At least you can never say Release Management is boring! Wherever we turn today someone is ready to deliver an absolute truth about the subject. The reality is that Release Management cannot be defined in general terms; it cannot be bounded, except by actual practitioners. There is no hard-and-fast rule about any aspect of it. Yet we are all bombarded with strictures commanding us to do, or be, some idealized version of a Release Manager.
Here are my top ten myths (five this week, five next week) that I seem to spend most of my time debunking these days.
Myth 10: One process fits all – wrong!
“We need one process for all release management!” is the guiding principle of so many organizations that are trying to implement a modern release management infrastructure. The reality is that there needs to be many processes:
- One main, high-level process that defines the major milestones (perhaps) that we measure our progress against, the “macro milestone” process.
- And many minor processes that accommodate the various factors that guide each development team such as its technology, time-to-market pressures, risk aversion, development methodology and project complexity, the “micro milestone” processes.
- And let’s not forget we need an emergency process for those patches that have to be fast-tracked through the system.
Myth 9: You need one repository – wrong!
Apart from the sheer impracticality of the statement, anyone who suggests that you can only do release management if there is one repository is just not trying hard enough. Of course, having one repository is easy to say – it’s just not easy to do. Migrating all your code from the developer’s repository of choice is error-prone and usually results in unwanted compromises over things like how many revisions can be kept. Retraining the team is expensive and re-tooling the team can be prohibitively costly. What you do need is the ability to coordinate the activities of the teams, irrespective of the repository they use. You need to be able to move the code from their repository to the test areas repeatedly and automatically and safely deploy to production. You don’t need to disrupt your development organization and spend money on solutions they will resent using.
Myth 8: You need one solution from one vendor – wrong!
No one vendor has the best-in-class solution for all of your release management needs. Who has the best repository technology, the best parallel development capabilities, or the best support for Agile or DevOps? These will always be a matter for conjecture and disagreement, of taste and negotiating skills. The point is that an organization needs to select the best tool for the job and needs to make sure all vendors’ tools work together. But beware; vendor-created, point-to-point, integrations are fragile. Ensure your vendor is exposing their API’s through web-services and that their integrations support your process, not their own.
Myth 7: Project status meetings are essential – wrong!
Project meetings are a monstrous waste of time and resources. One customer describes the weekly release meeting as their “million dollar meeting” as it requires 70 members of staff, including several very senior members, to be in attendance for more than 4 hours. Each person gets to speak but it is often little more than “I’m good.” Imagine the time and money that can be saved by eliminating meetings alone through the use of a good process-centric workflow tool that guides everyone on the team through their part of the overall process. Status meetings can now become about exceptions and only involve the stakeholders who are impacted by those exceptions. So, when you get a meeting invitation, we encourage you to just say ‘Decline.’
Myth 6: Release management is just about deploying the code – wrong!
Well, actually, that is called “deployment.” Release management has many definitions with regards to the scope of the lifecycle that it covers. One useful definition says that release management begins when the release is given a name and ends when the name is no longer used. For example “the fall marketing release” might start in planning long before any code is checked out or worked upon. Nonetheless, it now needs to be tracked, deployment windows identified in the calendar, the resources applied and so on. Whatever your definition of release management, your infrastructure should support your lifecycle from when you define the start point to where you define the end point. Don’t be sucked into some vendor’s definition.
Myth 5: Not every change needs to go through the release management process – wrong!
Every change needs to go through some process of verification (testing) and approval. However, it doesn’t necessarily mean that every change goes through the same process. Emergency fixes need a fast-track process with minimal stage gates and approvals. Major releases need more rigorous processes and complete stage gates.
Myth 4: A release management infrastructure will slow down my project – wrong!
Imagine if there were no air traffic controllers (ATC’s): would the free-for-all that ensues be good for on-time departures and arrivals, would it be safe, would stakeholders be happier, would it be quicker? Of course not. In fact, the point of ATC is to improve the throughput of flights to maximize the use of the runways. The same is true of release management. Without the infrastructure in place, you will never be able to deal with the volume of changes, the complexity of the dependencies between releases and the competing needs of the many stakeholders. With the right release management solution, you can increase the number of releases you deploy, improve control and governance, eliminate errors and downtime and do it with fewer resources.
Myth 3: We cannot make our releases any smaller – wrong!
A major reason why release management has become more complex is because the size of the releases has increased to a point now where they are often bigger than the original system they are based upon. This size means that the releases are very difficult to test and the inter-dependencies of other changes in other projects in the release make it nearly impossible to have any confidence in the testing outcome. Many organizations are taking a leaf from the Agile-playbook and moving to smaller, incremental releases more often. By breaking the release into dependent and non-dependent changes, it improves the testability of the code and the deployment is no longer held up waiting for other changes. Also, moving to thematic releases, keeping the changes to a small area of the code base, improves the ability to test and deploy with confidence.
But many more releases cannot be achieved without automated infrastructure in place. One release manager told me that they were moving from 4 releases per year to 3 releases per year because “it is taking too long to test and deploy.” When I asked the business what they wanted, they told me “more stuff sooner.” The answer is not bigger releases less frequently; it is smaller releases more often. And that is only possible through automating release management processes.
Myth 2: The business wants us to change things less frequently – wrong!
No they don’t. What they want is that the changes are deployed more successfully. Think about your smart phone: you get updates every day; you have become the release manager on your own device. You now update without caring because you know the changes are small, unlikely to disrupt the functioning of your device and are, in short, safe. We need to get the business to have that same confidence in our releases. Small changes more frequently are easy for users to absorb, have a smaller impact, require little (if any) training, are easier to test and, generally, low risk. The business gets to prioritize the changes they want and constantly adjust those priorities almost up to the point we put things into production.
Myth 1: Developers won’t accept not having access to production– wrong!
With the requirement for the “separation of duties” now being the law, the very idea of anyone having access to the production area seems very 20th century. Still, in many organizations, for whatever historic reasons, many people have access to the production areas and they use this privilege wisely and carefully. But the time for this has to stop! Now! As we have seen, the addition of a layer of process automation improves the speed of the release process and improves the audit trail. In an emergency outage situation, the first question anyone asks is “what changed?” Unapproved changes, even those with the best of intentions, are often undocumented changes. Even if they are not the cause of the outage, the inconsistencies they represent hinder and delay the analysis and remediation of the problem. If someone needs access, then ensure there is a process to let them have it, with appropriate approvals and a mechanism to withdraw it when the need has gone away.
I hope you have enjoyed some of these thoughts. Please share your own debunking examples of the “rules” of release management.