define and manage the state of servers and applications.

Changes can be made through code, ensuring that configurations are consistent across environments.

6. Deployment Pipelines: Deployment pipelines automate the stages of code delivery, from code commit to production deployment.

This includes building, testing, deploying, and monitoring, all with minimal human intervention.

7. Monitoring and Alerting: Automated monitoring tools track the performance and health of applications and infrastructure.

When issues arise, automated alerts notify teams, enabling them to respond quickly.

8. Version Control: Version control systems automate the management of code changes, making it easy to track, collaborate on, and revert changes as needed.

9. Release Orchestration: Automated release orchestration tools help coordinate and manage complex release processes, involving multiple components and environments.

10. Security Compliance: Automation can ensure that security practices and compliance requirements are consistently applied throughout the development process.

11. Recovery and Rollback: Automated backup and recovery processes ensure that systems can be restored quickly in case of failures. Automated rollback mechanisms revert to a previous version of the application if issues arise.

12. Efficiency and Consistency: Automation reduces human error, speeds up processes, and ensures consistency across environments, leading to more reliable and predictable software releases.

• Continuous Integration and Continuous Deployment (CI/CD)

CI/CD pipelines are used to automatically build, test, and deploy code changes to production environments in a consistent and repeatable manner.

Do you want a team who handles CI/CD like experts? Reach out!

• Infrastructure as Code (IaC)

Treating infrastructure as code allows teams to provision and manage infrastructure using code and automation tools, leading to more reliable and scalable environments.

GitOps and Infrastructure as Code (IaC). With IaC tools like Terraform and Ansible, entire infrastructures can be defined and version-controlled, enabling consistent environments.

On a different hand, Artificial Intelligence and Machine Learning are being leveraged to optimize CI/CD pipelines and automate decision-making processes.

AI-powered tools can analyze historical data, predict potential issues, and optimize build and deployment processes for efficiency and reliability.

Serverless architectures, such as AWS Lambda or Google Cloud Functions allow you to run processes without managing server infrastructure, leading to cost savings and improved scalability.

Increasingly emphasizing “shift-left” testing and security practices, where testing and security checks are integrated earlier in the development process.

Organizations are adopting multi-cloud strategies to avoid vendor lock-in and improve resiliency. CI/CD Pipelines are evolving to support deployment across multiple cloud providers.

Feature toggles and canary deployments are gaining popularity to enable safer and more controlled releases.

They allow features to be rolled out to a subset of users for testing before deployment.

• Monitoring and Feedback

DevOps emphasizes real-time monitoring of applications and infrastructure, allowing teams to detect issues early and respond quickly. Feedback loops ensure continuous improvement.

Following agile methodologies works well to develop in these work environments.

• Microservices

DevOps aligns well with microservices architecture, where applications are broken down into smaller, independent components that can be developed, tested, and deployed separately.

She presents an example of two microservices which are used of user management and also, to take care of users expenses. 

npm install express cors nodemon uuid

const express = require('express');
const cors = require("cors");

const router = require('./router');

const app = express();

app.use(express.json());
app.use(router);
app.use(
 cors({
  origin: '*',
 })
);

const port = process.env.PORT || 3002;

app.listen(port, () => {
 console.log(`Listening to port http://localhost:${port}`);
});

const uuid = require("uuid");

const users = [];
// Example UserDto 
const userExample = {
 name: "Test",
 email: "test@mail.com"
}

module.exports.register = async (req, res) => {
 const userDto = req.body;
 const id = uuid.v4();
 const userToAdd = { ...userDto, id };
 users.push(userToAdd);
 res.status(201).send({ user: userToAdd });
};

module.exports.getUsers = async (req, res) => {
 res.status(200).send({ users });
};

module.exports.getUserById = async (req, res) => {
 const user = users.find((user) => user.id === req.params.id);
 if (!user) return res.status(404).send({ message: "User not found" });
 res.status(200).send({ user });
};

const express = require("express");

const controller = require("./controller")

const router = new express.Router();

router.post('/users', controller.register);
router.get('/users', controller.getUsers);
// endpoint accessed by expenses-manager
router.get('/users/:id', controller.getUserById);

module.exports = router;

npm install express axios nodemon uuid

const express = require('express');
const router = require('./router');

const app = express();

app.use(express.json());
app.use(router);

const port = process.env.PORT || 3001;

app.listen(port, () => {
 console.log(`Listening to port http://localhost:${port}`);
});

const uuid = require("uuid");

const usersService = require("./user-service");

const expenses = [];
// Example ExpenseDto 
const expenseExample = {
 amount: 50,
 category: "Food",
 createdBy: "7185abd9-da46-4be3-8e65-e4df2e80089e",
 date: "2021-09-01T00:00:00.000Z",
};
module.exports.create = async (req, res) => {
 const expenseDto = req.body;
 const id = uuid.v4();
 const expenseToAdd = { ...expenseDto, id };
 expenses.push(expenseToAdd);
 res.status(201).send({ expense: expenseToAdd });
};

module.exports.get = async (req, res) => {
  const expensesDto = await Promise.all(
    expenses.map(async (expense) => ({
    ...expense,
   createdBy: await usersService.getUserById({ id: expense.createdBy }),
  }))
 );
 res.status(200).send({ expenses: expensesDto });
};

module.exports.getById = async (req, res) => {
 const expense = expenses.find((expense) => expense.id === req.params.id);
 if (!expense) return res.status(404).send({ message: "Expense not found" });
 const user = await usersService.getUserById({ id: expense?.createdBy });
 res.status(200).send({ ...expense, createdBy: user });
};

const express = require('express');

const expenseController = require('./controller');

const router = new express.Router();

router.post('/expenses', expenseController.create);
router.get('/expenses', expenseController.get);
router.get('/expenses/:id', expenseController.getById);

module.exports = router;

const axios = require("axios");

const HOST = {
   Host: process.env.USERS_API_BASE_URL || "http://localhost:3002",
};

const api = axios.create({
  baseURL: HOST.Host,
});

module.exports.getUserById = async ({ id }) => {
  return api
    .get(`users/${id}`)
    .then(({ data }) => {
       return data.user;
    })
    .catch(({ response }) => {
       console.log("Error: ", response);
    });
};

Improving Development Efficiency with Microservices

Latest framework and toolkits updates have surpassed expectations. Allowing developers not to write as much code as they needed before. Some examples:

• Next.js: build your entire web app in one framework and get SSR out of the box.
• Using tRPC, don’t need to worry about defining the API either in RESTful or GraqphQL. You really have exactly the same experience of calling the local function when actually initialing the API call.
• Using Prisma, focus on building the application logic instead of dealing with database queries and migrations.

Trust our team!

• Cultural Shift

DevOps requires a cultural shift that promotes open communication, accountability, and a willingness to embrace change.

Let’s break down what each aspect means:

1. Accountability: DevOps emphasizes shared responsibility and accountability. Team members take ownership of the entire software delivery lifecycle, rather than just their specific tasks.

This culture of accountability ensures that everyone is invested in the success of the product and its smooth operation in production.

Willingness to Embrace Change: DevOps encourages teams to be adaptable and open to change. As new tools, technologies, and practices emerge, teams should be willing to experiment and incorporate what works best for them.

This flexibility allows organizations to stay competitive in a rapidly evolving technological landscape.

Breaking Down Silos: The cultural shift in DevOps breaks down the traditional barriers between different teams.

Instead of “us vs. them” mentalities, there is a shared sense of purpose, where everyone is working towards the same objectives.

Feedback and Learning: A culture of continuous improvement is fostered, where teams embrace feedback and use it to enhance their processes.

Learning from failures and successes alike becomes a natural part of the organization’s culture.

Risk-Taking and Experimentation: A willingness to embrace change also involves being open to taking calculated risks and experimenting with new approaches.

This helps the organization innovate and discover better ways of delivering software.

DevOps integrates security practices into the development and deployment process, ensuring that security is not compromised in pursuit of speed.

Guarding Against SQL Injection Attacks:

Here are some essential measures to implement and guard against SQL injection attacks:

• Parameterized Queries [Prepared Statements]:

Use PQ or PS with bound parameters instead of dynamically assembling SQL queries with user input.

Suppose a simple web application that takes user input for a username and retrieves information from the database based on that input.

Without parameterized queries, the code might look like this:

import mysql.connector

# Assume the connection details are properly configured
conn = mysql.connector.connect(user='your_username', password='your_password', host='localhost', database='your_database')
cursor = conn.cursor()

# User input from the web form (without proper validation)
user_input = "John'; DROP TABLE users;--"

# Construct the SQL query (vulnerable to SQL injection)
query = f"SELECT * FROM users WHERE username = '{user_input}'"

# Execute the query
cursor.execute(query)

# Fetch and process the results
results = cursor.fetchall()
  for row in results:
     print(row)

# Close the cursor and connection
cursor.close()
conn.close()

In this example, the application directly inserts the user input user_input into the SQL query.

If an attacker provides a malicious input like John'; DROP TABLE users;--, the resulting query becomes vulnerable to SQL injection and could lead to the deletion of the users table.

Now, let’s see how to use a parameterized query to prevent SQL injection:

import mysql.connector

# Assume the connection details are properly configured
conn = mysql.connector.connect(user='your_username', password='your_password', host='localhost', database='your_database')
cursor = conn.cursor()

# User input from the web form (without proper validation)
user_input = "John'; DROP TABLE users;--"

# Parameterized SQL query
query = "SELECT * FROM users WHERE username = %s"

# Execute the query with the user input as a parameter
cursor.execute(query, (user_input,))

# Fetch and process the results
results = cursor.fetchall()
  for row in results:
    print(row)

# Close the cursor and connection
cursor.close()
conn.close()

In this revised example, we use a parameterized query by replacing the user input with %s as a placeholder.

The actual value of user_input is passed as a separate parameter in the execute() method.

The database connector handles the parameterization, ensuring that the user input is treated as data and not executable SQL code.

As a result, even if the user input contains malicious content, it will not be executed as part of the SQL query, mitigating the risk of SQL injection.

Overall, when it comes to the meaning of DevOps; it seeks to deliver software faster, with higher quality, and improved stability.

It’s a response to the challenges posed by the fast-paced nature of modern software development, where businesses need to innovate and release software to stay competitive.

Let’s get visual

Rounding up on DevOps!

The importance of DevOps lies in painstakingly and sensitively choosing the best possible methodology to work collaboratively. Mind the team and the culture! 

It’s crucial for developers and organizations to stay up-to-date with latest frameworks and be part of a robust community. People have something to teach.

There’s a reason why this is a trend! 

Stay tuned, and don’t forget to check out our other posts for more insights on code improvement and tips!