Steady Integration/Steady Supply (CI/CD) software program – which means options that groups use to construct, check and deploy purposes – has come a great distance over the previous decade. Whereas organizations as soon as cobbled collectively CI/CD pipelines utilizing disparate open supply instruments, they now have a plethora of end-to-end, vendor-supported enterprise CI/CD platforms that they will use as a substitute. As a result of these options provide all the things groups have to ship software program, they’re less complicated to deploy and handle.
But, whereas there are clear advantages to adopting an enterprise CI/CD platform, migrating to 1 might be troublesome. It poses various challenges, reminiscent of the danger of CI/CD pipeline downtime and safety and compliance challenges.
That’s why companies migrating to newer CI/CD options ought to method the method with an in depth, step-by-step plan. Right here’s a have a look at the challenges to navigate, together with recommendations on how you can make CI/CD migration as easy as potential.
To floor the dialogue, I’ll give attention to migrating to GitHub Enterprise, a CI/CD platform from GitHub, the software program growth platform now owned by Microsoft. GitHub Enterprise is the choice that I’m seeing increasingly companies select in my work serving to firms to modernize their IT and software program supply practices.
Challenges to GitHub Enterprise migration
As a complete CI/CD platform that’s obtainable as a totally hosted answer, GitHub Enterprise is comparatively simple to make use of when you’ve migrated to it. The problem, although, is getting your code into the platform, together with making the method adjustments needed to start utilizing the answer rather than a legacy CI/CD suite.
Particularly, count on to face challenges that embody:
- Software supply delays: A drawn-out, time-consuming migration course of interprets to downtime for CI/CD operations – which signifies that your builders received’t have the ability to push out utility updates. This may finally hurt the enterprise as a result of customers aren’t receiving function enhancements whereas your CI/CD pipelines are in transition.
- Efficiency dangers: Failure to decide on the precise GitHub Enterprise deployment technique, and to configure the answer in an optimum manner, might decelerate CI/CD efficiency and scale back developer productiveness attributable to points like inadequate infrastructure assets for constructing and testing purposes.
- Coaching necessities: Expert software program builders can sometimes study to make use of a brand new CI/CD platform simply sufficient, however there’s nonetheless an upskilling requirement. It’s necessary to not overlook the necessity to present builders with time to study GitHub Enterprise (or whichever answer you’re migrating to).
- Safety and compliance: To mitigate dangers just like the injection of malicious code into your purposes, it’s vital to implement entry controls through the migration course of that stop unauthorized customers from accessing the brand new CI/CD platform.
Greatest practices for a easy GitHub Enterprise migration
The excellent news is that with the precise method, migrating to GitHub Enterprise or an analogous CI/CD platform doesn’t should be risk-prone. The next finest practices will help to streamline the method.
1. Select the precise internet hosting choice
Like many CI/CD platforms, GitHub Enterprise is offered in two primary kinds: A completely managed, cloud-based choice and a model that customers can set up and handle utilizing their very own infrastructure.
Generally, the absolutely managed answer tends to be the higher selection as a result of it considerably reduces setup and upkeep effort on the a part of customers. Nevertheless, the self-hosted choice could also be higher for organizations that want larger management over their CI/CD atmosphere. This tends to be very true for companies in verticals like finance and insurance coverage, the place safety and compliance mandates could also be simpler to fulfill when the group runs CI/CD software program by itself infrastructure (and subsequently has larger management over how delicate information is managed and secured).
2. Configured granular entry insurance policies
Like most fashionable CI/CD suites, GitHub Enterprise supplies entry management options that companies can use to find out who can do what inside CI/CD instruments. For instance, you can provide some builders read-only entry to supply code, whereas permitting others to switch it. GitHub Enterprise additionally helps environment-based entry settings, which means you possibly can configure completely different ranges of entry for a similar customers throughout dev/check and manufacturing environments.
As a finest apply, benefit from these granular entry management choices by assigning completely different entry rights to every group that makes use of your CI/CD platform. For instance, you might need an admin group whose privileges prolong to altering the configuration of GitHub Enterprise, whereas one other group that merely makes use of the platform has a lesser stage of entry.
3. Use OpenID Connect with combine with cloud environments
GitHub Enterprise gives an id administration choice that leverages OpenID Join (OIDC) to combine with third-party cloud environments.
If you benefit from this function, you possibly can mechanically run workflows (like utility builds) on public cloud infrastructure with out having to retailer cloud entry credentials as long-lived GitHub secrets and techniques, which presents a considerable safety danger. As well as, this method mechanically creates a log of GitHub workflows and motion executions, which you should utilize for audit and monitoring functions.
4. Leverage single sign-on
One other approach to streamline the migration into GitHub Enterprise is to combine the platform with whichever single sign-on (SSO) supplier (like Microsoft Entra or Energetic Listing) your online business already makes use of. Ideally, you’ll additionally allow multi-factor authentication (MFA) by your SSO answer so as to add one other layer of safety.
This method eliminates the necessity to handle GitHub Enterprise entry credentials individually out of your present accounts. It additionally reduces the burden positioned in your IT group through the migration as a result of as a substitute of getting to “reinvent the wheel,” they will merely use a sign-on answer that already exists.
5. Doc frequent duties
To ease the educational curve for builders as they migrate to GitHub Enterprise, doc frequent duties – reminiscent of how you can migrate code from native repositories or one other CI/CD platform into GitHub Enterprise.
That is one other tactic that eliminates the necessity on your group to reinvent the wheel repeatedly; as a substitute of forcing every engineer to determine how you can migrate on their very own, everybody can observe a prescribed plan.
6. Publish workflow patterns
Going a step additional, contemplate as effectively publishing detailed steps on how you can use key options in GitHub Enterprise which might be more likely to be necessary for your entire groups. For instance, you possibly can element how you can create pull requests or construct Docker photos within the platform, or how you can execute Infrastructure-as-Code (IaC) deployments.
Right here once more, this technique reduces the educational curve and helps get your group up and working on the brand new platform as shortly as potential.
7. Automate frequent workflows utilizing GitHub Actions
Going even additional, you possibly can create absolutely automated workflows for frequent duties utilizing GitHub Actions, a function that allows you to set off automated operations throughout varied elements of your CI/CD pipeline. As an example, you possibly can mechanically set off an utility construct after code has been checked in, or mechanically start testing after the construct is full.
Extremely advanced workflows which will differ between tasks or groups usually are not nice candidates for the sort of automation, however core routines might be absolutely automated, making it even simpler on your group to start utilizing the brand new platform.
