Source: Enterprise Times
Author: Ian Murphy
CircleCI has released new and updated CircleCI orbs to support developers building apps on Salesforce Apex. It provides developers with Continuous Integration and Continuous Development (CI/CD) practices for building, testing and deploying applications. A recent CircleCI survey on DevOps in Practice (registration required) looked at the benefits to developer productivity of using CI. The survey showed that using CI made developers 80 percent faster and 50 percent more efficient than those not using CI.
It is only two months since CircleCI released the first version of their Salesforce Apex orb. Jim Rose, CEO, CircleCI said: “We’ll advance as fast as required. As people are changing and improving the underlying platform, we can continue to tune and improve the orbs.”
This is not just about focusing on what developers want. Rose is also reacting to the speed of change from Salesforce. “Salesforce is moving incredibly quickly, as well. You have to figure out how to come up with a platform and a set of tools to work in that in that new and changing environment.”
What is in the new CircleCI Salesforce Apex orb?
The primary focus of this new orb is to add automation to the development process. The press release highlights three new sets of functionality:
- Automatically deploy changes to a production application
- Run unit tests against applications and display results in the Salesforce Platform UI
- Build VCS applications on commit and deploy the changes to a Scratch organization
What is surprising about this new functionality is why it wasn’t in the initial release. Automating testing and deployment is what DevOps and CI/CD are all about. Enterprise Times asked Rose where the demand for these updates came from.
Rose replied: “It mostly comes from the user base. As users get more and more comfortable using the Apex platform and using CircleCI as a way of building and testing and deploying those apps, they just demand more functionality. Even outside of Salesforce, we find that that’s a pretty standard evolution for a development team.
“Usually, the first step that a development team takes is around building test automation. Trying to get all the various components in place so that as developers are making changes, they can build and test on a continuous basis. Once you get comfortable with that part of the process, you step into the deployment area.”
It’s all about trust
Rose believes that this is all about trust and confidence. It highlights a challenge that many CI/CD solutions have struggled with. The issue isn’t the technology. It’s getting the operations teams to trust that the tests are effective and the software can be trusted.
Rose continued: “Once you have that confidence, you think why am I holding on to this change? I’ll just continue to push it into the production environment. That’s part of the evolutionary process that a development team goes through.”
That evolution can be hard for enterprise development teams. They have established processes that determine how software is written, tested, approved and signed off for release. According to Rose: “Those pieces are starting to merge. COVID is accelerating that because a lot of those processes were reliant on a lot of manual intervention and a lot of manual work. Teams are being forced to re-evaluate and rethink how they do that in a world where everyone is in a different place.”
How does remote working change this?
The current pandemic has been challenging for software development. As Rose points out, existing manual processes have been exposed by the need for everyone to work remotely. ET asked Rose if CircleCI has added anything to its solutions to make remote working easier for customers.
Rose said: “We haven’t necessarily added anything in specific. The system has always been designed around helping teams that are distributed. Our team has always been distributed from a development perspective. Even before COVID, we ran a fully distributed team on the R&D side.
“Where you have a dedicated fleet, you have to manage that fleet. You have to have a team and resources available to care for that fleet constantly. Sometimes that fleet is available, sometimes it’s behind the firewall, and sometimes that means you need to punch through it using a VPN. There’s a lot of variables and a lot of things that can go wrong in that process.
“One of the benefits from a CircleCI perspective is that we’ve always been multi-tenant and cloud-native at the core. We’ve built the system to be infinitely available with the resources you need, irrespective of the size and the nature of those resources. We’ve always built it to be a system that is available, irrespective of where you are. You can tune it any which way you want from a security perspective.
“It’s designed at its core to allow for that developer who’s not sitting in the office to be able to use the platform in the same way that somebody who’s sitting at their desk on the 50th floor might be doing. We’re deeply integrated into the distributed toolset, version control systems and chat notification systems. Its fungibility and availability that makes it really unique and special in the remote use cases.”
Security teams and DevOps pipelines
There is a lot of talk in the industry about including security teams into the DevOps chain. Some see it as a “nice to have.” What they should be doing is seeing it as a necessity. But how do you include those security teams? How do you get them to build their own pipelines that deal with testing and security?
Rose replied: “We’re always thinking about security as a team and as a user of the system. As more and more teams are trying to shift left, they’re taking more of that security use case and more of that security, scanning and vulnerability scanning and moving it upstream. They are automating it into the CI/CD pipeline.”
The key to making all of this effective is scanning everything from code to containers. It provides trust for the production team to be able to deploy it quickly.
“The journey that we have seen is that security’s a little bit like operations. The security team is moving from being kind of the sole owner of security to the enabling team. They’re making the development teams think through security as part of their development process.
“If you look at what software projects are built, only about 10-20% of the code is custom to the project. The majority of the code at this point is being pulled in through open-source packages through other third-party packages. Teams really need to think through and have visibility into all of those various threats. As I’m pulling in all the software, it’s helping me accelerate my process. But what am I doing from the security perspective, to ensure that I’m not injecting new and different surface area into my application? We’re doing a lot of thinking around that.”
Enterprise Times: What does this mean?
DevOps is about speeding up the cadence of software. One of the benefits of cloud-based software is that users are constantly getting new features updates to the software. When it comes to developers, however, releases are not so frequent and are often just once or twice a year.
CircleCI is looking to break that trend and be more responsive to developer demand. It’s latest Salesforce Apex orb comes just a couple of months after the last release and while not a major update, it does include enhancements and new features. Importantly, it doesn’t require any changes to the way developers work. This, in itself, will be welcomed by developers.
The emphasis on solving the automation into production will also be welcomed by end-users and developers. DevOps has removed lots of blockers from the software lifecycle, but that final step of automated deployment is still a hurdle for many organisations.
It will be interesting to see what CircleCI releases next. Rose talked to Enterprise Times about a wide range of issues, including security. Will we see more emphasis on security and shift left in the next release? Rose also called out the risks from open source. Will that be a focus of the next release, perhaps as an integration into testing solutions from some of its partners?
About the author:
Ian has been a journalist, editor and analyst for over 35 years. While technology remains the core focus of Ian’s writings he also covers science fiction, children toys, field hockey and progressive rock. As an analyst, Ian is the Cyber Security and Infrastructure Practice Leader for Synonym Advisory. A keen hockey goalkeeper, Ian coaches and plays for a number of clubs including Guildford Hockey Club, Alton Hockey Club, Royal Navy, Combined Services, UK Armed Forces and several touring sides. His ambition is to one day represent England. Ian has also been selected to be the goalkeeping coach for Hockey for Heroes, a UK charity supporting the UK Armed Forces.