Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Release Group / 8 Apr 2020
GitLab / Release Group / 8 Apr 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Release Management - April 2020 - Release Evidence Category Review

Description

Here is an overview of the Release Evidence features and an example of how a user is leveraging the JSON files in an audit.

https://about.gitlab.com/direction/release/release_evidence/

A

Hey Jackie Michelle here with release management over here at get lab. I'm gonna talk a little bit about our release. Evidence category direction today, first does introduction. Release evidence is within the stage of release management, which is very focused on delivering a very mature experience for orchestrating releases within get lab. A component of that is successfully managing environments and deployments with our tools, as well as secrets, management and even deploying to our pages release. Evidence is very focused on the auditor and compliance personas within release orchestration.

A

So when we think about the different phases of a software development, an auditor may come in and ask for an artifact that shows all the changes that have occurred in your software, who made those changes and when those changes were made, we've built release evidence as a tool that captures a snapshot of the release, object based off of the associations to a milestone. The milestones that are contained within an issue are also linked within evidence and then there's a commit sha that can be verified.

A

Nothing has been tampered with as a part of this auditing and compliance story. When we look at the future of release, evidence we're very focused on expanding the information that is contained in the current JSON file today. So we have the base attributes of name project milestone, but we're looking to expand that reach into test results, scan results, merge requests who made those changes were the changes that were merged had an approver on it.

A

That was different than the person who actually created the change and then, of course, we want the logging of all of this release, evidence to make sure that we are tracking those changes over time when we consider what our competitors are doing in this space release, evidence is primarily a stitch together process, so our end goal is to deliver the single stop shop place where people can go and access all of the changes of a version over a period of time and easily compare them so that they can sample those changes and make sure they're following regulations.

A

Let's go ahead and review. What were the live? What we've delivered today and where we're going to go so today, release evidence is captured at they released, add attribute. You also have the capability of creating an upcoming release and therefore the release evidence is scheduled and we also delivered some more advanced functionality for how an evidence can be captured. A release. Evidence is a JSON file, that's attached to that release, object, and it offers some really neat attributes that allow people this chain to see this chain of custody related to a project's release.

A

So in today's world, when you call the releases API, you can get the idea of a tag, the release name, the project, ID project, name and, of course, the release date attribute, and if you have an associated milestone, you also get the milestones, in addition to all of the issues that are assigned to that milestone, and you can assign multiple milestones to any given release evidence making it really compelling for planning and tracking the changes that you're making to production.

A

When we look at what we've, what we've expanded on the release evidence today, we're very focused on allowing our users to deliver more release, evidence comparison capabilities within any given release. So if you're a core user, you would take a JSON file from a previous version and compare it to perhaps the current version and you would diff those two JSON file and see the changes are more advanced. Customers in the releases capability may want to take that same release and compare multiple snapshots over the same time.

A

So in this image right here, you can see there are several evidences that are collected for the same tag, so the released at attribute allows you to collect these different release. Evidences on demand, which is offered to our premium customers and above the advantage here, is that you can take this JSON file and this JSON file disk them and see the changes over time. So let me go ahead and show an example of how a core customer would do this.

A

So I will go to a project I see how I have this tag here in this version, I'm going to go ahead and click. My evidence JSON for this version I'm also going to go to this tag here of a separate version in the same project and click that and then I'm gonna use a JSON diff tool and it going ahead and select a couple files here for my first version and then I'm gonna choose the file of my second version and then I'm gonna hit. Compare.

A

We can see that this TIFF tool has found five differences and we can see that there you highlight it as you click through them, and the strings and numbers are actually different. So this would be an example where, over time, we'd be able to observe the differences and, as we build out more maturity, we'd be able to see that this is how our production environment has changed. Who made the change and potentially why the change was made.

A

Another neat feature that will help this auditor persona or compliance persona. Is this idea of identifying rule violations in the release evidence file so, as we expand release evidence to include things like merge request was submitted by and merge request was approved by in the production environment. We could add a rule to get lab that says: I need my approver in my submitters to be two different IDs and we would be able to add a comment to the evidence that suggests M. Our approver and submitter is the same or not the same.

A

Then the user could use that JSON diff tool and be looking for those lines to have different strings or different names or, if there's a comment on that release, evidence file that highlights these rules are violated.

A

Someone could then triage fixes to then make sure that they're in compliance for their production environment altogether release evidence is about making the auditing and compliance journey as simple as possible. It's a complicated process and it could be very disruptive to people who are producing changes to production. So by organically capturing this information in a one-stop place, we actually compete very effectively with the current tools out there and we also satisfy the needs of many of our users.