software build processes and git
TRANSCRIPT
Build Audit and Processes
A line of sight from DEV to PROD
Alec Clews
http://alecthegeek.wordpress.com/http://twitter.com/alecthegeekhttp://github.com/alecthegeek
Voga Consultinghttp://voga.com.au/
Licensed under Creative Commons Attribution-Share Alike 2.5 Australia License
Summary
Build software in an audited and managed environment as part of Configuration Management (CM)
Using Open Source Tools (Make and Git) as a framework for a controlled build process
Agenda
The different types of build and the place of the system build
Auditing and logging requirements for system build
Implementing a CM System Build FrameworkThe Makefile
The Driver script
The output
Motivation
This paper takes a commercial view on the process of software change management
Desire to provide a business value quickly
Communicate effectively between team members
Reduce the amount of unsatisfying project workrework, report writing,etc...
The Change Lifecyle
Document and agree the change
Implement the change (hack the code and desktop build/testing)
Integration build and unit test
System Build in a controlled environment
System Testing (or UAT, or beta, or ...)
Release for distribution or production
Continuous Integration vs. System Builds
Continuous Integration (c.f. Martin Fowler)Builds rapidly and frequently
Runs unit tests
Sets up for unit testing framework
Happens automagically
May only build small pieces
May include code instrumentation and additional debugging options
System Builds
Build for production, or pre-production Compiler optimisation, different configurations etc.
Runs on a different schedule
Needs documentation
May have large scope
How might the system build be done?
Fetch the sources and build them
Ask the developer for already built software!
Issues with these approaches. How can we answer such questions as?Which source versions were used
Under what configuration was this built?Compiler switches, which libraries and tools (the build configuration)
Can we re-create the build?
re-create the build is a myth
After problems often asked to re-create the environment for forensic testing
But if we re-run the build process that does not assure that we will get the same resultVersion No, dates and time change: trivial difference masks possibly other major changes in our files
We usually don't have a record of the previous build configuration and can't re-create it anyway
Result: we can't reliably get the same result twice
Consistent Build Process
It is possible to define a consistent build process by using tools such as Make, Ant or CONS and some additional scaffolding
Must be done in a controlled environment
Must be done with pre-defined scripts and documented process
Scripts should be under version control
A record should be keep of all system builds
Baseline build results
Use the consistent process
After the system build save the build directory tree (source code, makefiles, build log, built files) into an archive (consider burning a CD)This is our built baseline. We can always take this off the shelf and see what software we used to re-create the build.
However it's often hard to identify source versions and what build environment was used
Manage Build Environments
Consider building on virtual hosts
The host image can be archived as changes are made
There is a better way
As we build new files identifySource files and their version
Tools and their settings
Configuration used (platforms, packages etc.)
At the completion of a successful build we can preserve the outputs in Version ControlIncluding a complete audit trail of the environment, the build log and the input files
The result
In our version control system we have a complete audit trail of each system build
We can extract our built files at any time now we can re-create the build just by fetching files from version control
If our change ticket system is integrated into version control we can identify which changes when into a build
Why do we want to do this
We want to close the change management loopA Line of sight from change request to deployment
Improved complianceN.B. May be a legal requirement to keep the external auditors happy. Sometimes process auditors can shut down the business!
Our KPI may depend on SLAs and process outcomes
Outcomes
Better forensics what is really running in production?
Solid documentation
Reduced rework
Example Implementation
There are a variety of ways to this
Following example usesA simple C project (5 source files)
Make
Git distributed version control tool
Commercial products also available.e.g. Atlassian Bamboo, Electric Cloud
Git
Now a major player in Version Control market
Baselines are created using tags. A tag is a label attached to a commit
Some concepts and words
Build Tags. Tags created for each build we perform. c.f. Build Baseline
A Build Configuration. Documentation of the environment in which the build is being done (e.g. Platform, compiler, library versions...)
The Makefile
To create the audit trail we must know ALL dependenciesi.e. All the source files used to build a target file
Peter Miller already did the hard work for meHis paper explains an effective way to implement makefiles with a complete dynamic dependencies
A side affect is that your makefile is more efficient!
Dependencies in C
A list of input files that an output file depends on. e.g.a.o: a.c.a.h b.h
main: main.o a.o b.o
Dependencies can change any time we edit the source code, including editing any header files
We must re-calculate the dependencies at make time if the source files or header files change
Dynamic dependency
# Generate a dependency file
$(DEP_DIR)/%.d: $(SRC_DIR)/%.c$(CC) $(CFLAGS) -MM -MG -MT $(OBJ_DIR)/$*.o -MT \
$(DEP_DIR)/$*.d -MF $@ $ b/$(@F).bfl echo $(CC) $(CFLAGS) | \git hash-object --stdin >> b/$(@F).bfl echo "BLD_ENV: $(BUILDCONFIG)" >> b/$(@F).bfl for i in $^ $(MAKEFILE_LIST); do \ echo -n "$$i:" >> b/$(@F).bfl \ git hash-object $$i >> b/$(@F).bfl \done
Example BFL
BLD_FLAGS [cc -ansi] \ a275bd53898b96ff56682992cfef600c8d9172b6BLD_ENV 8b137891791fe96927ad78e64b0aad7bded08bdcsrc/a.c fbb2a1faee180bd3c81d6d00bb39d1bb68b51725h/a.h 8ed2304c36b99ef1fd9a1f22a41ee2afe4eb995emakefile 34e0b0adb203123c8ebfdf2c4fb059ff0c942e27d/main.d 3045b0da533f900bf1ab044de22725475d4d171cd/a.d 8bbf937c5cc911242a3b3fdc531c5d1a5cf7f37cd/b.d bba81a7805d40e267b139a01f69c15c676d0a82d
Storing the target & BFL
Every time we commit a new built target to the repositoryAdd the BFL to the repository
Add the new target to the repository
git add b/$(@F).bflgit add $(@)
Driver script sets up
Build ID derived from sha1 + timestamp
The Build Configuration. A simple string representing the build environment
host name of build machine usually not important unless problem
DEMO
Further work
Better Error Checking!!
Save and re-use built intermediate files(but see constraints later)
Update tickets with Fixed In Build information
Further work contd.
Integrate with meta make toolse.g. cmake, autoconf/automake, ...
Automate the production of release notes and other reports from the BFL and other version control information
How to re-use targets in later Builds
Validate sha1 values on source files on original BFL against source files in Build areas must match
Check build configuration for target on build tag against current environment must match
Check command line switches must match
We don't care about dates and time
Outstanding Questions
Does this scale?More complex directory structures
Multiple languages (e.g. grammar files & assembler)
What about languages and tools with hard to calculate dependencies (e.g. Java, code generators,...)
Outstanding Questions contd
Which other version control tools workSVN version implemented in 2006
Will this work across platformsdifferences in tools
problems because text files change? (tool dependent)
....
Further reading
Example scripts written for this paper
http://github.com/alecthegeek/gitbuildingRecursive Make Considered Harmful by Peter Miller http://www.canb.auug.org.au/~millerp/rmch/recu-make-cons-harm.html
Continuous Integration by Martin Fowler http://www.martinfowler.com/articles/continuousIntegration.html
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level