• Reviewed

    • Release Management v20230706

    Owned by Kristof Muhi Goose
    Jul 06, 2023
    3 min read

    In our commitment to provide exceptional services for the Atlassian Marketplace here you can find our comprehensive release management process.


    We understand that the complexity of software delivery requires a robust strategy, one that ensures each code change is smoothly transitioned from development through to deployment while maintaining high-quality standards.

    As developers of secure applications, we leverage advanced tools such as GitHub and AWS, ensuring our operations are seamless, agile, and efficient. You can find all of our applications opensourced, our review/deployment/release processes under our github organization: https://github.com/organizations/goose-wrappers/

    We leverage GitHub Actions for continuous integration and delivery, automating our workflows for optimal efficiency.

    Every code change undergoes rigorous scrutiny and testing before it reaches the production environment, and even then, we maintain a keen eye on performance to quickly identify and address any unexpected issues.

     

    In detail how this looks like:

    1. Development and Code Review Process

    The initial phase of our release management process revolves around:

    • the development of new features

    • enhancements,

    • bug fixes.

    • Vulnerability, security issue fixes

    We utilize a dedicated GitHub feature branches to work on each task individually.

    Once a developer feels a task is complete, they create a Pull Request (PR), which triggers a peer review process.
    This is where other members on the team can review the changes, providing valuable feedback and suggestions. If any issues are found during this review, they're discussed and corrected before the code is merged into the main branch.

    In our code review process, we adopt a security-first mindset, scrutinizing each change for not just its functionality, but potential security vulnerabilities, and enforcing secure coding practices. This rigorous approach serves as a crucial defense layer, helping us maintain the highest security standards while building robust and reliable software.

     

    Open sourcing

    Embracing an open-source first mindset, we leverage the collective intelligence of the developer community to enhance our security posture, and give back to the community we all rely on.

    This approach not only fosters innovation and transparency but also aids in proactive identification and remediation of vulnerabilities, aligning with the high standards set by Atlassian.

    Our resources can be found here https://github.com/goose-wrappers

    2. Automated Testing and Integration

    After the code review is complete and changes are merged into the main branch, automated tests are triggered via GitHub Actions. This includes unit tests, integration tests, and any other tests defined in the workflow, ensuring the new changes do not break existing functionality or cause unexpected issues. Additionally, continuous integration practices help in catching issues early and ensuring that the main branch is always in a deployable state.

    3. Staging Deployment and Testing

    Once all tests have passed successfully in the GitHub Actions workflow, the changes are then automatically deployed to a our staging environment, and in a separate Atlassian instance called frozengoose.atlassian.net.
    This environment mirrors our production setup and provides a final, comprehensive testing phase.
    Manual tests and automated end-to-end tests are performed to verify functionality and performance.
    Any bugs or issues identified in this phase are reported back to the development team for resolution.

    4. Release Preparation and Production deployment

    Once we're satisfied with the stability of the software in the staging environment, we move towards preparing for an automatic release.
    This involves merging the Feature/Bugfix branch to our main branch, that will trigger automated checks and deployment to our production environment using GitHub Actions. Example:
    https://github.com/goose-wrappers/better-goals/actions/runs/5163360726

    5. Post-Release Monitoring

    The final phase is deploying the new release to the production environment.
    After the deployment, we actively monitor the system using AWS's monitoring tools and application performance monitoring solutions. This enables us to quickly identify and respond to any unexpected issues that might occur after the release. Additionally, we collect feedback from end-users and stakeholders, which helps us in the continual refinement and enhancement of our software.