Ask Slashdot: How Often Do You Push To Production?

First time accepted submitter Stiletto writes "I work for a traditional 'old school' software company that is trying to move into web services, now competing with smaller, nimbler 'Web 2.0' companies. Unfortunately our release process is still stuck in the '90s. Paperwork and forms, sign-off meetings, and documentation approvals make it impossible to do even minor deployments to production faster than once a month. Major releases go out a couple of times a year. I've heard from colleagues in Bay Area companies who release weekly or daily (or even multiple times a day), allowing them to adapt quickly. Slashdotters, how often do you push software changes into production, and what best practices allow you to maintain that deployment rate without chaos?"

Visual Studio

[PieDkaj]

I push to production fairly often. Our company's Visual Studios have been configured with test cases that make testing easy, and therefore we can push to production much more often than those who do not use Visual Studio.

Re:Visual Studio

[MyLongNickName]

Hello, Pie. I am afraid I can't pay you full price for this review. Our contract clearly states a 300 word minimum, first post, and at least one real life example of someone using the product. You met one of the three criteria, but this isn't enough. Please try harder next time.

Re:Visual Studio

[avandesande]

It's a 'shroll'

Re:Visual Studio

[jameshofo]

Don't you know? They can't put anything on the internet that's not true!

Re:Visual Studio

[garyisabusyguy]

I also find that my nano-particle infused wrist band that is tightly quantum-coupled with my nano-particle infused mouse pad allows each mouse click to perform TEN TIMES as many system configurations than my outdated neoprene mouse pad alone. This performance increase alone more than justifies the $12,000 cost

Re:Visual Studio

[mythix]

in the future, please end your comments with the following string: "/sarcarsm"
no need to include the quotes. thx.

Weekly.

We have two stacks; one serves internal users and one serves external.

We've found it handy to push to the "stage" stack on Thursday, let it bake Friday + the weekend + Monday, and then push to production on Tuesday if there's no problems.

We keep track of anything that would affect a potential rollback. If there's a database migration, we back up the database before going live. Simple, easy, effective. And despite what James may say, rollback does exist. Not that we've had to do it more than once or twice.

We would push more frequently except we're too busy changing the world.

Re:Weekly.

[terbeaux]

If parent bothered to post AC then they should have mentioned that they work at Facebook and have like 500,000 servers. See parent links for subtle indication.

Over 9000

Several times a day, its the nightmare of undecided clients in web development

Re:Over 9000

[kelemvor4]

https://www.youtube.com/watch?v=rDtrPe4Ijc4

Be careful that 'nimble' doesn't become 'untested'

Why not talk to your colleagues and suggest ways of speeding things up?

It's good to talk.

Release when ready is quite a good frequency :-)

chaos

>> Slashdotters, how often do you push software changes into production,

3 times a month, generally.

>> and what best practices allow you to maintain that deployment rate without chaos?"

IMHO, you can't. Having a deadline every week, programmers cut corners to make dates. QA cuts corners to make the date. This much code changing without any "bake time" inevitably leads to an unstable code base, full of "corner cuts" from the last N releases.

Re:chaos

[jythie]

This pretty much sums up my thoughts. While there is always value in cutting away unnesseary beucracy, once that is gone you get into the tradeoff between flexibility and stability. Plenty of web-centric companies follow waterfall or other risk adverse patterns and do just fine.

So it really comes down to examining how important rapid changes vs stability/validity are. Many of those 'web2.0' companies that can adjust rapidly are pretty flakey and have no paper trail to be able to show auditors (or underwriters/insurance carriers) that they have done due dillagence.. nor can they generally cope with mutliple stakeholders. Ever wonder why so many of those companies have a 'my way or the highway' attitude twoards feature sets? It isn't just arrogence, it is their development process. This works really well for some companies and can burry others.

So at the end of the day, you need to sit and figure out what is the best balance for one's particular company.. not look at young sexy rising stars in tangental industries and try to emulate them.

Re:chaos

Roughly every 4 months a container is rolled out. No container in quarter 4. A container contains many many programs, which are all rolled out at "once", i.e. some programs start on Thursday evening, we usually follow Friday night and the last one are rolled out into Monday morning. Then we let the prio 1 tickets roll in and get fixed frantically over a week (none in the last 2 years for our corner of the container)

We are a central hub system in the container, which talks to many frontend systems and many more backend systems. We have an automated installation process, which we use from system testing through production rollout. Other projects in the container don't. Guess where most deployment problems occur!

Even with this rollout cycle, there are some systems (we also do deployment for two other non-hub systems, but which are very important too - call center/storefront booking system and a business to business system), which cut a lot of corners to make dates. System testers at the devel company cut a lot of corners especially. Like saying they "tested" a new communication path with a pilot customer by sending a hand crafted message via email, which they in turn inserted into their queues and everything worked fine. Thank god we have another test stage in-house, which actually did the tests with both real systems and found all the bugs that were still in that crappy code.

Large telecommunications company BTW.

Re:chaos

[umghhh]

Well it all depends. There are systems complex enuff and important enuff that need to have stability tests that run longer and are more complex than automated run attached to automated builds can do. This means they are decoupled from nightly builds. This also means that you cannot have full test for each nightly build and this affects of course release pace. OTOH if you work on maintenance branch you do not usually do whole stability tests which is justified by the size of the patch/set of patches you are releasing so your pace may be faster here. This said there are for sure systems where this much tedious testing is not needed and which are less complicated (one standard release no market releases, no market configuration branches etc) so you release one application with a basic set of configs - this is easy then and I guess you can just make your master branch available to customers to pick it this making the release cycle very short (say week or two). I do not think any serous software can be released more often unless you release internally to your back-end server. But even there I cannot imagine few releases a day as productive and sensible.

BTW: I work in the industry for quite a while and I have not seen one organisation that actually worked water fall. They did some silly planning sessions for projects predicting how many lines of code you may be writting 2 years ahead but actual design and test was done in iterative way which is as efficient as agile methodologies (ooops sorry I should have said frameworks) if not more efficient (in terms of combined quality, usability, project scope and time needed).

Re:chaos

[Kjella]

IMHO, you can't. Having a deadline every week, programmers cut corners to make dates.

More than if they risk missing the spring/fall release? Because that's really the question, deadlines always makes you cut corners but does fewer and bigger work better than fewer and smaller? I'm not so sure, I've seen people work on compliance projects where it's this one huge, absolute deadline and from what I hear it can get really hairy on the final stretch.

Daily or weekly.

1) Tag code in revision control.
2) Notify internal release documentation team, who puts some entries in some kind of finance/logistical database
3) Receive email within a few hours that the release requires "engineering approval"
4) Click "I approve". Sometimes multiple people have to do this.

Our production environment can export and compile from revision control.

That's pretty much it, and it all takes just a few hours.

It's worth noting that I work for a monstrously large company, but not exactly a software firm.. more hardware and engineering services.

As soon as it's ready

[knetcomp]

Most companies I've worked for have a continuous deployment cycle. All changes, from small bug fixes to major releases go through a ticketing system. After the ticket has gone through all the steps (code review, QA, UAT) it goes into the deployment manager's queue, who then deploys the change to production depending on each ticket's priority. This means that in general, changes go out as soon as they are ready, sometimes up to two times a day for the same project.

Re:As soon as it's ready

[RabidReindeer]

None of what you described sounds like "as soon as it's ready."

"Up to 2 times a day" sounds like ready-or-not here I come to me. Just because you have a formal cycle doesn't mean that the software has been decently vetted, it just means that you have a guaranteed way to keep staff busy. Up to 2 times a day.

Re:As soon as it's ready

[TapeCutter]

Just because you have a formal cycle doesn't mean that the software has been decently vetted, it just means that you have a guaranteed way to keep staff busy

The real benefit of any process is that it is repeatable, so if you screw up the release you can screw up again in exactly the same way. It's exactly the same benefit as the ability to reproduce a software bug in the lab, except the bug is in the process not the software. A procedure is at it's core an algorithm that defines a set of human actions rather than mathematical instructions, well designed procedures are like well designed software, a rare and beautiful thing. A poorly designed procedure is opaque and obscure, it forces people through redundant actions and makes them feel like a helpless cog.

The basic set of procedures needed to run a commercial software house are almost as well known as the basic procedures for running an assembly line, and both make good use of parallel processing. So it should be obvious to any coder is that like software, procedures will always have bugs and even good procedures will contain redundant assert() checks. However in most workplaces it's not so obvious to coders that they have any power to request a procedural patch and even if they do, the procedures often suffer from the same bloat and complexity found in omnibus software such a office, consequently they have similar lead times for trivial changes.

As for deadlines, business needs them like coders need keyboards. My preferred MO is to start with everything everyone wants, put priorities on them, tell everyone that no particular change is an absolute certainty so we will keep everyoner informed of probabilities and progress so they can properly account for risk in their decisions. In other words, have a goal of world peace that everyone knows will rapidly reduce to a simple pragmatic action such as "do onto others", kinda creepy when you think about some people's fetishes, but every algorithm in life has bugs ;).

Re:As soon as it's ready

[RabidReindeer]

What worries me about 2-a-day releases is that not everything that can go wrong with a new release can be automatically tested. A software release isn't truly trustworthy until actual users test it. Users have this bad habit of doing things in ways that no sane programmer can anticipate, much test think to test for.

Unlike computers, however, human testers cannot receive, test, and approve in milliseconds. Nor are they always on-line and available to test. In fact, simply getting a tester for my current work is a major accomplishment.

The other downside to such a volatile environment is that it becomes much harder to determine and isolate problems because the problematic software is almost literally changing from hour to hour and the bugs and side-effects that the user encountered at 6 am might not be the same as what they'd run into at 3 pm.

Re:As soon as it's ready

[TapeCutter]

A software release isn't truly trustworthy until actual users test it.

Of course not, that's why getting a serious software project from "it builds" to "it's on its way to Mars" takes such a long time, however you will never get there if you don't have a repeatable build process. The production version is never "the latest build", it's buildXYZ that the testers have been kicking for days/weeks/months, depending how much your willing to spend on quality. However I agree that ultimately "the proof is in the pudding" and I note that about half the missions sent to Mars either failed to get past the Moon, failed to find Mars, or failed to apply the brakes before attempting to land.

If volatility is going up as the project/product matures then your doing it wrong. ;)

Set a schedule

I think customers don't really NEED the frequent updates that you're getting used to seeing with apps. I would think only the foolish really expect rapid releases. That's been a side-effect of "apps" - not what we expect of software in the business world. If you set and can stick to a release schedule, I think your clients will appreciate it.

End users find updating all the time a headache - only super-geeks like us like seeing every possible iteration of an application. The average user doesn't want to be bothered with YET ANOTHER UPDATE (ahem... Flash and Java). But they do appreciate when you have their security interests at heart (like an out-of-cycle Windows Update).

I would say every other month for 'service releases' - every six months for major releases. The biggest exception being "out of cycle" emergency releases when deemed necessary.

Re:Set a schedule

[icebraining]

Java and Flash updates are annoying because the user has to update. Compare with Chrome silent updates; do you really think the user cares if they're on version 13 or 24?

I think small regular updates are better, since the user doesn't login one day, see 3/4 of the application changed, throw up their hands and assume they can't use it anymore.

Small, incremental updates let the user take in changed they can handle.

Re:Set a schedule

[JohnFen]

I agree totally with this, but I may be biased. As a user, I find this rapid-release trend to be incredibly annoying. So annoying that it is a factor against my using a particular piece of software. Aside from emergencies, I cannot think of any compelling benefit rapid-release gives me, and it gives me two main headaches: an ever-changing piece of software, and the introduction of new bugs at any random time -- so it's a net minus.

Re:Set a schedule

[JohnFen]

Java and Flash updates are annoying because the user has to update. Compare with Chrome silent updates; do you really think the user cares if they're on version 13 or 24?

True, silent updates reduce one of the annoying things about rapid release, but it doesn't touch the rest of them. I stopped using Chrome in part because of rapid-release. I don't care what the Chrome version number is, but I care a great deal about unexpected changes.

Re:Set a schedule

[AuMatar]

The best is update when I say to. Unless its adding a feature that I personally will use, I don't want the UI to change AT ALL. When I'm ready for a new major version I'll learn it all at once. Until then, I want it static. That's the reason I'm using SeaMonkey and not Chrome or Firefox.

Depends

[falcon5768]

This really seems like it depends on WHAT your company does. Pushing to production a browser or a utility weekly or even daily is a lot easier and less disruptive than say a OS or a major software product thats used by hundreds of large companies. I would say the biggest obstacle is to get rid of the paper process, bring in git or something else for changes that everyone can view, and limit the signing offs to production, QA, or gold master (or whatever your company calls them) while keeping the dev stuff out of it so that the dev team can be more flexible. Also have a pretty good test lab/suite that will enable you to test stuff on the fly on multiple machines and configuration. Case in point Apple has a testing lab of EVERY machine they have made for the last 3 years in multiple configurations for their software. Granted they are a closed ecosystem so its easy for them to do that, but generally you could get a good roundup of machines to use that span from the insane configs to the "are you fing kidding me you are using that???" type stuff.

Re:Depends

[hackingbear]

For us, it depends on the company's current beer budget. Forward the question to the CFO, please.

Re:Depends

[Marillion]

I whole heartedly agree with this post.

I'd like augment the remark about WHAT a company does. If your company is in the financial services sector in the US, then there are Sarbanes/Oxley regulations that must be satisfied. If your company is in the healthcare industry, there are privacy laws. If you're in the aviation industry, there's the FAA. And so on ...

Also don't feel like you have to push out updates every week because it's the cool and trendy thing to do. Do it because there is a rational justification for doing so.

Re:Depends

[chrismcb]

This really seems like it depends on WHAT your company does.

That is the key there. Our website is very content oriented. We release every week to 10 days. Mainly to push our new content out. But at the same time the newest features go along for the ride.
If your product is more feature oriented, release when the features are done. Be feature driven, not time driven. There is no need to "release once a week" because someone else does it. Release when you hit your milestones. Release when the feature set is finished.

Test in Production

Soon as our Hudson server does a build and all the unit tests pass, it automatically pushes it to production.

If you are in a startup and the cost of a bad push is $0, no problem.

If your SLA has penalties for downtime or misquotes, then I can understand why your process is more laborious.

Re:Test in Production

[JohnFen]

If you are in a startup and the cost of a bad push is $0, no problem.

Except to your customers.

Sounds like you have a good process.

[John+Hasler]

Or were you looking forward to having to explain why your database got cracked and leaked 2 million passwords or that tens of thousands of customer machines will have to be manually patched to repair the damage done by your last update?

Re:Sounds like you have a good process.

Wait, what? How about explaining why your database got cracked due to your *lack* of updates?

You can do rapid deployments poorly and you can do them well. But when you really really need to deploy and *can't* because of the red tape involved, you're in bad shape.

Re:Sounds like you have a good process.

[JohnFen]

You can do rapid deployments poorly and you can do them well.

True, as with all things.

But when you really really need to deploy and *can't* because of the red tape involved, you're in bad shape.

But if you're in that position, the problem isn't your choice of release model, it's that you're doing your release model poorly.

when the business calls for it

Sounds like yours wants a process. You push as the business feels comfortable with it.

But think about this...

Lets say you are dealing with peoples financial statements. You want to make sure they are pretty good and accurate. If it is wrong people loose money and you get sued. Your audience dislikes sudden change. So you put process around that to insure that (test/qa/forms/etc).

Now lets say you are running a forum where it is the stats from some online game. It can be a little off. Your audience likes sudden new features. Stuff might not render correctly... But you can fix it tomorrow and the only gripe will be on a forum.

One business you have to be careful in creating 0 downtime and 0 mistakes. The other, a mistake here and there is tolerated and can be fixed at will.

Now I am not saying you can only create the first one where it takes a month or two for a push. I am saying those sorts of situations where caution is warranted. If you want a quicker process your process will need to be able to break things into small pieces and a bad ass testing system. Some situations they are contractually obligated to go at a particular rate. If you can not see the difference then I suggest you let your question simmer for a few years and get some exp doing it.

Read the Facebook Model?

[Malenx]

Slashdot posted this story earlier,

http://www.businessweek.com/articles/2012-10-04/facebook-the-making-of-1-billion-users

Interesting read on how Facebook, arguably the largest website challenge so far this century updates daily.

From Decision to Release in less than an hour

[preaction]

At $dayjob, we decide to release and our process takes about an hour. All the automated tests are run by Jenkins CI, and are run again during the release on every box being deployed to in order to ensure stability. We tend to deploy to User-Acceptance Testing boxes before full production boxes.

At the game company, we wrote a system that works like:

1) Tag release in git
2) Release is pushed to beta servers. Beta players get immediate updates.
3) Click button in Jenkins to run stable release

Completely automated, even down to restarting the servers in a staggered fashion to ensure that users always have a game to connect to (even if they have to disconnect in 20 minutes to receive the client update).

Automated testing, Continual Integration, and automated release processes (including cfengine3 and custom Perl scripts working with Git) come together to produce a painless release process. Since it's easy, we can do it whenever we want. As soon as it starts releasing bad code, we'll have to put process in place to ensure bad code does not reach our stable users.

Re:From Decision to Release in less than an hour

[seleniumdream]

Yup, I work for a company in Seattle and we use Jenkins CI. It's a pretty awesome product and we use it to release our software weekly. We use it to run full test deployments daily. Continuous Integration / deployment is a beautiful thing. It makes us much less afraid of actually updating our software.

The goal isn't to push to production more often

[Omnifarious]

The goal is to always be able to push to production. Have a continuous integration and test system that allows you to have confidence that you can always push the latest build to production. Automate as much of your testing as possible so your build and test process can produce something that a human test team actually has to work hard to break.

Also, you should pipeline your approval process. Always be in the process of approving a new build to go out while you're working on the next one. This will put a lot of pressure on this process to be faster and more efficient. Holding the people responsible for this process accountable for production breaks will put counter-pressure ensuring that they do not become more efficient at the expense of actually doing the job.

Re:The goal isn't to push to production more often

[cplusplus]

The goal is to always be able to push to production. Have a continuous integration and test system that allows you to have confidence that you can always push the latest build to production. Automate as much of your testing as possible so your build and test process can produce something that a human test team actually has to work hard to break.

Parent hit the nail on the head. The above comment is the key to a successful agile development environment. Investing in a robust, automated test suite that runs daily on any code that developers check in will allow you to release about as frequently as you want.

Re:The goal isn't to push to production more often

[seleniumdream]

Yup, I work for a company in Seattle and we use Jenkins CI. It's a pretty awesome product and we use it to release our software weekly. We use it to run full test deployments daily. Continuous Integration / deployment is a beautiful thing. It makes us much less afraid of actually updating our software.

Re:The goal isn't to push to production more often

[seleniumdream]

Lame, I logged in and totally replied to the wrong comment. :(

Re:The goal isn't to push to production more often

[Omnifarious]

Strangely, your comment is relevant to my post as well as the one you intended to reply to. :-) Jenkins CI is a great tool for achieving the goal of being able to push to production anytime you want.

Re:The goal isn't to push to production more often

[seleniumdream]

Yup, we haven't fully automated our production push yet, but it is pretty nice to get a complete, simulated QA push (which normally occurs weekly), every day. Catching problems early is always better. Now, just waiting on my priority tasks to die down this quarter so I can work on further automation of our deployment process. :)

Get rid of the clue less PHB's

[Joe_Dragon]

Get rid of the clue less PHB's lot's of meetings is sign of being over loaded with PHB's.

It depends on how critical the product is

[Glires]

Sometimes all of those meetings and paperwork serve a useful purpose when an application is critical. If a one-day build of instagram doesn't work, then the only consequence is that there are fewer grainy photographs of someone's cat. If a one-day build of a power distribution system doesn't work, then an entire city loses electricity.

Re:It depends on how critical the product is

Sometimes all of those meetings and paperwork serve a useful purpose when an application is critical. If a one-day build of instagram doesn't work, then the only consequence is that there are fewer grainy photographs of someone's cat. If a one-day build of a power distribution system doesn't work, then an entire city loses electricity.

If an entire city loses electricity, then there are fewer grainy photographs of someone's cat. So it really is the same!

As soon as the automated tests pass

[DeadSea]

Push to production as soon as the (many) automated tests that you have pass. This means you should have comprehensive unit tests and tests that run in the browser, probably written in Selenium. You'll also want to script your release so that you can do it with the push of a button. Once the tests pass, and the mechanics of a release are trivial, there is little reason to hold up a release.

I worked for a top 500 website (East coast) for 7 years that did weekly releases. Since I left, they decided that wasn't fast enough and now release multiple times per week. I'm now self-employed on my own website and release within an hour of finishing development of a feature.

I started my development career writing firmware for laser printers. When you are shipping code on a physical product, the cost of bugs can be quite high. Especially when it leads to returns or recalls because customers are not satisfied. Our release cycles there were 6 months+. Quite appropriately, IMO.

On the web, the cost of bugs is much lower. In most cases it is the only cost of another release. Sometimes it could cost more because of downtime, but good automated test coverage mitigates that risk pretty well (especially if there is load testing involved). The worst case would be data-corruption, but I've never actually seen that in practice from a release, that has only been related to hardware failure or accidents in my experience.

Re:Hours to weeks.

[Bill,+Shooter+of+Bul]

And when you're done testing, go back and review the tests you didn't write to save 2 seconds and then write those.

The real question is...

[jeffmeden]

What you need to be asking is, "How long is an acceptable test cycle?". Considering something "in production" usually implies some sort of testing, otherwise all the changes would just show up immediately right? So, ask yourself (or your organization) how much testing is enough? Equally important, how much is too much? These are the questions every software company struggles with. Spend too much time testing and your releases will always be behind. Spend too little time on it, and your "production" will look too much like test. Your own appetite for risk will determine where that line is.

it depends

[a2wflc]

I work at a company with many brands and MANY customer-facing websites. Some sites/services can be updated in minutes with little hassle or approval. Some need weeks with much paperwork. It depends on the risk. The apps are built in different ways (CMS or from scratch or with many proven components). The apps have different features (some can result in $million fines if there's a problem).

The tools are there to set up processes where every time I commit, it goes to production. You need a process that matches the risk you are willing to take.

Re:Be careful that 'nimble' doesn't become 'untest

I think the submitter IS talking to colleagues and looking for suggestions right here...

We do a major release about every 2 months, with maintenance stuff going every 2 weeks. There's pressure to speed this up. On the release side of things we're streamlining our documentation requirements and automating everything we can. We're also moving to a continuous delivery model for our regular test builds... if it's tagged, it goes to QA and an automagical report goes out with a list of resolved defects. This requires the developers to package things cleanly and consistently, but it also gives us an amazing amount of data to mine and I like to think that it helps to improve our overall quality.

This doesn't address requirements gathering or development methodologies, but I can't really speak to those.

More often than you'd expect

[pjw611]

I work for a marketing company - primarily in email, but the company handles everything. My area is databases, data warehousing and reporting. For our code, we have twice a week change management meetings if there are any changes to be discussed. Given that timeframe, officially we go to production as often as twice a week. In practice, we occasionally fudge a meeting and will get caught up after the code has been promoted to ensure that i's are dotted and t's crossed.

40 rollouts a day to keep boredom away...

I do work for possibly the largest hotel reservation website. The whole company but especially the IT department prides itself on being agile and quick acting.

This means a developer can roll out whenever he thinks it's time. He'll roll out trunk which will contain his changes and everything else other devs checked in. There's a small amount of testing done to catch the obvious errors.

Real quality control is done through excellent monitoring and a quick roll-back option in case there is breakage...

Today there were about 40 code pushes. Not all to the website, some to backend systems etc. but still: 40 rollouts and no rollbacks.

For many this will sound like madness and others will immediately understand the business benefits this approach gives. While others are still testing stuff, this company is already giving the users new features which will make the product better and thus lead to more customers.

If you try to copy this approach, you'll most likely fail. The trick to make this amount of change work is in having people do incremental development of small features, excellent monitoring and absolutely quick and easy communication. Maybe you can find the people to pull it off, maybe you can't...

But knowing what other people in the web-space do will probably not apply to your company. As you said, the others are younger, nimbler and are used to it. For your company it's an uphill battle because you have an existing ingrained company-wide mentality which is completely different. I'm seeing a lot of companies trying to be agile yet in the end they only go through the motions without living it. They do the daily standups after lunch where everyone is talking for minutes on end... Yeah, you're doing it wrong, right there. The idea behind the quick-turnaround agile startups and established players is that they basically live the style. If something doesn't work for them, they chuck the process out the window and come up with something better.
Proven companies generally do roll out ITIL instead...

As a customer

[ZombieBraintrust]

As a customer I hate daily updates to my applications. Unless the application is in Alpha or Beta it is very disconcerting to see updates at that frequency. I only want to see an update that quick when something is really broken. If brokeness is a daily occurence then maybe you need to slow down.

Re:As a customer

[umghhh]

the problem you describe is real but does not apply to all environments and application types. The web application i.e. single target (or cloudy crowd of clones) has different characteristics still if you release few times a day then your web page is not good enuff.

Somewhere above somebody claimed FB is doing it every day and that is a sign it is possible and good - well I dare say FB web page is one of the worst web.2.0 pages I have misfortune to 'enjoy'. Maybe their back-end is good maybe not I do not care because front end is crap - maybe they do not release fast enuff. Then again this is a single target i.e. they do not have to deliver to many customers, different configurations, ensure no interruptions during roll-out test roll-out and roll-back and all other things that you cannot always automate. This is of course not to say that it is impossible and not feasible. It is but not always or even usually not. That is my vies. ymmv and agile gurus know better anyway (but have not even tried to understand what the hell the word means).

Every Monday Night

[MikeyC01]

Migration requests to Production (signed off by the person who requested the change/bugfix/new dev/whatever) are supposed to be to QA (who does the migrations) by the prior Thursday but that can be modified as necessary :) This is for any of the dozens of systems we develop for - the several-hundred-page in-house ERP system written in .NET, the legacy Oracle Forms system being upgraded to .NET, or the myriad one-off special purpose web sites.

If it's an *emergency* it can be slipped into Production during the week as needed, but as the process has become more refined over the last year, they try and not do that unless absolutely necessary

Quit and move to a company with a process you like

[cryfreedomlove]

Life is short. You seem like a talented person who knows what you want. If you current company does not modernize in the next 6 months then they are holding you back. The market is starved for really talented software engineers. Take the time to research your opportunities and then jump ship if the one you are on is still stuck in the 90's.

dev test qa preprod prod

[alen]

each way the release is tested and signed off on. little things are tested like making sure that the financial transactions are OK and customers are overcharged or undercharged. One time we had a case where we undercharged customers for years, then sent them a bill for a few years services and ended up in a lawsuit.

other times code works on developer laptops but somehow it doesn't work in production

i'm at the point where unless you're facebook or someone big i never report issues. i just use your competition. if you want to deploy buggy code, go ahead. you just better be the only guy doing whatever you're doing or watch your customers flee

Bad form..

[brokenin2]

I sometimes just work in the live environment while people are in and using it, depending on what I'm doing.. I'm very careful when I'm doing this of course, but sometimes the hotfix requires having the user's screwed up data to work with.

The rest of the time, I publish when I think I have something useful for the users.. Often a couple of times a day, but we're one of those very small nimble web 2.0 places, and the decision to publish is all mine.

Daily, but only weekly for each sub system

[captainstormy]

We sort of break ours up. We have an implementation every M-Th, but M-W's are on the sub systems and Thursdays are fo the main system. I'm a team lead over one of the sub systems, we push to production on Monday. But the implementation team do a push four times per week. Sorry for any typos, sent this from my phone.

sounds like code and fix

[trybywrench]

Pushing to production multiple times a day sounds like code-and-fix to me. Now, promotion to UAT/Test multiple times a day sounds much more reasonable. Pushes to production should be regular and frequent but not multiple times a day. In my company, we have a couple of change windows that production pushes happen in. Most times the windows come and go with no updates but when we do have code that's ready for production we schedule it for the next available window.

Re:Daily?

[SchroedingersCat]

That's not true. If you have good automated regression, have reasonable coverage and do continuous integration you can cut the release as soon as you have a clean regression. It may take a few hours or a day to prep the release (sign-offs, paperwork, push, etc) but it can be done in parallel. There is always a balance. Prepping the release incurs costs in manpower and resources. Pushing daily may not be practical if cost/benefit is not there. For example if it takes 6 hours to prep the release then doing so for a wording change on the page that get 10 hits per day is not practical. on the other hand, if dev team cranks out dozen cool and exciting features daily it may be worth to staff release and QA automation teams to allow them to prep multiple releases per day.

Re:Daily?

[gregmac]

If your pushing code the production once a day, you have no QA cycle whatsoever.

That's not necessarily true. You can push code up once a day, where QA takes it a day (or whatever) later, and then it goes to staging and then goes to production. The code being pushed out today may have been in QA for the past two days, and actually written 3 days ago.

At the place I work at now, we're doing two week cycles like this. Once development is done, the code is pushed to QA, who then spends up to a couple weeks on it. If it passes, it can go out, but in the meantime, dev is working on new stuff. This works for any cycle duration, and even a per-issue basis, which is how >= daily updates (should) work.

Of course, there are places where there is no QA, and developers are pushing stuff to production immediately after writing it, and then spending the next couple days rushing fixes for all the bugs they just introduced into production. And then fixes for the bugs in those fixes... And the cycle ends when someone either wises up and realizes it's not sustainable, or all your developers burn out and leave and/or all your customers get sick of constant breaking and leave.

Path to Victory

[Electrawn]

I am a Release manager at Acquity Group and have worked for "Old School" software companies that have their eyes blazing at all the new web companies that release release release all day long.

Here is the abbreviated philosophic path to victory:

DevOps.

Your developers need to act like operations (knowing how the code is deployed and configuration settings, routes and the like) guys and your operations guys need to start coding (as in ruby for puppet and chef, automation and automation and automation)

This leads to...

Infrastructure as Code.

Hire a Release Engineer or convert a sysadmin to start automating builds. Now you start automating code deployments, you start automating infrastructure deployments so they are repeatable.

This leads to...

Test Automation.

Now you need to stop focusing on smoke testing and have test automation engineers write automated test code.

One more thing...

Automated Rollback

When things go nuts, with fast deploys you need fast rollback. Capistrano is a great tool for deploying this way, rollback is very easy.

Now you can ...

Continuous Delivery.

Great, you got this far, your builds, testing, deploys are automated!

For Developers:

Coding for Continuous Delivery is a different paradigm where unfinished code makes it to production. This means that in the production configuration, settings for the new code must be activated by switches to turn new feature sets on. You don't want that unfinished code mucking up your site, right?

People Processes:

Do you have CAB boards and ITIL processes? Great, make them faster and more as DEV/TEST/QA becomes automated and just focus on UAT/Prod environments. See this book: http://www.amazon.com/The-Visible-Ops-Handbook-Implementing/dp/0975568612/

I can also gloss over on waterfall/Agile and hybrid software models.

Finally, unless your culture wants to shift, it may be damned near impossible to change the culture unless management wants to. If it's doomed, it's doomed!

Gotta raise his Joel Test Scores, first

[Safety+Cap]

If he can't deploy to production in one step, he needs to fix that first.

I'm not talking about from dev box to production. I'm talking about the physical act of someone running a single command (or for the Winlazy, pressing a button) then walking away. All code checkouts from source control, database changes, app server code deployments, web server restarts—whatever—happen without user intervention.

He should also be able to roll back in one step.

For all the meetings, forms, etc., it sounds like there is A LOT of CYA in that company. In that case, it is cultural and can only be changed from the top. Until/unless the company becomes less risk adverse, there is no point in trying to become more "agile" (i.e., risk-accepting) except making your job easier. Build your tools/scripts/whatever to make it easier to do stuff.

tl;dr: If you want a more nimble company, switch jobs.

Re:Gotta raise his Joel Test Scores, first

[Lordofthestorm]

Absolutely

One-step prep/audit/deploy/post-deploy audit/rollback/post rollback audit are critical and not dependent on your tool stack, pretty much any stack can be made to perform this function with proper attitudes/process design/automation. (also needs some break-point analysis ~ things like DB schema changes complicate roll-backs if you don't want to lose production data - some low latency design shops leave error checking out of certain high traffic code areas on purpose and they'll break on a rollback. This is also true of internal product dependency with multiple-roll outs that overlap, I'm sure there's many examples).

Where/what you check is situation dependent ~ ie name/value config pairs, binary checksum's, target env state/settings, do you have enough drive space, etc ~ depends on your particular organizational weaknesses.

I'm a big fan of buttons, downstream users tend to regress as you make their environments easier until button clicking is your final stop. Besides, humans make typo's, just accept it, buttons rock.

Meetings/forms - I'd recommend pushing most of this to electronic data entry that is prefilled based on use case ~ saves a ton of time/work, gives you clearly defined queues and gives you CYA all at the same time. I'm a big fan of really limiting facetime meetings that don't involve some type of problem related brainstorming on a whiteboard. The rest are typically low bandwidth information exchanges that are best communicated through data systems.

Nimble company - You can have nimble areas in larger companies, the data-driven ins/outs are critical in that, you'll never escape CYA in a large corporate environment, just build it into your framework and make sure to publicly display your KPI's, people will go after easier targets. You need a champion though, its lonely on the bottom.

elephants/peanuts ~ we usually talk about monkeys/banana's but that works to. ;)

Re:Gotta raise his Joel Test Scores, first

[Lordofthestorm]

Oh yes, and its worth noting that if you're not careful - easy deployment can quickly result in lower software quality. If you make deployment too easy quality drops like a rock if people think they can fix it easily the next day or even intraday. Some cultures reward by the # of releases/features in prod without looking at the total impact. 'Faster' is not necessarily better although useful in certain situations certainly.

Re:Gotta raise his Joel Test Scores, first

[turgid]

there is no point in trying to become more "agile" (i.e., risk-accepting) except making your job easier.

Agile is not about being more accepting of risk: it's about engineering risk out, reducing the scope for human error, testing early and often (with as much automation as possible) to catch bugs and other errors before they become expensive, being confident of not breaking things when things change and, above all, having as much confidence in the product as possible that it works.

Everything else is a very nice side effect.

Re:Gotta raise his Joel Test Scores, first

[adnonsense]

I'm talking about the physical act of someone running a single command (or for the Winlazy, pressing a button) then walking away.

Walking away? From a release in progress? Do you worship at the Shrine of Murphy or something?

Re:Gotta raise his Joel Test Scores, first

[Prosthetic_Lips]

I have done both (daily push, and now once-a-week). The real problem is not CYA versus agile; my current company is publicly traded, and trying to comply with Sarbanes-Oxley means they have to have MULTIPLE meetings about what is going out, what it is going to impact, how to roll it back, etc. The SOX compliance just introduces tons of "process" meaning that there is absolutely ZERO chance of daily changes.

The best way around this is to make as much as possible data-driven, with screens to update the data -- that way you don't "push to production," just go through an interface.

Re:Daily?

[icebraining]

Releasing daily is not the same as releasing the same day it was developed. It's just a matter of having a pipeline instead of a dam that bursts every six months.

In my limited experience, users can't handle too many changes at once without despairing and assuming they can't use the application anymore. Regular updates are critical to keep such complaints low.

Released too often?

[mrhippo3]

At one point we were on a monthly push for a web-based application. I was stuck in documentation and got all my changes last minute. Once I was told, "The software is ready, are the Help docs?" I asked for a day to see what the software had morphed into to make sure the docs were still OK and to then write/fix what had to be fixed only for the most current changes/new features. My problem was with the monthly pushes, QA was locked in testing the code and stopped reviewing the docs as they had no time to check the code. After a number of release cycles, all the un-reported code changes had altered the software so much the docs were wrong. I could never explain that I had no talent for fiction. I was not sufficiently creative to rewrite the docs just so they could be wrong. Every single page was reviewed at least once. However, given that I was barely keeping up with new/fixes, a complete rewrite to match months of changes was not possible. The software is only as good as the Help.

Not a meaningful question

[Animats]

Without any idea of what the product does, this isn't a meaningful question. Is this just a web site? A program used by people? A program used by other programs? How much persistent state is there? Do users need to know in advance before an update is made?

Constantly

[Gothmolly]

We only have a production environment to develop code, and use an interpreted language, so it's as simple as editing a file and sending a few HUP commands.

Cardninal Rule: Don't fuck up.

It's worked mostly well for years now.

A few times over 15 years. Ideally only once.

[Yoda222]

On my recent project, we aim to deliver only once the software. Off course you always have to do some small modifications after the first productions test. In my last company after the launch of the production, I remember of 4 different push in production in one year. But it was a brand new product. (I have left the company since that time, but as far as I know there was no new modification in the production. A new feature should be pushed in a near future)

In my current company, in one year I have not seen any modification on the main product, if we don't count new launched product. (in fact no change on the real product, but change in the software used to manage the product are more frequent)

Oh, by the way, when I say launch of the production, it's really called a launch, with a launcher, and satellite on the top of it.

Re:A few times over 15 years. Ideally only once.

[noahwh]

I'm sorry, but writing control software for a satellite isn't even the same field as writing a web application.

GitHub as an example

[kav2k]

I invite you to read the GitHub blog post on how they deploy.

Re:GitHub as an example

[jehiah]

At bitly we follow a process very similar to github. One difference though is that we structure things internally as smaller services, and as a result we do deploys to smaller groups of servers at a time. Deploys for us are the one way we do state changes on a machine. This means that it encompasses more than just the code we write, it's also all of our configuration, system installs, crontabs, monitoring, you name it.

Deploys are done through an internal web based system, and are run by nearly everyone that commits to our repository (designer, developer, or ops) and can be run at any time day or night. We have put a lot of effort into being able to do zero downtime deploys for almost all of our systems, and as a result we've pushed 8156 deploys in the past 12 months.

We are in the middle of this transition

[SpuriousLogic]

The company I work for is right smack in the middle of this transition. We had something akin to a SaaS model, before SaaS was a "thing". We have 40+ applications, some are desktop thick net .Net clients, others are web based, all of which interact with one another to varying degrees. Myself and one other person were instrumental in getting the company to a point where it is possible to release in a semi-automated fashion. Our challenges were similar to what you described - manual work with lots of process wrapped around it to ensure some modicum of governance, which often failed. Our number one task was getting our software dependencies under control and automating building. We settled on Maven/Hudson/Nexus as the tools of choice. We have a corporate POM that defines many of our baselines that each of the software projects inherit from. We use Hudson both for automated builds as well as one touch deploys (some are even totally automated) to environments, including production (which is not automatic - it requires a human to initiate). We then spent over a year "cleaning" our old ant build structures and refactoring into Maven. It cost a lot of money. A whole lot. Maven found numerous cyclical dependencies that Ant hid. We defined all the core libraries, versioned and released them, then built the apps outward from there. Today, 99% of our software builds are totally automated (a few stragglers of low priority products have not yet been converted to Maven). We have total control of our dependency structure. We have a totally automated release process. We have a totally automated deployment process. It took a lot of work, and a lot of money. The other side of the coin is our runtime environments. This has been a disaster. The teams that run these systems don't have the concepts of automating anything unless it comes shrinkwrapped form a vendor. Plus there was a management structure in place that encouraged manual work with large numbers of employees. Firefighting was highly rewarded (both in cash and prestige). Eventually, the balance has shifted. The management on this side has either been terminated or left when they saw the writing on the wall. Slowly this side is embracing virtualization and a move toward generic environments whose buildouts are automated. There is a long way left to go here. The goal eventually is that we can automatically provision a VM for a product and deploy to it as we need (think a mini-AMI model). It is hard. Really hard. A lot of companies won't have the energy to go through with this, and it has a lot of ways to go wrong. We have gone through multiple executive level people during this as well as countless mid-level managers. This type of change is not just technical, itis a massive cultural change for a company. But today, we have a totally automated process for code release all the way from the developers desktop through to production. Depending on the interactions of a piece of software (if it is an edge or core piece), it can moved daily or monthly. The technology itself can allow multiple production moves a day if people so wanted , but for customer reasons we usually limit this to once a day.

weekly

[roc97007]

Every Wednesday is Preprod day, and every Sunday is Production Deploy. Production was done by a rotating group of about a dozen people, so you didn't have to work on Sunday too often.

It was a rare week that had nothing to deploy. It was also rare (thank Fudd) for us to have to do an emergency backout on Monday.

Speaking of which, it's good to have different teams testing and deploying. It's less likely that the deploy team will try to fix the bits after they're deployed in Prod, and maybe forget to fold the fix back into Development. Having teams with different privileges and different responsibilities helps preserve consistency, and tends to avoid the morass of twisty passages that often results from free-form development.

...but I don't work in that group anymore, since it was all outsourced to India. I have no idea what's done now. But the system we used to have, worked really well.

Time to market is not always the metric

[einar2]

It depends on your business which metric is meaningful. E.g. for a global bank, quality is more important than time to market. Make sure that your business really gains something by playing release time against quality.

Re:Time to market is not always the metric

[Kjella]

It depends on your business which metric is meaningful. E.g. for a global bank, quality is more important than time to market. Make sure that your business really gains something by playing release time against quality.

Actually, I was at a seminar earlier today and that's really not true. Of course the core systems for your bank balance and online bank must have very high quality, but analysts, sales, marketing and management only care about big numbers, trends and probabilities and there's very much information that just has to be mostly right and that's all the information they need going forwards, how much money people have in the bank right now or used to have is of course important to running the business but most the effort goes into creating new business or increasing the profitability of existing customers. That the bank works is like having a an engine that runs, you can't sell a car without it but it's not really a big selling point by itself.

Re:Time to market is not always the metric

[Mabhatter]

For things like banking, compliance is the bigger issue most of the time. Bugs calculating somebody's checkbook are rare. But having new tax rules on tap Jan. 1 becomes most important.

I work in MRP, good ole manufacturing. So the defining factor is SHIPPING and number two is GET PAID. Those can drive SAME DAY changes.

It's a tradeoff

[dkleinsc]

Monthly release cycle isn't really bad, if your goal is stability. This gives your testing/QA team (you have one, right?) plenty of time to find problems, and developers time to fix any bugs the QA team found.

Shorter release cycles might be better if your goal is responsiveness, but in my experience faster than weekly is asking for trouble.

Also, make sure you have a process for handling those things that do legitimately need to move faster than the release cycle (e.g. "We just discovered a massive bug that's risking exposing customer credit card numbers!"). The process for doing this needs to have people (such as your QA and admin teams) empowered to say "no-go" for fixes like this, to prevent someone from just willy-nilly pushing stuff by declaring it to be in this "faster release cycle" process.

Yearly.

[fotbr]

We'd like to push stuff to production faster, but our client usually only has one window a year when we can take production systems offline for upgrades.

As for keeping it organized...hah. Two weeks of pure chaos while the hardware folks are trying to get all their upgrades and replacements in place at the same time the software guys are trying to figure out when systems will be back together so they can do their upgrades, followed by a weekend of praying that everything comes back online the way it should.

It varies...

[igaborf]

I push to production fairly often, depending on the nature of the tickets I'm responding to. I'm generally maintaining three branches concurrently, the production branch, the point-release branch and the major release branch. Trivial fixes or small-but-critical fixes tend to go onto the production branch and get released as hot fixes. This can happen several times a day or not for several days, depending on how extensive the change is and thus how much testing is needed.

Fixes that are a bit more extensive and/or that will have visible impact to the users tend to get done on the point-release branch, which typically is merged back to production and released every few days to a week or two. (Naturally, fixes made to the production branch are merged to this branch as soon as they are released.)

Significant functionality changes, refactorings and other large-impact changes are performed on the major release branch -- with the intermediate changes merged in, naturally. This gets merged to production per our roadmap schedule, hopefully after being fully tested by the beta users. (Yeah, right.)

Re:Daily?

[nahdude812]

It depends on the nature of your application, and how strong your test suites are, and how damaging it is to your customer or company if your product fails.

If your application has very strong and clear determinism along with few or no cross-interactions, then test cases can be fairly easy to write and can also (importantly) provide a comprehensive quality analysis. With good test cases, you can provide a full regression test multiple times per day. With sufficient confidence in your automated tests, some companies even deploy to production automatically upon successful test execution, this is called Continuous Deployment.

Not too many big shops can realistically provide sufficient test coverage for continuous deployment to be reliable, but small shops can get away with it much more easily. In part this is because their product is probably simpler and easier to test in an automated manner, plus the engineering staff probably understands every aspect of it extremely well (also a side effect of the simpler product).

Finally you can do continuous deployment if your product is a version controlled API. Your customers bind and test against a specific version, and the features of that version are locked, only bug fixes are deployed to that version, while new versions can safely be deployed because customers only use the newer version if they go out of their way to do so, and they presumably will provide test coverage of their own when they increment api versions.

Mod Parent +Wise

[handy_vandal]

Life is short. You seem like a talented person who knows what you want ... the market is starved for really talented software engineers ...

Amen to that, brothers and sisters! Amen to that!

Re:Daily?

[jythie]

Even the best automated regression tests will struggle in general purpose enviroments. They are a useful tool, but not a replacement for human Q/A since tests inhrently depend on a programmer's guess on what might go wrong. Though as with all things it depends heavily on exactly what kind of software you are writing. Some types lend themselves to automated testing more then others. Still, putting too much faith in automated testing with no live user in the mix is risky, even if it has not gone wrong 'yet'.

Depends on where the value is

[Matt_Bennett]

There is no one frequency that is good for every application- it depends far more on what you're doing and you should be focused on delivering that, rather than a pretty arbitrary metric. Look at the value of what you're doing. What is the cost of things breaking? Don't forget, MTBF *includes* the time to fix the failure.

Think about live broadcasting. If you're selling informing people of what is happening right now, you better be able to recover from a link down quickly, even if it means not keeping records- but if you're selling an archival service, data loss is a problem, and some delay is acceptable.

Testing in production

[kmahan]

This shirt covers the methodology I've sadly seen far too often:

        http://www.thinkgeek.com/product/f141/ [Most Interesting Coder]

The Answer is Low Standards

[evilviper]

The answer you are looking for is: Lower company standards. Having worked for companies large and small, including start-ups at various stages, I can say from experience that frequent releases work because management has reasonably low standards, and is perfectly okay with the last deployment breaking things, and needing to be hot-fixed by a follow-up deployment just days later. That's just the model.

I know the model you're talking about, too. A more solid company, building its web products like it would a critical internal service... Going through design phases and in-depth code review, and extensive compatibility testing, to make sure anything that is deployed will work 100% (or almost), and is good enough that it'll never need to be held together with duck tape and band-aides because the feature was tacked on ad-hock by one dev in a few hours, which is really what you're talking about at these "nimble" startups.

There are some ways to get the best of both. The Amazon model is to develop a public API, then develop unit tests which FULLY exercise that API. Then all the quick development behind the scenes doesn't change the API, and regression-free code is assured in seconds, as you run all those unit tests against the new code. That also instills more discipline, as the documentation is law, and it'll be clear which code is to blame when there's a breakage, and less perpetuation of bugs and flaws to keep other bad code from breaking when they're fixed.

Every couple weeks or so...

[ski9826]

We try to complete a sprint every 2-3 weeks and then push to production. Occasionally (more often than I would like) there are hotfixes that need to be done in between. Scrum with agile software development.

As often as we need

[Terry+Pearson]

As often as we need. We push based on features. Although we sometimes slip into batching up production moves. I find it is much easier to push often when you work with people that are unafraid of branching based on feature requests.

I'm just glad we don't do the "quarterly push" like some do. It sure saves us a lot of troubleshooting in the chance that the push introduces a production error.

Re:Daily?

[nahdude812]

They are a useful tool, but not a replacement for human Q/A since tests inhrently depend on a programmer's guess on what might go wrong.

All testing depends on what a human guesses might go wrong, automated or otherwise. The advantage of automated testing is that you can perform those tests thousands of times faster than a human can.

Here is how we do it.

[indraneil]

I work for a smallish team (~100) in a megacorp that ships a service that has a significant number of customers.

We have 2 major code branches - the developer branch and the production branch.
- The production branch sees management approved point fixes that get collected and rolled out every month after a huge number of tests (automated and manual).
- The developer branch gets continuous feature additions. We collect all features from the developer branch and move it to production once every 6 months.

The details below pertain to our developer branch:
Like a lot of other people have suggested, we have spent time on robust test automation. We split that up into a smallish set that runs before any code check in. All checked in code runs through a significant battery of tests nightly.
We fork the developer branch and deploy it on a self hosted environment every week.
After self hosting features for ~5.5 months, we initiate rolling out the new features to production - takes about a fortnight.

Hope that helps.

Don't follow Google's lead

[jtara]

Well, whatever you do, please don't follow Google's lead, at least with respect to Google Groups.

They seem to push a new version at least weekly, and sometimes daily.

It's a coin-toss whether it will actually work from one day to the next. Features will just stop working for a few days, until somebody notices and fixes. Or fixes the fix that was put in to fix the fix.

Latest is that Firefox 9.0 is "obsolete". If you are running anything older than a fresh-out-of-the-box (or Torrent) Linux release, you are probably using an "obsolete" browser.

Some users have *policy* to be 3 releases back.

[DutchUncle]

At one prior job, it was official written policy to NEVER upgrade to the latest release of ANYTHING, on the grounds that it had no track record. So it doesn't matter how often you release.

Releasing on a fixed time schedule has never made sense to me. Target, yes, but if it's ready a week early, or needs a week longer, better to do it right than to do it at a fixed time.

Re:Some users have *policy* to be 3 releases back.

[JohnFen]

At one prior job, it was official written policy to NEVER upgrade to the latest release of ANYTHING

That is a very, very wise policy.

Re:Some users have *policy* to be 3 releases back.

[Hecatonchires]

Until the release schedule is so slow the version you're on is EOL'd and doesn't support the feature you need, but you can't get approval to upgrade

as often as a feature is ready.

[FacePlant]

You're not eating the cost of burning releases to media.
Push early, push often, but have a rock solid, bulletproof rollback mechanism.

Seriously, that's what staging is for. push it, roll it back, push it, roll it back.
Since you don't have to stick to a golden master, media reproduction schedule,
push a feature as soon as it is ready.

If your organization can't get past big quarterly releases, then they will not succeed with more nimble competition.
The organization has to adapt. So wither the management adapts, or gets replaced.

Hourly

[ewoods]

Hourly. As soon as a feature is ready.

Re:Hourly

[spatley]

Minutely, as soon as the feature compiles.

We are hoping to go to real-time and have developers update Ruby scripts directly on the production server as this will save us the expense of a test environment, but that is going to require porting all our Java code to Ruby. We tried to use jRuby but that is going the wrong direction, so we are starting a new open source project for JOR (java on ruby).

Several times a day

[Max+Romantschuk]

At Verkkokauppa.com we deploy several times a day. Our team is fortunate enough to work on our own system, so for small features or bug fixes the turnaround can be as little as minutes.

For us the most important tool is Git. We have a logging mechanism in our deployments scripts whish logs who deployed which version of the code base (SHA1 hash) and when. If we do manage to break something we simply immediately return to the last known good version by checking it out and deploying it. Then we have a lockout policy that prevents futher deployment until the bug is fixed.

On rare occations we have had to do reverts, but only a couple of times over the course of several years.

Other valuable assets that keep us agile deployment-wise is having the whole team physically in one place, and most of our stakeholders in the same building. We also use Jabber internally to make it even easier to communicate on those occations when face-to-face is not possible.

We also use Scrum, but this is a rather recent development, and we did mange the same deployment policy before we switched to Scrum. A continuous integration environment is in use, and does help keep things in order. But for minor features and tweaks with few stakeholders it's not entierly uncommon to simply deploy and communicate with the users directly to check if everything works as expected.

The fact that there is one installation of the system is a major asset. We really never have to deal with versioning. The current version is simply the HEAD commit on the master branch.

Re:Several times a day

[chrismcb]

At ... we deploy several times a day

Why? Why is what you did at 11am SO important it has to get out right this minute, and can't wait till 5:00pm, or tomorrow or the end of the week?
Why churn your feature set several times a day? What is so important it can't wait for a few days?
Deploying that often is just a waste, and is unnecessary for most products

Re:Several times a day

[Max+Romantschuk]

Why? Mostly because it causes little damage and shortens our feedback cycle, which is a significant benefit. Of course, the fact that our system is internal is a major factor. It's not really a software product in the traditional sense.

We do have a no-deployment window after 2pm and friday-sunday. That makes sure any new code is in production a couple of hours before our team is no longer on site. Deploying and leaving immidiately is not allowed.

Updates daily?

Many a user of that site wishes they would STOP updating.

Re:Updates daily?

[rHBa]

This. is exactly why I left a year ago.

Decentralized at Netflix

[CrankyFool]

At netflix, each app owner (either person or group) figures out what release process and frequency make sense for them. Some apps get pushed extremely rarely -- probably for actively developed systems, the least frequent I see around here is every other week. Other apps get pushed more quickly. Lots of people who push weekly; lots of people who push ad-hoc, whenever there's a change they want to get into production. Our Engineering Tools people are also finally starting to support continuous deployment, so it'll only get faster.

Re:Decentralized at Netflix

[cowdung]

Good.. because Netflix Latin America is SEVERELY behind the US version.. so it is very hard to do basic things like bookmark what you'll want to watch later or even find things.

online email marketing app

[CBravo]

I work at an online email marketing company of about 50 people.

We have weekly hotfixes for low/medium impact bugs. We can update all servers in 10 minutes for high impact bugs. We have a feature upgrade release every 6 to 9 months. We could release earlier but we don't want too many communication moments with our customers. The second reason is that we want to deliver a finished product which takes some time, documentation and marketing must be changed, etc.

We don't communicate our maintenance schedule for bugfixes. When we run an update the web browser ui is locked, afterwards a user can pick up where they left. An update is about 20 seconds and ~0% impact. In general we apply the update to a few servers earlier so we catch obvious bugs with less impact. Needless to say we make builds from a VCS and deploy automatically.

For SaaS, you want to have a solid 'operations' department which is in sync with development.

Once a month isn't that bad

[gregthebunny]

We have a particular software from a particular vendor who only pushes an update once a year. We've already pointed out several bugs and quirks in the software that have become "feature requests" for the next release (due in January 2013). On the other hand, we also have software from a vendor who pushes an update every six weeks, and then we have to get that update installed for every user that has the software because every update changes the file format and it isn't ever backward compatible! . So, if you're a major software vendor, my suggestion would be to favor structure and stability over frequent and minor patches or releases, but not so infrequent that it doesn't seem like you're paying attention to your market.

Whenever I need to test my code

[theinvisibleguy]

And don't want to do it myself.

The question asked is too simplistic

[fzammett]

Unless you take into account the business you work for and the environment you work in then you've asked an incomplete question.

In a small-ish company you can push out updates quicker because in many ways there's less risk: if there's a problem it either (a) doesn't impact as many people or (b) is easy to roll back. That's a generalization for sure and everyone can pull out exceptions I'd bet, but I think it's a fair generalization.

In a large corporation though, especially one where there may be government regulations that have to be met and SLA's that have to be maintained or there can be real financial repercussions in short order (fines, give-backs to clients, etc.) the story tends to be different and considerably more conservative. It's not a question of nimbleness or doing things the "new" way or anything like that, it's simple risk assessment.

Naturally, the other big factor, and actually I should have said this first because in many ways it's the bigger point, is what the application actually is. I mean, if you're talking about a timesheet application for your workers than you probably can get away with a lot of mistakes. Try it with your key line-of-business POS application though... you know, the one that if it's down for more than two hours your business goes under?... in those cases, you likely don't want to be risking it any more frequently than you really have to.

Me, I work for a very large corporation, and I'm lead on a couple of very large, complex and extremely important applications. We have no set deployment schedule generally, but on average we do a release once every two months or so as driven by business requirements. That FEELS about right to me, given the environment, the applications and my 20+ years of professional experience in IT.

YMMV of course, and in fact it probably SHOULD since I'd contend there's no single right answer... but what I've mentioned here are probably the key considerations in any case.

7 weeks

[skelly33]

For my company, it's every 7 weeks with an 11-week lead time ... but it's going to be different for everyone depending on their business requirements. For my company, we must QA/Beta every development release before it makes it to production for general availability. To this end, I have produced a schedule:

* 3 week scrum
* 2 week first-pass QA
* 2 week second-pass QA w/customer Beta
*** dev team starts the next scrum cycle here, overlapping with the 4-week marketing period that follows
* 4 week marketing (documentation, training, customer announcements, press releases, graphic/video collateral production)

At the end of the marketing period, we release on a specific, scheduled date/time for the service window. The advantages are:

* gives our customers structure without surprises
* clear communication both externally and internally
* affords the development team 4 weeks (during QA) to work on internal, non-customer-facing projects for refactoring, tools, monitoring, etc.
* gives plenty of time for the sales/marketing folks to ramp up in preparation for the release
* allows us to get crucial features to customers in as little as 5 weeks by way of the beta program (great for sales prospects on our long sales cycle)
* allows us to maintain a development calendar for the entire year with exact dates that we know we will meet which gives our sales/marketing team visibility into what is coming and when, and where they might want to shift the schedule to re-prioritize as needed

Ahead of each scrum I do a little planning for what major application features we will be adding, I break down each major feature into a set of smaller tasks, must-haves and nice-to-haves, and I ensure that the must-haves can all be achieved within 3 weeks given our resources. We have always been able to complete all the must haves and many nice-to-haves for each scrum cycle. We have never completed all the nice-to-haves, and may never go back to do them unless an internal/customer request has enough pressure behind it to add it to a future scrum cycle.

In terms of ensuring that this is all possible, it comes down to understanding the business requirements early in the project proposal and then delegating the balance of the project management to a single person who understands our application, understands the requirements, and can break the project down into pieces that can be absorbed into the agile methodology. Documentation is kept to a bare minimum until the scrum cycle is completed. We get on-time satisfaction of business requirements every time.

But it wasn't always this way. Two years ago we were still stuck in the classic waterfall project management model and as a result progress with the application stagnated by comparison to our competitors. Management was stuck in their 1980's mentality of planning everything before writing a single line of source code. I personally had to champion an agile approach to software development and demonstrate the advantages that came with it to get the buy-in necessary. At some point you need to "just do it" and get yourself out of the rut.

Agile and "agile"

[Safety+Cap]

Agile is not about being more accepting of risk: it's about engineering risk out,

I actually wasn't talking about Agile the process but agile the adjective (hence the quotes). Perhaps I should've said 'flexible' or 'responsive'.

About once a week

[FrozenFOXX]

I work at a game company and we do about once a week, once every 24 hours for hotfixes. We can't really do sooner for several reasons but the foremost is that players want to play our games and they can't do that if we're bringing the servers down. We use some heavy automation (and always getting heavier. Currently transitioning from in-house + bash scripts to bash scripts + git + Puppet) which acts as a force multiplier for your teams.

However, PLEASE be careful when doing automation and sending builds quicker. Not everything has to be automated and many times the issue is not getting the software out fast enough it's instead getting the STABLE software out fast enough. Nobody's gonna die if you take an extra hour to explain to another team what you've done to make sure it all makes sense to everybody (and if you're in a company where that DOES matter I'd recommend leaving it...that level of stress isn't good for your heart). Automating a complex system is a long, arduous, and minefield-laden task that's going to have some screw-ups and rethinks along the way.

My personal opinion is that you should use Puppet/cfengine/chef/whatever-you-like to not only help out with continuous configuration management but *also* as a means of codifying knowledge at various steps in the process. Don't just have one team do your automation, have everyone get in on it and get familiar. From my experience this has been easiest with Puppet due to its syntax and modules (aka I can hand off a module to the programmer team, they can punch it up, then I run it and if I want to know how it works Puppet will tell me everything I want to know). You get everyone speaking the same language, working on the process together this way which works as a sanity check and as a knowledge repository (you know, just in case god forbid your admin gets hit by a bus or your low level grunts win the lottery).

Whenever we're ready

[merlinokos]

Developers are responsible for supporting production, which means they can release whenever they want, as long as they're willing to deal with the consequences. This has lead to a release frequency which ranges from 1-20 times per day, depending on how critical the application is, what is being added, and how complex the change is.

The most important thing to us is that people who are treated like adults act like adults. Trust your developers to release responsibly, and (with a little teaching/learning) they will.

Weekly or twice a week is the sweet spot.

[Qbertino]

I've found that for web development today, weekly or twice a week is around about the sweet spot for non-trivial web-development.
Of course you need a modern pipeline. Good devtools, a framework, test first and a lead architect and scrum master who knows what he's doing. But the days of paper driven management in software development are totally over, except maybe for spaceships, military hardware, nuclear power plants and perhaps medical gear.

If you're doing web-dev management with a manually maintained papertrail, you're doing it wrong. It's that simple. And as an experienced scrum-master I'd say push-to-production once per week is minimum.

My 2 cents.

Real programmers code in production

[Mabhatter]

Just leaving that here....

You just code the changes in your own library, then copy to the production library.... Or just edit in production, because the program object doesn't update until you compile.

Multiple times in a day

[adnonsense]

Mind you I am the sole IT employee of a small company, so the entire process is under my control. FWIW It's a data-driven B2B web app kind of thing.

I prefer to split up change requests - including configuration changes - into individual numbered releases, which are tagged in SVN and documented on the login page visible to internal users, so the evolution of the app - and my contribution - is visible, especially for the people who wouldn't otherwise see what I'm doing.

Re:Multiple times in a day

[master_kaos]

Yup same here (except for 1 other developer as well). Our clients LOVE how fast we get changes done. Pretty much instantly/few hours if it is small.. a day or two if the change is medium or we are busy, or within a week or two if it is a larger change. Sure you know what, sometimes problems slip through the cracks.. usually only very minor stuff, sometimes more serious.. But since we push whenever we want we can fix it very quickly. Trust me, we have discussed having more rigorous qa with slower releases, but we have determined that for us, it is best leaving the way it is, especially when our clients don't even care if the very odd time something goes wrong when all the time we fix stuff/add features very quickly

Multiple times per day

[master_kaos]

I work at a cowboy shop where we push whenever we want (note: it is a publication company that only has 2 developers). When I started (so there only being the one developer) the guy basically edited code on production. Over the last 3 years I have been making changes to the process (at first the other developer was relunctant, but now that we are close to almost becoming "proper", he is completely onboard). My first step was actually setting up a proper dev box.

Re:Daily?

[Gorobei]

If your pushing code the production once a day, you have no QA cycle whatsoever. For a larger infrastructure, there's nothing wrong with extended release cycles.

Daily releases should be for break fix only. Weekly or bi-weekly pushes to stage and test environments are pretty normal. For a full release cycle, monthly is about the fastest I'd expect, and it's not unusual to see quarterly or longer on stable infrastructure.

Once every 15 seconds or so here. Incremental, ongoing improvements. No QA cycle, but automated testing, levels of peer review/approval, fast backout in the rare case we trigger a problem in prod.

As often as you need

[atisss]

I work on a telephony infrastructure (voip pbx + websites), and production releases are as often as we need it.

Even if every minute of bugs or downtime costs money in terms of disconnected customers, gain is by being able to react and fix quickly. Sometimes I do write a quick code (usually fix) on live system, of course knowing what you do and what's on the stake makes you pay attention to details, taking a look on semicolons at the end of line before hitting save.

Also having control of replicating changes to all servers is a good tool, you can do a live test on small set of users, and if there are no errors just replicate changes to all servers.

However normal "feature" releases are usually from couple of times per week to once per month, depending on the size of features.
Rollbacks are always in mind, but you can't rollback everything, new call logs and recordings are created live - so either implement some backup of raw data and be prepared to manually fix broken parts later or you may just loose something important.

Adapt Quickly

[Hecatonchires]

I find "Adapt Quickly" is a metaphor for "insufficiently tested" or "it worked on my machine"

If I had a dollar for every "tiny fix" that required hours of hacking in prod to resolve with the release team sitting around waiting for the wunderkind to figure it out, for it then to be reverted and done again the next weekend. So much better when properly tested with signoffs and accountability.

Re:Unit tests, automated deployment

[Hecatonchires]

Sounds like a dream. We tried and failed several times to get developers to write unit tests. There was so much resistance we eventually gave up.

QA?

[techhead79]

I'll take it whoever came up with this question obviously has little or no QA department. The company I work for sometimes has thousands of automatic and manual scripts to get through before a "release" can be approved. It can and does take months to complete this. The idea we could ever promote once a week is a nightmare to consider.

If you don't allow for proper testing you may break something and not realize it until months later. This could cause serious problems such as capturing invalid data, to something simple as an odd gui quirk. In one case you may open yourself up to lawsuits and in the other you may find it nearly impossible to track down when and why something broke.

Don't be so eager to get your fixes out the door...they don't always just fix something.

RERO

[OhANameWhatName]

Slashdotters, how often do you push software changes into production, and what best practices allow you to maintain that deployment rate without chaos?

As often as we need to. This could be immediate (for small tweaks), middle of the day, nighttime if the deployment is going to have direct system performance impact.

Single person responsible for deployment, use some sort of locking mechanics to ensure that what's deployed to live is precisely what's deployed to test. Give the clients the opportunity to UAT everything, and have environments setup for them with live data that will allow this. Automated testing is useful (if your software is structured in such a way to allow this .. ie. structured :), or else .. you can do it our old-skool way .. have experienced people who know about the business testing the changes.

But by far the most important thing is to not set deadlines. And people might say that it's unrealistic, but the truth is setting deadlines is unrealistic. When does it go out to live? When it's ready, and not a minute before. Estimates are fine, and communicate with the clients .. keep them informed. You can accomplish this by letting the clients set their own priorities. Once the clients have the lists of work they want, they can decide what they want done and in what order. When the ducks are in a row, and things are flowing smoothly .. not only is the client in control, but they'll develop their own understanding of the development process and understand why work is being delayed. Getting clients into the project management system is also helpful.

But the most fundamental thing is to take small bites of the apple. Don't do things in one hit. Break projects up into bite-sized manageable tasks. Then if something breaks, it breaks small. And be prepared to be nimble. No matter what processes are in place, there's always got to be work-arounds to get things done quickly and effectively .. because mistakes happen. Have a process for getting things done quickly when emergencies happen.

It's actually quite easy. But people need to take personal responsibility for their work and communication is king.

Release many times daily: testing and automation

[nick_urbanik]

We usually make several production releases every day. We have a complete configuration management system (conform) that totally automates building a server and releasing software. We have a complete dev environment and two test environments. We test code in pre-production first. But the key is our automation. It automates releases and rollbacks. Without complete automation (and competence), we would be submerged in paper work and bleary-eyed midnight releases like other teams in the company.

Almost every day

[Art3x]

Almost every day.

But we are a team of two, working on a private company intranet.

I suggest you read Getting Real.

Re:Almost every day

[Tixover]

Almost every day.

Almost every day here too - except after a curry when I find I don't have to push at all

Daily

[SimplyGeek]

We update our stuff on the fly, daily. But then, our systems are used internally. So as long as we don't cause a total production stoppage, having one form on one of the pages return an error instead of spitting back the expected report isn't going to cause the apocolypse. We do our best to be nimble, with the expecation that sometimes this causes rushed changes to break things.

For my company...

[Aryden]

Major releases Quarterly. Anything delivered by vendors (outsourced) agencies, is weekly. The system I manage, we can push constantly. There might be days where I am making changes and pushing to production all day long, then days where I do nothing to production.

2 weeks and closing in on continuous delivery

[BigCigar]

We are Ruby shop and push to production every 2 weeks. We are looking to make that shorter and do full blown continuous delivery. We have 95% coverage of the user interface automated with a lot of complicated scenarios. IMHO it is a must to automated tests to push to a feature rich application to production so often along with environments and automated continuous integration.

Multiple Times Per Day

[null+etc.]

I would invite you to learn how Etsy releases multiple times per day:

http://codeascraft.etsy.com/2010/05/20/quantum-of-deployment/

Re:Unit tests, automated deployment

[TheSunborn]

The solution is very simple: The unit test must be written by a different person from the guy who wrote the code. That way you also ensure that the documentation is written and correct, because you can't write a unit test if you don't have any documentation for what the function should do.

When ready...to 1% of your audience

[justthinkit]

There was a recent Wired mag. article about the guy at Facebook who does this. This way if you release dog food, only 1% of your customers have to go to the vet.